Skip to main content

Will it be a crime if I post data into someone's website using cURL? [Resolved]

I found a website which is not secure and tried to post a form on that site using cURL request in PHP and it worked successfully.

However, that is a simple site with contact form and no special or secure data. Anyone can fill that form. I just did that with curl with a loop of 100.

Is this a crime?


Question Credit: Vinit Singh
Question Reference
Asked January 11, 2019
Tags: curl, crime
Posted Under: Security
44 views
2 Answers

Most browsers have developer tools which allow you to monitor all HTTP(S) requests sent by the browser, including an option to copy the requests as a cURL command. If you execute the request via cURL, it's indistinguishable from a 'real' browser request. Therefore, that is certainly not a crime.

If you're looping cURL requests, you're essentially trying to perform a Denial of Service attack; many countries/states have laws which state that this is a crime. Though 100 requests are not likely to constitute a successful attack, all it might do is fill the inbox of the mail account which receives completed forms.


credit: Glorfindel
Answered January 11, 2019

I am not a lawyer, and the world is a large place with many conflicting laws, so I can't say anything about the legality of using cURL...

But from a technical standpoint, anything that you can do to their server with cURL, you can also do with a web browser. Anything that you can do to their server with a web browser, you can also do with cURL. They are simply programs that follow the HTTP protocol.

Of course, you can commit crimes with browsers, so it's possible to use cURL to commit crimes as well, but just the fact that you used cURL does not turn non-criminal browsing into a criminal act, unless the countries involved have some very specific laws.

To your specific point, if there is any crime in submitting data to a form on an insecure website 100 times in a row, then it shouldn't matter if you used cURL or if you just copy/pasted the information into the form and hit the submit button in the browser 100 times.


credit: Ghedipunk
Answered January 11, 2019
Your Answer