HTTP HEADERS

Http header is the most common thing in a web application when you visit a website your browser sends a request to the server and server response to your request as an Http response. when your browser sends an HTTP request it sends it in a systematic way with different headers like method GET/POST/PUT/DELETE etc. cookie, language, size and lots more there are lot's of headers you won't see it regularly but they are important as a hacker.

To see an Http request you will need to set up a proxy, proxy allow a user to intercept the request between your browser and server. in a normal scenario, your browser sends the request to the server and receive the response from the server. but when you set up a prox in your browser your request will be sent to the proxy first and in proxy, you can modify it and send it to the server or you can cancel the request same with the response. your proxy will get the response first and you can either send it to the browser or drop it.

HTTP headers and cookie can have a sperate book that's too many things are there.


GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla Firefox
this is the very basic HTTP request your browser sends to the server. the method used to send the request there are lot's of methods but you will commonly see GET and POST method.

Note: website is mostly not seen in the HTTP request.

GET - the method used to retrieve information from the server. in simple term GET is used to tell server give me the content.

    - this sign mean home page of the website.

HTTP/1.1 - this is the version of HTTP used here 1.1

Host:   -  this is mostly used to tell the server which website should get this request because of shared hosting. in shared hosting many websites use one IP address, Host header with a website(example.com) tell the server were to send the request & who should get the request.

User-Agent - it sends your information about what browser and os you are using.

Now that does not end, there are some more, you can read about it later but for basic understanding it's good. learn it from here.

Response

HTTP/1.1 200 OK
Date: Sun, 10 Mar 2019 
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3
Content-Length: 6988
SET-COOKIE: 123fgriibdfggbf
Content-Type: text/html

this is a typical HTTP response from the server.

HTTP/1.1  - HTTP version used for the communication.

200 OK    - this is the HTTP status code there are soo many 200 OK means your request is accepted and your content is available in the server in the simple term your request is valid and you can see the content.

Server   - you won't see this most of the time because of security reason it's not shown but it tells the server information.

X-Powered-By: same you won't see this because of security reason, it tells you about the language server is using.

Content-Length:  - this is the size of the response which includes all the HTML code you see as a webpage.

SET-COOKIE  - now the server will set a cookie for you and next time every request your browsers send will use this cookie to tell the server this is the same user you were talking with 2/3 days ago.

Content-Type: - this is typical tell the browser that this is an HTML content so don't show the HTML code render it and show the output as design.

There are lots of cookie-related attacks. like a cookie is predictable, XSS etc. now just shows a quick example soo you can understand why the cookie is very important to be secure.

go to http://testphp.vulnweb.com/login.php enter the username and password as a test now you can see that you are logged in. now right-click select inspect option.

right-click --> inspect ---> Application ---> cookie --> login 

Now you will a cookie for your login session in the value double click on that and copy that cookie.
open a new browser and open the same website you will need to enter the password again but don't enter it follow the same process find the cookie and in that login cookie paste the cookie you copied and refresh the page you will see that you are logged in without entering a password.

Don't perform it on any other website because there are soo many cookies if you do the same process for google and facebook you will get confused because there are soo many cookies, but for now, it's good to have some basic information about cookie.


HTTP STATUS CODE


200 OK:   It means your request is valid.

404 not found:   it means the content you want to retrieve from the server is not found. in simple word, you send an HTTP request to access the contact us page but there is no contact us page in the server.

301:     it means website want to redirect you to another page or website

400:  it is known as bad request, the server cannot process your request, there could be many reasons for that like some headers are missing, request size is too much etc.

401:   its use when a website is asking for authorization with username and password but your password or username is wrong. commonly knows as unauthorized.

403:   also known as forbidden, mean your request is valid but the server cannot show you the content of the request because you don't have permission to see them. it's very important in hacking because of this you can confirm that your request for particular content is there inside the server.

500:  it's known as the internal error shows that there is an error from the server-side to process your request.

502:   this mostly used a proxy server is implemented and the webserver response is invalid for the proxy server.

These are some very common code you will see, there are lots more but you will not encounter them but if you are interested in all the status code read it from here.


HTTP METHODS

there some HTTP methods to send the request to the server. if you want to learn all the methods learn it from here. but right now I will show you two methods which are used everywhere, GET and POST.

GET: Get is used to retrieve the information from the server like send the request for contact us page and receive the contact us page.

POST: Post method is used when you want to change or add some content to the server mostly used for a login/registration page. a basic thing about POST is you won't see it in the URL, unlike the GET method.

POST /login.php HTTP/1.1
Host: example.com
User-Agent: Mozilla Firefox
Content-Length: 111
  
username=admin&password=admin

This a common and simple POST request and it contains username and password.

GET /login.php?username=admin&password=admin HTTP/1.1
Host: example.com
User-Agent: Mozilla Firefox
Now, this is the same request for login but with GET methods you can see that your password and username are sent in URL soo you can see it from your browser itself without proxy.

COOKIE Security FLAG

As I said earlier both of these topic is vast & can have a book on it, so with HTTP request and response you can have an idea what is a cookie now you can read it in more details from here.

There are some flags to secure the cookie, you can read about it in more details from the above link, but two very common flags are HTTP only and secure cookie.

HTTP ONLY: If a cookie is secured with Http only flag then it can not be accessed by client-side javascript. in XSS attack I showed you that attacker can use XSS attack to access your cookie and in the above example, you can see that with the cookie you can log in without a password. but with HTTP only flag javascript cannot read the cookie.

Secure cookie: If secure flag is used for cookie then a cookie will be send using HTTPS so no one can read it from attacks like the man in the middle attack.

You can join our telegram channel for free ebooks and other updates. You can follow us on Twitter and Instagram.
Share it.