cURL is a very useful utility to perform HTTP/HTTPS operations from the command line. Many times during a web application pentest you need to send an HTTP POST to a login form (e.g. brute force a login to the site). Here's the very simple way to do it, assuming you the form parameters are called username and password.

curl -d "username=SOMEUSER&password=SOMEPASS" -k https://some.website.com/loginform.jsp

The "-d" indicates you are including data for a POST, the -k says ignore SSL certificate warnings from the remote site.

Using curl is really only good for doing quick spot checks, to do large scale brute forcing I'd recommend using THC Hydra, the super useful perl module libwww-perl aka LWP, or Nessus which has incorporated Hydra. On Windows, Brutus works.

[ add comment ] ( 1149 views )   |  permalink

---

Comments are disabled on this blog, mostly because of the toxic trifecta of:
1) unholy blog spammers
2) crappy captcha systems
3) my own laziness

[ add comment ] ( 2626 views )   |  permalink

---

<<First <Back | 1 | 2 | 3 |

All information on this blog copyright Goonda Security Inc. - Page Generated in 0.1373 seconds