Do one CWD with the full target directory and then operate on the file "normally" like in the multicwd case. Basic is the default authentication method curl uses with proxies. Note that if you should add a custom header that has the same name as one of the internal ones curl would use, your externally set header is used instead of the internal one. Disable it again with --no-insecure. In SoapUI, you can simulate requests that transfer attachments to the tested server.
nest...