Question: Question:
I want to test a web app, but I don't know how to post a character such as "\ xff" as a parameter.
Is there such a way?
Answer: Answer:
How about specifying a file that stores a parameter string containing invalid bytes as data?
$ echo -e 'str=\xff' > invalid_bytes.txt
$ hexdump -C invalid_bytes.txt
00000000 73 74 72 3d ff 0a |str=..|
00000006
$ curl -d @invalid_bytes.txt http://httpbin.org/post
{
"args": {},
"data": "",
"files": {},
"form": {
"str": "\ufffd"
},
"headers": {
"Accept": "*/*",
"Connection": "close",
"Content-Length": "6",
"Content-Type": "application/x-www-form-urlencoded",
"Host": "httpbin.org",
"User-Agent": "curl/7.52.1"
},
"json": null,
"origin": "xxx.xxx.xxx.xxx",
"url": "http://httpbin.org/post"
}
It's a bit annoying, but you can also pipe the echo results.
$ echo -e 'str=\xff' | curl -d @- http://httpbin.org/post
It's almost the same, but you can also use command substitution.
$ curl -d "$(echo -e 'str=\xff')" http://httpbin.org/post
You can also save it to a variable in the shell instead of saving it to a file.
$ DATA=$(echo -e '\xff') curl -d "str=${DATA}" http://httpbin.org/post
* Please note that if you try to send a null character (\ x00), it will be treated as the end of the character string depending on the method and you will not be able to send it properly. (You can see the difference by running the string as abc\x00abc etc.)
reference
- Description of the
-d/--dataoption inman curl - About the URL of the request destination: HTTP Test server that accepts GET / Post calls –Stack Overflow
- Passing binary data to curl without using a @file –Unix & Linux