Chinaunix首页 | 论坛 | 博客
  • 博客访问: 482289
  • 博文数量: 135
  • 博客积分: 1860
  • 博客等级: 上尉
  • 技术积分: 1441
  • 用 户 组: 普通用户
  • 注册时间: 2008-01-05 20:39
文章分类
文章存档

2012年(2)

2011年(130)

2009年(2)

2008年(1)

我的朋友

分类:

2011-08-11 17:06:28

 

curl

2010年4月26日

10:15

  1. Q: Can curl display protocol header such as http header when fetch a url?

A: it will NOT display protocol header by default. -I(cap i) option display only the header, -i(low) will display both header and body of the page.

 

  1. Q: can curl display the command it had sent to servers?

A: YES, -v(low) option will do that.

Begin with `>' is the line sent to server

Begin with '<' is received lines from server

Begin with '*' is the lines curl preparing

A sample:

 [WCG-7.5.0-1291 @~]#crul -i -v

-bash: crul: command not found

[WCG-7.5.0-1291 @~]#curl -i -v

* About to connect() to port 80

*   Trying 220.181.6.175... connected

* Connected to (220.181.6.175) port 80

> GET / HTTP/1.1

> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

> Host:

> Accept: */*

>

< HTTP/1.1 200 OK

HTTP/1.1 200 OK

< Date: Mon, 26 Apr 2010 02:19:56 GMT

Date: Mon, 26 Apr 2010 02:19:56 GMT

< Server: BWS/1.0

Server: BWS/1.0

< Content-Length: 3521

Content-Length: 3521

< Content-Type: text/html;charset=gb2312

Content-Type: text/html;charset=gb2312

< Cache-Control: private

Cache-Control: private

< Expires: Mon, 26 Apr 2010 02:19:56 GMT

Expires: Mon, 26 Apr 2010 02:19:56 GMT

< Set-Cookie: BAIDUID=492C444D7BC8FF1D51FDAB50D49CB844:FG=1; expires=Mon, 26-Apr-40 02:19:56 GMT; path=/; domain=.baidu.com

Set-Cookie: BAIDUID=492C444D7BC8FF1D51FDAB50D49CB844:FG=1; expires=Mon, 26-Apr-40 02:19:56 GMT; path=/; domain=.baidu.com

< P3P: CP=" OTI DSP COR IVA OUR IND COM "

P3P: CP=" OTI DSP COR IVA OUR IND COM "

 

 

curl是一个利用URL语法在命令行方式下工作的文件传输工具。它支持很多协议:FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE 以及 LDAP。curl同样支持HTTPS认证,HTTP POST方法, HTTP PUT方法, FTP上传, kerberos认证, HTTP上传, 代理服务器, cookies, 用户名/密码认证, 下载文件断点续传, 上载文件断点续传, http代理服务器管道( proxy tunneling), 甚至它还支持IPv6, socks5代理服务器, 通过http代理服务器上传文件到FTP服务器等等,功能十分强大。Windows操作系统下的网络蚂蚁,网际快车(FlashGet)的功能它都可以做到。准确的说,curl支持文件的上传和下载,所以是一个综合传输工具,但是按照传统,用户习惯称curl为下载工具。

curl是瑞典curl组织开发的,您可以访问http://curl.haxx.se/获取它的源代码和相关说明。鉴于curl在Linux上的广泛使用,IBM在AIX Linux Toolbox的光盘中包含了这个软件,并且您可以访问IBM网站下载它。curl的最新版本是7.10.8,IBM网站上提供的版本为7.9.3。在AIX下的安装很简单,IBM网站上下载的rpm格式的包。

http://curl.haxx.se/docs/,您可以下载到UNIX格式的man帮助,里面有详细的curl工具的使用说明。curl的用法为:curl [options] [URL...] 其中options是下载需要的参数,大约有80多个,curl的各个功能完全是依靠这些参数完成的。具体参数的使用,用户可以参考curl的man帮助。

下面,本文就将结合具体的例子来说明怎样利用curl进行下载。

1、获得一张页面

使用命令:curl http://curl.haxx.se

这是最简单的使用方法。用这个命令获得了http://curl.haxx.se指向的页面,同样,如果这里的URL指向的是一个文件或者一幅图都可以直接下载到本地。如果下载的是HTML文档,那么缺省的将不显示文件头部,即HTML文档的header。要全部显示,请加参数 -i,要只显示头部,用参数 -I。任何时候,可以使用 -v 命令看curl是怎样工作的,它向服务器发送的所有命令都会显示出来。为了断点续传,可以使用-r参数来指定传输范围。

2、表单(Form)的获取

在WEB页面设计中,form是很重要的元素。Form通常用来收集并向网站提交信息。提交信息的方法有两种,GET方法和POST方法。先讨论GET方法,例如在页面中有这样一段:

