HTTP Request and Response Structure

Information about HTTP Request and Response Structure

Published on April 19, 2020

Author: BhagyashreeGajera1

Source: slideshare.net

Content

1. HyperText Transfer Protocol REQUEST & RESPONSE STRUCTURE @_ShreeGajera 19/04/2020

2. #Whoami @_ShreeGajera #Newbie in InfoSec #Bughunter #Developer

3. Agenda ● What is HTTP? ● HTTP Methods ● Directory and File name ● Parameters and it’s value ● HTTP Version ● HTTP Request Header ● CR&LF Character ● Status Code ● HTTP Response Header

4. What is HTTP ? Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia documents, such as HTML. It was designed for communication between web browsers and web servers.

5. Evolution of HTTP HTTP/0.9 Extremely simple: requests consist of a single line. GET /mypage.html HTTP/1.0 Added HTTP Version in request and HTTP headers has been introduced. A status code line is also sent at the beginning of the response. HTTP/1.1 Allowing to send a second request before the answer for the first one. Additional cache control, including language, encoding, or type, has been introduced. Host header, the ability to host different domains at the same IP address. HTTP/2.0 Binary protocol rather than text.It can no longer be read and created manually HTTP/3.0 Still in draft mode.

6. HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers

7. HTTP METHODS

8. HTTP request methods are the assets that indicate the specific desired action to be performed on a given resource These method names are case sensitive and they must be used in uppercase.

9. Most Common HTTP Methods GET : used to request data from a specified resource. POST : used to send data to a server to create/update a resource. HEAD : almost identical to GET, but without the response body. OPTIONS : Describes the communication options for the target resource. DELETE : deletes the specified resource. PUT : used to send data to a server to create/update a resource. … … ...

10. HTTP METHODS OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL MKACTIVITY ORDERPATCH ACL PATCH SEARCH ARBITRAR TRACK

11. Exploit of PUT method https://medium.com/@asfiyashaikh10/exploiting-put-method-d2d0cd7ba662

12. HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers

13. DIRECTORY & FILE NAME

14. URL Path and file. Path start with application root directory e.g. /var/www/html, which is not appear in user side and manage by application server. Directory path : /var/www/html/blog/2020/03/10/upcoming_meets/ File : meet.php

15. Directory Listing

16. HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers

17. PARAMETERS & ITS VALUES

18. Parameters are in the form of attribute/value pairs. In GET URL Path and parameter is separated through ? symbole. Two parameters are separated through & symbol.

19. REST request URL GET /API/v1/data/getdata/account/123/id/1337 POST /API/v1/data/putdata/account/123/id/1337/name/bhagyashree http://infosecgirls.in/index.php?page=foo http://infosecgirls.in/products?category=2&pid=25 http://infosecgirls.in/index.php?mod=profiles&id=193 http://infosecgirls.in/kb/index.php?cat=8&id=41 http://infosecgirls.in/foo http://infosecgirls.in/products/2/25 http://infosecgirls.in/profiles/193 http://infosecgirls.in/kb/8/41 = = = =

20. HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers

21. HTTP VERSION

22. HTTP

23. HTTP/1.1 vs HTTP/2

24. HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers

25. CRLF

26. CRLF Character CR and LF are control characters or bytecode that used to mark a line break in a text file. CR = Carriage Return (r, 0x0D in hexadecimal, 13 in decimal) LF = Line Feed (n, 0x0A in hexadecimal, 10 in decimal)   

27. CRLF Injection A CRLF injection vulnerability exists if an attacker can inject the CRLF characters into a web application. 

28. HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers

29. HTTP REQUEST HEADERS

30. HTTP Request Headers The client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value. Whitespace before the value is ignored. Cookie, User-Agent, or Referer precise the context so that the server can build the answer.

31. HTTP Request Headers ShellShock Exploitation CVE-2014-6271

32. HTTP Request Headers CVE-2019-5418 - File Content Disclosure on Rails

33. HTTP Request Headers Accept Accept-Charset Accept-Encoding Accept-Language Accept-Ranges Access-Control-Request-Method, Access-Control-Request-Headers Authorization Cache-Control Vai Range Max-Forwards Pragma Proxy-Authorization Referer TE Transfer-Encoding X-Forwarded-For X-Requested-With X-Forwarded-Host Proxy-Connection Save-Data ….. ….. ….. Connection Content-Encoding Content-Length Content-MD5 Content-Range Content-Type Date Warning Upgrade Origin Trailer User-Agent If-Unmodified-Since Expect From Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since Cookie

34. HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers

35. STATUS CODE 1xx 2xx 3xx 4xx 5xx

36. Status Code and Reason Phrase 1xx: Informational - Request received, continuing process 2xx: Success - The action was successfully received, understood, and accepted 3xx: Redirection - Further action must be taken in order to complete the request 4xx: Client Error - The request contains bad syntax or cannot be fulfilled 5xx: Server Error - The server failed to fulfill an apparently valid request

37. Status Code 100 : Continue 101 : Switching Protocols 200 : OK 201 : Created 202 : Accepted 203 : Non-Authoritative Info 204 : No Content 205 : Reset Content 206 : Partial Content 300 : Multiple Choices 301 : Moved Permanently 302 : Found 303 : See Other 304 : Not Modified 305 : Use Proxy 307 : Temporary Redirect 414 : Request-URI Too Large 415 : Unsupported Media Type 416 : Requested range not satisfiable 417 : Expectation Failed 500 : Internal Server Error 501 : Not Implemented 502 : Bad Gateway 503 : Service Unavailable 504 : Gateway Time-out 505 :HTTP Version not supported 400 : Bad Request 401 : Unauthorized 402 : Payment Required 403 : Forbidden 404 : Not Found 405 : Method Not Allowed 406 : Not Acceptable 407 : Proxy Authentication Required 408 : Request Time-out 409 : Conflict 410 : Gone 411 : Length Required 412 : Precondition Failed 413 : Request Entity Too Large

38. Status Code

39. HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers

40. HTTP RESPONSE HEADERS

41. HTTP Response Headers The response-header fields allow the server to pass additional information about the response which cannot be placed in the Status- Line. These header fields give information about the server and about further access to the resource identified by the Request-URI. Response headers, like Age, Location or Server are used to give a more detailed context of the response.

42. HTTP Response Headers disclose server information

43. Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Access-Control-Expose-Headers, Access-Control-Max-Age, Access-Control-Allow-Methods, Access-Control-Allow-Headers Accept-Ranges Accept-Patch Age Allow Strict-Transport-Security Content-Security-Policy X-Content-Security-Policy Cache-Control Vary Connection Content-Disposition Content-Encoding Content-Language Content-Length Content-Location Content-MD5 Content-Range Content-Type Date Status ETag Warning WWW-Authenticate Via Last-Modified Location Expires Set-Cookie Server X-Frame-Options Pragma Proxy-Authenticate Retry-After Tk Trailer Transfer-Encoding Upgrade X-Powered-By X-XSS-Protection HTTP Response Headers

44. HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers

45. ?? QA ??

46. Thanks! @_ShreeGajera

#whoami presentations

Zer 0 no zer(0 day)   dragon jar
25. 09. 2020
0 views

Zer 0 no zer(0 day) dragon jar

Related presentations