Exercise HTTP
Http Solutions: Generate your first Requests
Connect to the server www.benoist.ch to get the directory /coursWebProgramming/ :
It was here important not to forget the last / , otherwith, we get a redirect response.First try, without the last /:
Request
bie1@linux-dell:~> telnet www.benoist.ch 80 Trying 194.150.248.35... Connected to www.benoist.ch. Escape character is '^]'. GET /coursWebSecurity HTTP/1.1 Host: www.benoist.chResponse
HTTP/1.1 301 Moved Permanently Date: Mon, 28 Apr 2008 09:34:58 GMT Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a PHP-CGI/0.1b Location: http://www.benoist.ch/coursWebSecurity/ Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 13d <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>301 Moved Permanently</TITLE> </HEAD><BODY> <H1>Moved Permanently</H1> The document has moved <A HREF="http://www.benoist.ch/coursWebSecurity/">here</A>.<P> <HR> <ADDRESS>Apache/1.3.37 Server at www.benoist.ch Port 80</ADDRESS> </BODY></HTML> 0So we have to go to the right address and ask for a directory: Request
bie1@linux-dell:~> telnet www.benoist.ch 80 Trying 194.150.248.35... Connected to www.benoist.ch. Escape character is '^]'. GET /coursWebSecurity/ HTTP/1.1 Host: www.benoist.chResponse
HTTP/1.1 200 OK Date: Mon, 28 Apr 2008 10:02:42 GMT Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a PHP-CGI/0.1b X-Powered-By: PHP/5.2.2 Transfer-Encoding: chunked Content-Type: text/html 6c <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> <html> <head> <title>Web Security</title> </head> <body> ... ... ... 12 </body> </html> 0 Connection closed by foreign host. bie1@linux-dell:~>
Write a small PHP
Solution:Test http-exercise-form.php (source )
Send a GET request including a username
Since this request is a GET, we have to include the arguments in the query-string. It is URL encoded, hence a space is denoted %20 RequestGET /exercise1/http-exercise-form.php?username=Emmanuel%20Benoist HTTP/1.1 Host: localhostResponse The request is interpreted right and the %20 is understood by PHP as a space.
HTTP/1.1 200 OK Date: Mon, 28 Apr 2008 11:47:23 GMT Server: Apache/2.2.8 (Unix) DAV/2 mod_ssl/2.2.8 OpenSSL/0.9.8e PHP/5.2.5 mod_apreq2-20051231/2.6.0 mod_perl/2.0.2 Perl/v5.10.0 X-Powered-By: PHP/5.2.5 Content-Length: 233 Content-Type: text/html <html> <head> <title> Exercise HTTP </title> </head> <body> <h1>Type your username</h1> <form method="GET" > Username = <input type="text" name="username" /> <input type="submit" value="OK" /> </form> Hello Emmanuel Benoist </body>Connection closed by foreign host.
Send a POST method including a username
The same request using a POST is quite different: RequestPOST /exercise1/http-exercise-form.php HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-length: 27 username=Emmanuel%20BenoistThe response is exactly the same as for the previous request.
Send a request to Google
The first part of this exercise was to find the URL of google search engine. It is the resource: http://www.google.de/search. You just have to send a value for all the parameters:GET http://www.google.de/search?hl=de&q=HTTP%20Tutorial&btnG=Recherche+Google HTTP/1.1 Host: www.google.de HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: PREF=ID=c9bd87eeddd849d1:TM=1209384224:LM=1209384224:S=OXTLdPIDLA3n_qSk; expires=Wed, 28-Apr-2010 12:03:44 GMT; path=/; domain=.google.de Set-Cookie: SS=Q0=SFRUUCBUdXRvcmlhbA; path=/search Date: Mon, 28 Apr 2008 12:03:44 GMT Server: gws Transfer-Encoding: chunked 1b50 <html><head><meta http-equiv=content-type content="text/html; charset=ISO-8859-1"><title>HTTP Tutorial - Google-Suche</title>
Monitor HTTP Trafic to the page http://staff.ti.bfh.ch/bie1
We monitor different requests and their response:- Request:
GET /bie1 HTTP/1.1 Host:staff.ti.bfh.ch ...
Response: We are redirected toward the corresponding secure server.HTTP/1.x 302 Found Location: https://staff.ti.bfh.ch/bie1
- Same Request, but encrypted in HTTPS:
GET /bie1 HTTP/1.1 Host:staff.ti.bfh.ch ...
Response: We have to change our request, our resource is a directory, should end with a /.HTTP/1.x 301 Moved Permanently Location: https://staff.ti.bfh.ch/bie1/
- Request for a directory (including / at the end)
GET /bie1/ HTTP/1.1 Host:staff.ti.bfh.ch ...
Response (we are redirected to this URL by a PHP script):HTTP/1.x 302 Found Location: http://prof.hti.bfh.ch/?id=bie1
- Request for a page
GET /?id=bie1 HTTP/1.1 Host: prof.hti.bfh.ch ...
Response (we are automatically redirected to the secure server):HTTP/1.x 302 Found Location: https://prof.hti.bfh.ch/?id=bie1
- Same request on the secure server
GET /?id=bie1 HTTP/1.1 Host: prof.ti.bfh.ch ...
Response (we are automatically redirected to the page in french)HTTP/1.x 302 Found Location: https://prof.hti.bfh.ch/?id=bie1&L=1
- Final Request for the right document: on Typo3, on the secure server and
in French.
GET /?id=bie1&L=1 HTTP/1.1 Host: prof.ti.bfh.ch ...
Response The real oneHTTP/1.x 200 OK
Related Pages
Contact
Prof. Dr. Emmanuel Benoist
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Social Networks
Follow
me
on
Linkedin, Scholar
& Research gate