THM – Web Fundamentals – Part 10

Byaghanim

Last Updated on January 25, 2022 by aghanim

How Do We Load Websites?  

Finding the server 

A DNS request is made initially. DNS is like a giant phone book that takes a URL and turns it into an IP. You dont have to remember the IP of websites.  

The IP address uniquely identifies each internet connected devices, like a web servere or your computer. They are formed of 4 groups of number, each 0-255 (x.x.x.x) and called an octect.

Loading some content 

Once the browser knows the servers IP, it can ask the server for the web page. Done with HTTP GET request. GET is an example of a HTTP verb, which are the different types of request. The server wil respond to the get request with the web page content. If the web page is loading extra resources, like JavaScript, images or CSS files, those will be retrieved in separate GET requests.

Wireshark showing the HTTP requests that load a website (neverssl.com) 

Most websites now the request will use HTTPS. HTTPS is a secure (encrypted) version of HTTP, it works in more or less the same way. This uses TLS 1.3 encryption in order to communicate without:

  • Other parties being able to read the data
  • Other parties being able to modify the data

A web server is a software that receives and responds to HTTP(S) requests. Popular examples are Apache, Nginx and MS IIS. By default HTTP runs on port 80 and HTTPS runs on port 443.

The actual content of the web page is normally a combination of HTML, CSS and JavaScript. HTML defines the structure of the page and the content. CSS allows you to change how the web page looks and make it look fancy. JavaScript is a programming language that runs in the browser and allows you to make pages interactive or load extra content.

More HTTPS – Verbs and request formats 

Requests 

9 different HTTP “verbs”, also known as methods. Each have different function. GET request used to retrieve content.  

POST requests are used to send data to a web server. Example: Adding comment or performing a login.  

Many more verbs, but arent commonly used for web servers. 

HTTP reuqest can be broken into parts. First line is a verb and path for the server: 

”GET /index.html”

Next section is headers.  Gives the web server more information about your request. Cookies are sent in the request headers.  

Body of the request. For POST requests, the content that’s sent to the server. For GET requests, body is allowed but will mostly be ignored by the server.  

Example for a GET request retriveing a simple JS file:  

GET /main.js HTTP/1.1 

Host: 192.168.170.129:8081 

Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36 

Accept: */* 

Referer: http://192.168.170.129:8081/  

Accept-Encoding: gzip, deflate 

Accept-Language: en-GB,en-US;q=0.9,en;q=0.8

Can tell what performed the request from the header (Chrome version 80 from win 10). Useful for forensics and analysing packet caputres.  

Response 

The server should reply with a response. Follows a similar structure to the request, but the first line describes the status rather than a verb and a path. 

Status will normally be a code.  

HTTP status codes:  

  • 100-199: Information 
  • 200-299: Successes (200 OK is the “normal” response for a GET) 
  • 300-399: Redirects (the information you want is elsewhere) 
  • 400-499: Client errors (You did something wrong, like asking for something that doesn’t exist) 
  • 500-599: Server errors (The server tried, but something went wrong on their side) 

The response will also have a body. For GET request, this is web content or information such as JSON. For POST requests, may be a status message or similar.  

Example of response to GET request:  

HTTP/1.1 200 OK 

Accept-Ranges: bytes 

Content-Length: 28 

Content-Type: application/javascript; charset=utf-8 

Last-Modified: Wed, 12 Feb 2020 12:51:44 GMT 

Date: Thu, 27 Feb 2020 21:47:30 GMT 

console.log("Hello, World!")

Cookies 

What are cookies?  

Small bits of data that is stored in your browser. Each browser will store them separatly, so cookies in Chrome won’t be available in FireFoxHuge number of uses. Most common are either session management or advertising (tracking cookies). Cookies are normally sent with every HTTP request made to the server.  

Why cookies? 

Because HTTP is stateless (Each request is independent and no state is tracked internally), cookies are used to keep track of this. Allows sites to keep track of data like: What items you have in your shopping cart, who you are, what you’ve done on the websites and more.  

Cookies can be broken down: Cookies have a name, a value, an expiry date and a path. The name identifies the cookies, the value is where data is stored, the expiry date is when the browser will get rid of the cookie automatically and the path determines what requests the cookie will be sent with.  

Server normally sets the cookie and comes in the response header (“Set-Cookie”). Can also be set from JavaScript inside your browser.  

Using cookies 

When logging in to a web application, you are given a session token. Allows web server to identify your requests from someone else’s. Stealing someone’s session token can allow you to impersonate them. 

Manipulating cookies 

Using browsers developer tools, you can view and modify cookies. In FireFox, cookies located in storage tab. “+” button that allow you to create your own cookies. Can modify all the cookies that you can see in this panel.  

Similar Posts

  • THM – Network Services – Telnet – Part 5

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding telnet Enumerating Telnet Exploiting telnet  Understanding telnet  What is telnet?  Telnet is an application protocol which allows you, with the use of telnet client, to connect to and execute commands on a remote machine that’s hosting a telnet server.   The telnet client will establish a connection with the server. The client will then…

  • THM – Subdomain Enumeration – Part 5

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsBriefOSINT – SSL/TLS CertificatesSSL/TLS CertificatesOSINT – Search EngineSearch EnginesDNS BruteforceOSINT – Sublist3rAutomation Using Sublist3rVirtual Hosts Brief Subdomain enumeration is the…

  • THM – SSRF – Part 9

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsWhat is an SSRF?Types of SSRFWhat’s the impact?SSRF ExamplesFinding an SSRFDefeating Common SSRF DefensesDeny ListAllow ListOpen Redirect What is an…

  • THM – SQL Injection – Part 12

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsWhat is a database?What are tables?Columns:ROWS:What is SQL?What is SQL Injection?What does it look like?Article 2 is locked as privateIn-Band…

  • THM – Hashing – Part 14

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Table Of ContentsKey TermsWhat’s a hash function?Uses for hashingRecognizing password hashesPassword CrackingHashing for integrity checking…