-
Notifications
You must be signed in to change notification settings - Fork 120
/
curl.go
172 lines (145 loc) · 5.01 KB
/
curl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
package peirates
import (
"fmt"
"net/url"
"strings"
)
func curl(interactive bool, logToFile bool, outputFileName string) {
println("[+] Enter a URL, including http:// or https:// - if parameters are required, you must provide them as part of the URL: ")
fullURL, err := ReadLineStripWhitespace()
if err != nil {
println("Problem with reading URL: %v", err)
pauseToHitEnter(interactive)
return
}
fullURL = strings.ToLower(fullURL)
// Make sure the URL begins with http:// or https://.
if !strings.HasPrefix(fullURL, "http://") && !strings.HasPrefix(fullURL, "https://") {
fmt.Println("This URL does not start with http:// or https://")
pauseToHitEnter(interactive)
return
}
// If the URL is https, ask more questions.
https := false
ignoreTLSErrors := false
caCertPath := ""
if strings.HasPrefix(fullURL, "https://") {
https = true
// Ask the user if they want to ignore certificate validation
println("Would you like to ignore whether the server certificate is valid (y/n)? This corresponds to curl's -k flag.")
answer, err := ReadLineStripWhitespace()
if err != nil {
println("Problem with stripping whitespace: %v", err)
}
answer = strings.ToLower(answer)
if strings.HasPrefix(answer, "y") {
ignoreTLSErrors = true
}
println("If you would like to set a custom certificate authority cert path, enter it here. Otherwise, hit enter.")
caCertPath, err = ReadLineStripWhitespace()
if err != nil {
println("Problem with stripping whitespace: %v", err)
pauseToHitEnter(interactive)
return
}
}
// Get the HTTP method
method := "--undefined--"
for (method != "GET") && (method != "POST") {
fmt.Println("[+] Enter method - only GET and POST are supported: ")
input, err := ReadLineStripWhitespace()
if err != nil {
println("Problem with stripping whitespace: %v", err)
pauseToHitEnter(interactive)
return
}
method = strings.TrimSpace(strings.ToUpper(input))
}
// Store the headers in a list
var headers []HeaderLine
inputHeader := "undefined"
fmt.Println("[+] Specify custom header lines, if desired, entering the Header name, hitting Enter, then the Header value.")
for inputHeader != "" {
// Request a header name
fmt.Println("[+] Enter a header name or a blank line if done: ")
input, err := ReadLineStripWhitespace()
if err != nil {
println("Problem with stripping whitespace: %v", err)
pauseToHitEnter(interactive)
return
}
inputHeader = strings.TrimSpace(input)
if inputHeader != "" {
// Remove trailing : if present
inputHeader = strings.TrimSuffix(inputHeader, ":")
// Request a header rhs (value)
fmt.Println("[+] Enter a value for " + inputHeader + ":")
input, err = ReadLineStripWhitespace()
if err != nil {
println("Problem with stripping whitespace: %v", err)
pauseToHitEnter(interactive)
return
}
// Add the header value to the list
var header HeaderLine
header.LHS = inputHeader
header.RHS = input
headers = append(headers, header)
}
}
inputParameter := "--undefined--"
// Store the parameters in a map
params := map[string]string{}
fmt.Printf("[+] Now enter parameters which will be placed into the query string or request body.\n\n")
fmt.Printf(" If you set a Content-Type manually to something besides application/x-www-form-urlencoded, use the parameter name as the complete key=value pair and leave the value blank.\n\n")
for inputParameter != "" {
// Request a parameter name
fmt.Println("[+] Enter a parameter or a blank line to finish entering parameters: ")
inputParameter, err = ReadLineStripWhitespace()
if err != nil {
println("Problem with stripping whitespace: %v", err)
pauseToHitEnter(interactive)
return
}
if inputParameter != "" {
// Request a parameter value
fmt.Println("[+] Enter a value for " + inputParameter + ": ")
input, err := ReadLineStripWhitespace()
if err != nil {
println("Problem with stripping whitespace: %v", err)
pauseToHitEnter(interactive)
return
}
// Add the parameter pair to the list
params[inputParameter] = url.QueryEscape(input)
}
}
var paramLocation string
if len(params) > 0 {
for (paramLocation != "url") && (paramLocation != "body") {
fmt.Println("\nWould you like to place parameters in the URL (like in a GET query) or in the body (like in a POST)\nurl or body: ")
paramLocation, err = ReadLineStripWhitespace()
if err != nil {
println("Problem with stripping whitespace: %v", err)
pauseToHitEnter(interactive)
return
}
paramLocation = strings.ToLower(paramLocation)
}
}
// Make the request and get the response.
request, err := createHTTPrequest(method, fullURL, headers, paramLocation, params)
if err != nil {
println("Could not create request.")
pauseToHitEnter(interactive)
return
}
responseBody, err := DoHTTPRequestAndGetBody(request, https, ignoreTLSErrors, caCertPath)
if err != nil {
println("Request failed.")
pauseToHitEnter(interactive)
return
}
outputToUser(string(responseBody), logToFile, outputFileName)
pauseToHitEnter(interactive)
}