THE HTTP PROTOCOL - Easily Explained

THE HTTP PROTOCOL

>  The hypertext transfer protocol (HTTP) is the core communications protocol used to access the World Wide Web and is used by all of today’s web applications. 

>  It is a simple protocol that was originally developed for retrieving static text-based resources, and has since been extended and leveraged in various ways to enable it to support the complex distributed applications that are now

commonplace.

> HTTP uses a message-based model in which a client sends a request message, and the server returns a response message.

>  The protocol is essentially connectionless: although HTTP uses the stateful TCP protocol as its transport mechanism, each exchange of request and response is an autonomous transaction, and may use a different TCP connection.

HTTP comprised of HTTP Request and HTTP request

 HTTP REQUESTS

> All HTTP messages (requests and responses) consist of one or more headers, each on a separate line, followed by a mandatory blank line, followed by an

optional message body. A typical HTTP request is as follows:

GET /books/search.asp?q=JettblazeBlog HTTP/1.1

Accept: image/gif, image/xxbitmap, image/jpeg, image/pjpeg, 

application/xshockwaveflash, application/vnd.msexcel, 

application/vnd.mspowerpoint, application/msword, /

Referer: http://JettblazeBlog.com/books/default.asp

Accept-Language: en-gb,en-us;q=0.5

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

Host: JettblazeBlog.com

Cookie: lang=en; JSESSIONID=0000tI8rk7joMx44S2Uu85nSWc_:vsnlc503

> The first line of every HTTP request consists of three items, separated by

spaces:

> A verb indicating the HTTP method. The most commonly used method

is GET, whose function is to retrieve a resource from the web server. GET requests do not have a message body, so there is no further data follow ing the blank line after the message headers.

> The requested URL. The URL functions as a name for the resource being requested, together with an optional query string containing parameters that the client is passing to that resource. The query string is indicated by the ? character in the URL, and in the example there is a single parameter with the name q and the value hackerzh0me.

> The HTTP version being used. The only HTTP versions in common use on the Internet are 1.0 and 1.1, and most browsers use version 1.1 by

default (even though we have http version 2 nd 3). There are a few differences between the specifications of these two versions; however, the only difference you are likely to encounter when attacking web applications is that in version 1.1 the Host request header is mandatory.

Some other points of interest in the example request are:

> The Referer header is used to indicate the URL from which the request originated (for example, because the user clicked a link on that page).

Note that this header was misspelled in the original HTTP specification, and the misspelled version has been retained ever since.

🔹 The User-Agent header is used to provide information about the browser or other client software that generated the request. Note that

the Mozilla prefix is included by most browsers for historical reasons —

this was the User-Agent string used by the originally dominant Net -scape browser, and other browsers wished to assert to web sites that they were compatible with this standard. As with many quirks from

computing history, it has become so established that it is still retained, even on the current version of Internet Explorer, which made the

request shown in the example.

🔹 The Host header is used to specify the hostname that appeared in the full URL being accessed. This is necessary when multiple web sites are

hosted on the same server, because the URL sent in the first line of the request does not normally contain a hostname. 

🔹 The Cookie header is used to submit additional parameters that the server has issued to the client

➖➖➖➖➖➖➖➖➖➖➖➖➖➖

Keep supporting us ❤️➖@www.jettblaze.blogspot.com

➖➖➖➖➖➖➖➖➖➖➖➖➖➖

❇️ The HTTP Protocol

➖➖➖➖➖➖➖➖➖➖➖➖

🔹 The hypertext transfer protocol (HTTP) is the core communications protocol used to access the World Wide Web and is used by all of today’s web applications. 

🔹 It is a simple protocol that was originally developed for retrieving static text-based resources, and has since been extended and leveraged in various ways to enable it to support the complex distributed applications that are now

commonplace.

🔹 HTTP uses a message-based model in which a client sends a request message, and the server returns a response message.

🔹 The protocol is essentially connectionless: although HTTP uses the stateful TCP protocol as its transport mechanism, each exchange of request and response is an autonomous transaction, and may use a different TCP connection.

HTTP comprised of HTTP Request and HTTP request

❇️ HTTP Requests

🔹 All HTTP messages (requests and responses) consist of one or more headers, each on a separate line, followed by a mandatory blank line, followed by an

optional message body. A typical HTTP request is as follows:

GET /books/search.asp?q=JettblazeBlog HTTP/1.1

Accept: image/gif, image/xxbitmap, image/jpeg, image/pjpeg, 

application/xshockwaveflash, application/vnd.msexcel, 

application/vnd.mspowerpoint, application/msword, /

Referer: http://JettblazeBlog.com/books/default.asp

Accept-Language: en-gb,en-us;q=0.5

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

Host: JettblazeBlog.com

Cookie: lang=en; JSESSIONID=0000tI8rk7joMx44S2Uu85nSWc_:vsnlc503

💠 The first line of every HTTP request consists of three items, separated by

spaces:

🔹 A verb indicating the HTTP method. The most commonly used method

is GET, whose function is to retrieve a resource from the web server. GET requests do not have a message body, so there is no further data follow ing the blank line after the message headers.

🔹 The requested URL. The URL functions as a name for the resource being requested, together with an optional query string containing parameters that the client is passing to that resource. The query string is indicated by the ? character in the URL, and in the example there is a single parameter with the name q and the value hackerzh0me.

🔹 The HTTP version being used. The only HTTP versions in common use on the Internet are 1.0 and 1.1, and most browsers use version 1.1 by

default (even though we have http version 2 nd 3). There are a few differences between the specifications of these two versions; however, the only difference you are likely to encounter when attacking web applications is that in version 1.1 the Host request header is mandatory.

Some other points of interest in the example request are:

🔹 The Referer header is used to indicate the URL from which the request originated (for example, because the user clicked a link on that page).

Note that this header was misspelled in the original HTTP specification, and the misspelled version has been retained ever since.

🔹 The User-Agent header is used to provide information about the browser or other client software that generated the request. Note that

the Mozilla prefix is included by most browsers for historical reasons —

this was the User-Agent string used by the originally dominant Net -scape browser, and other browsers wished to assert to web sites that they were compatible with this standard. As with many quirks from

computing history, it has become so established that it is still retained, even on the current version of Internet Explorer, which made the

request shown in the example.

🔹 The Host header is used to specify the hostname that appeared in the full URL being accessed. This is necessary when multiple web sites are

hosted on the same server, because the URL sent in the first line of the request does not normally contain a hostname. 

🔹 The Cookie header is used to submit additional parameters that the server has issued to the client

Thank you for being here and as always.

Any question, Business Adverts or enquiries

Jettblaze@gmail.com

#WithGodWeMove

➖➖➖➖➖➖➖➖➖➖➖➖➖➖

Keep supporting us ❤️➖@www.jettblaze.blogspot.com➖