How do you print received cookie info to stdout with curl?
BashUnixCookiesCurlBash Problem Overview
How do you print received cookie info to stdout with curl?
According to the man pages if you use '-' as the file name for the -c --cookie-jar option it should print the cookie to stdout. The problem is I get an error:
curl: option -: is unknown
an example of the command I am running:
curl -c --cookie-jar - 'http://google.com'
Bash Solutions
Solution 1 - Bash
You get that error because you use in the wrong way that option. When you see in a man page an option like:
-c, --cookie-jar <file name>
this mean that if you want to use that option, you must to use -c
OR --cookie-jar
, never both! These two are equivalent and, in fact, -c
is the abbreviated form for --cookie-jar
. There are many, many options in man pages which are designed in the same way.
In your case:
curl -c - 'http://google.com'
--cookie-jar
is given as argument for -c
option, so, it's interpreted as a file name, not like an option (as you may think), and -
remains alone which leads to error because curl
, indeed, doesn't have such an option.
Solution 2 - Bash
Remove the "-c"
curl --cookie-jar - 'http://google.com'
Also you try verbose mode and see the cookie headers:
curl -v 'http://google.com'
Solution 3 - Bash
You need to use two options to get only the cookie text on stdout:
--cookie-jar <file name>
from the man page:
> If you set the file name to a single dash, '-', the cookies will be written to stdout.
--output <file>
from the man page:
> Write output to
Set it to /dev/null
to throw it away.
--silent
is also helpful.
Putting it all together:
curl --silent --output /dev/null --cookie-jar - 'http://www.google.com/'
Output:
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_.google.com TRUE / FALSE 1512524163 NID 105=DownH33BKZnCsWJeGvsIC5cKRi7CPT3K3QjfUB-4js5xGw6P_6svMqU1yKlKOEu4XwL_TdddZlcMITefFGOtCCyzJNhO_7E9UMNpbQHja40IAerYP5Bwj-FhY1m35mZdvkVSmrg1pZPvH96IkVVVVVVVV
My use case: Test that your website uses the HttpOnly
cookie setting, per the OWASP recommendation:
curl --silent --output /dev/null --cookie-jar - 'http://www.google.com/' | grep HttpOnly
Solution 4 - Bash
You can save the cookies received and send them back to the server using the following commands:
-
To get/save the cookies to file "/tmp/cookies.txt":
curl -c /tmp/cookies.txt http://the.site.with.cookies/
-
To send the cookies back to the server (again using file "/tmp/cookies.txt"):
curl -b /tmp/cookies.txt http://the.site.with.cookies/
I hope it was useful.
[]s Ronaldo