Curl Usage
Tutorial – curl
Simple Usage
Get the main page from a web-server:
curl
Get the README file the user’s home directory at funet’s ftp-server:
Get a web page from a server using port 8000:
Get a directory listing of an FTP site:
Get the definition of curl from a dictionary:
curl dict
Fetch two documents at once:
Get a file off an FTPS server:
curl ftps
or use the more appropriate FTPS way to get the same file:
curl –ftp-ssl
Get a file from an SSH server using SFTP:
curl -u username s
Get a file from an SSH server using SCP using a private key (not password-protected) to authenticate:
curl -u username: –key ~/ scp
Get a file from an SSH server using SCP using a private key (password-protected) to authenticate:
curl -u username: –key ~/ –pass private_key_password
scp
Get the main page from an IPv6 web server:
curl “[2001:1890:1112:1::20]/”
Get a file from an SMB server:
curl -u “domain\username:passwd” smb
Download to a File
Get a web page and store in a local file with a specific name:
curl -o
Get a web page and store in a local file, make the local file get the name of the remote document (if no file name part is specified in the URL, this will fail):
curl -O
Fetch two files and store them with their remote names:
curl -O -O
Using Passwords
FTP
To ftp files using name+passwd, include them in the URL like:
curl ftp
or specify them with the -u flag like
curl -u name:passwd
FTPS
It is just like for FTP, but you may also want to specify and use SSL-specific options for certificates etc.
Note that using FTPS as prefix is the “implicit” way as described in the standards while the recommended “explicit” way is done by using FTP and the –ftp-ssl option.
SFTP / SCP
This is similar to FTP, but you can use the –key option to specify a private key to use instead of a password. Note that the private key may itself be protected by a password that is unrelated to the login password of the remote system; this password is specified using the –pass option. Typically, curl will automatically extract the public key from the private key file, but in cases where curl does not have the proper library support, a matching public key file must be specified using the –pubkey option.
HTTP
Curl also supports user and password in HTTP URLs, thus you can pick a file like:
or specify user and password separately like in
HTTP offers many different methods of authentication and curl supports several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which method to use, curl defaults to Basic. You can also ask curl to pick the most secure ones out of the ones that the server accepts for the given URL, by using –anyauth.
Note! According to the URL specification, HTTP URLs can not contain a user and password, so that style will not work when using curl via a proxy, even though curl allows it at other times. When using a proxy, you must use the -u style for user and password.
HTTPS
Probably most commonly used with private certificates, as explained below.
Proxy
curl supports both HTTP and SOCKS proxy servers, with optional authentication. It does not have special support for FTP proxy servers since there are no standards for those, but it can still be made to work with many of them. You can also use both HTTP and SOCKS proxies to transfer files to and from FTP servers.
Get an ftp file using an HTTP proxy named my-proxy that uses port 888:
curl -x my-proxy:888
Get a file from an HTTP server that requires user and password, using the same proxy as above:
curl -u user:passwd -x my-proxy:888
Some proxies require special authentication. Specify by using -U as above:
curl -U user:passwd -x my-proxy:888
A comma-separated list of hosts and domains which do not use the proxy can be specified as:
curl –noproxy localhost, -x my-proxy:888
If the proxy is specified with –proxy1. 0 instead of –proxy or -x, then curl will use HTTP/1. 0 instead of HTTP/1. 1 for any CONNECT attempts.
curl also supports SOCKS4 and SOCKS5 proxies with –socks4 and –socks5.
See also the environment variables Curl supports that offer further proxy control.
Most FTP proxy servers are set up to appear as a normal FTP server from the client’s perspective, with special commands to select the remote FTP server. curl supports the -u, -Q and –ftp-account options that can be used to set up transfers through many FTP proxies. For example, a file can be uploaded to a remote FTP server using a Blue Coat FTP proxy with the options:
curl -u ” Proxy-Username:Remote-Pass”
–ftp-account Proxy-Password –upload-file local-file
See the manual for your FTP proxy to determine the form it expects to set up transfers, and curl’s -v option to see exactly what curl is sending.
Ranges
HTTP 1. 1 introduced byte-ranges. Using this, a client can request to get only one or more subparts of a specified document. Curl supports this with the -r flag.
Get the first 100 bytes of a document:
curl -r 0-99
Get the last 500 bytes of a document:
curl -r -500
Curl also supports simple ranges for FTP files as well. Then you can only specify start and stop position.
