Skip to content

🌐 GET Requests

In this section, you will learn how to work with GET requests, the most common type of HTTP request used in web applications and APIs.

A GET request is used to retrieve data from a server. Unlike POST requests, it does not send complex data in the body. Instead, all information is typically passed through the URL using query parameters.

🧠 What is a GET Request?

A basic GET request looks like this:

GET /api/example

This simply asks the server:

β€œGive me the data available at this endpoint.”

πŸ”— Query Parameters

GET requests often include parameters in the URL to modify the response.

Example:

GET /api/user?name=admin&age=18

Breakdown:

  • ? β†’ starts query parameters
  • name=admin β†’ parameter key/value
  • & β†’ separates multiple parameters

πŸ‘‰ Full URL example:

http://target/api/user?name=admin&age=18

πŸ–₯️ Using curl (Terminal)

curl is a command-line tool used to send HTTP requests.

πŸ”Ή Basic GET request

curl http://target/api/example

πŸ”Ή GET request with parameters

curl "http://target/api/user?name=admin&age=18"

πŸ‘‰ Quotes are important when using & in URLs (especially in Linux/macOS).

πŸ”Ή Adding headers (optional)

Although GET requests usually don’t require headers, you can still include them:

curl http://target/api/example \
  -H "Custom-Header: value"

πŸ–±οΈ Using Postman (GUI)

Postman provides a graphical interface for sending requests.

πŸ”Ή Basic steps

  1. Open Postman
  2. Set method to GET
  3. Enter URL:

http://target/api/example
4. Click Send

πŸ”Ή Adding query parameters

Instead of typing them manually in the URL:

  1. Go to the Params tab

  2. Add key-value pairs:

  3. name β†’ admin

  4. age β†’ 18

Postman will automatically build:

http://target/api/user?name=admin&age=18

πŸ”Ή Adding headers

  1. Go to the Headers tab

  2. Add:

  3. Key β†’ Custom-Header

  4. Value β†’ value

⚠️ Important Notes

  • GET requests should not modify server data (they are read-only)
  • Parameters are visible in the URL
  • There is no request body in standard GET usage
  • Some servers may behave differently, but in this CTF we follow standard behavior

🧩 In This CTF

You will often need to:

  • Discover correct parameter names
  • Guess valid values (e.g., admin)
  • Modify URLs manually
  • Observe how the server responds

Small changes in parameters can completely change the result β€” this is the key idea behind many challenges.

πŸš€ Summary

  • GET = retrieve data
  • Parameters go in the URL

  • Use:

  • curl for terminal-based requests

  • Postman for visual interaction

Mastering GET requests is the first step toward understanding how APIs work and how to interact with them effectively.