🐻HTTP Fundamentals
HyperText Transfer Protocol (HTTP)
HTTP communication consists of a client and a server, where the client requests the server for a resource. The server processes the requests and returns the requested resource.
HTTP's port is port 80 but it can change depending on the web server configuration.
The process to fetch an http ressource is the following: we enter a Fully Qualified Domain Name (FQDN) as a Uniform Resource Locator (URL)
The main mandatory fields are the scheme and the host, without which the request would have no resource to request.
Here is the anatomy of a HTTP request:
cURL
cURL does not render the HTML/JavaScript/CSS code, unlike a web browser, but prints it in its raw format.
If we ever wanted to download a page or a file and output the content into a file using the -O flag. If we want to specify the output file name, we can use the -o flag and specify the name.
Questions
To get the flag, start the above exercise, then use cURL to download the file returned by '/download.php' in the server shown above.
Hypertext Transfer Protocol Secure (HTTPS)
one of the significant drawbacks of HTTP is that all data is transferred in clear-text so it's very vulnerable to MITM attacks like we can see in the follwing:
and here is a pcap file of a HTTPS login:
Here is the flow of how HTTPS operates:
cURL
If the website we're curling does not have a valid SSL certificate, the curl command would not work, to bypass this check we can use the -k flag
HTTP Requests and Responses
HTTP Request
The image above shows an HTTP GET request to the URL:
http://inlanefreight.com/users/login.html
The next set of lines contain HTTP header value pairs, like Host, User-Agent, Cookie, and many other possible headers. These headers are used to specify various attributes of a request.
HTTP Response
Response codes are used to determine the request's status
It's good to know that cURL also allows us to preview the full HTTP request and the full HTTP response if we add -v flag which can become very handy when performing web penetration tests or writing exploits.
HTTP Headers
HTTP headers pass information between the client and the server. Some headers are only used with either requests or responses, while some other general headers are common to both.
Here are the 5 types of headers:
General HeadersEntity HeadersRequest HeadersResponse HeadersSecurity Headers
General Headers
General headers are used in both HTTP requests and responses, it's used to describe the message rather than its contents
Entity Headers
Entity Headers can be common to both the request and response. These headers are used to describe the content (entity) transferred by a message. They are usually found in responses and POST or PUT requests.
Request Headers
The client sends Request Headers in an HTTP transaction. These headers are used in an HTTP request and do not relate to the content of the message.
Response Headers
Response Headers can be used in an HTTP response and do not relate to the content. Certain response headers such as Age, Location, and Server are used to provide more context about the response.
Security Headers
HTTP Security headers are a class of response headers used to specify certain rules and policies to be followed by the browser while accessing the website.
If we wanted to curl only the header of the request, we would use the -I flag to send a HEAD reuest and display the response header and the -i flag to display both the header and the body of the req
Last updated
