GETting it – POSTing it

No one likes things to get mixed up, creating confusion and misunderstandings, and sometimes even make our arguments seem a bit silly in the heat of an online “quarrel” with a man claiming that his level 32 Wizard is much stronger than mine in “World of Warcraft” (yes, this is a serious manner).

That’s why I’m here for you, preventing you from losing an argument to a 12-year-old nicknaming himself as “XX123TheKiNg123XX” (damned he be!), and this time we’re gonna talk about the GET and POST methods.


GET and POST are the most common methods out of a group called HTTP Request Methods, those methods are responsible for the communication between clients and servers, let’s have a look at each of them specifically.

The GET Method :

We will use this method in order to retrieve documents, files and other forms of data from a certain resource.

We use GET in search pages, sending these requests will allow us to retrieve the Information we are looking for, it retrieves a representation of the specified resource and include all required data in the URL, meaning that the Parameters specifying where we are, or what we sent, is shown in the URL address bar.

For example :

This is how a request using the Get method will look like

Pay Attention to the fact that the “user” and “pass” (password) values are visible to all via the URL address bar, meaning we shouldn’t use this method when we take actions on Web-Applications such as Login pages and so on, if you want to learn more about it you should visit here.

The POST Method :

In contrast to the GET Method, POST is being used mainly to send data to a server, we use it to create and edit all sorts of resources based in our Website, we also use these requests to update the server.

And, of course, the requests being sent using this method are much less “Visible” since the parameters being sent cannot be saved seemingly.

And yet, POST is not that secured since the data is included in the body of the request instead of the URL but it is trivially simple to view/edit, and can cause multiple writes.

Instead of talking about each of them separately, let’s have a look at the next table comparing them side by side :

Basis for comparisonGETPOST
Parameters located inURL barBody
Main goalUsed in data retrievalUsed for updating data
Is the request bookmarkedYesNo
Request being cachedYesNo
Requests remain in browser historyYesNo
Data lengthMaximum URL lengthUnrestricted
ExposureData is exposed in the URL barData is not exposed in the URL bar
Reloading the pageHarmless, without consequencesData will be re-submitted (an alert from the browser will appear)
Restrictions on data typeOnly ASCII charactersNo restrictions on types of data, you can even use Binary Data
SecurityLess secured, especially when sending sensitive data such as passwordsMore secured, because the parameters are not stored in browser history or in web server logs

So i hope you “GET” what I’m saying (please laugh) here, it is well known that even after going through all the differences the GET Method is much more common, and, we can see that there are Properties that affect the level of security in the request.

Using our tool Kayran.live, will help you to find out the vulnerabilities that, in a way, helps you and your Very-Tired-Developers to understand when and where you should use each one of the Methods!

Stay safe, choose Kayran.

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »