HTTP Requests and Responses
Problem Statement - Explore HTTP Communication to decipher the structure and the meaning of HTTP communication.
Approach - Explanation of HTTP
Tools used - cURL, Basic understanding of web communication
Introduction
HTTP request is made by the client such as cURL or browser, is processed by the server that then sends an http response containing the response code, and likely, the requested resource. An HTTP request contains three main paths including the HTTP method e.g. GET which specifies the type of action to perform, the path to the resource being accessed, and the version of the HTTP in use. See Figure 1.
Figure 1: HTTP Request
An HTTP response has two main fields and other details. The two main fields are the HTTP version and the response code i.e. 200 OK. The response code is used to determine the status of the request. See Figure 2.
Figure 2: HTTP Response
To preview full HTTP request and full HTTP response, use cURL. This is useful for writing exploits and penetration tests. To do this, issue curl www.naconek.ke -v where the -v flag prints both the request and the response. the output details can be enhanced by using -vvv to verbose further. See Figure 3 below. 
Figure 3: Full HTTP Request and Response in cURL
Browser developer tools are mainly used by developers to test web applications and are critical tools for penetration testers. In this section, I explored how I can utilize DevTools to assess and monitor different types of web requests. When one visits a web application, the browser sends several requests and receives several HTTP requests to render the final output to the user. The DevTools shows the status of the request or response at a glance. In Firefox, use CTRL +SHIFT+I or F12 to display the DevTools. See Figure 4.
Figure 4: DevTool and HTTP Commnucication
Philiphine Cheptanui, CyberSec.
No comments:
Post a Comment