Skip to content

Curl

Jump to bottom Edit New page
Tenshi Hinanawi edited this page Apr 30, 2012 · 1 revision

cUrl is a command-line http client, similar to wget. When invoked with a URL, it downloads the file and prints it to standard out. It can be used as a simple download manager like so:

curl url_of_file_to_download > filename.whatever Unlike wget, curl cannot do recursion. However, it works better for submitting forms, which makes it perfect for spamming forums and blogs.

First, we must find the names of the fields to submit. We could examine the HTML source ourselves, and find the relevant FORM block. However, that can be pretty difficult. For example, /b/'s FORM has several Javascript functions embedded in it. An easier method is to use the formfind.pl script to do it for us. Formfind greps through the html to find any html forms. 

    Example
   $ curl -x localhost:3128 -A Mozilla/4.0 img.4chan.org/b/ |   formfind.pl | head -n 12
 --- FORM report. Uses POST to URL "http://dat.4chan.org/b/imgboard.php"
 --- type: multipart form upload [use -F]
 Input: NAME="MAX_FILE_SIZE" VALUE="1572864" (HIDDEN)
 Input: NAME="name" (HIDDEN)
 Input: NAME="sub" (HIDDEN)
 Input: NAME="email" (TEXT)
 Button: "Submit" (SUBMIT)
 Textarea: NAME="com"
 Input: NAME="upfile" (FILE)
 Input: NAME="pwd" (PASSWORD)
 Input: NAME="mode" VALUE="regist" (HIDDEN)
 --- end of FORM

-x tells curl to use the proxy localhost:3128 and -A specifies the user agent. We pipe it to formfind, and only view the top of the output. This tells us sever al things: It tells us the names of the fields. It tells us that this form uses multipart-encoded POST to submit the form. If it used GET instead, we would need to append ampersand delimited key/value pairs to the end of the URL. It tells us what URL to POST to. In this case, it is "http://dat.4chan.org/b/imgboard.php"

So, we run the following: 




-F specifies a key/value pair to POST. We don't need to fill out the    empty hidden fields, but we do need to carry over the "mode" field.  The "at" symbol before ".4chan" specifies that curl should take  its input for that field from the filename following the "at". 



One could then wrap this in a loop to get it to repeat. One could also launch several processes, for maximum raep. 



comment5,

              


              

                
                   Add a custom footer
              

          



  
          

            

              

                

                  

                      
                        
                      
                    
Wiki












Encyclopedia



                  

                

              


            
Clone this wiki locally