cURL Command Parser
Paste a curl command and break it into its HTTP method, URL, query parameters, headers, body, auth, cookies and flags — or rebuild a clean, canonical curl command. Runs entirely in your browser; nothing is uploaded.
About this tool
A curl command is the line you copy from API docs, a README, or your browser's DevTools "Copy as cURL" — a shell command that fires off an HTTP request. This tool reads one apart into its pieces so you can see exactly what it does, or rebuilds a clean, canonical version. Everything happens in your browser; nothing you paste is uploaded.
Parse mode
Paste a curl command and get back every component, decoded:
- Method — the explicit
-X/--requestvalue, or inferred (POST when a body or form is present, HEAD for-I, otherwise GET). - URL and query parameters — the target URL, with any
?a=b&c=dquery string split out and percent-decoded into name/value pairs. - Headers (
-H) — eachName: Valueas a pair, in order. - Content-Type — the effective type (an explicit header wins; otherwise
application/x-www-form-urlencodedfor-ddata,multipart/form-datafor-Fforms). - Body — assembled from
-d/--data/--data-ascii(newlines stripped like curl does),--data-raw/--data-binary(verbatim), or--data-urlencode(percent-encoded), with the source flag noted. - Form fields (
-F), cookies (-b, parsed into pairs), and basic auth (-u user:password, decoded into username and password). - Flags —
-k/--insecure,-L/--location,--compressed,-I/--head,-G/--get, plus user-agent (-A) and referer (-e). - Any
@fileargument (e.g.-d @body.json,-F [email protected]) is listed as a file reference, since the file's contents aren't part of the command text.
The tokenizer understands single quotes, double quotes (with \", \\, \$
escapes), backslash-escaped characters, and \-at-end-of-line continuations, so
multi-line commands pasted straight from docs parse cleanly. A leading curl is
optional.
Rebuild mode
Switch the mode to rebuild and the same command comes back tidied: one
-H per line, values correctly shell-quoted, the method shown only when it isn't
a plain GET, and flags in a stable order — a canonical form that's easy to read
and diff.
Privacy
Everything runs locally in WebAssembly. No command, URL, header, token, or password ever leaves your device, and there is no sign-up.
FAQ
How does it decide the HTTP method when there's no -X?
It follows curl's own rules. An explicit -X/--request always wins. Otherwise
the method is inferred: it's POST when the command carries a body (-d,
--data-raw, --data-binary, --data-urlencode) or a form field (-F), it's
HEAD when -I/--head is present, and it's GET in every other case
(including -G/--get, which sends any -d data as the query string instead of
a body).
Which curl flags are recognised?
The common HTTP ones: -X/--request, -H/--header, -d/--data,
--data-ascii, --data-raw, --data-binary, --data-urlencode, -F/--form,
-b/--cookie, -u/--user, -A/--user-agent, -e/--referer, --url,
-G/--get, -I/--head, -k/--insecure, -L/--location and
--compressed. Other options that curl accepts (like -s, -v, --fail,
--connect-timeout) are recognised and listed under "Other flags" rather than
dropped, so nothing in your command goes unaccounted for.
Does it read the files referenced by @filename?
No. Arguments such as -d @body.json or -F [email protected] tell curl to read a
local file at run time, and that file isn't part of the command text you paste.
The tool reports each one as a file reference so you know a file is involved,
but it can't (and doesn't) read anything from your disk.
What does rebuild mode change about my command?
It doesn't change what the request does — it just normalises the presentation.
The command is re-emitted with each header on its own -H line, values wrapped
in single quotes only where a shell needs them, the method printed only when it
isn't GET, and the flags in a fixed order. It's handy for turning a one-line
command copied from DevTools into something readable, or for producing a
consistent form you can commit and diff.
Is a basic-auth password shown in plain text?
Yes — -u user:password is split into its username and password exactly as
written, because that's what the command already contains. Nothing is sent
anywhere (the whole tool runs in your browser), but bear in mind that a curl
command with -u embeds the credentials in plain text, so treat such commands as
secrets and avoid pasting them into tools you don't trust.
Developer & Automation Access
Run it from the terminal
Same engine as this page, headless — via the gizza CLI:
gizza tool curl-command-parser "..."New to the CLI? Get gizza →
Open it by URL
Pre-fill and auto-run this tool with query parameters — the names match the API/CLI:
https://gizza.ai/tools/curl-command-parser/?mode=parse&command=curl%20-X%20POST%20%27https%3A%2F%2Fapi.example.com%2Fv1%2Fitems%27%20-H%20%27Content-Type%3A%20application%2Fjson%27%20-d%20%27%7B%22name%22%3A%22gizza%22%7D%27Machine-readable descriptor: tool.json — title + parameters JSON Schema for agents.
