HTTP Request and Response Structure
BhagyashreeGajera1
1,885 views
46 slides
Apr 19, 2020
Slide 1 of 46
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
About This Presentation
https://www.youtube.com/watch?v=lKrbeJ7-J98
HTTP messages are how data is exchanged between a server and a client. There are two types of messages: requests sent by the client to trigger an action on the server, and responses, the answer from the server.
Slide Content
HyperText Transfer Protocol
REQUEST & RESPONSE STRUCTURE
@_ShreeGajera
19/04/2020
REQUEST & RESPONSE STRUCTURE
@_ShreeGajera
19/04/2020
#Whoami
@_ShreeGajera
#Newbie in InfoSec
#Bughunter
#Developer
@_ShreeGajera
#Newbie in InfoSec
#Bughunter
#Developer
Agenda
●What is HTTP?
●HTTP Methods
●Directory and File name
●Parameters and it’s value
●HTTP Version
●HTTP Request Header
●CR&LF Character
●Status Code
●HTTP Response Header
●What is HTTP?
●HTTP Methods
●Directory and File name
●Parameters and it’s value
●HTTP Version
●HTTP Request Header
●CR&LF Character
●Status Code
●HTTP Response Header
What is HTTP ?
Hypertext Transfer Protocol (HTTP) is an application-layer protocol for
transmitting hypermedia documents, such as HTML.
It was designed for communication between web browsers and web servers.
Hypertext Transfer Protocol (HTTP) is an application-layer protocol for
transmitting hypermedia documents, such as HTML.
It was designed for communication between web browsers and web servers.
Evolution of HTTP
HTTP/0.9
Extremely simple: requests consist of a single line.
GET /mypage.html
HTTP/1.0
Added HTTP Version in request and HTTP headers has been introduced.
A status code line is also sent at the beginning of the response.
HTTP/1.1
Allowing to send a second request before the answer for the first one.
Additional cache control, including language, encoding, or type, has been
introduced.
Host header, the ability to host different domains at the same IP address.
HTTP/2.0
Binary protocol rather than text.It can no longer be read and created manually
HTTP/3.0
Still in draft mode.
HTTP/0.9
Extremely simple: requests consist of a single line.
GET /mypage.html
HTTP/1.0
Added HTTP Version in request and HTTP headers has been introduced.
A status code line is also sent at the beginning of the response.
HTTP/1.1
Allowing to send a second request before the answer for the first one.
Additional cache control, including language, encoding, or type, has been
introduced.
Host header, the ability to host different domains at the same IP address.
HTTP/2.0
Binary protocol rather than text.It can no longer be read and created manually
HTTP/3.0
Still in draft mode.
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
HTTP METHODS
HTTP request methods are the assets that indicate the specific desired
action to be performed on a given resource
These method names are case sensitive and they must be used in uppercase.
action to be performed on a given resource
These method names are case sensitive and they must be used in uppercase.
Most Common HTTP Methods
GET : used to request data from a specified resource.
POST : used to send data to a server to create/update a resource.
HEAD : almost identical to GET, but without the response body.
OPTIONS : Describes the communication options for the target resource.
DELETE : deletes the specified resource.
PUT : used to send data to a server to create/update a resource.
… … ...
GET : used to request data from a specified resource.
POST : used to send data to a server to create/update a resource.
HEAD : almost identical to GET, but without the response body.
OPTIONS : Describes the communication options for the target resource.
DELETE : deletes the specified resource.
PUT : used to send data to a server to create/update a resource.
… … ...
HTTP METHODS
OPTIONS GET HEAD POST PUT
DELETE TRACE CONNECT PROPFIND PROPPATCH
MKCOL COPY MOVE LOCK UNLOCK
VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT
MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL
MKACTIVITY ORDERPATCHACL PATCH SEARCH
ARBITRAR TRACK
OPTIONS GET HEAD POST PUT
DELETE TRACE CONNECT PROPFIND PROPPATCH
MKCOL COPY MOVE LOCK UNLOCK
VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT
MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL
MKACTIVITY ORDERPATCHACL PATCH SEARCH
ARBITRAR TRACK
Exploit of PUT method
https://medium.com/@asfiyashaikh10/exploiting-put-method-d2d0cd7ba662
https://medium.com/@asfiyashaikh10/exploiting-put-method-d2d0cd7ba662
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
DIRECTORY & FILE NAME
URL Path and file.
Path start with application root directory e.g. /var/www/html, which is not
appear in user side and manage by application server.
Directory path : /var/www/html/blog/2020/03/10/upcoming_meets/
File : meet.php
Path start with application root directory e.g. /var/www/html, which is not
appear in user side and manage by application server.
Directory path : /var/www/html/blog/2020/03/10/upcoming_meets/
File : meet.php
Directory Listing
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
PARAMETERS & ITS VALUES
Parameters are in the form of attribute/value pairs.
In GET URL Path and parameter is separated through ? symbole.
