curl命令简析¶
常见用法:
-v: 调试时用
-i: 全部显示
-I: 只显示头部
-r: 断点续传指定传输范围
用法: curl [选项...] <url>
curl中数据为json时, 最好都用双引号,里面用 ``\"`` 进行转义
各类method请求:
//GET method
curl www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK
//POST method::
curl -d "birthyear=1905&press=OK" www.hotmail.com/when/junk.cgi
//新的POST method(将本地的文件用POST上传到服务器)::
curl -F upload=@localfilename -F press=OK URL
//使用PUT::
curl -T uploadfile www.uploadhttp.com/receive.cgi
curl -X PUT -d "field1=value1&field2=value2" http://testzgapi4.taojoy.com.cn
// 请求指定并显示请求内容,常用于请求可执行文件,并执行
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sudo sh -s
有关认证(参数中指定用户名而空着密码,curl可以交互式的让用户输入密码):
curl -U proxyuser:proxypassword http://curl.haxx.se
referer 引用:
-e, --referer <URL>
如:
curl -e Url1 Url2
指定用户端:
curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" URL
// ipad safari
curl -A "Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53" <URL>
// iphone 5c weixin
"Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12B440 MicroMessenger/6.0.2 NetType/WIFI"
// 华为 微信
"Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; HUAWEI G716-L070 Build/HuaweiG716-L070) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 MicroMessenger/6.0.0.54_r849063.501 NetType/WIFI"
// 华为 内置浏览器
"Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; HuaweiG716-L070_LTE Build/HuaweiG716-L070_LTE) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30"
COOKIES:
curl -b cookies.txt -c newcookies.txt www.cookiesite.com
加密HTTP:
curl https://that.secure.server.com
json請求的語法:
curl http://192.168.10.102:8000/tongji/baseinfo -H "Accept:application/json"
curl http://192.168.10.102:8022/tongji/baseinfo -H "Accept:application/json" -d "rid=\"rid\"&sim=\"sim\"&mac=\"mac\"&imei=\"imei\"&device=\"device\"\&&resolution=\"resolution\"&os=\"android\"&&osversion=\"osversion\"&×tamp=\"431432143214\""
multipart/form-data 类型请求:
// 这种是正式的
// http.content_type: multipart/form-data; boundary=----------------------------8ed7c16ae35a
// 多个form间用boundary关联,多个form使用同一个boundary
curl -v http://127.0.0.1:9090/addservice -include --form key=1122-3434 --form destName=hello.test.unit --form upload=@/tmp/localfile
// 指定boundary的例子@undo
curl -X POST -H "Content-Type: multipart/form-data; boundary=----------------------------4ebf00fbcf09" -d $'------------------------------4ebf00fbcf09\r\nContent-Disposition: form-data; name="example"\r\n\r\ntest\r\n------------------------------4ebf00fbcf09--\r\n' http://localhost:3000/test
//指定文件类型@undo
curl -H "Content-Type: multipart/related" \
--form "data=@example.jpg;type=image/jpeg" http://localhost:3000/test
// 指定为multipart/form但没有
curl -v -XPOST -H 'Content-Type: multipart/form-data' http://192.168.35.141:9090/addservice?key=1122-3434&destName=hello.test.unit&zkidc=qa
翻墙相关:
// -x, --proxy <[protocol://][user:password@]proxyhost[:port]>
// 默认为http协议
curl -x socks5://192.168.14.40:6500 "http://www.youtube.com" // 要注意dns混乱问题
实例:
// -L: --location, 如果有301等跳转的话,自动访问新location
// -O: --remote-name, 下载后的文件名同远程文件相同
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-ssl-x86_64-3.4.9.tgz
websocket¶
curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: echo.websocket.org" -H "Origin: https://www.websocket.org" https://echo.websocket.org
curl --include \
--no-buffer \
--header "Connection: Upgrade" \
--header "Upgrade: websocket" \
--header "Host: example.com:80" \
--header "Origin: http://example.com:80" \
--header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
--header "Sec-WebSocket-Version: 13" \
http://example.com:80/
选项¶
通用:
(H) 指只适用于http/https
(F)指只适用于ftp
-a/--append
Append to target file when uploading
-A/--user-agent
User-Agent to send to server
--anyauth
Pick "any" authentication method
-b/--cookie
Cookie string or file to read cookies from
-d, --data <data>
时间相关:
-m/--max-time <seconds>
整个过程中要花费的最长时间(秒), 防止因网络慢或链接失效(参考:--connect-timeout).
--connect-timeout <seconds>
允许到
-I/--head
(HTTP/FTP/FILE)只获取http头!当使用FTP or FILE文件,curl只显示文件大小和最后修改时间
-s/--silent
静默模式!不显示进度条和错误显示!
-o/--output <file>
把输入改为写入到指定文件(默认是stdout):
curl http://{one,two}.site.com -o "file_#1.txt"
curl http://{site,host}.host[1-5].com -o "#1_#2"
-O/--remote-name
Write output to a local file named like the remote file we get. (Only the file part of the remote file is used, the path is cut off.)::
curl -O http://<url>/<file>.tar.gz
-L/--location
(HTTP/HTTPS) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code), this option will make curl redo the request on the new place.(php等动态语言的文件需要加L才能下载下来)
证书相关:
--cacert <CA certificate>
设定ca证书,证书必须是PEM格式,可以包含多个CA证书.