Get the first 100 bytes of a document using FTP:
Uploading
FTP / FTPS / SFTP / SCP
Upload all data on stdin to a specified server:
curl -T –
Upload data from a specified file, login with user and password:
curl -T uploadfile -u user:passwd
Upload a local file to the remote site, and use the local file name at the remote site too:
Upload a local file to get appended to the remote file:
curl -T localfile -a
Curl also supports ftp upload through a proxy, but only if the proxy is configured to allow that kind of tunneling. If it does, you can run curl in a fashion similar to:
curl –proxytunnel -x proxy:port -T localfile
SMB / SMBS
curl -T -u “domain\username:passwd”
smb
Upload all data on stdin to a specified HTTP site:
Note that the HTTP server must have been configured to accept PUT before this can be done successfully.
For other ways to do HTTP data upload, see the POST section below.
Verbose / Debug
If curl fails where it isn’t supposed to, if the servers don’t let you in, if you can’t understand the responses: use the -v flag to get verbose fetching. Curl will output lots of info and what it sends and receives in order to let the user see all client-server interaction (but it won’t show you the actual data).
curl -v
To get even more details and information on what curl does, try using the –trace or –trace-ascii options with a given file name to log to, like this:
curl –trace
Detailed Information
Different protocols provide different ways of getting detailed information about specific files/documents. To get curl to show detailed information about a single file, you should use -I/–head option. It displays all available info on a single file for HTTP and FTP. The HTTP information is a lot more extensive.
For HTTP, you can get the header information (the same as -I would show) shown before the data by using -i/–include. Curl understands the -D/–dump-header option when getting files from both FTP and HTTP, and it will then store the headers in the specified file.
Store the HTTP headers in a separate file ( in the example):
curl –dump-header
Note that headers stored in a separate file can be very useful at a later time if you want curl to use cookies sent by the server. More about that in the cookies section.
POST (HTTP)
It’s easy to post data using curl. This is done using the -d option. The post data must be urlencoded.
Post a simple “name” and “phone” guestbook.
curl -d “name=Rafael%20Sagula&phone=3320780”
How to post a form with curl, lesson #1:
Dig out all the tags in the form that you want to fill in.
If there’s a “normal” post, you use -d to post. -d takes a full “post string”, which is in the format
The ‘variable’ names are the names set with “name=” in the tags, and the data is the contents you want to fill in for the inputs. The data must be properly URL encoded. That means you replace space with + and that you replace weird letters with%XX where XX is the hexadecimal representation of the letter’s ASCII code.
Example:
(page located at)
We want to enter user ‘foobar’ with password ‘12345’.
To post to this, you enter a curl command line like:
curl -d “user=foobar&pass=12345&id=blablabla&ding=submit”
While -d uses the application/x-www-form-urlencoded mime-type, generally understood by CGI’s and similar, curl also supports the more capable multipart/form-data type. This latter type supports things like file upload.
-F accepts parameters like -F “name=contents”. If you want the contents to be read from a file, use @filename as contents. When specifying a file, you can also specify the file content type by appending;type=
curl -F “;type=image/gif,, ”
If the content-type is not specified, curl will try to guess from the file extension (it only knows a few), or use the previously specified type (from an earlier file if several files are specified in a list) or else it will use the default type ‘application/octet-stream’.
Emulate a fill-in form with -F. Let’s say you fill in three fields in a form. One field is a file name which to post, one field is your name and one field is a file description. We want to post the file we have written named “”. To let curl do the posting of this data instead of your favourite browser, you have to read the HTML source of the form page and find the names of the input fields. In our example, the input field names are ‘file’, ‘yourname’ and ‘filedescription’.
curl -F “” -F “yourname=Daniel”
-F “filedescription=Cool text file with cool text inside”
To send two files in one post you can do it in two ways:
Send multiple files in a single “field” with a single field name:
curl -F “, ” $URL
Send two fields with two field names
curl -F “” -F “” $URL
To send a field value literally without interpreting a leading @ or <, or an embedded;type=, use --form-string instead of -F. This is recommended when the value is obtained from a user or some other unpredictable source. Under these circumstances, using -F instead of --form-string could allow a user to trick curl into uploading a file.
Referrer
An HTTP request has the option to include information about which address referred it to the actual page. Curl allows you to specify the referrer to be used on the command line. It is especially useful to fool or trick stupid servers or CGI scripts that rely on that information being available or contain certain data.
curl -e
User Agent
An HTTP request has the option to include information about the browser that generated the request. Curl allows it to be specified on the command line. It is especially useful to fool or trick stupid servers or CGI scripts that only accept certain browsers.
