Complete TryHackMe Pre-Security HTTP Lab Walkthrough

Durre ShaffaDurre Shaffa
2 min read

Introduction

As part of TryHackMe’s Pre-Security course, we are introduced to the basics of the HTTP protocol – the foundation of how the web works. In this lab, we apply theoretical knowledge by making various types of HTTP requests (GET, POST, DELETE, PUT) to interact with a server.

Let’s walk through the lab and solve it step by step. The emulator provided in the lab lets us craft HTTP requests and observe the responses.

✅ Lab Setup

The lab includes a simulated HTTP client with the ability to:

  • Choose HTTP methods (GET, POST, DELETE, PUT)

  • Modify URI parameters

  • Add body parameters

  • Observe the server’s response

On the right side of the screen, there's a "View Site" button to open the emulator.

Task 1 – GET Request to /room

Method: GET

Endpoint: /room

  1. Select GET from the dropdown menu.

  2. In the request path, enter /room.

  3. Click Send.

Response:

rustCopyEditTHM{YOU'RE_IN_THE_ROOM}

Answer: THM{YOU'RE_IN_THE_ROOM}

Task 2 – GET Request to /blog?id=1

Method: GET

Endpoint: /blog

URI Parameter: id = 1

  1. Enter /blog as the endpoint.

  2. Click the gear icon next to the URL bar.

  3. Add a URI parameter:

    • Key: id

    • Value: 1

  4. Click Send.

Response:

CopyEditTHM{YOU_FOUND_THE_BLOG}

Answer: THM{YOU_FOUND_THE_BLOG}

Task 3 – DELETE Request to /user/1

Method: DELETE

Endpoint: /user/1

  1. Change the method to DELETE.

  2. Enter /user/1 in the URL.

  3. Click Send.

Response:

CopyEditTHM{USER_IS_DELETED}

Answer: THM{USER_IS_DELETED}

Task 4 – PUT Request to /user/2 with Body Parameter username=admin

Method: PUT

Endpoint: /user/2

Body Parameter: username = admin

  1. Select PUT as the method.

  2. Enter /user/2 in the URL.

  3. Open the gear icon next to the body section.

  4. Add a body parameter:

    • Key: username

    • Value: admin

  5. Click Send.

Response:

CopyEditTHM{USER_HAS_UPDATED}

Answer: THM{USER_HAS_UPDATED}

Task 5 – POST Request to /login with Credentials

Method: POST

Endpoint: /login

Body Parameters:

  • username = thm

  • password = letmein

  1. Choose POST method.

  2. Enter /login as the endpoint.

  3. Click the gear icon next to body.

  4. Add:

    • username: thm

    • password: letmein

  5. Click Send.

Response:

CopyEditTHM{HTTP_REQUEST_MASTER}

Answer: THM{HTTP_REQUEST_MASTER}

Conclusion

This lab is a simple yet powerful way to grasp how HTTP methods interact with web servers. Each type of request (GET, POST, PUT, DELETE) serves a different purpose – understanding them is a foundational skill in web security, penetration testing, and development.

0
Subscribe to my newsletter

Read articles from Durre Shaffa directly inside your inbox. Subscribe to the newsletter, and don't miss out.

cybersecuritytryhackmelabhttp#cybersecurity

Written by

Durre Shaffa
Durre Shaffa