Futaba _ Webs πΈπΈππΈπΈ
HTTP Requests Methods πΈπΈππΈπΈ
Today, Iβm going to cover an IMPORTANT topic, HTTP request methods. Iβm going to keep it real simple and go over all the basics for all of them in full detail so you understand how each one functions, as itβs important in order for you to properly understand how HTTP/HTTPS data communications function on a lower level.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today, Iβm going to cover an IMPORTANT topic, HTTP request methods. Iβm going to keep it real simple and go over all the basics for all of them in full detail so you understand how each one functions, as itβs important in order for you to properly understand how HTTP/HTTPS data communications function on a lower level.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π What are HTTP methods? π What is the GET HTTP request? π What is the POST HTTP request? π What is the PUT HTTP request? π What is the DELETE HTTP request? You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Patreon Version
π HTTP Requests Methods
Premise πΈπΈππΈπΈ
Weβve talked about how the internet works, and things like port forwarding, the TCP/IP handshake, etc, but weβve yet to discuss the actual HTTP methods you constantly see in stuff like burp suite for example.
As a hacker, itβs crucial you know how they work, as you can tamper and interact with them in order to control how the server side responds to the client side of the connection.
For this article, there will be a video, demonstrating how to write HTTP methods via BurpSuite. As always, this will be for paid patreon members only.
For this article, we are ONLY going to talk about some of the basic ones you should know first: GET, POST, PUT, DELETE
Any other ones mentioned later on will be for paid patreon members only.
What are HTTP methods? πΈπΈππΈπΈ
HTTP methods are a series of request types that tell the backend of the server to perform a said action, and then interact with the client in a certain way. How each one works varies depending on the one that you are using.
The default HTTP methods that we are going to cover today are.
πGET
πHEAD
πPOST
πPUT
πDELETE
πCONNECT
πOPTIONS
πTRACE
πPATCH
What is the GET HTTP request? πΈπΈππΈπΈ
The GET HTTP method, the default one that is commonly used in any and all HTTP servers, is used in order to fetch data from resources on the HTTP file system.
For example, when you enter βhttps:// google [.] comβ, your web browser will send over a GET request to the HTTP server in order to load the page you want to view.
It can also be used to fetch stuff like executables or files that are on the HTTP server that you wish to also download.
Itβs also common for input parameter fields, like searching a website for products on the page you wish to purchase. When you enter in the name of an item you want to purchase, a GET request is made to the backend of the server, in which it will perform a database query that will retrieve the elements form the database, placing it in the given fields where the main web application wishes to present them to you.
For example, when you search βcatsβ, in lets say a website for example, the main HTTP GET request, as well as the name of the item you are searching for is processed by the backend that will allow GET requests, parsing it, and piping in a request like so
βSELECT makeup FROM makeuptable WHERE Product_ID=βYOUR_INPUTβ.
What is the POST HTTP request? πΈπΈππΈπΈ
The POST HTTP method is commonly used in scenarios where the HTTP server needs to handle user input data and submit it, like login data for example, or any kind of data that needs to be processed by the backend in order to perform a specific action. The backend handles said data, and then processes it to the system for a variety of purposes: resources directly on the file system, database queries, etc.
It can also be used to upload stuff like files for remote file inclusion for example.
It can also be used for simple retrieval purposes if needed to, but the main purpose of the request is to do what I just mentioned.
Threat actors commonly exploit the POST HTTP method in order to perform a variety of server side attacks, since, depending on how the backend of the HTTP server is configured to handle the processed data, they can manipulate the system in a variety of unique ways: SQL injection, Command injection, Cross Site Scripting, etc.
What is the PUT HTTP request? πΈπΈππΈπΈ
The PUT HTTP method is used in order to modify and update resources that are already on the HTTP server file system.
It can also be used, depending on how the PUT request method is programmed for the backend, be used to add an entirely new resource to the system itself.
I say this strongly because, one of the obvious things to do as a security professional would be to ONLY allow it to update resources which is what itβs designed to do.
If a threat actor finds a way to pull this HTTP method off, they can basically remotely include as many files as they want to the server and exploit the system in a variety of ways.
What is the POST HTTP request? πΈπΈππΈπΈ
The DELETE HTTP method is the opposite of the PUT HTTP request method, where instead of adding or updating files/resources on the main file system, it instead REMOVES them from the file system.
For this one, since itβs obvious, you can wrap your head around whatβll happen if an attacker is able to pull this off.
This can be CRUCIAL for stuff like modifications to an end user account, when you change stuff like your username for example, as well as various aspects of information that need SPECIFIC ways of being updated on the HTTP server file system, that might or might not have to do with the end user specifically.
It sounds a bit complicated, but try to process the example Iβve just mentioned
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
