level 1
Send an HTTP request using curl
level 2
Send an HTTP request using nc
nc takes URL and port in order to functin.
/$ nc localhost 80
GET / HTTP/1.1
We can send HTTP request using the GET method.
level 3
Send an HTTP request using python
import requests
response = requests.get("http://localhost")
print(response.text)
level 4
Set the host header in an HTTP request using curl
The host header allows user to access a site out of multiple sites hosted on the same server.
In order to set the host-header, we need to use the H flag.
/$ curl -v -H 'Host: 3c22a6070842664437f7deb701d0ba73' localhost
level 5
Set the host header in an HTTP request using nc.
/$ nc localhost 80
GET / HTTP/1.1
Host: 955346154465080a0f6f80ad1abab644
level 6
Set the host header in an HTTP request using python
import requests
response = requests.get("http://localhost", headers = {"Host": "d98cadd7add61f28f2f8ab4ff2866426"})
print(response.text)
level 7
Set the path in an HTTP request using curl
/$ curl -v localhost/6b24f3f2803e65ee8a4c7718e3746e9b
level 8
Set the path in an HTTP request using nc
/$ nc localhost 80
GET /6fa55c0a2c6a06641a0d3b0c7bb52aae HTTP/1.1
level 9
Set the path in an HTTP request using python
import requests
response = requests.get("http://localhost/f9e1c5fbc5583f0adc79a10ca148515c")
print(response.text)
level 10
URL encode a path in an HTTP request using curl
/$ curl -v localhost/57663ceb%20cd9c94ed%2F6168ae2b%20da2eccda
level 11
URL encode a path in an HTTP request using nc
/$ nc localhost 80
GET /b12c4f12%2067266589%2Fd666cda6%20d2af6f45 HTTP/1.1
level 12
URL encode a path in an HTTP request using python
import requests
response = requests.get("http://localhost/84c49128%208a299390%2F93d9bfa2%20d858b128")
print(response.text)
level 13
Specify an argument in an HTTP request using curl
/$ curl 'localhost?a=0700717794063c8870f6587ffe9d1f2e'
level 14
Specify an argument in an HTTP request using nc
/$ nc localhost 80
GET /?a=9cb477c13d0f3467762b96e34723b429 HTTP/1.1
level 15
Specify an argument in an HTTP request using python
import requests
response = requests.get("http://localhost", params = {"a": "98b2272feef1197ca5db52112f53171a"})
print(response.text)
level 16
Specify multiple arguments in an HTTP request using curl
/$ curl -v 'localhost?a=183a900965dbaa297b87b8da347b5000&b=755bccd7%20431ba7ab%26e4271ad1%23165b5805'
level 17
Specify multiple arguments in an HTTP request using nc
/$ nc localhost 80
GET /?a=0d5d14b5c59f30f71f8a4ad183e5594b&b=14ee11ce 7bcd30bb&945e070f#8c4ca511 HTTP/1.1
/$ nc localhost 80
GET /?a=0d5d14b5c59f30f71f8a4ad183e5594b&b=14ee11ce%207bcd30bb%26945e070f%238c4ca511 HTTP/1.1
level 18
Specify multiple arguments in an HTTP request using python
import requests
response = requests.get("http://localhost", params = {"a": "976a35e36b74e0ec9d51e06642819868", "b": "5c6d5670 264acf16&9a8327b8#a1e2f498"})
print(response.text)
level 19
Include form data in an HTTP request using curl
/$ curl localhost -H "Content-Type: application/x-www-form-urlencoded" -d "a=2f326bd3fccd73a0779f0b2d508973b7"
level 20
Include form data in an HTTP request using nc
/$ nc localhost 80
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 34
a=efd41ca8a70736bfca72237e98562264
level 21
Include form data in an HTTP request using python
import requests
response = requests.post("http://localhost", data = {"a": "48a3ea3467441c043b6bbdaaa892f581"})
print(response.text)
level 22
Include form data with multiple fields in an HTTP request using curl
/$ curl localhost -H "Content-Type: application/x-www-form-urlencoded" -d "a=49d18424ea2da90ef911b176280d2b4f&b=e554316c%20d26a8c93%2637806597%2308446ae2"
