{"id":683,"date":"2019-10-03T19:37:17","date_gmt":"2019-10-04T03:37:17","guid":{"rendered":"https:\/\/angrysysadmins.tech\/?p=683"},"modified":"2019-10-03T19:37:19","modified_gmt":"2019-10-04T03:37:19","slug":"curl-using-curl-to-test-authentication-on-a-website","status":"publish","type":"post","link":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/","title":{"rendered":"cURL: Using curl to Test Authentication on a Website"},"content":{"rendered":"\n

cURL is an incredibly useful tool. This article is going to focus on using it to POST authentication data to a website, such as a pfSense or Joomla instance. I’ll be using those two as examples because I have both on hand and they use CSRF tokens for security. Hopefully the information on how to get into those two will help with testing other CMS or web based management systems.<\/p>\n\n\n\n

pfSense<\/h2>\n\n\n\n

I find Joomla to be the more complicated of the two examples I’ll cover, so let’s start with pfSense.

Let’s start by gathering the info we’ll need. First we need the names of the fields for the sign in form. Inspect Element in a web browser, or cURL’ing the page and finding the login form work easily.<\/p>\n\n\n\n

\"Using
Finding the field names for pfSense<\/figcaption><\/figure>\n\n\n\n

From that we know that we need to populate usernamefld and passwordfld, and the name of the login button. But if we make a post with just that it will be rejected.
<\/p>\n\n\n\n

curl -k -X POST \\\n     --data-urlencode \"login=Login\" \\\n     --data-urlencode \"usernamefld=username\" \\\n     --data-urlencode \"passwordfld=password\" \\\n     https:\/\/domain.tld\/<\/pre>\n\n\n\n

While valid, doesn’t have everything that is needed. Somehow we need to have a valid CSRF token, which is tied to cookies. Thankfully, cURL let’s us save the cookies from a session to a file, which can then be read from. So we can get the CSRF and save the cookies from that session to a file, and then use both in our POST.
<\/p>\n\n\n\n
curl -L -k --cookie-jar \/tmp\/cookies.txt https:\/\/domain.tld\/ \\\n     | grep \"name='__csrf_magic'\" | sed 's\/.*value=\"\\(.*\\)\".*\/\\1\/' > \/tmp\/csrf.txt<\/pre>\n\n\n\n

-L means follow redirects, -k means ignore invalid cert, –cookie-jar means save the cookies for this session to a file. The grep and sed commands make it so that only the CSRF gets saved to the file. Now we can put that all together in our POST.
<\/p>\n\n\n\n
curl -i -s -k --cookie \/tmp\/cookies.txt --cookie-jar \/tmp\/cookies.txt \\\n     --data-urlencode \"login=Login\" \\\n     --data-urlencode \"usernamefld=$username\" \\\n     --data-urlencode \"passwordfld=$password\" \\\n     --data-urlencode \"__csrf_magic=$(cat \/tmp\/csrf.txt)\" \\\n     https:\/\/domain.tld\/<\/pre>\n\n\n\n

-i and -s decrease the amount of output to just the response headers, –cookie tells cURL which cookies file to use. If you get back “302 Moved”, then your authentication request was successful.<\/p>\n\n\n\n
Joomla<\/h2>\n\n\n\n
When it comes to using cURL to authenticate, Joomla is similar to pfSense, but not the same. The fields we need to provide information for are username, passwd, option, return, CSRF, and task. return doesn’t change each attempt like CSRF, but it can be different across Joomla instances. To avoid making extra GET requests, we can save the result of our first GET to a variable and get the CSRF and return values from there:
<\/p>\n\n\n\n
body=$(curl --silent --location --cookie-jar \/tmp\/cookies.txt http:\/\/domain.tld\/administrator\/index.php)\n\ncsrf=$(echo \"$body\" | grep \"csrf.token\" | sed 's\/.*csrf.token\":\"\\(.*\\)\".*\/\\1\/' | sed 's\/\".*\/\/')\nreturn=$(echo \"$body\" | grep \"return\" | sed 's\/.*value=\"\\(.*\\)\".*\/\\1\/')<\/pre>\n\n\n\n

