cURL is as easy as it gets to use, and fortunately it is also very easy to detect – if you are looking. For those not familiar with cURL, it is a command line tool using various protocols to transfer data.
The first test you can run in your evaluation is to check whether the solution is capable of detecting and blocking cURL requests:
You can switch kasada.io with your own domain.
This test makes no attempt to evade detection. If the solution you are testing does detect it, the next test changes the HTTP headers to make it look like it is coming from a normal web browser.
curl 'https://www.kasada.io' -H 'accept-encoding: gzip, deflate, br' -H 'accept-language: en-US,en;q=0.9' -H 'upgrade-insecure-requests: 1' -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36' -H 'accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'cache-control: max-age=0'
cURL is a basic program, but hackers use it to automate parts of very dangerous attacks. The inability to detect either or both of the first two attacks indicates that your solution is not prepared to defend against malicious automation.