1

Using tshark, I captured an interaction between amazon.com and by firefox webbrowser.
Here is a description of the post request my browser sent. I got this from tshark by recording all the traffic then printing out a particular frame number.

POST / HTTP/1.1
Host: ...
User-Agent: Mozilla/5.0 ...
Accept: */*
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive

I want to know how to recreate this request using the command line. Here is my attempt so far:

curl -X POST \
-F "Host=..." \
-F "User-Agent=Mozilla/5.0" \
-F "Accept=*/*" \
-F "Accept-Language=en-CA,en-US" \
-F "Accept-Encoding=gzip, deflate" \
-F "Content-Type=application/ocsp-request" \
-F "Content-Length=83" \
-F "Connection=keep-alive" \
https://www.amazon.com

However when I run this post request, I get back an error. I assume I must be formatting the post request wrong.

Mathew
  • 1,116
  • 5
  • 27
  • 59
  • This might help: https://stackoverflow.com/questions/36545193/transfer-a-wireshark-captured-http-request-to-a-curl-request – ofirule Nov 14 '20 at 17:36
  • 1
    @ofirule, thanks, I'll give it a go. – Mathew Nov 15 '20 at 23:16
  • The alternative is to go into firefox devtools, resend the request while having network tools recording, and then copy the request as curl. – Ross Jacobs Nov 16 '20 at 20:19
  • @RossJacobs, thanks, your comment has addressed my problems. If you'd like to turn it into an answer, I'll accept it and give you the bounty. – Mathew Nov 16 '20 at 23:18

1 Answers1

1

While it is possible to capture this interaction with tshark/wireshark and create a curl out of it, it's simpler to use the devtools of your browser to generate the curl for you. If it is not possible to recreate the request with your browser, you'll want to go with one of the tools in @ofirule's link above.

As an example, let's say that we wanted to capture the request to GET the HTML document of stackoverflow.com.

  1. To open devtools, right click anywhere on the page in your browser, and select "Inspect"

right-click anywhere

  1. Open the network tab and reload the page

network tab

  1. Once you find the request you're interested in, right click on it to copy as a curl

enter image description here

  1. Paste your curl. It will look something like this
curl 'https://stackoverflow.com/' \
  -H 'authority: stackoverflow.com' \
  -H 'pragma: no-cache' \
  -H 'cache-control: no-cache' \
  -H 'dnt: 1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'sec-fetch-site: none' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-user: ?1' \
  -H 'sec-fetch-dest: document' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'cookie: prov=bbcb7958-a656-3553-ecbc-b9ca84066339; _ga=GA1.2.460830356.1605569295; _gid=GA1.2.1542484921.1605569065; __qca=P0-1761616573-1605569091640; __gads=ID=4135cbf8a377f6b8-2238d1c4efc40140:T=1605562116:S=ALNI_MYMpJxjVdzYlZtHA_3Q99ludQAnMJ; _gat=1' \
  --compressed
Ross Jacobs
  • 2,962
  • 1
  • 17
  • 27