Forces a specific HTTP method (GET, POST, PUT, OPTIONS)
-H or --header
Injects a custom header (Cookie, Authorization, etc.). Can be used multiple times in one command
-A or --user-agent <name>
Shortcut for -H "User-agent: <name>"
-b or --cookie <sessions>
Shortcut for -H "Cookie: <sessions>"
-c or --cookie-jar <out_file>
Save cookie or session information to a file. Can be used together with -b to maintain sessions for subsequent commands
Data Transmission
Flags
Descriptions
-d or --data
Sends the specified data in a POST request (Content-Type: application/x-www-form-urlencoded by default)
-H or --header
Injects a custom header (Cookie, Authorization, etc.). Can be used multiple times in one command
-A or --user-agent
Shortcut for -H "User-agent: <name>"
--data-urlencode <data>
Safely URL-encodes the data before sending it
Output and Debugging Control
Flags
Descriptions
-i or --include
Prints both the HTTP response headers with the body
-I or --head
return only the HTTP headers
-v or --verbose
Shows the entire conversational flow (DNS resolution, SSL handshake, request headers sent > and response headers received <)
-s or --silent
Mutes progress meter and error messages
Proxy and Network Routing
Flags
Descriptions
-x or --proxy <[protocol://]host[:port]>
Routes the requests through a specify proxy (http://127.0.0.1:8080 for BurpSuite)
-k or --insecure
Skip the SSL certificate error, important to have when routing through BurpSuite
Tips & Tricks
Use the @ to tell Curl to pull data from a local file instead:
# POST data from a filecurl -X POST -d @payload.json -H "Content-Type: application/json" https://api.example.com/update# Upload file as a multipart form data (upload images, polyglots, etc.)curl -F "document=@/path/to/reverse_shell.php" https://example.com/upload# Read headers from a file with each header per line are writtencurl -H @headers.txt https://example.com
Related Usage
TABLE creation_date AS "Created" FROM "05 - Content" WHERE contains(tools, this.file.link) AND contains(tags, "🚩") SORT file.name ASC