This lab provides an environment to learn about HTTP methods

The capitalization in the title seems like a big hint but let’s come back to that later. First let’s follow the link and look and look for the flag.

The site is very simple. Two buttons that change the background color of the webpage and that’s all. Let’s open up burpsuite to take a look at the HTTP requests.

After playing around with the website for a few minutes I noticed that the web requests were exactly the same except for their methods on line 1. Using the GET method returns the red page and using the POST method returns the blue page. However there are more than two HTTP methods and judging by the title I’m guessing they want us to use the HEAD method.

Now we have the flag!

If this is your first time interacting with HTTP methods here is a short comprehensive list for all of them

Most Common:

  • GET: GET requests are used to view resources. For example loading a webpage.
  • POST: POST requests are used to create a resource. Such as creating a post on a webpage.
  • PUT: PUT is similar to POST but it has the ability to modify an already existing resource and create one as well. If you edit the post you made on a webpage you may be using a PUT request.
  • DELETE: This method removes the resource.

Less Common:

  • PATCH: Similar to PUT but only modifies specified fields
  • HEAD: Requests the headers of resource without viewing the resource itself. Often used for checking availability or metadata.
  • OPTIONS: Requests information about the communication options available.
  • CONNECT: Used to establish network connection with a resource
  • TRACE: This one is used for diagnostic purposes. When you send a TRACE request to a server the server responds with the request as received so that you may see any changes made to it along it’s journey.

It’s helpful to get familiar with all the methods to better understand how to web works