URL Encoding
URLs are permitted to contain only the printable characters in the US-ASCII
character set.
That is, those whose ASCII code is in the range 0x20–0x7e
inclusive.
Further, several characters within this range are restricted because
they have special meaning within the URL scheme itself or within the HTTP
protocol.
The URL encoding scheme is used to encode any problematic characters
within the extended ASCII character set so that they can be safely transported
over HTTP.
The URL-encoded form of any character is the % prefix followed by
the character’s two-digit ASCII code expressed in hexadecimal. Some exam-
ples of characters that are commonly URL-encoded are shown here:
%3d =
%25 %
%20 space
%0a new line
null byte
A further encoding to be aware of is the + character, which represents a URL-
encoded space (in addition to the %20 representation of a space).
You will often need to use these characters with their special
meaning when modifying a request.
For eg: To add an additional request
parameter to the query string. In this case, they should be used in their literal
form.
For penetration testing web applications, you should URL-encode
any of the following characters when you are inserting them as data into an
HTTP request:
space ? & ; + # % =
No comments:
Post a Comment
Dear visitor,
Please do not post spam. All comments will be moderated before approval.