top of page
  • Linkedin
  • bluesky
  • Instagram
Sök

Notes: HTTP in detail | THM

  • solbergtonje
  • 25 dec. 2024
  • 4 min läsning

What is HTTP(S)?


HyperText Transfer Protocol (HTTP)

- protocol used when viewing websites

- developed by Tim Berners-Lee (1989-1991)

- set of rules used to communicate with web servers for transmitting webpage data (HTML, Images, Videos etc.)


HyperText Transfer Protocol Secure (HTTPS)

- secure version of HTTP

- encrypted data (avoid others from seeing data sent/received + assurance it's the correct web server)



Requests and Responses


Access a website

- tell browser where to go: URL

- request to web server

- download HTML, Images etc.


Uniform Resource Locator (URL)

- instruction on how to access a resource online


F.ex: http://user:password@tryhackme.com:80/view-room?id=1#task3


"http" - Scheme: which protocol to use for accessing resource online (HTTP/HTTPS/FTP)

"user:password" - User: authentication if logging in

"tryhackme.com" - Host/domain: domain name or IP address of the server

"80" - Port: port connecting to (f.ex: 80 for HTTP, 443 for HTTPS)

"view-room" - Path: name or location of resource trying to access

"?id=1" - Query String: extra bits of info (f.ex: blog?id=1 directs to the blog article with id of 1)

"#task3" - Fragment: reference to specific location on actual page


Making a Request

- One line is enough to send a request to a web server: GET /HTTP/1.1


The request method: GET

The HTTP Protocol Version


Should send more data, which is sent with headers


Request

GET / HTTP/1.1 (request the homepage with the GET method using HTTP protocol version 1.1)

Host: tryhackme.com (tell web server which website)

User-Agent: Mozilla/5.0 Firefox/87.0 (tell web server what we are using)

Referer: https://tryhackme.com/ (tell web server the web page referring us)

(end with a blank line = tell web server request finished)


Response

HTTP/1.1 200 OK (version of HTTP protocol the server is using, Status Code tells us the request has completed successfully)

Server: nginx/1.15.8 (web server software and version number)

Date: Fri, 09 Apr 2021 13:34:03 GMT (current date, time and timezone of web server)

Conent-Type: text/html (which kind of info sent (HTML, images, videos, pdf, xml))

Content-Length: 98 (length of response, confirm if data is missing)

(blank line = end of HTTP response)

<html> (between <html> and </html> is the info requested)

<head>

<title>TryHackMe</title>

</head>

<body>

Welcome To TryHackMe.com

</body>

</html>



HTTP Methods


- show intended action making an HTTP request


Common HTTP Methods

- GET Request: get info from web server

- POST Request: submitting data to web server and potentially create new records

- PUT Request: submitting data to web server to update info

- DELETE Request: delete info/records from web server



HTTP Status Codes


First line of a response contain a status code: info about request outcome and potentially how to handle it

Many different status codes

Applications can make their own status codes


Five ranges

100-199 Information Response: first part of request accepted = continue sending rest of request (not very common anymore)

200-299 Success: request successful

300-399 Redirection: redirect client's request to another resource

400-499 Client Errors: info error in request

500-599 Server Errors: error on the server-side


Common HTTP Status Codes

200 OK: request completed successfully

201 Created: resource created

301 Moved Permanently: redirect client's browser to new webpage or tell search engines the page has moved

302 Found: same as 301 but only temporarily

400 Bad Request: something wrong or missing in request, can be missing a parameter which the web server expects

401 Not Authorised: not authorised, usually username and password needed

403 Forbidden: no permission to view resource whether logged in or not

404 Page Not Found: page/resource don't exist

405 Method Not Allowed: resource don't allow the method request sent

500 Internal Service Error: server encountered error which it doesn't know how to handle

503 Service Unavailable: server can't handle request, it's overloaded or down for maintenance



Headers


- additional bits of data to add to request sent to web servers

- no headers required when making HTTP request


Common Request Headers (sent from client/browser to server)

- Host: specify so you don't get the default webite for the server

- User-Agent: your browser software and version number <- help web server format response for specific browser, some elements of HTML, JavaScript, CSS are only available in certain browsers

- Content-Length: tells web server how much data to expect - ensure nothing is missing

- Accept-Encoding: tells web server which types of compression methods the browsere supports

- Cookie: data sent to server to remember your info


Common Response Headers (returned from server to client/browser)

- Set-Cookie: info to store - sent back to web server on each request

- Cache-Control: how long to store content of response in browser cache before request again

- Content-Type: type of data (HTML, CSS, JavaScript, Images, PDF, Video etc) - browser now how to process the data

- Content-Encoding: method used to compress the data to make to send over internet



Cookies


- small piece of data stored on your computer

- saved when you receive Set-Cookie header from web server <- sent back to web server with every request <- tells web server who you are, personal settings and history on website

- can be used for many things

- commonly used for website authentication

- cookie value usually a token (unique secret code) and not text-string


Viewing Your Cookies

- see what cookies your browser is sending to a website - use developer tools in browser - network tab (list resources browser requested) <- click on each to see request and response: click on cookies tab

Contact / Kontaktformulär

© 2024-2025 Tonje Solberg

bottom of page