curl

# Show the response header
curl -I https://azena.com

# Follow redirect with -L
curl -I -L https://azena.com

# -k is to ignore SSL certificate
# It will forward it to burpsuite
curl --proxy http://localhost:8080 http://website.com -k

# It will add data into the website
curl -X POST --proxy http://localhost:8080 http://website.com -k -d '{name:"cheese cat"}'

# It will post a user jeremy to the api
# It will reveal the JWT token which is base64 encoded
# But first you need a valid credentials to see the JWT
curl -X POST -H "Content-Type: application/json" -d '{username: "jeremy", password: "cheesecake"}' http://localhost/labs/api/login.php

# By using the JWT we can view the full details of that user
# User jeremy in this case
curl -X GET "http://localhost/labs/api/account.php?token=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=.eyJ1c2VyIjoiamVyZW15Iiwicm9sZSI6InN0YWZmIn0=."

# This will update the user jeremy by using his JWT
curl -X PUT -H "Content-Type: application/json" -d '{"token": "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=.eyJ1c2VyIjoiamVyZW15Iiwicm9sZSI6InN0YWZmIn0=.", "username":"jeremy", "bio": "NEW BIO VIA API."}' http://localhost/labs/api/account.php


ORRRRRRRRRRRRRR

# You can use the JWT as a session or cookie
# By using -b command
curl -X PUT -H "Content-Type: application/json" -b 'session=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=.eyJ1c2VyIjoiamVyZW15Iiwicm9sZSI6InN0YWZmIn0=.' -d '{"username":"jeremy", "bio": "BIO TRYING"}' http://localhost/labs/api/v2/account.php

# You can pass it to burpsuite using authorize
curl -X PUT --proxy localhost:8080 -H "Content-Type: application/json" -b 'session=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=.eyJ1c2VyIjoiamVyZW15Iiwicm9sZSI6InN0YWZmIn0=.' -d '{"username":"jeremy", "bio": "BIO TRYING"}' http://localhost/labs/api/v2/account.php