curl命令发送请求

一、简介

  • cURL是一个通过URL传输数据的,功能强大的命令行工具。

  • cURL可以与Chrome Devtool工具配合使用,把浏览器发送的真实请求还原出来,附带认证信息,脱离浏览器执行,方便开发者重放请求、修改参数调试,编写脚本。

  • 也可以单独使用,根据自己的需求构造请求调整参数,构造多种接口测试场景。

二、环境安装

  • Chrome DevTools(Chrome开发者工具)是内嵌在Chrome浏览器里,一组用于网页制作和调试的工具。
  • 在测试过程中,也常常作为一个简单的抓包工具。

三、常见用法

3.1 从浏览器copy

    1. 右键菜单,选择Copy → copy as curl,复制请求内容转换为cURL命令;
    1. 将命令copy在gitbash或bash上运行,则会看到返回信息;

      image
    1. 对上面命令进行细化,加入-v参数,可以打印详细的内容,用2>&1将标准错误重定向到标准输出,发送此命令将得到细化后的内容。
      image
$ curl 'https://service.tutorial.hogwarts.ceshiren.com/mock/L3/tutorial/%E4%BD%BF%E7%94%A8curl%E5%8F%91%E9%80%81%E8%AF%B7%E6%B1%82/' \
  -H 'Referer: https://service.tutorial.hogwarts.ceshiren.com/mock/L3/tutorial/%E6%8A%93%E5%8C%85%E5%88%86%E6%9E%90tcp%E5%8D%8F%E8%AE%AE/' \
  -H 'Upgrade-Insecure-Requests: 1' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua: "Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"'\
> compressed -v 2>&1

3.2 其他常用命令

  • 发起GET请求:
curl "https://httpbin.testing-studio.com/get" -H "accept: application/json"
  • 发起 POST 请求:
curl -X POST "https://httpbin.testing-studio.com/post" -H \
"accept: application/json"
  • Proxy 的使用:
curl -x 'http://127.0.0.1:8080' "https://httpbin.testing-studio.com/get"

  • curl 命令常用参数
参数 含义
-H 消息头设置
-u 用户认证
-d 表示来自于文件
–data-urlencode 对内容进行url编码
-G 把data数据当成get
-o 写文件
-x http代理、socks5代理
-v 打印更详细的日志
-s 关闭一些提示输出
–help 查看帮助

四、实战

  1. 篡改请求头信息,将 User-Agent 改为“testing-studio”
curl -H "User-Agent:testing-studio" "http://www.baidu.com" -v

  1. 在企业微信中通过 curl 命令创建标签,这是一个 post 请求,通过 --data 参数传递 tagname 和 tagid。
# token为个人生成,需要替换
curl -H "Content-Type: application/json" -X POST \
--data '{"tagname": "hogwarts","tagid": 13}' \
https://qyapi.weixin.qq.com/cgi-bin/tag/create?access_token=$token

  1. 认证,通过 put 上传到 ElasticSearch ,使用 --user 进行用户认证。
# ES_HOST index id content 均为变量,需替换
curl -X PUT "$ES_HOST/$index/_doc/$id?pretty" \
    --user username:password \
    -H 'Content-Type: application/json' \
    -d "$content"

image

  1. 向雪球发起股票搜索
url=http://www.baidu.com

## get请求加json解析 
curl -s 'https://xueqiu.com/stock/search.json?code=sogo&size=3&page=1' -H 'Connection: keep-alive' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache' -H 'Accept: application/json, text/plain, */*' -H 'Sec-Fetch-Dest: empty' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36' -H 'elastic-apm-traceparent: 00-760301b0a132e9a4c0f5ac7448a3419e-8823be75504fc61f-00' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: cors' -H 'Referer: https://xueqiu.com/k?q=sogo' -H 'Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7' -H 'Cookie: device_id=24700f9f1986800ab4fcc880530dd0ed; cookiesu=841584103115161; aliyungf_tc=AQAAAIPytE8aVQoAXhjf3cw3R+j5DD/s; acw_tc=2760824b15851452106833674e25941ad47588d5d7ded79b38a04dad8f9444; xq_a_token=2ee68b782d6ac072e2a24d81406dd950aacaebe3; xqat=2ee68b782d6ac072e2a24d81406dd950aacaebe3; xq_r_token=f9a2c4e43ce1340d624c8b28e3634941c48f1052; xq_id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1aWQiOi0xLCJpc3MiOiJ1YyIsImV4cCI6MTU4NzUyMjY2MSwiY3RtIjoxNTg1MTQ1MTYxMDIwLCJjaWQiOiJkOWQwbjRBWnVwIn0.TPrw6_M2Th9QTVz5spwUybqN1790nJANu9kxXl4GfNb1eQ2p2zD43CStgogOGQ8yRXYmSCfURp0343wgjnnCdnQX5698Jl-brdP94wiYKwv11q8QjBYMXFWJGRj0g69C2nxVrRF8K-ETGEked3KjYfk8Xy2wPuZtyGUhORWeCvMhmBdcRKIlWj4d7wp-w_LjMbSLigJAT29F03wBZIxR0r3eMNUhUsXh8dCsWNb6wzhtg8dT4gcd91mQmR5ToR_SFrzQfOopY4vQGcaOHWaAwUMPLUopZwD4ajWzm1kpoBZnf_n_9uBfT4j0nGk95E8J8EmTfBlq-1p019xkhgp87w; u=431585145210698; Hm_lvt_1db88642e346389874251b5a1eded6e3=1583285031,1584102200,1585145180; Hm_lpvt_1db88642e346389874251b5a1eded6e3=1585145192' --compressed | jq
{
  "q": "sogo",
  "page": 1,
  "size": 3,
  "stocks": [
    {
      "code": "SOGO",
      "name": "搜狗",
      "enName": "",
      "hasexist": "false",
      "flag": null,
      "type": 0,
      "stock_id": 1029472,
      "ind_id": 0,
      "ind_name": "通讯业务",
      "ind_color": null,
      "_source": "sc_1:1:sogo"
    }
  ]
}


#post请求
curl 'http://sonarqube.testing-studio.com:9000/api/authentication/login' -H 'Connection: keep-alive' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache' -H 'Accept: application/json' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Origin: http://sonarqube.testing-studio.com:9000' -H 'Referer: http://sonarqube.testing-studio.com:9000/sessions/new' -H 'Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7' -H 'Cookie: _ga=GA1.2.232181868.1566982077; experimentation_subject_id=IjNlYzgxODQ1LTU2MDAtNGIyNy1iNTgzLTE1MzRkY2IwMDI0ZSI%3D--b1f29d33f6a2c85a81be66e4774d437f710c102f; _gid=GA1.2.482544306.1585051015' --data 'login=admin&password=1234' --compressed --insecure

#百度的一个url提交脚本
curl -H 'Content-Type:text/plain' --data-binary @urls.txt "http://data.zz.baidu.com/urls"

#对参数编码并发送get请求
    curl -G $url  \
        --data-urlencode "current=$current" \
        --data-urlencode "pageSize=$pageSize" 


#认证与put上传都ElasticSearch里
    curl -X PUT "$ES_HOST/$index/_doc/$id?pretty" \
        --user username:password \
        -H 'Content-Type: application/json' \
        -d "$content"


#查看邮箱
curl -s --user $mail_username:$mail_password "imaps://imap.exmail.qq.com/inbox?all"