diff options
-rw-r--r-- | docs/TheArtOfHttpScripting | 45 |
1 files changed, 23 insertions, 22 deletions
diff --git a/docs/TheArtOfHttpScripting b/docs/TheArtOfHttpScripting index 60386e3d8..f79604ef5 100644 --- a/docs/TheArtOfHttpScripting +++ b/docs/TheArtOfHttpScripting @@ -1,6 +1,6 @@ Author: Daniel Stenberg <daniel@haxx.se> -Date: August 7, 2000 -Version: 0.2 +Date: September 15, 2000 +Version: 0.3 The Art Of Scripting HTTP Requests Using Curl ============================================= @@ -31,7 +31,7 @@ Version: 0.2 1. The HTTP Protocol HTTP is the protocol used to fetch data from web servers. It is a very simple - protocol that is built upon TCP/IP. The protocol also allow information to + protocol that is built upon TCP/IP. The protocol also allows information to get sent to the server from the client using a few different methods, as will be shown here. @@ -130,12 +130,12 @@ Version: 0.2 curl -d "birthyear=1905&press=OK" www.hotmail.com/when/junk.cgi This kind of POST will use the Content-Type - application/x-www-form-urlencoded and is the most widly used POST kind. + application/x-www-form-urlencoded and is the most widely used POST kind. 4.3 FILE UPLOAD POST - Back in late 1995 they defined a new to post data over HTTP. It was - documented in the RFC 1867, why this method sometimes are refered to as + Back in late 1995 they defined a new way to post data over HTTP. It was + documented in the RFC 1867, why this method sometimes is refered to as a rfc1867-posting. This method is mainly designed to better support file uploads. A form that @@ -165,7 +165,7 @@ Version: 0.2 <form method="POST" action="foobar.cgi"> <input type=text name="birthyear"> - <input type=text name="person" value="daniel"> + <input type=hidden name="person" value="daniel"> <input type=submit name="press" value="OK"> </form> @@ -209,17 +209,18 @@ Version: 0.2 Do note that when a program is run, its parameters are possible to see when listing the running processes of the system. Thus, other users may be able to - watch your passwords if you pass them as plain command line options. + watch your passwords if you pass them as plain command line options. There + are ways to circumvent this. 7. REFERER - A HTTP request has the ability to feature a 'referer' field, which can be - used to tell which URL that causes the client to get this particular - resource. Some programs/scripts check the referer field of requests to verify - that this wasn't arriving from an external site or unknown page. While this - is a stupid way to check something so easily forged, many scripts still do - it. Using curl, you can put anything you want in the referer-field and thus - more easily being able to fool the server into serving your request. + A HTTP request may include a 'referer' field, which can be used to tell from + which URL the client got to this particular resource. Some programs/scripts + check the referer field of requests to verify that this wasn't arriving from + an external site or an unknown page. While this is a stupid way to check + something so easily forged, many scripts still do it. Using curl, you can put + anything you want in the referer-field and thus more easily be able to fool + the server into serving your request. Use curl to set the referer field with: @@ -278,10 +279,10 @@ Version: 0.2 specified in a received cookie, the client sends back the cookies and their contents to the server, unless of course they are expired. - Many applications and server use this method to connect a series of request + Many applications and servers use this method to connect a series of requests into a single logical session. To be able to use curl in such occations, we - must be able to record and send back cookies in the way that the web - application expects them. The same way browsers deal with them. + must be able to record and send back cookies the way the web application + expects them. The same way browsers deal with them. The simplest way to send a few cookies to the server when getting a page with curl is to add them on the command line like: @@ -307,15 +308,15 @@ Version: 0.2 There are a few ways to do secure HTTP transfers. The by far most common protocol for doing this is what is generally known as HTTPS, HTTP over - SSL. SSL encrypts all the data that is send and received over the network and + SSL. SSL encrypts all the data that is sent and received over the network and thus makes it harder for attackers to spy on sensitive information. SSL (or TLS as the latest version of the standard is called) offers a truckload of advanced features to allow all those encryptions and key - infrastructure mechanisms ecnrypted HTTP requires. + infrastructure mechanisms encrypted HTTP requires. - Curl supports enscrypted fetches thanks to the freely available OpenSSL - libraries. To get a pafe from a https server, simply run curl like: + Curl supports encrypted fetches thanks to the freely available OpenSSL + libraries. To get a page from a HTTPS server, simply run curl like: curl https://that.secure.server.com |