0

I'm testing malformed HTTP requests on OSX, but I can't workout how to make a request with a missing/malformed http version.

Curl seems to only allow valid presets (--http1.0, --http1.1, --http1)

Whats the easiest way to construct a request without "http version"?

Example:

Given the following commands create the following request lines:

Ex1.

command: curl -i http://localhost:8080/cat.jpg?v=1

request: GET cat.jpg?v=1 HTTP/1.1

Ex2.

command: curl -i http://localhost:8080/cat.jpg?v=1 --http1.0

request: GET cat.jpg?v=1 HTTP/1.0

Wanted

How could I create the following

command: ???

request: GET cat.jpg?v=1 (missing http version)

EDIT: ANSWER

curl only deals with valid requests. netcat is an alternative that has more control.

See this answer

Thanks @DanFromGermany

Community
  • 1
  • 1
Ashley Coolman
  • 11,095
  • 5
  • 59
  • 81
  • 1
    Please show an example of what you mean. Are you saying you want to test protocols exist? Obviously curl can not use a protocol it doesn't know about, nothing can. – 123 Jul 08 '16 at 09:43
  • Do you understand how http works? How do you expect to get the webpage without http? – 123 Jul 08 '16 at 09:52
  • I'm writing a http/file server, and I want to test what happens if the request that is received is malformed – Ashley Coolman Jul 08 '16 at 09:53
  • You can't have a missing http verison. You have to have some protocol in place in order to communicate with the server. – 123 Jul 08 '16 at 09:58
  • Curl is not a pentesting tool. Don't use curl. Use netcat or perl or PHP or whatever allows you to send data through a socket. But don't use a tool that is supposed to send only valid data. – Daniel W. Jul 08 '16 at 09:59
  • 1
    @123 You don't understand the question. He wants to send WRONG data ON PURPOSE to test how his webserver would react. – Daniel W. Jul 08 '16 at 10:00
  • Ahhh, yeah perhaps i should of rephrased the question as a "recommend me a tool...." – Ashley Coolman Jul 08 '16 at 10:03
  • 1
    Software recommendations are off-topic on Stackoverflow. You would go on http://softwarerecs.stackexchange.com/ instead. – Daniel W. Jul 08 '16 at 10:04
  • 2
    @DanFromGermany ah right, If you just want to send data to a port use `nc`. – 123 Jul 08 '16 at 10:06
  • Use these answers: http://stackoverflow.com/questions/642707/scripting-an-http-header-request-with-netcat – Daniel W. Jul 08 '16 at 10:09
  • 1
    Ok. I'm loathe to remove this question though, as for someone who doesn't know CURLs limitations - its hard to workout that you need an alternative tool. I'll leave it up to the mods. – Ashley Coolman Jul 08 '16 at 10:12

0 Answers0