Task 1 of 2
What is curl?
curl is a command-line tool for making HTTP requests. It's installed on almost every system by default (Linux, macOS, Windows 10+). Where a browser adds cookies, renders HTML, and hides headers — curl shows you everything raw.
As a security tester, curl lets you craft exact requests: add or remove headers, change HTTP methods, send custom bodies, and see the full server response. It's the most direct way to interact with an API or web endpoint.
Basic syntax
BASIC GET REQUEST
curl https://crapazon.fake/api/orders
POST WITH JSON BODY
curl -X POST https://crapazon.fake/api/login \
-H "Content-Type: application/json" \
-d '{"username":"alice","password":"hunter2"}'
WITH AUTH HEADER
curl https://crapazon.fake/api/orders/1001 \ -H "Authorization: Bearer eyJhbGci..."
SEE RESPONSE HEADERS TOO (-i FLAG)
curl -i https://crapazon.fake/api/orders/1001
Key flags
-X POSTSet the HTTP method (GET, POST, PUT, DELETE, PATCH)
-H "..."Add a request header
-d "..."Send a request body
-iInclude response headers in output
-sSilent mode — suppress progress output
-o fileSave response to a file
-kIgnore SSL certificate errors (useful for local labs)
1
Which curl flag adds a custom request header?
2
What does the -i flag do in curl?
Answer all 2 questions to continue