那么浏览器上会出现一个文本框和一个标为“OK”的按钮。按下这个按钮,表单就用GET方法向服务器提交文本框的数据。例如原始页面是在,然后您在文本框中输入1905,然后按OK按钮,那么浏览器的URL现在应该是:“”

对于这种网页,curl可以直接处理,例如想获取上面的网页,只要输入:

curl ""

就可以了。

表单用来提交信息的第二种方法叫做POST方法,POST方法和GET方法的区别在于GET方法使用的时候,浏览器中会产生目标URL,而POST不会。类似GET,这里有一个网页:

浏览器上也会出现一个文本框和一个标为“OK”的按钮。按下这个按钮,表单用POST方法向服务器提交数据。这时的URL是看不到的,因此需要使用特殊的方法来抓取这个页面:

curl -d "birthyear=1905&press=OK"

这个命令就可以做到。

1995年年末,RFC 1867定义了一种新的POST方法,用来上传文件。主要用于把本地文件上传到服务器。此时页面是这样写的:

对于这种页面,curl的用法不同:

curl -F upload=@localfilename -F press=OK [URL]

这个命令的实质是将本地的文件用POST上传到服务器。有关POST还有不少用法,用户可以自己摸索。

3、使用PUT方法。

HTTP协议文件上传的标准方法是使用PUT,此时curl命令使用-T参数:

curl -T uploadfile

4、有关认证。

curl可以处理各种情况的认证页面,例如下载用户名/密码认证方式的页面(在IE中通常是出现一个输入用户名和密码的输入框):

curl -u name:password

如果网络是通过http代理服务器出去的,而代理服务器需要用户名和密码,那么输入:

curl -U proxyuser:proxypassword http://curl.haxx.se

任何需要输入用户名和密码的时候,只在参数中指定用户名而空着密码,curl可以交互式的让用户输入密码。

5、引用。

有些网络资源访问的时候必须经过另外一个网络地址跳转过去,这用术语来说是:referer,引用。对于这种地址的资源,curl也可以下载:

curl -e http://curl.haxx.se daniel.haxx.se

6、指定用户客户端。

有些网络资源首先需要判断用户使用的是什么浏览器,符合标准了才能够下载或者浏览。此时curl可以把自己“伪装”成任何其他浏览器:

curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" [URL]

这个指令表示curl伪装成了IE5.0,用户平台是Windows 2000。(对方服务器是根据这个字串来判断客户端的类型的,所以即使使用AIX也无所谓)。使用:

curl -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL]

此时curl变成了Netscape,运行在PIII平台的Linux上了。

7、COOKIES

Cookie是服务器经常使用的一种记忆客户信息的方法。如果cookie被记录在了文件中,那么使用命令:

curl -b stored_cookies_in_file

curl可以根据旧的cookie写出新cookie并发送到网站:

curl -b cookies.txt -c newcookies.txt

8、加密的HTTP——HTTPS。

如果是通过OpenSSL加密的https协议传输的网页,curl可以直接访问:

curl https://that.secure.server.com

7.1 默认时curl将校验服务器证书的有效性,如果发现证书无效(不是公开的CA签发,cn不匹配,过期等),curl将中断连接

[WCG-7.5.0-1291 @~]#curl -v

* About to connect() to 10.230.21.102 port 8081

*   Trying 10.230.21.102... connected

* Connected to 10.230.21.102 (10.230.21.102) port 8081

* successfully set certificate verify locations:

*   CAfile: /etc/pki/tls/certs/ca-bundle.crt

  CApath: none

* SSLv2, Client hello (1):

SSLv3, TLS handshake, Server hello (2):

SSLv3, TLS handshake, CERT (11):

SSLv3, TLS alert, Server hello (2):

SSL certificate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

* Closing connection #0

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

More details here: http://curl.haxx.se/docs/sslcerts.html

 

curl performs SSL certificate verification by default, using a "bundle"

 of Certificate Authority (CA) public keys (CA certs). The default

 bundle is named curl-ca-bundle.crt; you can specify an alternate file

 using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

 the bundle, the certificate verification probably failed due to a

 problem with the certificate (it might be expired, or the name might

 not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use

 the -k (or --insecure) option.

 

7.2  If you'd like to turn off curl's verification of the certificate, use

 the -k (or --insecure) option.

