tryhackme: HTTP in detail: Making Requests / Requests And Responses.

-

 1. Make a GET request to /room

=>

GET /room HTTP/1.1

Host: tryhackme.com

User-Agent: Mozilla/5.0 Firefox/87.0

----------------------------------------------------------------------------

2. Make a GET request to /blog, set the id parameter to 1 

=>

GET /blog?id=1 HTTP/1.1

Host: tryhackme.com

User-Agent: Mozilla/5.0 Firefox/87.0

----------------------------------------------------------------------------

Make a DELETE request to /user/1

=>

DELETE /user/1 HTTP/1.1

Host: tryhackme.com

User-Agent: Mozilla/5.0 Firefox/87.0

Content-Length: 0

----------------------------------------------------------------------------

Make a PUT request to /user/2 with the username parameter set to admin

=>

PUT /user/2 HTTP/1.1

Host: tryhackme.com

User-Agent: Mozilla/5.0 Firefox/87.0

Content-Length: 14

username=admin

----------------------------------------------------------------------------

POST the username of thm and a password of letmein to /login

=>

POST /login HTTP/1.1

Host: tryhackme.com

User-Agent: Mozilla/5.0 Firefox/87.0

Content-Length: 33

username=thm&password=letmein

----------------------------------------------------------------------------

URL: Uniform Resource Locator


http://user:password@tryhackme.com:80/view-room?id=1#task3


1. Scheme: this instructs on what protocol to use for accessing the resource such as http https ftp (http://) 


2. User: Some services require authentication to log in, you can put a username and password into the URL to log in  (user:password@)


3. Host: The domain name or IP address of the server you wish to access  (tryhackme.com)


4. Port: The Port that you are going to connect to, usually 80 for http and 443 for https, but this can be hosted on any port between 1 and 65535 (:80)


5. Path: The file name or location of the resource you are trying to access. (/view-room)


6. Query String: Extra bits of information that can be sent to the requested path. example: /blog?id=1 would tell the blog path that you wish to receive the blog article with the id of 1. in this case it's => (?id=1)


7. Fragment: This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page. (#task3)


https://static-labs.tryhackme.cloud/sites/howhttpworks/newurl.png


---------------------------------------------------------------------------------------------------------------------------------------------


Making a Request: "GET / HTTP/1.1"


* GET : The Request Method.


* / : The Page Being Requested. 


* HTTP/1.1 : The HTTP Protocol Version.



=>this is a very simple request<=


---------------------------------------------------------------------------------------------------------------------------------------------


for much richer web experience: 


Example Request: 


---------------------------------------------------


1.GET / HTTP/1.1

2.Host: tryhackme.com

3.User-Agent: Mozilla/5.0 Firefox/87.0

4.Referer: https://tryhackme.com/

5.

---------------------------------------------------

- Line 1: This request is sending the GET method, request the home page with / and telling the web server we are using http protocol version 1.1 


- Line 2: Telling the web server we want this specific website. 


- Line 3: Telling the web server we are using the firefox browser version 87 


- Line 4: Telling the web server that the web page that referred us to this one is https://tryhackme.com/


- Line 5: HTTP requests always end with a blank line to inform the web server that the request has finished.

-----------------------------------------------------------------------------------------------------------------------------

Example Response:

---------------------------------------------------

1.HTTP/1.1 200 OK

2.Server: nginx/1.15.8

3.Date: Fri, 09 Apr 2021 13:34:03 GMT

4.Content-Type: text/html

5.Content-Length: 98

6.

7.<html>

8.<head>

9.    <title>TryHackMe</title>

10.</head>

11.<body>

12.    Welcome To TryHackMe.com

13.</body>

14.</html>

---------------------------------------------------


- Line 1: HTTP 1.1 is the version of the HTTP protocol the server is using and then followed by the HTTP Status Code in this case "200 Ok" which tells us the request has completed successfully.


- Line 2: This tells us the web server software and version number.


- Line 3: The current date, time, and timezone of the web server. 


- Line 4: The Content-Type header tells the client what sort of information is going to be sent, such as HTML, images, videos, pdf , xml ... etc.


- Line 5: Content-Length tells the client how long the response is, this way we can confirm no data is missing.


- Line 6: HTTP response contains a blank line to confirm the end of the HTTP response.


- Line 7-14: The information that has been requested, in this instance the homepage.

-----------------------------------------------------------------------------------------------------------------------------

Thank you for reading! 🙂

Roger

Comments

Post a Comment

Popular posts from this blog

Common Network Commands: Ping

-
Ping Command Overview The `ping` command is a fundamental utility used in network diagnostics. It checks the reachability of a host on an Internet Protocol (IP) network and measures the round-trip time for messages sent from the originating host to a destination computer. The command uses the Internet Control Message Protocol (ICMP) to send echo request packets and listens for echo replies. Origin and Development The `ping` command was developed in 1983 by Mike Muuss as a diagnostic tool for the ARPANET. Since then, it has become a standard utility available on most operating systems, including Linux, Windows, and macOS, making it an essential tool for network administrators and users. Basic Functionality The `ping` command serves several functions: - Tests connectivity to a specified host. - Measures the time taken for packets to travel to the destination and back. - Provides statistics about packet loss and round-trip time. Key Command Syntax 1. Basic Syntax:    ```    ping [options]
Read more

Common Network Commands: Route

-
Route Command Overview The route command is a part of the older net-tools package used in Linux systems for viewing and manipulating the IP routing table. It provides information about how packets are routed through the network and allows for the addition, deletion, and modification of routes. Origin and Development Historically, the route command has been a primary tool for managing network routing in Linux. However, it has largely been replaced by the ip command from the iproute2 package, which offers more advanced features and capabilities. Despite this, route is still commonly used in many Linux distributions for its simplicity and familiarity. Basic Functionality The route command serves several functions: - Displays the current routing table entries. - Shows destination networks, gateways, and associated interfaces. - Allows for the addition, deletion, and modification of routes. Key Command Syntax 1. Display Routing Table:    ```    route -n    ```    The -n option prevents DNS
Read more

John The Ripper

-
John the Ripper  Is one of the most well known, well-loved and versatile hash cracking tools out there. It combines a fast cracking speed, with an extraordinary range of compatible hash types. This room will assume no previous knowledge, so we must first cover some basic terms and concepts before we move into practical hash cracking. A hash is a way of taking a piece of data of any length and  representing it in another form that is a fixed length. This masks the original value of the data. This is done by running the original data through a hashing algorithm. There are many popular hashing algorithms, such as MD4,MD5, SHA1 and NTLM. Lets try and show this with an example: If we take "polo", a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash. Likewise, if we take "polomints", a string of 9 characters- and run it through the same MD5 hashing algorithm, w
Read more