Two parameters are separated through & symbol.
In GET URL Path and parameter is separated through ? symbole.
Two parameters are separated through & symbol.
REST request URL
GET /API/v1/data/getdata/account/123/id/1337
POST /API/v1/data/putdata/account/123/id/1337/name/bhagyashree
http://infosecgirls.in/index.php?page=foo
http://infosecgirls.in/products?category=2&pid=25
http://infosecgirls.in/index.php?mod=profiles&id=193
http://infosecgirls.in/kb/index.php?cat=8&id=41
http://infosecgirls.in/foo
http://infosecgirls.in/products/2/25
http://infosecgirls.in/profiles/193
http://infosecgirls.in/kb/8/41
=
=
=
=
GET /API/v1/data/getdata/account/123/id/1337
POST /API/v1/data/putdata/account/123/id/1337/name/bhagyashree
http://infosecgirls.in/index.php?page=foo
http://infosecgirls.in/products?category=2&pid=25
http://infosecgirls.in/index.php?mod=profiles&id=193
http://infosecgirls.in/kb/index.php?cat=8&id=41
http://infosecgirls.in/foo
http://infosecgirls.in/products/2/25
http://infosecgirls.in/profiles/193
http://infosecgirls.in/kb/8/41
=
=
=
=
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
HTTP VERSION
HTTP
HTTP/1.1
vs
HTTP/2
vs
HTTP/2
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
CRLF
CRLF Character
CR and LF are control characters or bytecode that used to mark a line break in a text file.
CR = Carriage Return (\r, 0x0D in hexadecimal, 13 in decimal)
LF = Line Feed (\n, 0x0A in hexadecimal, 10 in decimal)



CR and LF are control characters or bytecode that used to mark a line break in a text file.
CR = Carriage Return (\r, 0x0D in hexadecimal, 13 in decimal)
LF = Line Feed (\n, 0x0A in hexadecimal, 10 in decimal)



CRLF Injection
A CRLF injection vulnerability exists if an attacker can inject the CRLF
characters into a web application.

A CRLF injection vulnerability exists if an attacker can inject the CRLF
characters into a web application.

HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
HTTP
REQUEST HEADERS
REQUEST HEADERS
HTTP Request Headers
The client and the server pass additional information with an HTTP request
or response.
An HTTP header consists of its case-insensitive name followed by a colon
(:), then by its value. Whitespace before the value is ignored.
Cookie, User-Agent, or Referer precise the context so that the server can
build the answer.
The client and the server pass additional information with an HTTP request
or response.
An HTTP header consists of its case-insensitive name followed by a colon
(:), then by its value. Whitespace before the value is ignored.
Cookie, User-Agent, or Referer precise the context so that the server can
build the answer.
HTTP Request Headers
ShellShock Exploitation CVE-2014-6271
ShellShock Exploitation CVE-2014-6271
HTTP Request Headers
CVE-2019-5418 - File Content Disclosure on Rails
CVE-2019-5418 - File Content Disclosure on Rails
HTTP Request Headers
Accept
Accept-Charset
Accept-Encoding
Accept-Language
Accept-Ranges
Access-Control-Request-Method,
Access-Control-Request-Headers
Authorization
Cache-Control
Vai
Range
Max-Forwards
Pragma
Proxy-Authorization
Referer
TE
Transfer-Encoding
X-Forwarded-For
X-Requested-With
X-Forwarded-Host
Proxy-Connection
Save-Data
….. ….. …..
Connection
Content-Encoding
Content-Length
Content-MD5
Content-Range
Content-Type
Date
Warning
Upgrade
Origin
Trailer
User-Agent
If-Unmodified-Since
Expect
From
Host
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Cookie
Accept
Accept-Charset
Accept-Encoding
Accept-Language
Accept-Ranges
Access-Control-Request-Method,
Access-Control-Request-Headers
Authorization
Cache-Control
Vai
Range
Max-Forwards
Pragma
Proxy-Authorization
Referer
TE
Transfer-Encoding
X-Forwarded-For
X-Requested-With
X-Forwarded-Host
Proxy-Connection
Save-Data
….. ….. …..
