php cURL CURLOPT_VERBOSE not showing payload

Question

While the below output from curl provides useful header information, it does not provide the payload information. For example, I would want to see {"jason_index","json_value"} in the debug information provided.

1.) Is it possible to display the payload inline with verbose mode?

2.) What is the best way to view the sent payload that is handled by cURL?

* About to connect() to domain.com port 443 (#0)
*   Trying IP... * connected
* Connected to domain.com (IP) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/share/curl/curl-ca-bundle.crt
  CApath: none
* SSL connection using RC4-SHA
* Server certificate:
*    subject: /serialNumber=SN/C=CA/ST=Ontario/L=Ottawa/O=ORG Inc./CN=*.domain.com
*    start date: 2010-05-10 22:23:08 GMT
*    expire date: 2015-08-12 19:17:14 GMT
*    subjectAltName: alt.domain.com matched
*    issuer: /C=US/O=Equifax/OU=CA
* SSL certificate verify ok.
* Server auth using Basic with user 'userid'
> POST request_uri.json HTTP/1.1
Authorization: Basic auth_string=
User-Agent: UA
Host: alt.domain.com
Accept: */*
Content-Type: application/json; charset=utf-8
Content-Length: 85

< HTTP/1.1 422 Unprocessable Entity
< Server: ServerName
< Date: Thu, 21 Mar 2013 20:08:56 GMT
< Content-Type: application/json; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Status: 422 Unprocessable Entity
< 
* Connection #0 to host alt.domain.com left intact
* Closing connection #0

Example of cURL statement

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_STDERR, fopen(dirname(__FILE__) . "/headers.txt", "w+"));
$result = curl_exec($ch);

If you want to log the `$data` you're posting: **short answer** verbose output is on or off so you'll have to write a custom logging function that grabs the STDERR data and your payload data and writes it to a log in the format you desire. — Mark Fox, Mar 06 '14 at 23:20
This answer has an approach to handling STDERR data: http://stackoverflow.com/questions/9550319/bad-request-connecting-to-sites-via-curl-on-host-and-system/9571305#9571305 for info on — Mark Fox, Mar 06 '14 at 23:24

lechup · Accepted Answer · 2013-08-12T19:52:21.523

1

I've recently came across this problem, and only way I manage to see what is going on is by using debug proxy like:

burp suite - Linux/Windows/Mac (Java)
fiddler - Windows

Other solution is using packet inspector like (this option won't let You see HTTPS traffic):

WireShark

Solution with proxy is easy to setup, just install, and use:

curl_setopt($ch, CURLOPT_PROXY, 'localhost:8080'); // default for burp suite
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // ignore certs while connecting to https

edited Aug 12 '13 at 19:52

answered Aug 12 '13 at 19:42

lechup

3,031
27
26

Doesn't seem easy at all :( With Laravel I get an error: Exception in routes.php line 60: Failed to connect to localhost port 8080: Connection refuse – geoidesic Jan 26 '17 at 15:38
Probably because my code is on a vagrant box, whilst burp is running on the host. – geoidesic Jan 26 '17 at 15:45

php cURL CURLOPT_VERBOSE not showing payload

1 Answers1

Linked