This challenge covers how to send specific HTTP requests

< 1 Hr.
HTTP Badge


In this lab, you are tasked with sending a GET request to the endpoint /pentesterlab. The request must include the GET parameter key with the value please, followed by a double-encoded NULL Byte. Understanding and applying URL-encoding is essential to ensure the correct values are transmitted to the server.

The challenge starts by using a browser to manually construct the URL. However, the correct double-encoding of the NULL Byte requires deeper understanding. Initially, encoding a NULL Byte results in %00. For double-encoding, the % character itself must be re-encoded to %25, forming %2500. This process ensures that upon decoding, the server interprets it correctly as a NULL Byte. Using tools like curl or scripting in your preferred language can simplify this task and help build a reusable script collection for future challenges.

Want to learn more? Get started with PentesterLab Pro! GO PRO