cURL Quick Reference
====================

BASIC REQUESTS
  curl URL                       GET request
  curl -v URL                    Verbose output
  curl -s URL                    Silent mode
  curl -o file URL               Save to file
  curl -O URL                    Save with original name
  curl -L URL                    Follow redirects
  curl -I URL                    Headers only (HEAD)

HTTP METHODS
  curl -X GET URL
  curl -X POST URL
  curl -X PUT URL
  curl -X DELETE URL
  curl -X PATCH URL
  curl -X OPTIONS URL

POST DATA
  # Form data
  curl -X POST -d "user=admin&pass=123" URL

  # JSON
  curl -X POST -H "Content-Type: application/json" \
       -d '{"user":"admin"}' URL

  # File upload
  curl -X POST -F "file=@localfile.txt" URL

  # Raw data from file
  curl -X POST -d @data.json URL

HEADERS
  curl -H "Authorization: Bearer TOKEN" URL
  curl -H "Cookie: session=abc" URL
  curl -H "User-Agent: Mozilla/5.0" URL
  curl -H "Content-Type: application/xml" URL

AUTHENTICATION
  curl -u user:pass URL          Basic auth
  curl -H "Authorization: Bearer TOKEN" URL

COOKIES
  curl -c cookies.txt URL        Save cookies
  curl -b cookies.txt URL        Send cookies
  curl -b "name=value" URL       Send specific cookie

SSL / PROXY
  curl -k URL                    Ignore SSL errors
  curl --proxy http://127.0.0.1:8080 URL
  curl --proxy socks5://127.0.0.1:1080 URL
  curl --cacert cert.pem URL     Custom CA cert

USEFUL OPTIONS
  curl -w "%{http_code}" URL     Print status code
  curl -w "%{time_total}" URL    Print response time
  curl --max-time 5 URL          Timeout (seconds)
  curl -A "custom-agent" URL     Set user-agent

CTF PATTERNS
  # Test for SSRF
  curl "http://target/fetch?url=http://127.0.0.1:8080"

  # Cookie tampering
  curl -b "role=admin" URL

  # Header injection
  curl -H "X-Forwarded-For: 127.0.0.1" URL

  # Rate-limit bypass
  for i in $(seq 1 100); do curl -s URL; done
