Skip to main content

HTTP REQUEST AND RESPONSE

                   HTTP REQUEST AND RESPONSE




Http request and response contains some headers . that may be security headers, informational headers etc.
for see request and response u have to use  intercepter tool
best tool is burp-suite 
here  is link of burp-suite pro . you can download and use

                                click here to download    


                            HTTP REQUEST::::::                                         


open your browser and got to any website and intercept the request .......

request contians followinf information like   given below-----




The first line of every HTTP request consists of two items, separated by spaces: 



  • Get  method  is most commonly used in website to retrieve web pages.
  • HTTP version 1.1 used . there are two versions http 1.0 and http 1.1. http 1.1 is  
upgraded version of http 1.0 . difference between http 1.0 and http 1.1

  1. http 1.0 version  allow only one resource request but http version 1.1 allows multiple resource request
  2. http 1.0 version have only basic authentication .means all informations go in plain text  (for example ----- a weak boy  go to boxing.. sure it  willnot win and can loss his life). but http 1.1 version have digest authentication means sensitive information like passsword go to server in hashes form (secure then http 1.0)
  3. http 1.0 have some  basic status code and no any alert and warning status code
for  gain  more knowledge differnce between http 1.0 and http 1.1

  •  Host: host refers to hostname which specifies domain name from which request originated .host header is needed if many websites are hosted on same server . if host header is not present in this case then this lead to vulnerability like host header injection,open redirection,dom  based xss.
  • User-Agent: it provides information   about browser like (version and name,etc )from which website served. like:The web server can use this information to serve different web pages to different web browsers and different operating systems. For example, a website could send mobile pages to mobile browsers, modern pages to modern browsers, and a “please upgrade your browser” message to Internet Explorer 6.
  • Accept:  Accept header tells the server that which mime types are understood by browser. so server response in that format   

  • Cookie:  Cookie header is used to submit additional parameters that the server has issued to the client  like session id,domain name,expiry,path etc

 
                    HTTP RESPONSE


In  response :

 first line have http version and status code (that tell what status  of request like 200,301, here status code is 301 means that page you are accessing is moved ,no longer accessible)
  • Location: it indicates the url to redirect a page to;
  • Content-type: it tells that which type of  data are using web application like html,text etc

  • set-cookie: when any browser surf website then  the server  add cookie in cookies by set-cookie header

  • expires: this heaader have expiry data of cookies .if  there are no expire header then that session automatically expire after browser close  out

Comments

Post a Comment

Popular posts from this blog

Passcode Protection Bypass By Brute Forcing On zoho (Cliq Application)

First We discuss about what is passcode and Why it is Implemented in  Mobile Applications. PASSCODE Implemented in Mobile Application to protect Applications from an Unauthorized Access.like for example your cliq or any application account is logged in mobile phone .any your friend ask you to give phone , your friend try to open cliq application to see your message, but your friend cant open the application without entering passcode . he have to enter passcode for open, so it is an extra layer security in  applications. Passcode protection implemented in Android Application is an extra layer security to protect an unauthorized access. How Passcode Protection is bypassed by Bruteforcing? You know that passcode protection or pin protection in mobile applications have some attempt to enter passcode , if you enter  wrong passcode more than 5 times or 10 times based on application security , User logged out automatically and redirected to login page.but due to some ...
3 comments
Read more

Exploitation of Improper Export of Activities In Android Application

In android You know that every GUI interface is an  separate activity. An activity represents a single screen with a user interface just like window or frame of Java. In An application there are many activities depend on application functionalities. Let's take a example : An application that have   three modules login , register and   dashboard . For that there are there are three different activities for all these modules. What is export Means Here? In Android Application there is an attribute android: exported =true or false . This attribute is used in android   to provide an access to   other third party application to start their service , activities   and receive broadcast   messages. Like for an Example : If an application    have broadcast receiver to receive any events or message , if in that application exported attribute is set to true then this    broadcast message   can also receive by other thi...
Post a Comment
Read more

A New Way Of Brute force Passcode/Pin Protection By deep link

DESCRIPTION : AS you know already that what is passcode protection and why it is applied ? And how it is bypassed normally ? If you don’t know please read my previous blog:   https://negativewives.blogspot.com/2020/04/passcode-protection-bypass-by-brute.html                                                                                When any passcode protection is implemented first check any activity is exported or not ? Here we  only talking the scenario where no activity is exported in application   PROCEDURE : Open Application after implementing passcode protection. You see that passcode activity is launched first Go to AndroidMainfest.xml file and check launch mode of passcode activity . Question Arises in your mind   - ...
Post a Comment
Read more