Examples of HTTP protocol

Hand written Requests

• A very simple request:
  A person connects to the server using a telnet on the port 80, then asks for the first page.
  The response is chunked (header contains Transfer-Encoding: chunked) - a first group of 8e4f chars is sent, then the server sends the length of the next group, hier 0 = the end of the document
  Request/ Response
• Request for the index.html resource on the same server (that does not exist). The Response contains the status 404 Not Found
  Request/ Response
• Get for a resource index.php with a parameter id=123
  The response has a content-length
  Request/ Response
• We connect to a machine having multiple hosts (host for telnet has not the same name as host) and want to access a resource.
  The response contains a redirect to a secure URL (https).
  Request/ Response

Listen and Intercept HTTP trafic

• Use Web Scarab (the simple, not the NG), to read and manipulate HTTP trafic. You will be able to intercept and spoof any HTTP parameter: Web Scarab

POST vs GET forms

• POST vs GET on a form (Source file)

Basic Authentication

• Page requiring HTTP basic credentials (Source)

Session handling (example in PHP)

• Counter (Source)
• Enter Username (Source)
• See if it is remembered (Source)