HTTP Requests and Responses
HTTP Requests and Responses
Problem Statement - Explore HTTP Communication to decipher the structure and the meaning of HTTP communication.
Approach - Explanation of HTTP
Tools used - cURL, Basic understanding of web communication
Introduction
HTTP request is made by the client such as cURL or browser, is processed by the server that then sends an http response containing the response code, and likely, the requested resource. An HTTP request contains three main paths including the HTTP method e.g. GET which specifies the type of action to perform, the path to the resource being accessed, and the version of the HTTP in use. See Figure 1.
Figure 1: HTTP Request
An HTTP response has two
main fields and other details. The two main fields are the HTTP version and the
response code i.e. 200 OK. The response
code is used to determine the status of the request. See Figure 2.
Figure 2: HTTP Response
To preview full HTTP request and full HTTP response, use cURL. This is useful for writing exploits and penetration tests. To do this, issue curl www.naconek.ke -v where the -v flag prints both the request and the response. the output details can be enhanced by using -vvv to verbose further. See Figure 3 below. 
Figure 3: Full HTTP Request and Response in cURL
Browser developer tools
are mainly used by developers to test web applications and are critical tools
for penetration testers. In this section, I explored how I can utilize DevTools
to assess and monitor different types of web requests. When one visits a web
application, the browser sends several requests and receives several HTTP
requests to render the final output to the user. The DevTools shows the status
of the request or response at a glance. In Firefox, use CTRL +SHIFT+I or F12 to
display the DevTools. See Figure 4.
Figure 4: DevTool and HTTP Commnucication
Philiphine Cheptanui, CyberSec.
0 comments:
Post a Comment