This video introduces HTTP, how it works, and the different methods available to communicate with an HTTP server.
- View Offline
- [Instructor] Hi, and welcome to Section Two, Interacting with Web Applications. In the previous section, we learned about the Web application security process, and why it is important to test application security. In this section, we will see the basics of the HTTP protocol, and how it works. Then, we will analyze an HTTP request to understand its parts. We will start using Python to interact with the Web applications. And finally, we will analyze HTTP responses, and explore the HTTP headers.
Now we move on to the first video of this section, which deals with understanding the HTTP basics, and how it works. In this video, we're going to learn about the HTTP protocol, how it works, the security aspects of it, and which methods are supported when performing a request. This will provide you with the basic knowledge about HTTP, which is important to understand how to build tools and test for security issues in Web applications. HTTP stands for Hypertext Transfer Protocol, HTTP.
It was designed to enable communications between clients and the servers. The HTTP is a TCP/IP based communication protocol operating in the application layer. Normally, we use a Web browser to interact with Web applications. But in this training, we will leave the browser behind, and we are going to use Python to talk with Web applications. This protocol is Media independent. This means that any type of data can be sent by HTTP, as long as the client and the server know how to handle the data content.
And it is Stateless, which means that the HTTP server and the clients are aware of each other during the requested transaction only. Due to this characteristic, neither the client or the server retain information between requests, which will later be helpful when you perform some attacks. HTTP protocol is available in two different versions. HTTP/1.0, which uses a new connection for each request response transaction, and HTTP/1.1, where the connection can be used by one or more request response transactions.
HTTP is not a secure protocol, meaning that all communications are clear text, being susceptible to interception and tampering. Generally, HTTP is being served on port 80. This is an example of what a simple transaction looks like. On the left, we have the client, which sends an HTTP GET request to the server, asking for the resource test.html.
The server returns an HTTP response with a 200 okay code. Some headers and the content test.html, if it exists on the server. If it does not exist, it will return a 404 not found response code. This represents the most basic GET requests in the Web application world. In 1994, HTTPS was introduced to add security on top of HTTP.
HTTPS is not a protocol itself, but the result of layering HTTP on top of SSL or TLS, Secure Socket Layer, or Transport Layer Security. HTTPS creates a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers, and man-in-the-middle attacks, provided that adequate cipher suites are used, and that the server certificate is verified and trusted.
So, whenever the application handles the sensitive information, it should use HTTPS. Banking payments, shopping websites, login pages, profile pages, et cetera. Basically, if we handle, process, or store customer data, it should use HTTPS. In HTTP, methods indicate the desired action, to be performed on the chosen resource, also known as HTTP verbs.
HTTP/1.0 defines three methods, HEAD, GET, and POST. HEAD will only return the headers, and the status code without its content. GET is the standard method used to retrieve resource content, given a URI. POST is a method used to submit content to the server. Forms data, files, et cetera. Then, HTTP/1.1 introduced the following methods.
OPTIONS. Provides the communication options for the target resource. PUT. Requests to store a resource identified by the given URI. DELETE. Remove all representations of the target resource identified by the given URI. TRACE. This method echoes the received request, so that the client can see what changes or additions have been made by intermediate servers.
CONNECT. Establish a tunnel to the server, identified by a given URI, used by HTTPS. PATCH. This method applies partial modifications to a resource. HEAD, GET, OPTIONS, AND TRACE are, by convention, defined as safe, which means they are intended only for information retrieval, and should not change the state of the server.
On the other hand, methods such as POST, PUT, DELETE, PATCH, are intended for actions that may cause side effects either on the server, or external side effects. There are more methods then these. I encourage you to explore them. In this video, we have seen that HTTP is a client server protocol, which is Stateless. This protocol doesn't provide any security, and thus is why HTTPS was created to add a secure layer on top of HTTP.
We also learned that there are some different methods that will instruct the server to perform different actions on the chosen resources. In the next video, we're going to dissect an HTTP request and response, and understand its parts.
Stop using automated testing tools. Customize and write your own tests with Python! While there are an increasing number of sophisticated ready-made tools to scan systems for vulnerabilities, Python allows testers to write system-specific scripts—or alter and extend existing testing tools—to find, exploit, and record as many security weaknesses as possible. This course will give you the necessary skills to write custom tools for different scenarios and modify existing Python tools to suit your application's needs.
Christian Martorella starts off by providing an overview of the web application penetration testing process and the tools the professionals use to perform these tests. Next he shows how to interact with web applications using Python, HTTP, and the Requests library. Then follow the web application penetration testing methodology. Each section contains practical Python examples. To finish off, Christian shows how to use the tools against a vulnerable web application created specifically for this course.
- