HyperText Transfer Protocol (HTTP)
HTTP is an application-level protocol used to access the World Wide Web resources. The term
hypertext stands for text containing links to other resources and text that the readers can easily interpret. HTTP communication consists of a client and a server, where the client
requests the server for a resource. The server processes the requests
and returns the requested resource. The default port for HTTP
communication is port 80, though this can be changed to any other port, depending on the web server configuration. HTTP communications mainly consist of an HTTP request and an HTTP
response. An HTTP request is made by the client (e.g. cURL/browser), and
is processed by the server (e.g. web server). The requests contain all
of the details we require from the server, including the resource (e.g.
URL, path, parameters), any request data, headers or options we specify,
and many other options we will discuss throughout this module.
HTTP Requests and Responses
| Header | Description | |
|---|---|---|
Content-Type |
Used to describe the type of resource being transferred. The value
is automatically added by the browsers on the client-side and returned
in the server response. The charset field denotes the encoding standard, such as UTF-8. |
|
Media-Type |
The media-type is similar to Content-Type, and describes the data being transferred. This header can play a crucial role in making the server interpret our input. The charset field may also be used with this header. |
|
Boundary |
Acts as a marker to separate content when there is more than one in
the same message. For example, within a form data, this boundary gets
used as --b4e4fbd93540 to separate different parts of the form. |
|
Content-Length |
Holds the size of the entity being passed. This header is necessary as the server uses it to read data from the message body, and is automatically generated by the browser and tools like cURL. | |
Content-Encoding |
Data can undergo multiple transformations before being passed. For
example, large amounts of data can be compressed to reduce the message
size. The type of encoding being used should be specified using the Content-Encoding header. |
Request Headers
The client sends Request Headers in an HTTP transaction. These headers are used in an HTTP request and do not relate to the content of the message. The following headers are commonly seen in HTTP requests.
| Header | Description | |
|---|---|---|
Host |
Used to specify the host being queried for the resource. This can be a domain name or an IP address. HTTP servers can be configured to host different websites, which are revealed based on the hostname. This makes the host header an important enumeration target, as it can indicate the existence of other hosts on the target server. | |
User-Agent |
The User-Agent header is used to describe the client
requesting resources. This header can reveal a lot about the client,
such as the browser, its version, and the operating system. |
|
Referer |
Denotes where the current request is coming from. For example, clicking a link from Google search results would make https://google.com the referer. Trusting this header can be dangerous as it can be easily manipulated, leading to unintended consequences. |
|
Accept |
The Accept header describes which media types the client can understand. It can contain multiple media types separated by commas. The */* value signifies that all media types are accepted. |
|
Cookie |
Contains cookie-value pairs in the format name=value. A cookie
is a piece of data stored on the client-side and on the server, which
acts as an identifier. These are passed to the server per request, thus
maintaining the client's access. Cookies can also serve other purposes,
such as saving user preferences or session tracking. There can be
multiple cookies in a single header separated by a semi-colon. |
|
Authorization |
Another method for the server to identify clients. After successful authentication, the server returns a token unique to the client. Unlike cookies, tokens are stored only on the client-side and retrieved by the server per request. There are multiple types of authentication types based on the webserver and application type used. |
A complete list of request headers and their usage can be found here.
Response Headers
Response Headers can be used in an HTTP response and do not relate to the content. Certain response headers such as Age, Location, and Server are used to provide more context about the response. The following headers are commonly seen in HTTP responses.
| Header | Description | |
|---|---|---|
Server |
Contains information about the HTTP server, which processed the request. It can be used to gain information about the server, such as its version, and enumerate it further. | |
Set-Cookie |
Contains the cookies needed for client identification. Browsers
parse the cookies and store them for future requests. This header
follows the same format as the Cookie request header. |
|
WWW-Authenticate |
Notifies the client about the type of authentication required to access the requested resource. |
Security Headers
Finally, we have Security Headers.
With the increase in the variety of browsers and web-based attacks,
defining certain headers that enhanced security was necessary. HTTP
Security headers are a class of response headers used to specify certain rules and policies to be followed by the browser while accessing the website.
| Header | Description | |
|---|---|---|
Content-Security-Policy |
Dictates the website's policy towards externally injected resources. This could be JavaScript code as well as script resources. This header instructs the browser to accept resources only from certain trusted domains, hence preventing attacks such as Cross-site scripting (XSS). | |
Strict-Transport-Security |
Prevents the browser from accessing the website over the plaintext HTTP protocol, and forces all communication to be carried over the secure HTTPS protocol. This prevents attackers from sniffing web traffic and accessing protected information such as passwords or other sensitive data. | |
Referrer-Policy |
Dictates whether the browser should include the value specified via the Referer header or not. It can help in avoiding disclosing sensitive URLs and information while browsing the website. |
you can get this through the burp proxy, curl, and inspecting's the we paprovide page.
Request Methods
The following are some of the commonly used methods:
| Method | Description |
|---|---|
GET |
Requests a specific resource. Additional data can be passed to the server via query strings in the URL (e.g. ?param=value). |
POST |
Sends data to the server. It can handle multiple types of input, such as text, PDFs, and other forms of binary data. This data is appended in the request body present after the headers. The POST method is commonly used when sending information (e.g. forms/logins) or uploading data to a website, such as images or documents. |
HEAD |
Requests the headers that would be returned if a GET request was made to the server. It doesn't return the request body and is usually made to check the response length before downloading resources. |
PUT |
Creates new resources on the server. Allowing this method without proper controls can lead to uploading malicious resources. |
DELETE |
Deletes an existing resource on the webserver. If not properly secured, can lead to Denial of Service (DoS) by deleting critical files on the web server. |
OPTIONS |
Returns information about the server, such as the methods accepted by it. |
PATCH |
Applies partial modifications to the resource at the specified location. |
common code of web request response
| Code | Description |
|---|---|
200 OK |
Returned on a successful request, and the response body usually contains the requested resource. |
302 Found |
Redirects the client to another URL. For example, redirecting the user to their dashboard after a successful login. |
400 Bad Request |
Returned on encountering malformed requests such as requests with missing line terminators. |
403 Forbidden |
Signifies that the client doesn't have appropriate access to the resource. It can also be returned when the server detects malicious input from the user. |
404 Not Found |
Returned when the client requests a resource that doesn't exist on the server. |
500 Internal Server Error |
Returned when the server cannot process the request. |
CRUD API
As we can see, we can easily specify the table and the row we want to perform an operation on through such APIs. Then we may utilize different HTTP methods to perform different operations on that row. In general, APIs perform 4 main operations on the requested database entity:
| Operation | HTTP Method | Description |
|---|---|---|
Create |
POST |
Adds the specified data to the database table |
Read |
GET |
Reads the specified entity from the database table |
Update |
PUT |
Updates the data of the specified database table |
Delete |
DELETE |
Removes the specified row from the database table |
we are able to perform all 4
CRUD operations through cURL.
In a real web application, such actions may not be allowed for all
users, or it would be considered a vulnerability if anyone can modify or
delete any entry. Each user would have certain privileges on what they
can read or write, where write refers to adding, modifying, or deleting data.
0 Comments
Thanks For your comment