GET and POST requests in HTTP traffic

Using GET vs POST

   Please enter your name to register

Now the same with POST instead of GET:

   Please enter your name to register

Exercise 1: Try out the buttons above, and look at the generated web traffic in the OWASP ZAP proxy.
You should see GET and POST requests to www.w3schools.com. Here you should see that for the GET requests the two parameters, firstname and lastname end up in the URL, whereas with the POST request they do not, but are in the body.

Using GET and POST with a hidden field

   Hello John, please also enter your last name to register:

Now the same, but with a POST field:

   Hello John, please also enter your last name to register:

Exercise 2: Look at the HTTP trafic to see which value are sent at the first name, and look at the HTML source of this webpage to see where the hidden parameters come from.

Including images in a web page

Exercise 3

• Look at the HTML source of this webpage to see how this picture is included in the webpage.

• Is this image loaded with a GET request or a POST request? Look at the HTTP traffic in ZAP to figure that out. (The image may be cached in your browser; if that is the case you will not see the image being retrieved by the browswer if you reload the page and you may need to clear the image cache or restart the browser.)

• To get an impression of what the HTML spec looks like, look at the specification of the <img> element in the HTML spec. This for instance lists the attributes that this element takes and how browsers are meant to process these. Some of these attributes, like width, are pretty self-explanatory, but others, like the alt attribute, are less so and come with lots of guidance on how it should be use, for instance see the Requirements for providing text to act as an alternative for images.

• Copy this file to your own computer and edit it to change it to have the Radboud logo displayed in a different size or left-adjusted rather than right-adjusted.