Connection
Content-Encoding
Content-Length
Content-MD5
Content-Range
Content-Type
Date
Warning
Upgrade
Origin
Trailer
User-Agent
If-Unmodified-Since
Expect
From
Host
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Cookie
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
STATUS CODE
1xx
2xx
3xx
4xx
5xx
1xx
2xx
3xx
4xx
5xx
Status Code and Reason Phrase
1xx: Informational - Request received, continuing process
2xx: Success - The action was successfully received, understood, and accepted
3xx: Redirection - Further action must be taken in order to complete the request
4xx: Client Error - The request contains bad syntax or cannot be fulfilled
5xx: Server Error - The server failed to fulfill an apparently valid request
1xx: Informational - Request received, continuing process
2xx: Success - The action was successfully received, understood, and accepted
3xx: Redirection - Further action must be taken in order to complete the request
4xx: Client Error - The request contains bad syntax or cannot be fulfilled
5xx: Server Error - The server failed to fulfill an apparently valid request
Status Code
100 : Continue
101 : Switching Protocols
200 : OK
201 : Created
202 : Accepted
203 : Non-Authoritative Info
204 : No Content
205 : Reset Content
206 : Partial Content
300 : Multiple Choices
301 : Moved Permanently
302 : Found
303 : See Other
304 : Not Modified
305 : Use Proxy
307 : Temporary Redirect
414 : Request-URI Too Large
415 : Unsupported Media Type
416 : Requested range not satisfiable
417 : Expectation Failed
500 : Internal Server Error
501 : Not Implemented
502 : Bad Gateway
503 : Service Unavailable
504 : Gateway Time-out
505 :HTTP Version not supported
400 : Bad Request
401 : Unauthorized
402 : Payment Required
403 : Forbidden
404 : Not Found
405 : Method Not Allowed
406 : Not Acceptable
407 : Proxy Authentication Required
408 : Request Time-out
409 : Conflict
410 : Gone
411 : Length Required
412 : Precondition Failed
413 : Request Entity Too Large
100 : Continue
101 : Switching Protocols
200 : OK
201 : Created
202 : Accepted
203 : Non-Authoritative Info
204 : No Content
205 : Reset Content
206 : Partial Content
300 : Multiple Choices
301 : Moved Permanently
302 : Found
303 : See Other
304 : Not Modified
305 : Use Proxy
307 : Temporary Redirect
414 : Request-URI Too Large
415 : Unsupported Media Type
416 : Requested range not satisfiable
417 : Expectation Failed
500 : Internal Server Error
501 : Not Implemented
502 : Bad Gateway
503 : Service Unavailable
504 : Gateway Time-out
505 :HTTP Version not supported
400 : Bad Request
401 : Unauthorized
402 : Payment Required
403 : Forbidden
404 : Not Found
405 : Method Not Allowed
406 : Not Acceptable
407 : Proxy Authentication Required
408 : Request Time-out
409 : Conflict
410 : Gone
411 : Length Required
412 : Precondition Failed
413 : Request Entity Too Large
Status Code
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
HTTP
RESPONSE HEADERS
RESPONSE HEADERS
HTTP Response Headers
The response-header fields allow the server to pass additional information
about the response which cannot be placed in the Status- Line.
These header fields give information about the server and about further
access to the resource identified by the Request-URI.
Response headers, like Age, Location or Server are used to give a more
detailed context of the response.
The response-header fields allow the server to pass additional information
about the response which cannot be placed in the Status- Line.
These header fields give information about the server and about further
access to the resource identified by the Request-URI.
Response headers, like Age, Location or Server are used to give a more
detailed context of the response.
HTTP Response Headers disclose server information
Access-Control-Allow-Origin,
Access-Control-Allow-Credentials,
Access-Control-Expose-Headers,
Access-Control-Max-Age,
Access-Control-Allow-Methods,
Access-Control-Allow-Headers
Accept-Ranges
Accept-Patch
Age
Allow
Strict-Transport-Security
Content-Security-Policy
X-Content-Security-Policy
Cache-Control
Vary
Connection
Content-Disposition
Content-Encoding
Content-Language
Content-Length
Content-Location
Content-MD5
Content-Range
Content-Type
Date
Status
ETag
Warning
WWW-Authenticate
Via
Last-Modified
Location
Expires
Set-Cookie
Server
X-Frame-Options
Pragma
Proxy-Authenticate
Retry-After
Tk
Trailer
Transfer-Encoding
Upgrade
X-Powered-By
X-XSS-Protection
HTTP Response Headers
Access-Control-Allow-Credentials,
Access-Control-Expose-Headers,
Access-Control-Max-Age,
Access-Control-Allow-Methods,
Access-Control-Allow-Headers
Accept-Ranges
Accept-Patch
Age
Allow
Strict-Transport-Security
Content-Security-Policy
X-Content-Security-Policy
Cache-Control
Vary
Connection
Content-Disposition
Content-Encoding
Content-Language
Content-Length
Content-Location
Content-MD5
Content-Range
Content-Type
Date
Status
ETag
Warning
WWW-Authenticate
Via
Last-Modified
Location
Expires
Set-Cookie
Server
X-Frame-Options
Pragma
Proxy-Authenticate
Retry-After
Tk
Trailer
Transfer-Encoding
Upgrade
X-Powered-By
X-XSS-Protection
HTTP Response Headers
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
Directory & File Name
Parameters &
it’s value
HTTP version
CR & LF
character
HTTP Request
headers
Status code
Response body
Response headers
?? QA ??
Thanks!
@_ShreeGajera
@_ShreeGajera
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,885
- Slides 46
- Favorites 1
- Age 2053 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views