Now do https. I get not using curl is a cool and fun challenge, but outside that...

1vuio0pswjnm7 · on Dec 28, 2020

"Now do https."

Is TLSv1.3 ok?

    hstat(){
    X="GET / HTTP/1.1\r\n"
    Y="Host: $1\r\n"
    Z="Connection: close\r\n\r\n"
    cat << eof|stunnel -fd 0 
    pid = /tmp/1.pid
    [hstat]
    client = yes 
    accept = 127.0.0.1:1337 
    connect = $1:443
    sni = $1
    sslVersionMin = TLSv1.3
    eof
    # no curl, only bash
    exec 3<>/dev/tcp/127.0.0.1/1337
    printf "$X$Y$Z" >&3;sed '1s/^HTTP\/1.[01] //;1s/ .*//;q' <&3;
    # no bash, only busybox
    printf "$X$Y$Z"|busybox nc 127.0.0.1 1337|busybox sed '1s/^HTTP\/1.[01] //;1s/ .*//;q';
    read x < /tmp/1.pid;kill -9 $x;rm /tmp/1.pid;
    }

A careful observer would note that the original parent comment did not use HTTPS. "curl www.example.com" does not automatically transform the method to https nor does Google automatically redirect to HTTPS.

cURL is a very popular program. However it is not the program I use on a daily basis. It has a gazillion features (HTTP 1.1 pipelining is still not among them), but it's overkill for the tasks I have. I use other programs like netcat, tcpclient, socat, openssl, stunnel, haproxy, etc. along with custom utilities for generating HTTP I wrote for myself. When I use an http client, I use tnftp or fetch, even wget or lftp, before I will use curl. I only use curl in examples on HN because it is what everyone is familiar with.