CYBER SECURITY

LAB 02: HTTP Protocol & Method Enumeration

HTTP Method Tampering

[Live Lab] HTTP Method Enumeration

Wireshark: Capturing Network Packets

Curl: Interacting with HTTP requests/responses

Hands-On
What is
HTTP?
HTTP Protocol
● HTTP (Hypertext Transfer Protocol) is a stateless application layer protocol used
for the transmission of resources like web application data and runs on top of TCP.
● It was specifically designed for communication between web browsers and web
servers.
● HTTP utilizes the typical client-server architecture for communication, whereby
the browser is the client, and the web server is the server.
● Resources are uniquely identified with a URL/URI.
● HTTP has 2 versions; HTTP 1.0 & HTTP 1.1.
o HTTP 1.1 is the most widely used version of HTTP and has several advantages over
HTTP 1.0 such as the ability to re-use the same connection and can request for
multiple URI’s/Resources.
HTTP Protocol Basics
HTTP Protocol Basics
● During HTTP communication, the client and the server exchange messages, typically
classified as HTTP requests and responses.
● The client sends requests to the server and gets back responses.
HTTP Request Components
● Request Line: The request line is the first line of an HTTP request and contains the
following three components:
● HTTP method (e.g., GET, POST, PUT, DELETE, etc.): Indicates the type of request being made.
● URL (Uniform Resource Locator): The address of the resource the client wants to access.
● HTTP version: The version of the HTTP protocol being used (e.g., HTTP/1.1).
● Request Headers: Headers provide additional information about the request. Common
headers include:
o User-Agent: Information about the client making the request (e.g., browser type).
o Host: The hostname of the server.
o Accept: The media types the client can handle in the response (e.g., HTML, JSON).
o Authorization: Credentials for authentication, if required.
o Cookie: Information stored on the client-side and sent back to the server with each request.
● Request Body (Optional): Some HTTP methods (like POST or PUT) include a request
body where data is sent to the server, typically in JSON or form data format.
HTTP Request Example
● Let’s examine an HTTP request in detail. The following is the data contained in a request
that we send when we navigate to www.google.com with a web browser.
HTTP Request Headers
● An HTTP request to www.google.com is initiated. What you see here are the headers (HTTP
Request Headers) for this request.
HTTP Request Methods
● HTTP request methods (HTTP Verbs) provide a standardized way for clients and servers to
communicate and interact with resources on the web. The choice of the appropriate
method depends on the type of operation that needs to be performed on the resource.
● GET is the default request method used when you make a request to a web application, in
this case we are trying to connect to www.google.com
HTTP Request Methods
Explained
HTTP Request URL/Path
● The address of the resource/URI the client wants to access.
● The home page of a website is always "/". Other pages can be requested, of course, for
example: /downloads/index.php.
● Your request always refers to the root folder to specify the requested file (hence the
leading "/").
HTTP Request Protocol
● This is the HTTP protocol version that your browser wants to communicate with (HTTP
1.0/HTTP 1.1).
HTTP Request Host Header
● This is the beginning of HTTP Request Headers. HTTP Headers have the following structure:
Header-name: Header-Value.
● The Host header allows a web server to host multiple websites at a single IP address. Our
browser is specifying in the Host header which website you are interested in. In this case
we want to access the Host www.google.com
● Note: Host value + Path combine to create the full URL you are requesting: the home
page of www.google.com/
HTTP Request User-Agent
Header
● The User-Agent is used to specify and send your browser, browser version, operating
system and language to the remote web server.
● All web browsers have their own user-agent identification string. This is how most web
sites recognize the type of browser in use.
HTTP Request Accept Header
● The Accept header is used by your browser to specify which document/file types are
expected to be returned from the web server as a result of this request.
HTTP Request Accept-Encoding
Header
● The Accept-Encoding header is similar to Accept, and is used to restrict the content
encoding that is acceptable in the response.
● Content encoding is primarily used to allow a document to be compressed or transformed
without losing the original format and without the loss of information.
HTTP Request Connection
Header
● When using HTTP 1.1, you can maintain/re-use the connection to the remote web server
for an unspecified amount of time using the value "keep-alive".
● This indicates that all requests to the web server will continue to be sent through this
connection without initiating a new connection every time (as in HTTP 1.0).
HTTP Response Components
● Response Line: The response line is the first line of an HTTP response and contains the
following two components:
● HTTP version: The version of the HTTP protocol being used (e.g., HTTP/1.1).
● HTTP status code: The number representing the response status and its relative textual meaning
(e.g., 200 OK).
● Response Headers: Similar to request headers, response headers provide additional
information about the response. Common headers include:
o Content-Type: The media type of the response content (e.g., text/html, application/json).
o Content-Length: The size of the response body in bytes.
o Set-Cookie: Used to set cookies on the client-side for subsequent requests.
o Cache-Control: Directives for caching behavior.
● Response Body (Optional): The response body contains the actual content of the
response. For example, in the case of an HTML page, the response body will contain the
HTML markup.
HTTP Request Response Example
● In response to the HTTP Request, the web server will respond with the requested resource,