[WCG-7.5.0-1291 @~]#curl -v -k

* About to connect() to 10.230.21.102 port 8081

*   Trying 10.230.21.102... connected

* Connected to 10.230.21.102 (10.230.21.102) port 8081

* successfully set certificate verify locations:

*   CAfile: /etc/pki/tls/certs/ca-bundle.crt

  CApath: none

* SSLv2, Client hello (1):

SSLv3, TLS handshake, Server hello (2):

SSLv3, TLS handshake, CERT (11):

SSLv3, TLS handshake, Server finished (14):

SSLv3, TLS handshake, Client key exchange (16):

SSLv3, TLS change cipher, Client hello (1):

SSLv3, TLS handshake, Finished (20):

SSLv3, TLS change cipher, Client hello (1):

SSLv3, TLS handshake, Finished (20):

SSL connection using DES-CBC3-SHA

* Server certificate:

*        subject: /C=US/ST=California/L=San Diego/OU=Websense Engineering/O=Websense, Inc./CN=10.230.21.101

*        start date: 2010-04-13 15:28:05 GMT

*        expire date: 2020-04-10 15:28:05 GMT

*        common name: 10.230.21.101 (does not match '10.230.21.102')

*        issuer: /C=US/ST=California/L=San Diego/OU=Websense Engineering/O=Websense, Inc./CN=10.230.21.101

* SSL certificate verify result: self signed certificate (18), continuing anyway.

> GET / HTTP/1.1

> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

> Host: 10.230.21.102:8081

> Accept: */*

>

< HTTP/1.0 200 OK

< Server: Content Gateway Manager 7.5.0

< Date: Mon, 26 Apr 2010 10:36:44 GMT

< Cache-Control: no-store

< Pragma: no-cache

< Content-type: text/html

< Content-length: 1612

 

7.3  option '--cacert ':

  1. (HTTPS)  Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format.
  2. curl recognizes the environment variable named ’CURL_CA_BUNDLE’ if that is set, and uses the given path as a path to a  CA  cert bundle. This option overrides that variable.

 --capath

  1. (HTTPS) Tells curl to use the specified certificate directory to verify the peer. The certificates must be in  PEM  format,  and the  directory  must have been processed using the c_rehash utility supplied with openssl. Using --capath can allow curl to make https connections much more efficiently than using --cacert if the --cacert file contains many CA certificates.

 

[WCG-7.5.0-1291 @~]#curl -v --cacert /opt/WCG/sxsuite/conf/CA_default/PCA/PCAcert.pem -k

* About to connect() to 10.230.21.102 port 8081

*   Trying 10.230.21.102... connected

* Connected to 10.230.21.102 (10.230.21.102) port 8081

* successfully set certificate verify locations:

*   CAfile: /opt/WCG/sxsuite/conf/CA_default/PCA/PCAcert.pem

  CApath: none

* SSLv2, Client hello (1):

SSLv3, TLS handshake, Server hello (2):

SSLv3, TLS handshake, CERT (11):

SSLv3, TLS handshake, Server finished (14):

SSLv3, TLS handshake, Client key exchange (16):

SSLv3, TLS change cipher, Client hello (1):

SSLv3, TLS handshake, Finished (20):

SSLv3, TLS change cipher, Client hello (1):

SSLv3, TLS handshake, Finished (20):

SSL connection using DES-CBC3-SHA

* Server certificate:

*        subject: /C=US/ST=California/L=San Diego/OU=Websense Engineering/O=Websense, Inc./CN=10.230.21.101

*        start date: 2010-04-13 15:28:05 GMT

*        expire date: 2020-04-10 15:28:05 GMT

*        common name: 10.230.21.101 (does not match '10.230.21.102')

*        issuer: /C=US/ST=California/L=San Diego/OU=Websense Engineering/O=Websense, Inc./CN=10.230.21.101

* SSL certificate verify ok.

> GET / HTTP/1.1

> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

> Host: 10.230.21.102:8081

> Accept: */*

>

< HTTP/1.0 200 OK

< Server: Content Gateway Manager 7.5.0

< Date: Mon, 26 Apr 2010 11:05:52 GMT

< Cache-Control: no-store

< Pragma: no-cache

< Content-type: text/html

< Content-length: 1612

 

……………………...

* Closing connection #0

* SSLv3, TLS alert, Client hello (1):

 

7.3 Client cert require.

 

 -E/--cert

(HTTPS)  Tells curl to use the specified certificate file when getting a file with HTTPS. The certificate must be in PEM format.

If the optional password isn’t specified, it will be queried for on the terminal. Note that this certificate is the private  key and the private certificate concatenated!

 

Sample curl -E mycert.pem https://that.secure.server.com

 

 

9、http认证。

如果是采用证书认证的http地址,证书在本地,那么curl这样使用:

curl -E mycert.pem https://that.secure.server.com

参考读物和注意事项:curl非常博大,用户要想使用好这个工具,除了详细学习参数之外,还需要深刻理解http的各种协议与URL的各个语法。这里推荐几个读物:

RFC 2616 HTTP协议语法的定义。

RFC 2396 URL语法的定义。

RFC 2109 Cookie是怎样工作的。

RFC 1867 HTTP如何POST,以及POST的格式。

curl是免费软件,IBM公司对curl不提供技术支持。

 

Pasted from <>

阅读(2690) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~