curl 你不知道的那些操作
【摘要】 写在前面博文内容为 curl 使用技巧简单整理理解不足小伙伴帮忙指正 对每个人而言,真正的职责只有一个:找到自我。然后在心中坚守其一生,全心全意,永不停息。所有其它的路都是不完整的,是人的逃避方式,是对大众理想的懦弱回归,是随波逐流,是对内心的恐惧 ——赫尔曼·黑塞《德米安》 curlcurl是用于从服务器传输数据或将数据传输到服务器的工具。它支持以下协议:DICT,FILE,FTP,FT...
写在前面
- 博文内容为 curl 使用技巧简单整理
- 理解不足小伙伴帮忙指正
对每个人而言,真正的职责只有一个:找到自我。然后在心中坚守其一生,全心全意,永不停息。所有其它的路都是不完整的,是人的逃避方式,是对大众理想的懦弱回归,是随波逐流,是对内心的恐惧 ——赫尔曼·黑塞《德米安》
curl
curl是用于从服务器传输数据或将数据传输到服务器的工具。它支持以下协议:DICT,FILE,FTP,FTPS,GOPHER,GOPHERS,HTTP,HTTPS,IMAP,IMAPS,LDAP,LDAPS,MQTT,POP3,POP3S,RTMP,RTMPS,RTSP,SCP,SFTP,SMB,SMBS,SMTP,SMTPS,TELNET,TFTP,WS和WSS。它由 libcurl 提供支持,适用于所有与传输相关的功能
一、性能分析:深度指标监控
- 全链路耗时分析
-w模板, 传输速度统计:
┌──[root@liruilongs.github.io]-[~]
└─$curl -w "下载速度: %{speed_download} B/s\n上传速度: %{speed_upload} B/s\n" -o /dev/null -s https://example.com
下载速度: 1428 B/s
上传速度: 0 B/s
┌──[root@liruilongs.github.io]-[~]
└─$
- 限速测试 用
--limit-rate模拟弱网环境(限制 50KB/s):
┌──[root@liruilongs.github.io]-[~]
└─$curl --limit-rate 50K -O http://example.com/bigfile.iso
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1256 100 1256 0 0 1604 0 --:--:-- --:--:-- --:--:-- 1604
- 访问网站指标获取 , -w 模版
200 的情况
┌──[liruilong@liruilongs.github.io]-[~]
└─$curl -w "总时间: %{time_total}s\n名称解析时间: %{time_namelookup}s\n连接时间: %{time_connect}s\nTLS握手时间: %{time_appconnect}s\n等待时间: %{time_starttransfer}s\n数据传输时间: %{time_total}s\nHTTP状态码: %{http_code}\n" -o /dev/null -s baidu.com -k
总时间: 0.050962s
名称解析时间: 0.003813s
连接时间: 0.022080s
TLS握手时间: 0.000000s
等待时间: 0.050661s
数据传输时间: 0.050962s
HTTP状态码: 200
500 的情况
┌──[liruilong@liruilongs.github.io]-[~]
└─$curl -w "总时间: %{time_total}s\n名称解析时间: %{time_namelookup}s\n连接时间: %{time_connect}s\nTLS握手时间: %{time_appconnect}s\n等待时间: %{time_starttransfer}s\n数据传输时间: %{time_total}s\nHTTP状态码: %{http_code}\n" -o /dev/null -s https://liruilong.blog.csdn.net/ -k
总时间: 0.257467s
名称解析时间: 0.044719s
连接时间: 0.084697s
TLS握手时间: 0.175856s
等待时间: 0.257414s
数据传输时间: 0.257467s
HTTP状态码: 521
┌──[liruilong@liruilongs.github.io]-[~]
└─$
二、协议魔改:突破常规请求方式
- 模拟浏览器访问 :通过
-H自定义 User-Agent 伪装成 Chrome:
┌──[root@liruilongs.github.io]-[~]
└─$curl -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/91.0.4472.124" https://example.com
<!doctype html>
<html>
<head>
<title>Example Domain</title>
<meta charset="utf-8" />
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style type="text/css">
...........
}
}
</style>
</head>
<body>
<div>
<h1>Example Domain</h1>
<p>This domain is for use in illustrative examples in documents. You may use this
domain in literature without prior coordination or asking for permission.</p>
<p><a href="https://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>
┌──[root@liruilongs.github.io]-[~]
└─$
- 绕过 DNS 直接指定 IP :用
--resolve强制解析域名到指定 IP(适用于测试 CDN 节点):
┌──[root@liruilongs.github.io]-[~]
└─$curl https://example.com --resolve example.com:443:23.215.0.136
<!doctype html>
<html>
<head>
<title>Example Domain</title>
- Telnet 协议探测端口 :端口连通性测试,
通的情况
┌──[root@vms100.liruilongs.github.io]-[~]
└─$timeout 3 curl -vvv telnet://192.168.26.55:55555
* About to connect() to 192.168.26.55 port 55555 (#0)
* Trying 192.168.26.55...
* Connected to 192.168.26.55 (192.168.26.55) port 55555 (#0)
不通的情况
┌──[root@vms100.liruilongs.github.io]-[~]
└─$timeout 3 curl -vvv telnet://192.168.26.55:443
* About to connect() to 192.168.26.55 port 443 (#0)
* Trying 192.168.26.55...
