← /notes

Web Requests — GET, Basic Auth, Parameters

[general]

GET Method

Browsers use GET by default when visiting a URL. GET parameters are placed directly in the URL.

/search.php?search=le
  • Endpoint: search.php
  • Parameter: search
  • Value: le

Anything after ? is client-controlled input. Multiple parameters:

/page.php?id=3&debug=1

Observing GET Requests

  1. Open browser DevTools
  2. Go to Network tab
  3. Perform an action (reload page, submit search)
  4. Filter by Fetch/XHR
  5. Click the request → inspect URL, Parameters, Headers, Response

Copy Request as curl

From Network tab: Right click request → Copy → Copy as cURL

Paste into terminal to replay exact request. Allows offline testing, parameter modification, automation.

HTTP Basic Authentication

Unauthenticated response:

HTTP/1.1 401 Authorization Required
WWW-Authenticate: Basic realm="Access denied"

Authenticated request:

curl -u admin:admin http://IP:PORT/
# or
curl http://admin:admin@IP:PORT/

Authorization Header

Basic Auth uses:

Authorization: Basic YWRtaW46YWRtaW4=

This is Base64 of admin:admin. Can be sent manually:

curl -H "Authorization: Basic YWRtaW46YWRtaW4=" http://IP:PORT/

Server only checks the Authorization header — doesn’t care how credentials were supplied.

Viewing Headers

curl -i URL   # response headers only
curl -v URL   # full request + response

Parameter Tampering

Anything in URL, Headers, Cookies, or Body is untrusted input.

Process:

  1. Capture request
  2. Replay with curl
  3. Change parameter value
  4. Compare response
search=le → search=a

If response changes, parameter affects logic — investigate.

Common Parameter Types

  • Identifiers: id, uid
  • Search input: search, q
  • Files: file, page
  • Flags: debug, admin

All are attack surface.

Key Mindset

  • Frontend is not security.
  • All parameters are attacker-controlled.
  • Server must validate everything.
  • If changing a value changes behavior, investigate.