preceded by a bunch of new HTTP response headers.
● These new response headers from the web server will be used by your web browser to
interpret the content contained in the Response content/body of the response.
HTTP Response Example
● The code snippet below is an example of a typical web server response.
● Note: The body of the response/page content has been omitted as it is not relevant at this
point in time.
● Let us inspect some of these HTTP response headers in greater detail.
HTTP Response Status-Line
● The first line of an HTTP Response is the Status-Line, consisting of the protocol version
(HTTP 1.1) followed by the HTTP status code (200) and its relative textual meaning (OK).
HTTP Status Code Classes
Common HTTP Status Codes
HTTP Response Date Header
● The "Date" header in an HTTP response is used to indicate the date and time when the
response was generated by the server.
● It helps clients and intermediaries to understand the freshness of the response and to
synchronize the time between the server and the client.
HTTP Response Cache-Control
Header
● The Cache headers allow the Browser and the Server to agree about caching rules. It
allows web servers to instruct clients on how long they can cache the response and under
what conditions they should revalidate it with the server.
● This helps in optimizing the performance and efficiency of web applications by reducing
unnecessary network requests.
Cache-Control Directives
HTTP Response Content-Type
Header
● The "Content-Type" header in an HTTP response is used to indicate the media type of the
response content.
● It tells the client what type of data the server is sending so that the client can handle it
appropriately.
HTTP Response Content-Encoding
Header
● The "Content-Encoding" header in an HTTP response is used to specify the compression
encoding applied to the response content.
● It tells the client how the server has encoded the response data, allowing the client to
decode and decompress the data correctly.
HTTP Response Server Header
● The Server header displays the Web Server banner, for example, Apache, Nginx, IIS etc.
● Google uses a custom web server banner: gws (Google Web Server).
HTTPS
● By default, HTTP requests are sent in clear-text and can be easily intercepted or mangled by an
attacker on the way to its destination.
● Moreover, HTTP does not provide strong authentication between the two communicating parties.
● HTTPS (Hypertext Transfer Protocol Secure) is a secure version of the HTTP protocol, which is used
to transmit data between a user's web browser and a website or web application.
● HTTPS provides an added layer of security by encrypting the data transmitted over the internet,
making it more secure and protecting it from unauthorized access and interception.
● HTTPS is also commonly referred to as HTTP Secure.
● HTTPS is the preferred way to use and configure HTTP and involves running HTTP over SSL/TLS.
● SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols used to
provide secure communication over a computer network, most commonly the internet.
● They are essential for establishing a secure and encrypted connection between a user's web
browser or application and a web server.
HTTPS
● This layering technique provides confidentiality, integrity protection and authentication to
the HTTP protocol.
 HTTP
Method
Tampering
HTTP Method Tampering
● HTTP method tampering, also known as HTTP verb tampering, is a
type of security vulnerability that can be exploited in web
applications. It occurs when an attacker manipulates the HTTP
request method used to interact with a web server.
● HTTP requests typically use methods like GET, POST, PUT, DELETE,
etc., to perform specific actions on a web application.
HTTP Method Tampering Process
● HTTP method tampering occurs when an attacker modifies the HTTP
method being used in a request to trick the web application into
performing unintended actions. For example:
o Changing a GET request to a DELETE request: If the application
doesn't properly validate the method used, it might inadvertently delete
data when it should only be retrieving it.
o Changing a POST request to a GET request: This could expose
sensitive data that should only be accessible via a POST request.
o Changing a GET request to a POST request: This might lead to
unintended data modification if the application doesn't validate the
method and payload correctly.
 Live Lab:
HTTP
Method
Enumeratio
n
Wireshark: Capturing Network
Packets
● Wireshark is a network protocol analyzer, or an application that
captures packets from a network connection.
● Wireshark will help us what exactly is going on in the background
before we move to a more abstracted tool like burp suite.
● Wireshark doesn't allow us to modify requests before they're sent to
the actual web server.
Wireshark: Capturing TCP &
HTTP Traffic
TCP 3-Way Handshake Process
1. Client sends packet with SYN flag set.
2. Server acknowledges the receipt of the packet and
sends back a packet to the client with the SYN-ACK flag set.
3. Client accepts and sends back a packet with the ACK flag set.
● SYN = Synchronization
● ACK = Acknowledgement
HTTP & HTTPS Ports
Interacting with HTTP
requests/responses
● Curl is a lightweight, command-line tool for making
HTTP requests without a web browser.
● Curl is where the most fundamental level of
modification of HTTP Requests
● Can be used in any command-line interface such as
the command prompt in Windows or Terminal in macOS.
Interacting with the home page
with
● Step 1: Sending GET request
● Command: curl -v -X GET 192.X.Y.3
Interacting with the home page
with
● Step 2: Sending HEAD request
● Command: curl -v -X HEAD 192.X.Y.3
Interacting with the home page
with
● Step 3: Sending OPTIONS request
● Command: curl -v -X OPTIONS 192.X.Y.3
Interacting with the home page
with
● Step 4: Sending POST Request
● Command: curl -v -X POST 192.X.Y.3
Interacting with the home page
with
● Step 5: Sending PUT Request
● Command: curl -v -X PUT 192.X.Y.3
Hands-On: HTTP in Detail Room
(is.gd/lab02)
QUESTIONS?
THANK YOU