curl命令简析¶

常见用法:

  -v: 调试时用
  -i: 全部显示
  -I: 只显示头部
  -r: 断点续传指定传输范围

用法: curl [选项...] <url>
curl中数据为json时, 最好都用双引号,里面用 ``\"`` 进行转义

各类method请求:

//GET method
curl www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK
//POST method::
curl -d "birthyear=1905&press=OK" www.hotmail.com/when/junk.cgi
//新的POST method(将本地的文件用POST上传到服务器)::
curl -F upload=@localfilename -F press=OK URL
//使用PUT::
curl -T uploadfile www.uploadhttp.com/receive.cgi
curl -X PUT -d "field1=value1&field2=value2" http://testzgapi4.taojoy.com.cn
// 请求指定并显示请求内容，常用于请求可执行文件，并执行
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sudo sh -s

有关认证(参数中指定用户名而空着密码，curl可以交互式的让用户输入密码):

curl -U proxyuser:proxypassword http://curl.haxx.se

referer 引用:

-e, --referer <URL>
如:
curl -e Url1 Url2

指定用户端:

curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" URL
// ipad safari
curl -A "Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53" <URL>
// iphone 5c weixin
"Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12B440 MicroMessenger/6.0.2 NetType/WIFI"
// 华为 微信
"Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; HUAWEI G716-L070 Build/HuaweiG716-L070) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 MicroMessenger/6.0.0.54_r849063.501 NetType/WIFI"
// 华为 内置浏览器
"Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; HuaweiG716-L070_LTE Build/HuaweiG716-L070_LTE) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30"

COOKIES:

curl -b cookies.txt -c newcookies.txt www.cookiesite.com

加密HTTP:

curl https://that.secure.server.com

json請求的語法:

curl http://192.168.10.102:8000/tongji/baseinfo -H "Accept:application/json"
curl http://192.168.10.102:8022/tongji/baseinfo -H "Accept:application/json" -d "rid=\"rid\"&sim=\"sim\"&mac=\"mac\"&imei=\"imei\"&device=\"device\"\&&resolution=\"resolution\"&os=\"android\"&&osversion=\"osversion\"&&timestamp=\"431432143214\""

multipart/form-data 类型请求:

// 这种是正式的
// http.content_type: multipart/form-data; boundary=----------------------------8ed7c16ae35a
// 多个form间用boundary关联，多个form使用同一个boundary
curl -v http://127.0.0.1:9090/addservice -include --form key=1122-3434 --form destName=hello.test.unit --form upload=@/tmp/localfile
// 指定boundary的例子@undo
curl -X POST -H "Content-Type: multipart/form-data; boundary=----------------------------4ebf00fbcf09" -d $'------------------------------4ebf00fbcf09\r\nContent-Disposition: form-data; name="example"\r\n\r\ntest\r\n------------------------------4ebf00fbcf09--\r\n' http://localhost:3000/test

//指定文件类型@undo
curl -H "Content-Type: multipart/related" \
--form "data=@example.jpg;type=image/jpeg" http://localhost:3000/test


// 指定为multipart/form但没有
curl -v -XPOST -H 'Content-Type: multipart/form-data' http://192.168.35.141:9090/addservice?key=1122-3434&destName=hello.test.unit&zkidc=qa

翻墙相关:

// -x, --proxy <[protocol://][user:password@]proxyhost[:port]>
// 默认为http协议
curl -x socks5://192.168.14.40:6500 "http://www.youtube.com"   // 要注意dns混乱问题

实例:

// -L: --location, 如果有301等跳转的话，自动访问新location
// -O: --remote-name, 下载后的文件名同远程文件相同
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-ssl-x86_64-3.4.9.tgz

websocket¶

curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: echo.websocket.org" -H "Origin: https://www.websocket.org" https://echo.websocket.org

curl --include \
--no-buffer \
--header "Connection: Upgrade" \
--header "Upgrade: websocket" \
--header "Host: example.com:80" \
--header "Origin: http://example.com:80" \
--header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
--header "Sec-WebSocket-Version: 13" \
http://example.com:80/

选项¶

通用:

(H) 指只适用于http/https
(F)指只适用于ftp

-a/--append
Append to target file when uploading

-A/--user-agent
User-Agent to send to server

--anyauth
Pick "any" authentication method

-b/--cookie
 Cookie string or file to read cookies from

-d, --data <data>

时间相关:

-m/--max-time <seconds>
 整个过程中要花费的最长时间(秒), 防止因网络慢或链接失效(参考:--connect-timeout).

--connect-timeout <seconds>
 允许到

-I/--head
(HTTP/FTP/FILE)只获取http头！当使用FTP or FILE文件,curl只显示文件大小和最后修改时间

-s/--silent
 静默模式！不显示进度条和错误显示！

-o/--output <file>
 把输入改为写入到指定文件(默认是stdout):
     curl http://{one,two}.site.com -o "file_#1.txt"
     curl http://{site,host}.host[1-5].com -o "#1_#2"

-O/--remote-name
 Write output to a local file named like the remote file we get. (Only the file part of the remote file is used, the path is cut off.)::

     curl -O http://<url>/<file>.tar.gz

-L/--location
 (HTTP/HTTPS) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX  response  code),  this  option will make curl redo the request on the new place.(php等动态语言的文件需要加L才能下载下来)

证书相关:

--cacert <CA certificate>
设定ca证书,证书必须是PEM格式,可以包含多个CA证书.
自动查找名为curl-ca-bundle.crt的文件(当前目录、curl.exe文件对应目录、PATH目录)
--capath <dir>

-k 或 --insecure 安全选项:
    不验证证书有效性
    用途： 通常用于连接到一个使用自签名证书的服务器或者测试环境

断点续传:

-C, --continue-at <offset>
-r, --range <range>
    (HTTP FTP SFTP FILE) Retrieve a byte range (i.e a partial document)
      from  a  HTTP/1.1,  FTP  or  SFTP server or a local FILE.
    Ranges can be specified in a number of ways.