level 23
Include form data with multiple fields in an HTTP request using nc
/$ nc localhost 80
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 78
a=ac3b1a1c63b69fad533e8978f6a5dff6&b=b573a00d%202ba9bc8a%26a6695f81%233c49eb83
level 24
Include form data with multiple fields in an HTTP request using python
import requests
response = requests.post("http://localhost", data = {"a": "d9ca68fd4ebb26ce7bc66ca673af28bd", "b": "3f36fa3c 5d887603&0ca6cc86#9b3ebe7e"})
print(response.text)
level 25
Include json data in an HTTP request using curl
/$ curl -v localhost -H "Content-Type: application/json" -d '{"a": "4ca4028161b46e326dccbd61fd9ca126"}'
level 26
Include json data in an HTTP request using nc
/$ nc localhost 80
POST / HTTP/1.1
Content-Type: application/json
Content-Length: 41
{"a": "2871410238346d3ef1efa9557c63d396"}
level 27
Include json data in an HTTP request using python
import requests
response = requests.post("http://localhost", json = {"a": "4f8799edeeeae6280d2476ff44ec855b"})
print(response.text)
level 28
Include complex json data in an HTTP request using curl
/$ curl -v -H "Content-Type: application/json" localhost -d '{"a": "134feb33f6406e92577a3da1af09d6e1", "b": {"c": "731530a0", "d": ["aa22dd29", "33a13f37 c90ae96c&fc4db4e3#43ed5bf2"]}}'
level 29
Include complex json data in an HTTP request using nc
/$ nec localhost 80
POST / HTTP/1.1
Content-Type: application/json
Content-Length: 123
{"a": "3c3fc4d92ea768d2f90a1564901c7151", "b": {"c": "88960a48", "d": ["f8b92795", "59ce8454 77e5423c&e259ebfd#c90f1078"]}}
level 30
Include complex json data in an HTTP request using python
import requests
response = requests.post("http://localhost", json = {"a": "c49c2036612db43b827928a815ab4aa3", "b": {'c': '18990378', 'd': ['15a23d60', '5d838d26 b09c0f1b&b57e6ead#7e7021f8']}})
print(response.text)
level 31
Follow an HTTP redirect from HTTP response using curl
/$ curl -v localhost/fe865645cf9d9429f8d3a64bd3624bde
level 32
Follow an HTTP redirect from HTTP response using nc
/$ nc localhost 80
GET /04f17f0a0c09c5f51d7b4b41227fc991 HTTP/1.1
level 33
Follow an HTTP redirect from HTTP response using python
import requests
response = requests.post("http://localhost")
print(response.text)
level 34
Include a cookie from HTTP response using curl
/$ curl -v -H 'Cookie: cookie=6ba66cf208e8af50138db065514ec00c' localhost
OR
/$ curl -L --cookie /tmp/cookie localhost
level 35
Include a cookie from HTTP response using nc
/$ nc localhost 80
GET / HTTP/1.1
Cookie: cookie=fd64267b1b2798fc6498188109e91cf7
level 36
Include a cookie from HTTP response using python
import requests
response = requests.post("http://localhost")
print(response.text)
level37
Make multiple requests in response to stateful HTTP responses using curl
/$ curl -v -H 'Cookie: session=eyJzdGF0ZSI6MX0.ZIdjyA.Il0n0-3Dc92AGqznlmke0NUGbSM' localhost
/$ curl -v -H 'Cookie: session=eyJzdGF0ZSI6Mn0.ZIdj-g.xNEcHHpWLkuTjDyiyMlOkpJlhHc' localhost
/$ curl -v -H 'Cookie: session=eyJzdGF0ZSI6M30.ZIdkLw.GAPUeUh0rrxafcjsCri18TI506o' localhost
OR
curl -L --cookie /tmp/cookie localhost
level 38
Make multiple requests in response to stateful HTTP responses using nc
/$ nc localhost 80
GET / HTTP/1.1
Cookie: session=eyJzdGF0ZSI6MX0.ZIdFvA.sHWWKoF8bM1fkGxOrTHbPJrHnXk
/$ nc localhost 80
GET / HTTP/1.1
Cookie: session=eyJzdGF0ZSI6Mn0.ZIdGGw.vET_YPzKaN7NNySdDm80v_VRahM
/$ nc localhost 80
GET / HTTP/1.1
Cookie: session=eyJzdGF0ZSI6M30.ZIdGTg.7DxhB2c_HvhkfSS5ADGrIgK-eq4
level 39
Make multiple requests in response to stateful HTTP responses using python
import requests
response = requests.post("http://localhost")
print(response.text)
