-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathHTTP in detail
137 lines (96 loc) · 6.57 KB
/
HTTP in detail
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#Task 3 - HTTP Methods
hint:
HTTP Methods
HTTP methods are a way for the client to show their intended action when making an HTTP request. There are a lot of HTTP methods but we'll cover the most common ones, although mostly you'll deal with the GET and POST method.
GET Request
This is used for getting information from a web server.
POST Request
This is used for submitting data to the web server and potentially creating new records
PUT Request
This is used for submitting data to a web server to update information
DELETE Request
This is used for deleting information/records from a web server.
- What method would be used to create a new user account?
post
- What method would be used to update your email address?
put
- What method would be used to remove a picture you've uploaded to your account?
delete
- What method would be used to view a news article?
get
#Task 4 - HTTP Status Codes
hint:
HTTP Status Codes:
100-199 - Information Response These are sent to tell the client the first part of their request has been accepted and they should continue sending the rest of their request. These codes are no longer very common.
200-299 - Success This range of status codes is used to tell the client their request was successful.
300-399 - Redirection These are used to redirect the client's request to another resource. This can be either to a different webpage or a different website altogether.
400-499 - Client Errors Used to inform the client that there was an error with their request.
500-599 - Server Errors This is reserved for errors happening on the server-side and usually indicate quite a major problem with the server handling the request.
Common HTTP Status Codes:
200 - OK : The request was completed successfully.
201 - Created : A resource has been created (for example a new user or new blog post).
301 - Permanent Redirect : This redirects the client's browser to a new webpage or tells search engines that the page has moved somewhere else and to look there instead.
302 - Temporary Redirect : Similar to the above permanent redirect, but as the name suggests, this is only a temporary change and it may change again in the near future.
400 - Bad Request : This tells the browser that something was either wrong or missing in their request. This could sometimes be used if the web server resource that is being requested expected a certain parameter that the client didn't send.
401 - Not Authorised : You are not currently allowed to view this resource until you have authorised with the web application, most commonly with a username and password.
403 - Forbidden : You do not have permission to view this resource whether you are logged in or not.
405 - Method Not Allowed : The resource does not allow this method request, for example, you send a GET request to the resource /create-account when it was expecting a POST request instead.
404 - Page Not Found : The page/resource you requested does not exist.
500 - Internal Service Error : The server has encountered some kind of error with your request that it doesn't know how to handle properly.
503 - Service Unavailable : This server cannot handle your request as it's either overloaded or down for maintenance.
- What response code might you receive if you've created a new user or blog post article?
201
- What response code might you receive if you've tried to access a page that doesn't exist?
404
- What response code might you receive if the web server cannot access its database and the application crashes?
503
- What response code might you receive if you try to edit your profile without logging in first?
401
#Task 5 Headers
hint:
Headers are additional bits of data you can send to the web server when making requests.
Although no headers are strictly required when making a HTTP request, you’ll find it difficult to view a website properly.
Common Request Headers
These are headers that are sent from the client (usually your browser) to the server.
Host: Some web servers host multiple websites so by providing the host headers you can tell it which one you require, otherwise you'll just receive the default website for the server.
User-Agent: This is your browser software and version number, telling the web server your browser software helps it format the website properly for your browser and also some elements of HMTL, JavaScript and CSS are only available in certain browsers.
Content-Length: When sending data to a web server such as in a form, the content length tells the web server how much data to expect in the web request. This way the server can ensure it isn't missing any data.
Accept-Encoding: Tells the web server what types of compression methods the browser supports so the data can be made smaller for transmitting over the internet.
Cookie: Data sent to the server to help remember your information (see cookies task for more information).
Common Response Headers
These are the headers that are returned to the client from the server after a request.
Set-Cookie: Information to store which gets sent back to the web server on each request (see cookies task for more information).
Cache-Control: How long to store the content of the response in the browser's cache before it requests it again.
Content-Type: This tells the client what type of data is being returned, i.e., HTML, CSS, JavaScript, Images, PDF, Video, etc. Using the content-type header the browser then knows how to process the data.
Content-Encoding: What method has been used to compress the data to make it smaller when sending it over the internet.
- What header tells the web server what browser is being used?
user-agent
- What header tells the browser what type of data is being returned?
content-type
- What header tells the web server which website is being requested?
host
#Task 6 Cookies
- Which header is used to save cookies to your computer?
set-cookie
#Task 7 Making Requests
- Make a GET request to /room
hint: http://tryhackme.com/room
THM{YOU'RE_IN_THE_ROOM}
- Make a GET request to /blog and using the gear icon set the id parameter to 1 in the URL field
hint: http://tryhackme.com/blog
key=id value=1
THM{YOU_FOUND_THE_BLOG}
- Make a DELETE request to /user/1
hint: http://tryhackme.com/user1
THM{USER_IS_DELETED}
- Make a PUT request to /user/2 with the username parameter set to admin
hint: http://tryhackme.com/user/2
key=username value=adin
THM{USER_HAS_UPDATED}
- POST the username of thm and a password of letmein to /login
hint: http://tryhackme.com/login
key=username value=thm
key=password value=letmein
THM{HTTP_REQUEST_MASTER}
https://tryhackme.com/room/httpindetail
https://blog.gauravraj.tech/posts/http-in-detail-tryhackme-room-writeup-and-walkthrough/