警告

为啥有的时候要对url地址加入到双引号中?

实例:

% default: "text/html"
curl -i http://localhost:8080
curl -i -H "Accept: application/json" http://localhost:8080
curl -i -H "Accept: text/plain" http://localhost:8080
curl -i -H "Accept: text/css" http://localhost:8080

HTTP/2¶

nghttp -v http://localhost:8080
nghttp -v -H "accept: application/json" http://localhost:8080
nghttp -v -H "accept: text/plain" http://localhost:8080
nghttp -v -H "accept: text/css" http://localhost:8080

实例:

curl -i --data-urlencode paste@- localhost:8080
curl -i --data-urlencode paste@my_file localhost:8080
curl -i --data-urlencode paste@priv/index.html localhost:8080

查看此网站web服务器:

curl -s -I http://blog.programfan.info | grep Server

性能¶

查看网站连接的各种时间指标:

curl -L -w "time_namelookup: %{time_namelookup}
    time_connect: %{time_connect}
    time_appconnect: %{time_appconnect}
    time_pretransfer: %{time_pretransfer}
    time_redirect: %{time_redirect}
    time_starttransfer: %{time_starttransfer}
    time_total: %{time_total}
    " https://example.com/
=>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
...
</html>
time_namelookup: 0.001403
time_connect: 0.245464
time_appconnect: 0.757656
time_pretransfer: 0.757823
time_redirect: 0.000000
time_starttransfer: 0.982111
time_total: 0.982326

字段说明:

time_namelookup     从请求开始到域名解析完成的耗时
time_connect        从请求开始到 TCP 三次握手完成耗时
time_appconnect     从请求开始到 TLS 握手完成的耗时
time_pretransfer    从请求开始到向服务器发送第一个 GET/POST 请求开始之前的耗时
time_redirect       重定向时间，包括到内容传输前的重定向的 DNS 解析、TCP 连接、内容传输等时间
time_starttransfer  从请求开始到内容传输前的时间
time_total          从请求开始到完成的总耗时

业务常关注的性能指标:

域名解析耗时 = time_namelookup    域名 NS 及本地 LocalDNS 解析耗时
总耗时 = time_total

TCP 握手耗时 = time_connect - time_namelookup               建立 TCP 连接时间
SSL 耗时 = time_appconnect - time_connect TLS              握手以及加解密处理
服务器处理请求耗时 = time_starttransfer - time_pretransfer   服务器响应第一个字节到全部传输完成耗时
TTFB = time_starttransfer - time_appconnect               服务器从接收请求到开始到收到第一个字节的耗时

实例¶

断点续传:

// normal(explicitly specified start AND end)
curl -v -X GET -H "range: bytes=1-8" http://localhost:8080/bbb/test

// specified ONLY start(end will be specified at the end of file)
curl -v -X GET -H "range: bytes=10-" http://localhost:8080/bbb/test

// specified ONLY one negative value(last N bytes of file will be retrieved)
curl -v -X GET -H "range: bytes=-11" http://localhost:8080/bbb/test

// multi(specified multi ranges by using comma)
curl -v -X GET -H "range: bytes=0-8,10-" http://localhost:8080/bbb/test

// ?
curl -v -r 0-500 http://somefile -o localfile

上传json文件:

curl -v -i -X POST -H "Content-Type: application/json" \
    -H "Accept: application/json" -H "Authorization:Basic <用户名和密码的base64>=" \
    http://localhost:3000/api/dashboards/db -d@1.json

用户名和密码的base64: base64(user:passwd)
$ echo -n "user:passwd" | base64
dXNlcjpwYXNzd2Q=

$ curl -v -X POST   http://localhost:3000/api/dashboards/db  \
     -H 'Accept: application/json'   -H 'Authorization: Basic dXNlcjpwYXNzd2Q='  \
     -H 'Content-Type: application/json'   -d @abc.json

警告

注意，-X后面的POST是大写

实战¶

实例1:

$ curl -v -X POST  https://api.zhaoweiguo.com/hello -d {\"key\":"\"value\""}
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 39.105.xxx.xxx...
* TCP_NODELAY set
* Connected to api.zhaoweiguo.com (39.105.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=CN; ST=Beijing; O=Wei64 (Beijing) Limited; CN=*.zhaoweiguo.com
*  start date: Nov  5 00:00:00 2020 GMT
*  expire date: Nov 20 23:59:59 2021 GMT
*  subjectAltName: host "api.zhaoweiguo.com" matched cert's "*.zhaoweiguo.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Secure Site CA G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x563b43f57e00)
> POST /api HTTP/1.1
> Host: api.zhaoweiguo.com
> User-Agent: curl/7.52.1
> Accept: */*
> Content-Length: 358
> Content-Type: application/x-www-form-urlencoded    // 注: 默认 Content-Type
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* We are completely uploaded and fine
< HTTP/2 400
< date: Wed, 29 Sep 2021 03:31:43 GMT
< content-type: text/plain; charset=utf-8
< content-length: 25
< access-control-allow-credentials: true
< access-control-allow-origin: *
< content-security-policy: default-src https: wss: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self'
< strict-transport-security: max-age=31536000; includeSubDomains
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block