cURL Authentication with Escape¶
Description¶
The cURL authentication preset is designed for dynamic token generation and reuse:
- cURL Command Parsing: Parses a cURL command and executes it in a secure sandboxed cURL simulator.
- Dynamic Token Extraction: Extracts the authentication token from the cURL command's HTTP response.
- Token Re-injection: Reinjects the extracted token into subsequent authenticated requests.
This preset is particularly useful for scenarios where authentication tokens are dynamically generated and need to be efficiently extracted and reused in ongoing requests.
The simulator supports a subset of arguments commonly used in cURL: - url: The URL for the HTTP request. - -X, --request: Specify a custom request method to use when communicating with the HTTP server. - -H, --header: Add a header to the request (can be used multiple times for multiple headers). - -b, --cookie: Add a cookie to the request (can be used multiple times for multiple cookies). - -d, --data, --data-ascii, --data-binary, --data-raw: Sends the specified data in a POST request. - -u, --user: Specify the user and password for server authentication. - -A, --user-agent: Sets the user agent string for the HTTP request. - -x, --proxy: Use the specified proxy. - -k, --insecure: Allow connections to SSL sites without certificates. - -L, --location: Follow redirects (the maximum number of redirects is defined by --max-redirs). - --max-redirs: Set the maximum number of redirections to follow for -L.
Note: The simulator does not support all cURL arguments. Adding unsupported arguments may result in an error.
Examples¶
presets:
- type: curl
injections:
- key: Authorization
location: header
prefix: Bearer
variable: token
extractions:
- name: token
key: Authorization
location: header
users:
- username: user1
curl: curl -X POST https://api.example.com/auth -d "username=user1&password=pass1"
presets:
- type: curl
injections:
- key: session_id
location: cookie
variable: sessionId
extractions:
- name: sessionId
key: Set-Cookie
location: header
regex: session_id=(\S+);
users:
- username: user2
curl: curl -X POST https://api.example.com/login -d "username=user2&password=pass2"
Extensive Configuration¶
| Property | Type | Required | Description |
|---|---|---|---|
| type | Const[curl] | True | |
| users | cURLUserPreset | True | The list of users to generate tokens for. |
| extractions | TokenExtraction | True | The token extraction configuration used to extract the tokens from the HTTP response. |
| injections | TokenInjection | True | The injection configuration used to inject the tokens into the HTTP requests. |
Objects¶
cURLUserPreset¶
| Property | Type | Required | Description |
|---|---|---|---|
| username | string | True | The arbitrary name that identifies the user. |
| headers | Dict[string, string] | False | Optional headers injected during the authentication process and in authentified requests. |
| cookies | Dict[string, string] | False | Optional cookies injected during the authentication process and in authentified requests. |
| curl | string | True | The curl command that is used to fetch the tokens for this user. |
TokenExtraction¶
| Property | Type | Required | Description |
|---|---|---|---|
| location | HTTPLocation | True | The location of the HTTP request where the value should be extracted |
| key | string | True | The key to use for the extracted value, depending on the location |
| regex | string | False | The regex to use to extract the token from the key value. By default the entire value is taken. |
| name | string | True | The name of the variable to store the extracted value into |
TokenInjection¶
| Property | Type | Required | Description |
|---|---|---|---|
| location | HTTPLocation | True | The location of the HTTP request where the token should be injected |
| key | string | True | The key to use for the injected token. Its usage depends on the location. For headers, cookies,and query parameters, this key describes the name of the header, cookie or query parameter. For a body location, the key is the field where the token should be injected within the request bodies |
| prefix | string | False | A prefix to prepend to the token before it is injected |
| variable | string | True | The name of a variable to retrieve to create the token's value. If not provided, the token will be infered as the first successful extraction of the procedure |
Enums¶
HTTPLocation¶
-
header -
cookie -
body -
query