Listen to this Post
HTTP (Hypertext Transfer Protocol) defines several request methods that indicate the desired action to be performed on a resource.
π GET
Used to request data from a specified resource. It is a safe and idempotent method, meaning it does not change the state of the server and can be called multiple times without different outcomes.
π POST
Used to send data to the server to create or update a resource. Unlike GET, POST requests can change the state of the server and are not idempotent.
π PUT
Used to update a resource or create it if it does not exist. PUT requests are idempotent, meaning multiple identical requests will have the same effect as a single request.
π PATCH
Used to apply partial modifications to a resource. Unlike PUT, which replaces the entire resource, PATCH only changes the specified parts.
π DELETE
Used to delete a specified resource. Similar to PUT, DELETE requests are idempotent.
π HEAD
Similar to GET, but it requests only the headers of a resource, not the body. This is useful for checking metadata about a resource without transferring the entire content.
π OPTIONS
Used to describe the communication options for the target resource. It can be used to determine what HTTP methods are supported by the server for a specific resource.
π TRACE
Used for diagnostic purposes. It performs a message loop-back test along the path to the target resource, allowing clients to see what changes or additions are made by intermediate servers.
π CONNECT
Used to establish a network connection to a resource through a proxy server. This method is often used to facilitate SSL (HTTPS) connections through an HTTP proxy.
You Should Know:
Linux cURL Commands for HTTP Methods
<h1>GET Request</h1>
curl -X GET https://example.com/api/resource
<h1>POST Request with JSON data</h1>
curl -X POST -H "Content-Type: application/json" -d '{"key":"value"}' https://example.com/api/resource
<h1>PUT Request</h1>
curl -X PUT -H "Content-Type: application/json" -d '{"key":"updated_value"}' https://example.com/api/resource/1
<h1>DELETE Request</h1>
curl -X DELETE https://example.com/api/resource/1
<h1>HEAD Request</h1>
curl -I https://example.com/api/resource
<h1>OPTIONS Request</h1>
curl -X OPTIONS https://example.com/api/resource
<h1>PATCH Request</h1>
curl -X PATCH -H "Content-Type: application/json" -d '{"key":"partial_update"}' https://example.com/api/resource/1
<h1>TRACE Request</h1>
curl -X TRACE https://example.com/api/resource
<h1>CONNECT Request (usually for proxies)</h1>
curl --proxy http://proxy-server:port -X CONNECT https://example.com
Windows PowerShell HTTP Requests
<h1>GET Request</h1>
Invoke-RestMethod -Uri "https://example.com/api/resource" -Method Get
<h1>POST Request</h1>
Invoke-RestMethod -Uri "https://example.com/api/resource" -Method Post -Body '{"key":"value"}' -ContentType "application/json"
<h1>DELETE Request</h1>
Invoke-RestMethod -Uri "https://example.com/api/resource/1" -Method Delete
Python Requests Library
import requests
<h1>GET Request</h1>
response = requests.get("https://example.com/api/resource")
<h1>POST Request</h1>
response = requests.post("https://example.com/api/resource", json={"key": "value"})
<h1>PUT Request</h1>
response = requests.put("https://example.com/api/resource/1", json={"key": "updated_value"})
<h1>DELETE Request</h1>
response = requests.delete("https://example.com/api/resource/1")
HTTP Status Codes to Check
– `200 OK` β Successful GET/PUT
– `201 Created` β Successful POST
– `204 No Content` β Successful DELETE
– `400 Bad Request` β Invalid input
– `401 Unauthorized` β Authentication failure
– `404 Not Found` β Resource doesnβt exist
– `500 Internal Server Error` β Server-side issue
What Undercode Say:
Understanding HTTP methods is crucial for web development, API interactions, and cybersecurity testing. These methods form the backbone of RESTful services, and mastering them helps in:
– API Development (REST, GraphQL)
– Web Scraping & Automation (cURL, Python Requests)
– Security Testing (Burp Suite, OWASP ZAP)
– Network Debugging (TRACE, OPTIONS)
For penetration testers, manipulating HTTP methods (e.g., changing GET to POST) can uncover vulnerabilities like CSRF (Cross-Site Request Forgery) or IDOR (Insecure Direct Object Reference).
Additional Linux Commands for HTTP Analysis
<h1>Check HTTP headers with netcat</h1> echo -e "GET / HTTP/1.1\nHost: example.com\n\n" | nc example.com 80 <h1>Monitor HTTP traffic with tcpdump</h1> sudo tcpdump -i eth0 port 80 -A <h1>Test CORS with curl</h1> curl -H "Origin: http://test.com" -I https://example.com/api
Windows Command Line Tricks
[cmd]
:: Check open HTTP ports
netstat -ano | findstr “:80”
:: Test HTTP connectivity
telnet example.com 80
[/cmd]
Expected Output:
A deep understanding of HTTP methods enhances API development, security assessments, and network troubleshooting. Use cURL, Python, or PowerShell to test endpoints, and always validate responses for security best practices.
Relevant URLs:
References:
Reported By: Sina Riyahi – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass β
