HTTP

 HTTP (HyperText Transfer Protocol is used whenever you view a website. HTTP is the set of rules used for communicating with web servers for transmitting webpage data. HTTPS (HyperText Transfer Protocol Secure) Is the secure and encrypted version of HTTP which ensures that the data you send and receive is encrypted and the user is talking to the correct web server.


Requests and Responses

When a user accesses a website, the browser will need to make a request from the web server for assets, such as HTML and download the responses. Before that, the user will need to tell the browser specifically how and where to access these resources in the from of a URL (Uniform Resource Locator). See below for the make up for a URL. Please note that  a user and password can also be input after the scheme and before the domain name,



Making a request



It is possible to make a request with to a server with just one line "GET/HTTP/1.1", however for a richer web experience a user will need to include more data in the form of headers. I will go in to more depth on headers later on.

Below is an example request to a web server. 

  • Line 1 is a request sending the GET method, requesting the home page with "/" and telling the web server the user is using HTTP protocol version 1.1
  • Line 2 is telling the web server the user wants tryhackme.com
  • Line 3 is the users browser information
  • Line 4 Is telling the web server that the web page that referred us this one is https://tryhackme.com
  • Line 5 is blank. HTTP requests always end in blank lines to inform the server the request is finished.




Below is an example response. Some things to take note of are:

  • Line 1 is the HTTP version the web server is using and a status code
  • Line 2 is the web server software/ version
  • Line 3 is the content type





HTTP methods are a way for the client for the client to show their intent when making an HTTP request. 

GET Request - Used for getting information from a web server
POST Request - Used for submitting data to a web server and creating new records
PUT Request - Used for submitting data to a web server to update information
DELETE Request - Used for deleting information/records from a web server.


HTPP Status Codes are always on the first line of a response from a server and sometimes how to handle the status code. See here for more info https://developer.mozilla.org/en-US/docs/Web/HTTP/Status


Headers are additional bits of data you can send to the web server when making requests. Although headers are not strictly required when making a HTTP request, it can be difficult to a view a website properly without them.

Common Request Headers:
  • Host - Tells web server which website is required. Can be useful if web server hosts multiple sites and if no host header is included the user will receive the web servers default website.
  • User-Agent - Tells the web server the users browser and software version.
  • Content-Length - Tells web server the amount of data being sent to ensure web server receives the correct amount of data
  • Accept-Encoding - Tells the web server what types of compression methods the browser supports.
  • Cookies - Data sent to web server to help remember user information.

Common Response Headers:
  • Set-Cookie - Information to store which gets sent back to the web server on each request
  • Cache-Control - How long to store the content of the response in the browsers cache before it requests it again
  • Content-Type -  Tells browser the type of content being returned. Eg. HTML, Images, CSS etc.
  • Content-Encoding - What method has been used to compress the data.

Cookies are a small pieces of data that are saved on the users computer. Cookies are saved when a user recieves a "Set-Cookie" header from a web server. Then every request a user makes to the web-server the cookie will be sent. Because HTTP is stateless (doesn't keep track of a users previous requests), cookies can be used to have some persistence between sessions.

Cookies can be used for many purposes, but are mostly used for website authentication. Cookies are not usually displayed in clear text, but as a token.

The cookies being sent to a website can be viewed in the developer tools, in the Network tab. You can click on each one to receive a more detailed breakdown of the request and response. They can also be edited here.





Comments

Post a Comment

Popular posts from this blog

BURPSUITE IN-DEPTH

Image
NOTE: This post will be a much deeper and in-depth dive in to some of the functionality of Burp Suite. If you need a quicker overview, please visit my  Burp Suite Basics  post.  Repeater The repeater function of Burp Suite allows us to take a request captured by Proxy, edit it and send the same request repetitively. This makes repeater ideal for any manual poking around at an endpoint. Basic Usage: The repeater interface can be split in the 6 main sections. Refer to the image above: List of requests that are going through Repeater. Controls for the current request, these allow us to send/cancel a hanging request and go forwards/backwards in a request history. Request/Response view. Requests are edited in the Request view and Responses will show up in the Response view. Allows us to change the layout for the Request and Response view. The inspector allows us to break requests apart and analyse and edit them in a more intuitive way than the raw editor. The IP address o...
Read more

CROSS-SITE SCRIPTING

Image
Cross-Site Scripting (XSS) is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users.  XSS Payloads In XSS the payload is the JavaScript code we wish to be executed on the targets machine. The payload is comprised of two parts, the intention and the modification. The intention is what the attacker intends the JavaScript to execute and the modification is the changes the attacker needs to do on the code to make it execute in each specific scenario.  Proof of Concept This is a simple payload in order to prove that an attacker can actually achieve XSS on a website: <script>alert('XSS');</script> Session Stealing Details of a users session, such as log in tokens are often kept in cookies on the targets machine. The below JavaScript takes the target's cookie, base64 encodes it to ensure successful transmission and then posts it to a website under the attackers control <script>fet...
Read more

NMAP ADVANCED SCANS

Image
In this post we will be covering techniques to evade firewalls and IDS systems ad well as more advanced scans and scan options, such as: Null Scan FIN Scan Xmas Scan Maimon Scan Ack Scan Window Scan Custom Scan We will also cover the following: Spoofing IP Spoofing MAC Decoy Scan Fragmented Packets Idle/Zombie Scan Null, FIN and XMAS Scans These scans can be efficient when scanning a target behind a stateless (non-stateful) firewall. A stateless firewall will check if the incoming packet has the SYN flag to detect a connecting attempt. Using a flag combination that does not match the SYN packets could make it possible to deceive a firewall and reach the system behind it. However, a stateful firewall will practically block all such crafted packed and render this kind of scan useless. Null Scan Null scan does not set any flag at all; all six flag bits are set to zero. We can use this option with -sN . A TCP Packet with no flags set will not trigger a response when it ...
Read more