HTTP is the set of rules used for communicating with webservers for transmitting webpage data, whether it’s HTML, images, videos, etc.

HTTPS is the encrypted version. Prevents people from seeing the data your sending/receiving, and provides assurances that you’re talking to the correct server, not an imposter.

The Task

Answer questions and find the flaw in the page to get the flag.

Requests and Responses

URL - Uniform Resource Locator.

URLs are predominately instructions on how to access a resource on the internet. Sample of a complete URL with all it’s features:
http://user:password@tryhackme.com:80/view-room?id=1#task3
scheme://user@host.domain:port/path?query#fragment

  • Scheme - instructs what protocol to use
  • User - when services require authentication to log in a username and password can be added to the URL
  • Host - domain name or IP address of the server to access
  • Port - port connecting to
  • Path - filename or location of the resource you want
  • Query string - extra bits of info that can be sent to the requested path (i.e. /blog?id=1 )tells the blog path to send the blog article with id of 1)
  • Fragment - Reference to a location on the actual page requested. commonly used on pages with long content so certain sections can be linked to directly

Requests

Can make a request to a web server with just GET / HTTP/1.1, but a richer experience comes from extra data being sent through headers of requests.

Example:

GET / HTTP/1.1
Host: tryhackme.com
User-Agent: Mozilla/5.0 Firefox/87.0
Referer: https://tryhackme.com

Line 1: Requesting through GET method, requesting home page with / and saying to use HTTP version 1.1
Line 2: Tell webserver we want website tryhackme.com
Line 3: Tell web server we are using Firefox browser version 87
Line 4: Tell web server the page that referred us to the web server
Line 5: End with a blank line to indicate the request is finished

Responses

Example:

HTTP/1.1 200 OK
Server: nginx/1.15.8
Date: Fri, 09 Apr 2021 13:34:03 GMT
Content-Type: text/html
Content-Length: 98

<html>
<head>
    <title>TryHackMe</title>
</head>
<body>
    Welcome to TryHackMe.com
</body>
<html>

Line 1: Server uses HTTP 1.1, Status Code 200 OK says request has completed successfully
Line 2: Web server software and version
Line 3: Current date, time, and timezone of the web server
Line 4: Tells client what sort of information is coming (i.e. HTML, images, videos, pdf, XML, etc.)
Line 5: Tells the client how long the response is to confirm no missing data
Line 6: Blank line to confirm end of HTTP response
Lines 7-14: The information that was requested

The Task

Answer questions about the examples above.