curl -A 'Mozilla/3. 0 (Win95; I)'
Other common strings:
Mozilla/3. 0 (Win95; I) - Netscape Version 3 for Windows 95
Mozilla/3. 04 (Win95; U) - Netscape Version 3 for Windows 95
Mozilla/2. 02 (OS/2; U) - Netscape Version 2 for OS/2
Mozilla/4. 04 [en] (X11; U; AIX 4. 2; Nav) - Netscape for AIX
Mozilla/4. 05 [en] (X11; U; Linux 2. 0. 32 i586) - Netscape for Linux
Note that Internet Explorer tries hard to be compatible in every way:
Mozilla/4. 0 (compatible; MSIE 4. 01; Windows 95) - MSIE for W95
Mozilla is not the only possible User-Agent name:
Konqueror/1. 0 - KDE File Manager desktop client
Lynx/2. 7. 1 libwww-FM/2. 14 - Lynx command line browser
Cookies
Cookies are generally used by web servers to keep state information at the client's side. The server sets cookies by sending a response line in the headers that looks like Set-Cookie: where the data part then typically contains a set of NAME=VALUE pairs (separated by semicolons; like NAME1=VALUE1; NAME2=VALUE2;). The server can also specify for what path the “cookie” should be used for (by specifying path=value), when the cookie should expire (expire=DATE), for what domain to use it (domain=NAME) and if it should be used on secure connections only (secure).
If you’ve received a page from a server that contains a header like:
Set-Cookie: sessionid=boo123; path=”/foo”;
it means the server wants that first pair passed on when we get anything in a path beginning with “/foo”.
Example, get a page that wants my name passed in a cookie:
curl -b “name=Daniel”
Curl also has the ability to use previously received cookies in following sessions. If you get cookies from a server and store them in a file in a manner similar to:
curl –dump-header headers… you can then in a second connect to that (or another) site, use the cookies from the ‘headers’ file like:
curl -b headers
While saving headers to a file is a working way to store cookies, it is however error-prone and not the preferred way to do this. Instead, make curl save the incoming cookies using the well-known netscape cookie format like this:
curl -c
Note that by specifying -b you enable the “cookie awareness” and with -L you can make curl follow a location: (which often is used in combination with cookies). So that if a site sends cookies and a location, you can use a non-existing file to trigger the cookie awareness like:
curl -L -b
The file to read cookies from must be formatted using plain HTTP headers OR as netscape’s cookie file. Curl will determine what kind it is based on the file contents. In the above command, curl will parse the header and store the cookies received from. curl will send to the server the stored cookies which match the request as it follows the location. The file “” may be a nonexistent file.
To read and write cookies from a netscape cookie file, you can set both -b and -c to use the same file:
curl -b -c
Progress Meter
The progress meter exists to show a user that something actually is happening. The different fields in the output have the following meaning:% Total% Received% Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
0 151M 0 38608 0 0 9406 0 4:41:43 0:00:04 4:41:39 9287
From left-to-right:% – percentage completed of the whole transfer
Total – total size of the whole expected transfer% – percentage completed of the download
Received – currently downloaded amount of bytes% – percentage completed of the upload
Xferd – currently uploaded amount of bytes
Average Speed Dload – the average transfer speed of the download
Average Speed Upload – the average transfer speed of the upload
Time Total – expected time to complete the operation
Time Current – time passed since the invoke
Time Left – expected time left to completion
– the average transfer speed the last 5 seconds (the first 5 seconds of a transfer is based on less time of course. )
The -# option will display a totally different progress bar that doesn’t need much explanation!
Speed Limit
Curl allows the user to set the transfer speed conditions that must be met to let the transfer keep going. By using the switch -y and -Y you can make curl abort transfers if the transfer speed is below the specified lowest limit for a specified time.
To have curl abort the download if the speed is slower than 3000 bytes per second for 1 minute, run:
curl -Y 3000 -y 60
This can very well be used in combination with the overall time limit, so that the above operation must be completed in whole within 30 minutes:
curl -m 1800 -Y 3000 -y 60
Forcing curl not to transfer data faster than a given rate is also possible, which might be useful if you’re using a limited bandwidth connection and you don’t want your transfer to use all of it (sometimes referred to as “bandwidth throttle”).
Make curl transfer data no faster than 10 kilobytes per second:
curl –limit-rate 10K
or
curl –limit-rate 10240
Or prevent curl from uploading data faster than 1 megabyte per second:
curl -T upload –limit-rate 1M
When using the –limit-rate option, the transfer rate is regulated on a per-second basis, which will cause the total transfer speed to become lower than the given number. Sometimes of course substantially lower, if your transfer stalls during periods.
Config File
Curl automatically tries to read the file (or _curlrc file on Microsoft Windows systems) from the user’s home dir on startup.
The config file could be made up with normal command line switches, but you can also specify the long options without the dashes to make it more readable. You can separate the options and the parameter with spaces, or with = or:. Comments can be used within the file. If the first letter on a line is a #-symbol the rest of the line is treated as a comment.
If you want the parameter to contain spaces, you must enclose the entire parameter within double quotes (“). Within those quotes, you specify a quote as \”.
