HTTP in detail — [TryHackMe]

Task #1: What is HTTP(S)?

Q. What does HTTP stand for?

HyperText Transfer Protocol

Q. What does the S in HTTPS stand for?

secure

Q. On the mock webpage on the right there is an issue, once you’ve found it, click on it. What is the challenge flag?

THM{INVALID_HTTP_CERT}

Task #2: Requests And Responses

Request

Response

Q. What HTTP protocol is being used in the above example?

HTTP/1.1

Q. What response header tells the browser how much data to expect?

Content-Length

Task #3: HTTP Methods

Q. What method would be used to create a new user account?

POST

Q. What method would be used to update your email address?

PUT

Q. What method would be used to remove a picture you’ve uploaded to your account?

DELETE

Q. What method would be used to view a news article?

GET

Task #4: HTTP Status Codes

Common HTTP Status Codes:

Q. What response code might you receive if you’ve created a new user or blog post article?

201

Q. What response code might you receive if you've tried to access a page that doesn't exist?

404

Q. What response code might you receive if the web server cannot access its database and the application crashes?

503

Q. What response code might you receive if you try to edit your profile without logging in first?

401

Task #5: Headers

Q. What header tells the web server what browser is being used?

User-Agent

Q. What header tells the browser what type of data is being returned?

Content-Type

Q. What header tells the web server which website is being requested?

Host

Task #6: Cookies

You’ve probably heard of cookies before, they’re just a small piece of data that is stored on your computer. Cookies are saved when you receive a “Set-Cookie” header from a web server. Then every further request you make, you’ll send the cookie data back to the web server. Because HTTP is stateless (doesn’t keep track of your previous requests), cookies can be used to remind the web server who you are, some personal settings for the website or whether you’ve been to the website before.

Cookies can be used for many purposes but are most commonly used for website authentication. The cookie value won’t usually be a clear-text string where you can see the password, but a token (unique secret code that isn’t easily humanly guessable).

Q. Which header is used to save cookies to your computer?

Set-Cookie

Task #7: Conclusion

Q. Make a GET request to /room

Q. Make a GET request to /blog and using the gear icon set the id parameter to 1 in the URL field

Q.Make a DELETE request to /user/1

Q.Make a PUT request to /user/2 with the username parameter set to admin

Q.POST the username of thm and a password of letmein to /login

Peace Out

A cybersecurity enthusiast interested in Reverse Engineering. Love to Code