This challenge covers how to send specific HTTP requests

< 1 Hr.
HTTP Badge


This lab focuses on sending a GET request with a specific parameter that includes a NULL Byte, an essential concept in web security. The objective is to craft a URL-encoded request to the endpoint `/pentesterlab`, ensuring that the `key` parameter is set to `please` followed by a NULL Byte. This challenge highlights the importance of URL-encoding special characters to avoid misinterpretation by the server.

The video guide demonstrates how to perform this task using both a web browser and the command-line tool `curl`. Initially, the request is constructed in the browser, emphasizing the necessity of using the HTTP protocol to avoid automatic redirection to HTTPS. The NULL Byte is represented as `%00` in the URL. Subsequently, the same request is replicated in the terminal using `curl`, showcasing the versatility and reusability of scripts in different environments.

Want to learn more? Get started with PentesterLab Pro! GO PRO