Web application security - the fast guide 1.1 | Page 164

Chapter 8 - Attack Tools P a g e | 164 8.3.2 cURL very simple and flexible multiplatform tool that enables the creation of HTTP and HTTPS requests. It supports GET and POST methods, request parameters, client SSL certificates, and HTTP authentication. What makes cURL special is the ability to use in scripts iteratively. In the following example, the page title is retrieved for page ID values between 10 and 40: #!/bin/bash for i in `seq 10 40`; do echo -n $i “: “ curl -s http://testapp.com/ ShowPage.ashx?PageNo==$i | grep -Po “” | sed ‘s/.......\(.*\)......../\1/’ done 8.3.3 NETCAT: as its name shows this tool resembles to (Cat) tool used to show the contents of a file but it is dedicated to show network communications, it can be used for many tasks the following are examples about some usage scenarios: Listening to specific port and redirect Out put can be capture to a file $ nc -l 1234 > filename.out Or connect to provide input from a file $ nc host.example.com 1234 < filename.in Talking directly to server $ echo -n "GET / HTTP/1.0\r\n\r\n" | nc host.example.com 80 Port scanning $ nc -z host.example.com 20-30 8.4 Overview, functionalities and orchestration