Web application security - the fast guide 1.1 | Page 164
Chapter 8 - Attack Tools
P a g e | 164
8.3.2 cURL
very simple and flexible multiplatform tool that enables the creation of HTTP and
HTTPS
requests. It supports GET and POST methods, request parameters, client SSL
certificates, and HTTP authentication.
What makes cURL special is the ability to use in scripts iteratively.
In the following example, the page title is retrieved for page ID values between
10 and 40:
#!/bin/bash
for i in `seq 10 40`;
do
echo -n $i “: “
curl -s http://testapp.com/ ShowPage.ashx?PageNo==$i | grep -Po
“(.*)” | sed ‘s/.......\(.*\)......../\1/’
done
8.3.3 NETCAT:
as its name shows this tool resembles to (Cat) tool used to show the contents of
a file but it is dedicated to show network communications, it can be used for
many tasks the following are examples about some usage scenarios:
Listening to specific port and redirect Out put can be capture to a file
$ nc -l 1234 > filename.out
Or connect to provide input from a file
$ nc host.example.com 1234 < filename.in
Talking directly to server
$ echo -n "GET / HTTP/1.0\r\n\r\n" | nc host.example.com 80
Port scanning
$ nc -z host.example.com 20-30
8.4 Overview, functionalities and orchestration