Now that we have all the values and cookies we need, we can construct our POST.
<\/p>\n\n\n\n
curl --silent --output \/dev\/null --write-out \"%{http_code}\" \\\n     --request POST --cookie \/tmp\/cookies.txt --cookie-jar \/tmp\/cookies.txt \\\n     --user-agent \"$(user_agent)\" \\\n     --data-urlencode \"username=$username\" \\\n     --data-urlencode \"passwd=$password\" \\\n     --data-urlencode \"option=com_login\" \\\n     --data-urlencode \"return=$return\" \\\n     --data-urlencode \"$csrf=1\" \\\n     --data-urlencode \"task=login\" \\\n     http:\/\/domain.tld\/administrator\/index.php<\/pre>\n\n\n\n

And if you get a 303 response, then you are successfully authenticated. A 200 means that your CSRF or creds are invalid. To figure out which, remove the –output and –write-out flags.<\/p>\n","protected":false},"excerpt":{"rendered":"
cURL is an incredibly useful tool. This article is going to focus on using it to POST authentication data to a website, such as a pfSense or Joomla instance.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,40,139],"tags":[31,159,161,6,162,160],"coauthors":[37],"class_list":["post-683","post","type-post","status-publish","format-standard","hentry","category-linux","category-scripting","category-web","tag-authentication","tag-curl","tag-joomla","tag-linux","tag-pfsense","tag-web"],"yoast_head":"\ncURL: Using curl to Test Authentication on a Website - Angry Sysadmins<\/title>\n<meta name=\"description\" content=\"This article is going to focus on using curl to POST authentication data to a website, such as a pfSense or Joomla instance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"cURL: Using curl to Test Authentication on a Website - Angry Sysadmins\" \/>\n<meta property=\"og:description\" content=\"This article is going to focus on using curl to POST authentication data to a website, such as a pfSense or Joomla instance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/\" \/>\n<meta property=\"og:site_name\" content=\"Angry Sysadmins\" \/>\n<meta property=\"article:published_time\" content=\"2019-10-04T03:37:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-10-04T03:37:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/10\/image.png\" \/>\n<meta name=\"author\" content=\"Cat Kasin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cat Kasin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/\"},\"author\":{\"name\":\"Cat Kasin\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#\\\/schema\\\/person\\\/151b2d23439b55b970060836f317a14d\"},\"headline\":\"cURL: Using curl to Test Authentication on a Website\",\"datePublished\":\"2019-10-04T03:37:17+00:00\",\"dateModified\":\"2019-10-04T03:37:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/\"},\"wordCount\":449,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/angrysysadmins.tech\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/image.png\",\"keywords\":[\"Authentication\",\"curl\",\"joomla\",\"Linux\",\"pfsense\",\"web\"],\"articleSection\":[\"Linux\",\"Scripting\",\"Web\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/\",\"url\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/\",\"name\":\"cURL: Using curl to Test Authentication on a Website - Angry Sysadmins\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/angrysysadmins.tech\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/image.png\",\"datePublished\":\"2019-10-04T03:37:17+00:00\",\"dateModified\":\"2019-10-04T03:37:19+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#\\\/schema\\\/person\\\/151b2d23439b55b970060836f317a14d\"},\"description\":\"This article is going to focus on using curl to POST authentication data to a website, such as a pfSense or Joomla instance.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/#primaryimage\",\"url\":\"https:\\\/\\\/angrysysadmins.tech\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/image.png\",\"contentUrl\":\"https:\\\/\\\/angrysysadmins.tech\\\/wp-content\\\/uploads\\\/2019\\\/10\\\/image.png\",\"width\":1003,\"height\":617},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/2019\\\/10\\\/bailey\\\/curl-using-curl-to-test-authentication-on-a-website\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/angrysysadmins.tech\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"cURL: Using curl to Test Authentication on a Website\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#website\",\"url\":\"https:\\\/\\\/angrysysadmins.tech\\\/\",\"name\":\"Angry Sysadmins\",\"description\":\"A site full of angry sysadmins here to vent and help\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/angrysysadmins.tech\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/angrysysadmins.tech\\\/#\\\/schema\\\/person\\\/151b2d23439b55b970060836f317a14d\",\"name\":\"Cat Kasin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g23b0ffb86dd6c08514a66a6a50f7a0a9\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g\",\"caption\":\"Cat Kasin\"},\"description\":\"I build virtual environments and challenges for Cybersecurity students to complete as a way to gain experience before graduating and entering the workforce.