Collaborate Disseminate
I recently used cURL on Windows 10 (Powershell) to request a suspicious URL. When I ran the command curl [URL], a popup appeared on my desktop:
This behaviour is not replicated when running the same command using Git Bash…. Continue reading Javascript alert() on desktop opens when running curl on Windows 10
Basically I’ve been able to upload a file on a server that supports all HTTP methods. And now I’m trying to rename the file while its on the server remotely. Maybe using MOVE or COPY. But I just can’t find the cURL syntax to … Continue reading cURL to rename file already on server [on hold]
I need to find out the public-ip of an EC2 instance. I was trying this command:
curl https://ipinfo.io/ip
Is there any security threat of using that method? Like exposing our IP or something?
Continue reading Is there any security threat of using ‘curl https://ipinfo.io/ip’ to find our IP?
Leaked emails between IOTA developers and researchers have landed the cryptocurrency in hot water. Continue reading A $5 Billion Cryptocurrency Has Enraged Cryptographers
To this day two vulnerabilities are known in curl 7.57.0. Both are related to HTTP:
HTTP authentication leak in redirects
HTTP/2 trailer out-of-bounds read
My application uses this version of curl and communicates with a … Continue reading Is my application affected by curl vulnerabilities if using HTTPS with a single server?
Modern day Denial of Service (DoS) attacks cause much consternation in the web security industry because they are so inexpensive, easy… and devastating! While the cost of conducting such attacks decreases by the day, the damage caused to target syste… Continue reading How We Found & Exploited a Layer 7 DoS Attack on FogBugz
I have a web application URL and I am interested to know which JBOSS version it is running behind. How can I check that? Is it possible to check with curl?
We are trying to communicate from an embedded application to a device via HTTPS protocol. We are having difficulty doing so from the embedded application but can do so successfully from say Windows using Curl command.
At the firmware level with the libraries we are using (libcurl, openssl) we are seeing an additional TLS header(line) prior to the content of the POST request (but after the HTTPS headers of the POST) whereas that header(line) is not there, when communicating to the device from Windows.
Note we are getting past the TLS handshake sucessfully in both scenarios.
The additional line is the …. 17 03 03 00 4d line displayed in the capture
for the HttpsClient below. The first capture shows communication between Windows Curl and the device. The second capture shows communication between embedded application and the device.
Locations like https://www.httpbin.org/post have no trouble handling this extra TLS header line as we are able to communicate to that url from the embedded application successfully.
On the embedded application the libraries versions are: Libcurl: 7.41.0 (February 25 2015 release)
Openssl: openSSL 1.0.2h
We have not been informed what versions of libraries are being run on the device.
Has anyone dealt with this before or have any ideas on how to get around this?
Here are the captures …
Continue reading TLS header in content portion of HTTPS POST request hot handled well
I am setting up HaProxy for https in passthrough (tcp) mode without SSL/TLS termination. I want to be able to route traffic to different backends based on hostname requested by a client.
From HaProxy documentation I learned that there is … Continue reading Do browsers and tools send `SNI` field by default connecting to https endpoints?
I know there are many topics and articles out there but I am really spinning my wheels on this one.
I have an NodeJS instance running on TLS. I need another server to connect to it using cURL. Unfortunately I am not able to… Continue reading one way ssl with curl