自动查找名为curl-ca-bundle.crt的文件(当前目录、curl.exe文件对应目录、PATH目录)
--capath <dir>
-k 或 --insecure 安全选项:
不验证证书有效性
用途: 通常用于连接到一个使用自签名证书的服务器或者测试环境
断点续传:
-C, --continue-at <offset>
-r, --range <range>
(HTTP FTP SFTP FILE) Retrieve a byte range (i.e a partial document)
from a HTTP/1.1, FTP or SFTP server or a local FILE.
Ranges can be specified in a number of ways.
警告
为啥有的时候要对url地址加入到双引号中?
实例:
% default: "text/html"
curl -i http://localhost:8080
curl -i -H "Accept: application/json" http://localhost:8080
curl -i -H "Accept: text/plain" http://localhost:8080
curl -i -H "Accept: text/css" http://localhost:8080
HTTP/2¶
nghttp -v http://localhost:8080
nghttp -v -H "accept: application/json" http://localhost:8080
nghttp -v -H "accept: text/plain" http://localhost:8080
nghttp -v -H "accept: text/css" http://localhost:8080
实例:
curl -i --data-urlencode paste@- localhost:8080
curl -i --data-urlencode paste@my_file localhost:8080
curl -i --data-urlencode paste@priv/index.html localhost:8080
查看此网站web服务器:
curl -s -I http://blog.programfan.info | grep Server
性能¶
查看网站连接的各种时间指标:
curl -L -w "time_namelookup: %{time_namelookup}
time_connect: %{time_connect}
time_appconnect: %{time_appconnect}
time_pretransfer: %{time_pretransfer}
time_redirect: %{time_redirect}
time_starttransfer: %{time_starttransfer}
time_total: %{time_total}
" https://example.com/
=>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
...
</html>
time_namelookup: 0.001403
time_connect: 0.245464
time_appconnect: 0.757656
time_pretransfer: 0.757823
time_redirect: 0.000000
time_starttransfer: 0.982111
time_total: 0.982326
字段说明:
time_namelookup 从请求开始到域名解析完成的耗时
time_connect 从请求开始到 TCP 三次握手完成耗时
time_appconnect 从请求开始到 TLS 握手完成的耗时
time_pretransfer 从请求开始到向服务器发送第一个 GET/POST 请求开始之前的耗时
time_redirect 重定向时间,包括到内容传输前的重定向的 DNS 解析、TCP 连接、内容传输等时间
time_starttransfer 从请求开始到内容传输前的时间
time_total 从请求开始到完成的总耗时
业务常关注的性能指标:
域名解析耗时 = time_namelookup 域名 NS 及本地 LocalDNS 解析耗时
总耗时 = time_total
TCP 握手耗时 = time_connect - time_namelookup 建立 TCP 连接时间
SSL 耗时 = time_appconnect - time_connect TLS 握手以及加解密处理
服务器处理请求耗时 = time_starttransfer - time_pretransfer 服务器响应第一个字节到全部传输完成耗时
TTFB = time_starttransfer - time_appconnect 服务器从接收请求到开始到收到第一个字节的耗时
实例¶
断点续传:
// normal(explicitly specified start AND end)
curl -v -X GET -H "range: bytes=1-8" http://localhost:8080/bbb/test
// specified ONLY start(end will be specified at the end of file)
curl -v -X GET -H "range: bytes=10-" http://localhost:8080/bbb/test
// specified ONLY one negative value(last N bytes of file will be retrieved)
curl -v -X GET -H "range: bytes=-11" http://localhost:8080/bbb/test
// multi(specified multi ranges by using comma)
curl -v -X GET -H "range: bytes=0-8,10-" http://localhost:8080/bbb/test
// ?
curl -v -r 0-500 http://somefile -o localfile
上传json文件:
curl -v -i -X POST -H "Content-Type: application/json" \
-H "Accept: application/json" -H "Authorization:Basic <用户名和密码的base64>=" \
http://localhost:3000/api/dashboards/db -d@1.json
用户名和密码的base64: base64(user:passwd)
$ echo -n "user:passwd" | base64
dXNlcjpwYXNzd2Q=
$ curl -v -X POST http://localhost:3000/api/dashboards/db \
-H 'Accept: application/json' -H 'Authorization: Basic dXNlcjpwYXNzd2Q=' \
-H 'Content-Type: application/json' -d @abc.json
警告
注意,-X后面的POST是大写
实战¶
实例1:
$ curl -v -X POST https://api.zhaoweiguo.com/hello -d {\"key\":"\"value\""}
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 39.105.xxx.xxx...
* TCP_NODELAY set
* Connected to api.zhaoweiguo.com (39.105.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=CN; ST=Beijing; O=Wei64 (Beijing) Limited; CN=*.zhaoweiguo.com
* start date: Nov 5 00:00:00 2020 GMT
* expire date: Nov 20 23:59:59 2021 GMT
* subjectAltName: host "api.zhaoweiguo.com" matched cert's "*.zhaoweiguo.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Secure Site CA G2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x563b43f57e00)
> POST /api HTTP/1.1
> Host: api.zhaoweiguo.com
> User-Agent: curl/7.52.1
> Accept: */*
> Content-Length: 358
> Content-Type: application/x-www-form-urlencoded // 注: 默认 Content-Type
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* We are completely uploaded and fine
< HTTP/2 400
< date: Wed, 29 Sep 2021 03:31:43 GMT
< content-type: text/plain; charset=utf-8
< content-length: 25
< access-control-allow-credentials: true
< access-control-allow-origin: *
< content-security-policy: default-src https: wss: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self'
< strict-transport-security: max-age=31536000; includeSubDomains
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block