Http Solutions: Generate your first Requests
Connect to the server www.benoist.ch to get the directory /WebSecurity/ :
It was here important not to forget the last / , otherwise, we get a redirect
response.
First try, without the last /:
Request
bie1@linux-dell:~> telnet www.benoist.ch 80
Trying 194.150.248.35...
Connected to www.benoist.ch.
Escape character is '^]'.
GET /WebSecurity HTTP/1.1
Host: www.benoist.ch
Response
HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Apr 2008 09:34:58 GMT
Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a PHP-CGI/0.1b
Location: http://www.benoist.ch/WebSecurity/
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
13d
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>301 Moved Permanently</TITLE>
</HEAD><BODY>
<H1>Moved Permanently</H1>
The document has moved <A HREF="http://www.benoist.ch/WebSecurity/">here</A>.<P>
<HR>
<ADDRESS>Apache/1.3.37 Server at www.benoist.ch Port 80</ADDRESS>
</BODY></HTML>
0
So we have to go to the right address and ask for a directory:
Request
bie1@linux-dell:~> telnet www.benoist.ch 80
Trying 194.150.248.35...
Connected to www.benoist.ch.
Escape character is '^]'.
GET /WebSecurity/ HTTP/1.1
Host: www.benoist.ch
Response
HTTP/1.1 200 OK
Date: Mon, 28 Apr 2008 10:02:42 GMT
Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a PHP-CGI/0.1b
X-Powered-By: PHP/5.2.2
Transfer-Encoding: chunked
Content-Type: text/html
6c
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html> <head>
<title>Web Security</title>
</head>
<body>
...
...
...
12
</body>
</html>
0
Connection closed by foreign host.
bie1@linux-dell:~>
Write a small PHP
Solution:
Test http-exercise-form.php (source )
Send a GET request including a username
Since this request is a GET, we have to include the arguments in the
query-string. It is URL encoded, hence a space is denoted %20
Request
GET /exercise1/http-exercise-form.php?username=Emmanuel%20Benoist HTTP/1.1
Host: localhost
Response
The request is interpreted right and the %20 is understood by PHP as a space.
HTTP/1.1 200 OK
Date: Mon, 28 Apr 2008 11:47:23 GMT
Server: Apache/2.2.8 (Unix) DAV/2 mod_ssl/2.2.8 OpenSSL/0.9.8e PHP/5.2.5 mod_apreq2-20051231/2.6.0 mod_perl/2.0.2 Perl/v5.10.0
X-Powered-By: PHP/5.2.5
Content-Length: 233
Content-Type: text/html
<html>
<head>
<title>
Exercise HTTP
</title>
</head>
<body>
<h1>Type your username</h1>
<form method="GET" >
Username = <input type="text" name="username" />
<input type="submit" value="OK" />
</form>
Hello Emmanuel Benoist
</body>Connection closed by foreign host.
Send a POST method including a username
The same request using a POST is quite different:
Request
POST /exercise1/http-exercise-form.php HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-length: 27
username=Emmanuel%20Benoist
The response is exactly the same as for the previous request.
Send a request to Google
The first part of this exercise was to find the URL of google search
engine. It is the resource: http://www.google.de/search. You just
have to send a value for all the parameters:
GET http://www.google.de/search?hl=de&q=HTTP%20Tutorial&btnG=Recherche+Google HTTP/1.1
Host: www.google.de
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=c9bd87eeddd849d1:TM=1209384224:LM=1209384224:S=OXTLdPIDLA3n_qSk; expires=Wed, 28-Apr-2010 12:03:44 GMT; path=/; domain=.google.de
Set-Cookie: SS=Q0=SFRUUCBUdXRvcmlhbA; path=/search
Date: Mon, 28 Apr 2008 12:03:44 GMT
Server: gws
Transfer-Encoding: chunked
1b50
<html><head><meta http-equiv=content-type content="text/html; charset=ISO-8859-1"><title>HTTP Tutorial - Google-Suche</title>
We monitor different requests and their response:
- Request:
GET /bie1 HTTP/1.1
Host:staff.ti.bfh.ch
...
Response: We are redirected toward the corresponding secure server.
HTTP/1.x 302 Found
Location: https://staff.ti.bfh.ch/bie1
- Same Request, but encrypted in HTTPS:
GET /bie1 HTTP/1.1
Host:staff.ti.bfh.ch
...
Response: We have to change our request, our resource is a directory, should
end with a /.
HTTP/1.x 301 Moved Permanently
Location: https://staff.ti.bfh.ch/bie1/
- Request for a directory (including / at the end)
GET /bie1/ HTTP/1.1
Host:staff.ti.bfh.ch
...
Response (we are redirected to this URL by a PHP script):
HTTP/1.x 302 Found
Location: http://prof.hti.bfh.ch/?id=bie1
- Request for a page
GET /?id=bie1 HTTP/1.1
Host: prof.hti.bfh.ch
...
Response (we are automatically redirected to the secure server):
HTTP/1.x 302 Found
Location: https://prof.hti.bfh.ch/?id=bie1
- Same request on the secure server
GET /?id=bie1 HTTP/1.1
Host: prof.ti.bfh.ch
...
Response (we are automatically redirected to the page in french)
HTTP/1.x 302 Found
Location: https://prof.hti.bfh.ch/?id=bie1&L=1
- Final Request for the right document: on Typo3, on the secure server and
in French.
GET /?id=bie1&L=1 HTTP/1.1
Host: prof.ti.bfh.ch
...
Response The real one
HTTP/1.x 200 OK
But the user saw nothing! Image the danger for security!!
www.benoist.ch
Last modified: Fri Feb 20 14:11:54 MET 2004