HTTP in Detail
TryHackMe Walkthroughs â‹… Guided â‹… HTTP in Detail
Task 1: What is HTTP(S)?
HyperText Transfer Protocol (HTTP) is a protocol, or set of rules, used to communicate with web servers and transmit webpage data. HTTPS, the S standing for secure, is the encrypted version of HTTP.
Task 2: Requests And Responses
A uniform resource locator (URL) is an instruction on how to access a resource on the Internet. Consider the url http://user:password@tryhackme.com:80/view-room?id=1#task3
.
http: This is the scheme, which instructs what protocol to use for accessing the resource
user:password: This is the user, which is needed if logging is necessary to access the resource
tryhackme.com: This is the host, also known as the domain name or IP address of the resource
80: This is the port to connect to
view-room: This is the path, also known as the file name or location of the resource
?id=1: This is the query string, which includes extra bits of information that can be sent to the requested path
#task3: This is the fragment, which is a reference to a location on the actual page that is only viewable to the client
HTTP uses a series of requests and responses to transmit data.
Consider this request:
Line 1 says that we are making a GET request using HTTP/1.1 to the home page with /. Lines 2-4 are optional. Host indicates that we want tryhackme.com
. User-agent indicates that we are using Firefox version 87 Browser, and referer indicates that we came from tryhackme.com
. HTTP requests end with a blank line, meaning the request has finished.
Consider this response:
Line 1 indicates that the protocol used was HTTP 1.1 and that the request was successfully completed. Lines 2-5 indicate information about the server software, server date and time, the content type, and the length of the content. Following these lines is a blank line signalling the end of the HTTP response and the content sent by the server.
Task 3: HTTP Methods
We can express our intended action when making an HTTP request using different methods.
GET: Used for getting information from a web server
POST: Used for submitting data to a web server, potentially creating new records
PUT: Used for submitting data to a web server to update information
DELETE: Used for deleting information from a web server
Task 4: HTTP Status Codes
When an HTTP server responds, the first line contains a status code informing the client of the outcome of their request.
Status codes can be broken down into 5 different ranges:
100-199: These codes inform the client that the first part of their request was accepted and that they should send the rest of their request
200-299: These codes inform the client that their request was successful
300-399: These codes redirect the client's request to another resource
400-499: These codes indicate there was a client-side error with the request
500-599: These codes indicate that there was a server-side error with the request
Common HTTP status codes include, 200-OK, 400-Bad Request, 403-Forbidden, 404-Page Not Found, and 500-Internal Service Error.
Task 5: Headers
Headers can be used to send additional information when making a HTTP request.
Common request headers include:
Host: Specifies which website on the server is wanted
User-Agent: Specifies the client browser and version number
Content-Length: Specifies the length of the content sent to the server
Accept-Encoding: Specifies what data compression methods the browser supports
Cookie: Specifies a piece of data remembered by the browser and used by the server to remember client information
Common response headers include:
Set-Cookie: Specifies a piece of data sent by the server that the browser will remember for later requests
Cache-Control: Specifies how long to store the content of the response in the browser's cache
Content-Type: Specifies what type of content is being returned so that the browser can properly process the data
Content-Encoding: Specifies what method was used to compress the data
Task 6: Cookies
HTTP is a stateless protocol; this means that it does not keep track of previous requests. Thus, a server remembers a client by sending a cookie, a small piece of data that is stored by the browser, with the Set-Cookie header. Whenever the client queries the server in the future, the cookie is sent along with the request using the Cookie header. Cookies allows a server to keep track of clients.
Task 7: Making Requests
Open the site associated with the task to answer the following questions.
Last updated