Curl: You Already Have A Tool For Testing REST APIs
HTML-код
- Опубликовано: 13 сен 2024
- ==========Amazon Links==========
► Buy Anything USA: amzn.to/3d5gykF
There are so many tools out there for testing a REST API but did you know that on your Linux system you already have a perfectly good tool to do this, you don't need postman or anything like that because you already have curl installed which is going to handle all of the http methods that you need.
==========Support The Channel==========
► Patreon: / brodierobertson
► Paypal: www.paypal.me/...
► BTC Wallet Address: 1Aokiv3pFQXUEmh2LbzZQAwxMvq6bpT2UN
► ETH Wallet Address: 0x80451867c86bdf08c3888d407c1e3fcb6add61ed
► LBC Wallet Address: bLRN9fm17sCexKfgbYqmMj5xskZF2ogpEh
=========Video Platforms==========
📚 LBRY Podcast: open.lbry.com/...
🎥 RUclips Podcast: / @techovertea
🎥 LBRY: open.lbry.com/...
📚 LBRY Referral Link: lbry.tv/$/invi...
📺 BitTube: bittube.tv/pro...
📺 BitChute: www.bitchute.c...
==========Social Media==========
🎤 Discord: / discord
🐦 Twitter: / brodieonyoutube
🌐 Mastodon: mstdn.social/@...
📷 Instagram: / techovertea
🧠 Minds: www.minds.com/...
✉️ Telegram: t.me/BrodieRob...
==========Resources==========
JSON Place Holder: jsonplaceholde...
==========My Repos==========
🖥️ GitHub: github.com/Bro...
==========Credits==========
🎨 Channel Art:
All my art has was created by Supercozman
/ supercozman
/ supercozman_draws
🎵 Ending music
Music from filmmusic.io
"Basic Implosion" by Kevin MacLeod (incompetech.com)
License: CC BY (creativecommons...)
DISCLOSURE: Wherever possible I use referral links, which means if you click one of the links in this video or description and make a purchase we may receive a small commission or other compensation.
I am a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and related sites.
How did you know! I installed postman just yesterday!!! Great vid as always.
Postman has an option to output curl commands such that folks can learn the curl commands easily. I used wget early on in my career, but now I live in curl. Great tool.
Oh that's neat
cURL was the only thing I could think of while I was looking at your beard ;)
Thanks for this very good video I just recently started working with web API’s and using postman (as advised by coworkers) seemed a little overkill and more complex than working with a cli tool such as curl for basic needs.
I'm also a big advocate of CLI tools to replace GUI ones, but I find that in this case it depends on the use-case. In a personal setting, absolutely, go for curl/httpie. In a work setting, I'll always advocate Postman or tools alike, because it's way easier to onboard people who are not as comfortable as you are with CLI tools and scripting languages.
A big quality of Postman is that you can export a whole collection of tests, which people can simply import and play around with immediately. The adaptation margin would be more complicated if you gave them a bash script with hundreds of calls to curl, where you have to find the correct one to edit for your experimenting.
Sure I'm not saying don't use postman, it probably super useful but it's cool that you already have a tool installed to do the job.
Most developers have never heard of Burp Suite. And while they may know and use Postman, there is a very good chance that security triage, QA, and program managers have not.
But cURL is usually readily available. Heck, you now can find a version of cURL built into PowerShell on Windows! So while Burp is an awesome attack proxy for APIs, cURL allows you to get a little closer to the protocol level, giving you the flexibility to work on more complex vulnerabilities in a very lightweight way. It’s much easier to work with a simple bash script that uses cURL that you can attach to a API security vulnerability report than to write a huge document of screenshots showing how to set up a Burp session to do it.
If you are hunting APIs for bug bounties, cURL becomes an essential tool to demonstrate the business impact of a vulnerability found in REST APIs. You can usually get a clearer dialog going with a bug bounty program’s security triage team when you can give them a small script of cURL commands that can showcase a weakness on an in-scope target API.
And it becomes much easier to reproduce API vulnerabilities to the triage team… which means you are that much closer to a successful submission.
Most developers have never heard of Burp Suite. And while they may know and use Postman, there is a very good chance that security triage, QA, and program managers have not.
But cURL is usually readily available. Heck, you now can find a version of cURL built into PowerShell on Windows! So while Burp is an awesome attack proxy for APIs, cURL allows you to get a little closer to the protocol level, giving you the flexibility to work on more complex vulnerabilities in a very lightweight way. It’s much easier to work with a simple bash script that uses cURL that you can attach to a API security vulnerability report than to write a huge document of screenshots showing how to set up a Burp session to do it.
Great vid! I like to use HTTPIE as my command line HTTP client.
Never heard of that one before
I actually had a conversation about this earlier.
My mate, who is pretty Windows-centered, found it weird that his group in the group project decided to make a CLI frontend for a REST API, which wasn't interactive.
Meanwhile I sit in my group with a 100 line shell script that does a crap ton of cURL commands for testing the API...
Yeah curl's manpage has 2531 lines, thanks for the informative video mate!
This is one of those occasions where little videos that look at one idea are really useful
great! can you do one video on how to use rest api on neovim, I would like to replace totally postman and use Neovim.
Great tutorial, thank you for sharing
This video has convinced me that I'm unlikely to use this tool. Thanks
Chrome network inspector allows you to right click -> copy as cURL.
Oh that's neat
Curl is just awesome :D
What if there are cookies involved
Burp repeater is much better than curl for crafting ad hoc or arbitrary requests. I wish there was an open source version that was equally good.
tip: try to use ctrl+pgup pgdown to switch between tabs in your browser , it works in programs like vscode vim too
If I'm switching between tabs with keybindings my go to is ctrl-tab and ctrl-shift-tab
So … one sends a little bit of text (the request type, the headers, end endpoint, a bit of other data) to a server, but with the completely unneeded overhead of HTTP?! I very much dislike that.
Oh boy here he goes talking about gopher again
He will never give up on that....
What about graphql api querying and stuff like websocket testing? Postman and postwoman can do that; CURL can't.
Actually it can
@@BrodieRobertson wait whaaaaaa? Since when? And how?
@@tarekali7064 First result on google for curl websocket will show you how to do that and GraphQL isn't a different protocol it's just a front end for an HTTP request, you could even just use fetch in JS
@@BrodieRobertson Thanks; That's fair enough. Usually for graphql you need a special client of some sorts. UX of postman/women is still better though LUL
Why can't we use curl for complex requests? It looks like a pretty robust tool
You can it's just going to be really fiddly
Unrelated to the content but..
I recently noticed in bspwm that if I have multiple windows open and use my key binding to close them all quickly (hold down super + q till all windows close) Compton/picom-Tyrone will crash.
Can anyone reproduce this? It annoys the hell out of me and keeps me going back to i3 as i3 is less “touchy”
Again, this only happens when closing more than 2 windows at a time by holding down the close/quit bspc binding.
Comment to help with yt algorithm
It always helps, thank you
I created this script after watching this video: github.com/uyohn/getsh
I'm bash noob, but it seems to work pretty much ok
Digital maniac :-)
I'm not sure if that's supposed to be an insult or not