What is the difference between POST and GET?
There are a total of four(4) http request methods (POST, GET, PUT, DELETE). While it’s not vital to understand them, the point is this information is passed through the header of the page or online document. This is where vulnerabilities and Injections exploiting Web Applications starts, so if you are interested in learning why Vulnerabilities in code exist, these are some fundamentals you need to know.
This is because the first thing your browser does after it looks up in DNS what site you want to go to is, send the request for information from that page.
Now, since you use a browser you don’t see this happening, this all happens in the background. We don’t need to get into details on how the HTTP protocol works to understand POST and GET.
So, the simplest way would to open up your browsers dev tools by pressing F12.
Now, if you press F5 you will see the page reload and a bunch of resources start populating below the Network. If you click on one you will see the Headers. This is the HTTP protocol working in the background retrieving the request.
You can see “Request Method: GET” so you know this page was loaded with a GET request.
Now, in your URL add a ?asdf=1 to the end of the URL you have loaded and press enter, you see now the request is now www.malwareclean.net but ?asdf=1 (because this is now the resource being requested NOT just malwareclean.net).
And we once again click on that, you will then on the right panel scroll down all the way until you see the “Query String Parameters” these parameters are being sent to the web server through HTTP as a GET request. The server can then do whatever it uses those parameters for. Maybe to output something in relation to a database field. What the data is does not matter, it’s more important to understand a GET parameter will be shown in the browser URL.
A POST request is the same as a GET in most ways, however you will not see the data in the URL, it will be passed just as the get query strings but will be required by the web application to capture is specifically with the “POST” request.
Here’s a good video on GET and POST requests you may find useful for a better understanding.
Let’s talk a little bit about the difference between GET and POST. We’ve already seen one of the differences, and that’s GET parameters are included in the URL and POST parameters are included in the body.
Another difference is that GET requests are often used for fetching documents and GET parameters are usually used to describe which document we’re looking for or maybe what page we’re on or things of that nature, basically, things that are describing what we’re getting where POST parameters are often used for updating data for actually making changes to the Server or to the data held on the Server.
Another difference is that GET parameters because they are in the URL have a maximum URL length, or they’re affected by the maximum URL length because you can only encode so many parameters.
For example, I think Internet Explorer allows characters in the URL, or something like that, which can be quite limiting.
POSTs, by default, have no maximum length.
Now, the Server can be configured–and most are to have a maximum length, but it’s usually substantially longer than characters.
It’s probably a few megabytes.
Another difference is that GET parameters are generally okay to cache. And when you make a GET request–a simple request for a URL there’s a good chance that it’s been cached.
There are a lot of machines between you and the Server or often there are and it saves a lot of effort if we know the document hasn’t changed to–you know–cache it along the way so you don’t have to request it new every time. POST parameters are almost never cached.
That’s because you’re probably updating data on the Server. And so the industry standard is don’t cache POST requests. One more difference is that GET requests because they’re okay to cache and because you’re usually describing which document you want they shouldn’t change the Server.
You should be able to make the same GET request over and over, and the Server shouldn’t change. POST requests, on the other hand, are okay to change the Server. That’s what they’re generally used for, is requests that update the Server. That’s why they’re not cached; there’s no max length, and that’s the whole story.
So in short, GET requests should be simple requests for fetching a document. And GET parameters should be used to describe what document or what page you’re looking for. And POST parameters are used for making updates to the Server. And POST requests generally are destructive in nature. Now, if you don’t follow these rules, you can get into a little trouble.