\",\"url\":\"https:\\\/\\\/angrysysadmins.tech\\\/index.php\\\/author\\\/bailey\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"cURL: Using curl to Test Authentication on a Website - Angry Sysadmins","description":"This article is going to focus on using curl to POST authentication data to a website, such as a pfSense or Joomla instance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/","og_locale":"en_US","og_type":"article","og_title":"cURL: Using curl to Test Authentication on a Website - Angry Sysadmins","og_description":"This article is going to focus on using curl to POST authentication data to a website, such as a pfSense or Joomla instance.","og_url":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/","og_site_name":"Angry Sysadmins","article_published_time":"2019-10-04T03:37:17+00:00","article_modified_time":"2019-10-04T03:37:19+00:00","og_image":[{"url":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/10\/image.png","type":"","width":"","height":""}],"author":"Cat Kasin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cat Kasin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/#article","isPartOf":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/"},"author":{"name":"Cat Kasin","@id":"https:\/\/angrysysadmins.tech\/#\/schema\/person\/151b2d23439b55b970060836f317a14d"},"headline":"cURL: Using curl to Test Authentication on a Website","datePublished":"2019-10-04T03:37:17+00:00","dateModified":"2019-10-04T03:37:19+00:00","mainEntityOfPage":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/"},"wordCount":449,"commentCount":0,"image":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/#primaryimage"},"thumbnailUrl":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/10\/image.png","keywords":["Authentication","curl","joomla","Linux","pfsense","web"],"articleSection":["Linux","Scripting","Web"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/","url":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/","name":"cURL: Using curl to Test Authentication on a Website - Angry Sysadmins","isPartOf":{"@id":"https:\/\/angrysysadmins.tech\/#website"},"primaryImageOfPage":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/#primaryimage"},"image":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/#primaryimage"},"thumbnailUrl":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/10\/image.png","datePublished":"2019-10-04T03:37:17+00:00","dateModified":"2019-10-04T03:37:19+00:00","author":{"@id":"https:\/\/angrysysadmins.tech\/#\/schema\/person\/151b2d23439b55b970060836f317a14d"},"description":"This article is going to focus on using curl to POST authentication data to a website, such as a pfSense or Joomla instance.","breadcrumb":{"@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/#primaryimage","url":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/10\/image.png","contentUrl":"https:\/\/angrysysadmins.tech\/wp-content\/uploads\/2019\/10\/image.png","width":1003,"height":617},{"@type":"BreadcrumbList","@id":"https:\/\/angrysysadmins.tech\/index.php\/2019\/10\/bailey\/curl-using-curl-to-test-authentication-on-a-website\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/angrysysadmins.tech\/"},{"@type":"ListItem","position":2,"name":"cURL: Using curl to Test Authentication on a Website"}]},{"@type":"WebSite","@id":"https:\/\/angrysysadmins.tech\/#website","url":"https:\/\/angrysysadmins.tech\/","name":"Angry Sysadmins","description":"A site full of angry sysadmins here to vent and help","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/angrysysadmins.tech\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/angrysysadmins.tech\/#\/schema\/person\/151b2d23439b55b970060836f317a14d","name":"Cat Kasin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g23b0ffb86dd6c08514a66a6a50f7a0a9","url":"https:\/\/secure.gravatar.com\/avatar\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e83bfa1b7d9ce082bd6b68938f580039db8d5571ad6c5d012e6a5243a189309e?s=96&d=mm&r=g","caption":"Cat Kasin"},"description":"I build virtual environments and challenges for Cybersecurity students to complete as a way to gain experience before graduating and entering the workforce.","url":"https:\/\/angrysysadmins.tech\/index.php\/author\/bailey\/"}]}},"_links":{"self":[{"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/posts\/683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/comments?post=683"}],"version-history":[{"count":7,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/posts\/683\/revisions"}],"predecessor-version":[{"id":692,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/posts\/683\/revisions\/692"}],"wp:attachment":[{"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/media?parent=683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/categories?post=683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/tags?post=683"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/angrysysadmins.tech\/index.php\/wp-json\/wp\/v2\/coauthors?post=683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}