HTTP in detail
Learn about how you request content from a web server using the HTTP protocol...
What is HTTP(S)?
is the protocol that specifies how a web browser and a web server communicate. It is what's used whenever you view a website, developed by Tim Berners-Lee and his team between 1989-1991.
is the secure version of HTTP. HTTPS data is encrypted so it not only stops people from seeing the data you are receiving and sending, but it also gives you assurances that you're talking to the correct web server and not something impersonating it.
Requests & Responses
What is a URL?
If you’ve used the internet, you’ve used a URL before. A is predominantly an instruction on how to access a resource on the internet.
://@//
Scheme: This instructs on what protocol to use for accessing the resource such as HTTP, HTTPS, FTP (File Transfer Protocol).
User: Some services require authentication to log in, you can put a username and password into the URL to log in.
Host: The domain name or IP address of the server you wish to access.
Port: The Port that you are going to connect to, usually 80 for HTTP and 443 for HTTPS, but this can be hosted on any port between 1 - 65535.
Path: The file name or location of the resource you are trying to access.
Query String: Extra bits of information that can be sent to the requested path. For example, /blog?id=1 would tell the blog path that you wish to receive the blog article with the id of 1.
Fragment: This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page.
It's possible to make a request to a web server with just one line "GET / HTTP/1.1".
Example Request
Line 1: This request is sending the GET method ( more on this in the HTTP Methods task ), request the home page with / and telling the web server we are using HTTP protocol version 1.1.
Line 2: We tell the web server we want the website tryhackme.com
Line 3: We tell the web server we are using the Firefox version 87 Browser
Line 4: We are telling the web server that the web page that referred us to this one is https://tryhackme.com
Line 5: HTTP requests always end with a blank line to inform the web server that the request has finished.
Example Response
Line 1: HTTP 1.1 is the version of the HTTP protocol the server is using and then followed by the HTTP Status Code in this case "200 OK" which tells us the request has completed successfully.
Line 2: This tells us the web server software and version number.
Line 3: The current date, time and timezone of the web server.
Line 4: The Content-Type header tells the client what sort of information is going to be sent, such as HTML, images, videos, pdf, XML.
Line 5: Content-Length tells the client how long the response is, this way we can confirm no data is missing.
Line 6: HTTP response contains a blank line to confirm the end of the HTTP response.
Lines 7-14: The information that has been requested, in this instance the homepage.
HTTP Methods
GET Request
This is used for getting information from a web server.
POST Request
This is used for submitting data to the web server and potentially creating new records.
PUT Request
This is used for submitting data to a web server to update information.
DELETE Request
This is used for deleting information/records from a web server.
HTTP Status Codes
When a HTTP server responds, the first line always contains a status code informing the client of the outcome of their request and also potentially how to handle it. These status codes can be broken down into 5 different ranges:
Common Codes
Headers
Headers are additional bits of data you can send to the web server when making requests.
Although no headers are strictly required when making a HTTP request, you’ll find it difficult to view a website properly.
Common Request Headers
Host: Some web servers host multiple websites so by providing the host headers you can tell it which one you require, otherwise you'll just receive the default website for the server.
User-Agent: This is your browser software and version number, telling the web server your browser software helps it format the website properly for your browser and also some elements of HTML, JavaScript and CSS are only available in certain browsers.
Content-Length: When sending data to a web server such as in a form, the content length tells the web server how much data to expect in the web request. This way the server can ensure it isn't missing any data.
Accept-Encoding: Tells the web server what types of compression methods the browser supports so the data can be made smaller for transmitting over the internet.
Cookie: Data sent to the server to help remember your information.
Common Response Headers
Set-Cookie: Information to store which gets sent back to the web server on each request.
Cache-Control: How long to store the content of the response in the browser's cache before it requests it again.
Content-Type: This tells the client what type of data is being returned, i.e., HTML, CSS, JavaScript, Images, PDF, Video, etc. Using the content-type header the browser then knows how to process the data.
Content-Encoding: What method has been used to compress the data to make it smaller when sending it over the internet.
Cookies
They're a small piece of data that is stored on your computer. Cookies are saved when you receive a "Set-Cookie" header from a web server. Then every further request you make, you'll send the cookie data back to the web server. Because HTTP is stateless (doesn't keep track of your previous requests), cookies can be used to remind the web server who you are, some personal settings for the website or whether you've been to the website before. They have other uses, but are most commonly used for website authentication.
Coded Requests
Answers
Task 1
What does HTTP stand for? HyperText Transfer Protocol
What does the S in HTTPS stand for? Secure
On the mock webpage, on the right, there is an issue, once you’ve found it, click on it. What is the challenge flag? THM{INVALID_HTTP_CERT}
Task 2
What HTTP protocol is being used in the above example? HTTP/1.1
What response header tells the browser how much data to expect? Content-Length
Task 3
What method would be used to create a new user account? POST
What method would be used to update your email address? PUT
What method would be used to remove a picture you’ve uploaded to your account? DELETE
What method would be used to view a news article? GET
Task 4
What response code might you receive if you’ve created a new user or blog post article? 201
What response code might you receive if you’ve tried to access a page that doesn’t exist? 404
What response code might you receive if the web server cannot access its database and the application crashes? 503
What response code might you receive if you try to edit your profile without logging in first? 401
Task 5
What header tells the web server what browser is being used? User-Agent
What header tells the browser what type of data is being returned? Content-Type
What header tells the web server which website is being requested? Host
Task 6
Which header is used to save cookies to your computer? Set-Cookie
Task 7
Make a GET request to /room THM{YOU’RE_IN_THE_ROOM}
Make a GET request to /blog and using the gear icon set the id parameter to 1 in the URL field THM{YOU_FOUND_THE_BLOG}
Make a DELETE request to /user/1 THM{USER_IS_DELETED}
Make a PUT request to /user/2 with the username parameter set to admin THM{USER_HAS_UPDATED}
POST the username of thm and a password of letmein to /login THM{HTTP_REQUEST_MASTER}
Last updated