* 拒绝连接
* Failed connect to 192.168.26.55:443; 拒绝连接
* Closing connection 0
curl: (7) Failed connect to 192.168.26.55:443; 拒绝连接
┌──[root@vms100.liruilongs.github.io]-[~]
└─$
三、调试黑科技:逆向工程师最爱
- 显示完整通信过程
-v输出详细通信日志(含 SSL 握手):
┌──[root@liruilongs.github.io]-[~]
└─$curl -v --tlsv1.2 https://example.com
* Trying 96.7.128.198:443...
* Connected to example.com (96.7.128.198) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=Los Angeles; O=Internet Corporation for Assigned Names and Numbers; CN=*.example.com
* start date: Jan 15 00:00:00 2025 GMT
* expire date: Jan 15 23:59:59 2026 GMT
* subjectAltName: host "example.com" matched cert's "example.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5652e145a9b0)
> GET / HTTP/2
> Host: example.com
> user-agent: curl/7.79.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 200
< content-type: text/html
< etag: "84238dfc8092e5d9c0dac8ef93371a07:1736799080.121134"
< last-modified: Mon, 13 Jan 2025 20:11:20 GMT
< cache-control: max-age=1907
< date: Tue, 25 Mar 2025 17:35:20 GMT
< alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
< content-length: 1256
<
<!doctype html>
<html>
<head>
<title>Example Domain</title>
- 强制忽略 SSL 证书验证 :
-k绕过 HTTPS 证书检查(测试环境专用):
┌──[root@liruilongs.github.io]-[~]
└─$curl -k https://example.com
<!doctype html>
<html>
<head>
<title>Example Domain</title>
- 原始报文捕获 :用
--trace-ascii输出二进制通信记录:
┌──[root@liruilongs.github.io]-[~]
└─$curl --trace-ascii debug.log https://example.com
<!doctype html>
<html>
<head>
<title>Example Domain</title>
··........
┌──[root@liruilongs.github.io]-[~]
└─$cat debug.log
== Info: Trying 96.7.128.175:443...
== Info: Connected to example.com (96.7.128.175) port 443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info: successfully set certificate verify locations:
== Info: CAfile: /etc/pki/tls/certs/ca-bundle.crt
== Info: CApath: none
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: ..............0%i[S.......N<.H.d.u.... e.k..M77....0_|.(...&..*
0040: ........>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........example.com........................3t.......
00c0: ..h2.http/1.1.........1.....0...................................
0100: ..............+............-.....3.&.$... ....7>....G..Q~..=Y...
0140: ...M.o.Q.f......................................................
0180: ................................................................
01c0: ................................................................
<= Recv SSL data, 5 bytes (0x5)
0000: ....z
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 122 bytes (0x7a)
0000: ...v..;Wi.k...<.k........y............ e.k..M77....0_|.(...&..*
0040: .............+.....3.$... ..}@.Ed.........Bt.J8......|...}
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
<= Recv SSL data, 29 bytes (0x1d)
0000: ...........................h2
<= Recv SSL data, 5 bytes (0x5)
0000: ....?
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 2350 bytes (0x92e)
0000: ...*...&...0...0..!............h...z@O....0...*.H.=...0Y1.0...U.
0040: ...US1.0...U....DigiCert Inc1301..U...*DigiCert Global G3 TLS EC
0080: C SHA384 2020 CA10...250115000000Z..260115235959Z0..1.0...U....U
00c0: S1.0...U....California1.0...U....Los Angeles1<0:..U...3Internet
0100: Corporation for Assigned Names and Numbers1.0...U....*.example.c
0140: om0Y0...*.H.=....*.H.=....B...H..-al..j...8.......W.......W...<^
0180: ...(7.$... qt...N....;..fs.......0...0...U.#..0....#..k..7].m!9v
01c0: ..g...0...U........j2........m..Y..r.0%..U....0...*.example.com.
0200: .example.com0>..U. .70503..g.....0)0'..+.........http://www.digi
0240: cert.com/CPS0...U...........0...U.%..0...+.........+.......0....
0280: U.....0..0H.F.D.Bhttp://crl3.digicert.com/DigiCertGlobalG3TLSECC
四、请求定制:高级数据处理技巧
- 发送 JSON 数据并压缩 结合
--compressed启用压缩传输:
curl -X POST -H "Content-Type: application/json" --data '{"key":"value"}' --compressed https://api.example.com
- 多文件上传 使用
-F批量上传文件(支持通配符):
curl -F "files=@/path/to/images/*.png" https://upload.example.com
- 断点续传
-C -自动续传未完成下载:
curl -C - -O http://example.com/largefile.zip
五、协议全家桶:非 HTTP 玩法
- FTP 文件操作 :上传/下载文件到 FTP 服务器:
curl -u user:pass -T localfile.txt ftp://ftp.example.com/remote/
curl -O ftp://user:pass@ftp.example.com/remote/file.zip
- 发送 SMTP 邮件 :通过 curl 直接发送邮件:
curl --mail-from sender@example.com --mail-rcpt receiver@example.com --upload-file email.txt smtp://smtp.example.com
博文部分内容参考
© 文中涉及参考链接内容版权归原作者所有,如有侵权请告知,这是一个开源项目,如果你认可它,不要吝啬星星哦 :)
© 2018-至今 , All rights reserved. 保持署名-非商用-相同方式共享(CC BY-NC-SA 4.0)
【声明】本内容来自华为云开发者社区博主,不代表华为云及华为云开发者社区的观点和立场。转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息,否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)