Basic HTTP
- Text
- JSON
- XML
- HTML
- Javascript
- CSS
- Images
- Videos
Web
https://www.google.com/?search=cat_videos&submit=submit
Parts of a URL
Protocol (http over SSL)
Host (or IP)
Path
Variable Definitions
GET /media/bongo_cat.gif HTTP/1.1
Host: www.cronocide.com
Request
Header
Request Type
URI
Protocol
Request:
Response:
HTTP/1.1 200 OK
Content-Length: 11
HELLO WORLD
Request
Header
Protocol
Status
Description
Data
Request types:
- GET
- POST
- PUT
- HEAD
- DELETE
- PATCH
- OPTIONS
GET /media/bongo_cat.gif HTTP/1.1
Host: www.cronocide.com
User-Agent: curl/7.54.0
Accept: */*
HTTP/1.1 200 OK
x-amz-request-id: 2BE6641B4155D022
Date: Tue, 06 Nov 2018 21:07:05 GMT
Last-Modified: Tue, 06 Nov 2018 21:06:29 GMT
ETag: "5241b0bf24509e2dd0f923de157ed798"
Content-Type: image/gif
Content-Length: 45697
Server: AmazonS3
(0100101010100101010)
POST /?t=123456789 HTTP/1.1
Host: midnight.uvucsc.com
User-Agent: curl/7.54.0
Content-Length: 11
HELLO WORLD
HTTP/1.1 200 OK
x-amz-request-id: 2BE6641B4155D022
Date: Tue, 06 Nov 2018 21:07:05 GMT
Last-Modified: Tue, 06 Nov 2018 21:06:29 GMT
ETag: "5241b0bf24509e2dd0f923de157ed798"
Content-Type: image/gif
Content-Length: 45697
Server: AmazonS3
(0100101010100101010)
You can hack this!
Method 1: Browser Debug Tools
- Chrome / Firefox have very similar interfaces
Method 2: cURL
- GNU Utility
- Included in most *nix distributions
- Can do any request that a browser can (and some it can't)
- Cookie engine is pretty cool
Method 3: BurpSuite
- HTTP Proxy
- Java-Based App
- Can use other tools (browsers, cURL) with it
- Free tier has some functionality, pro version has more
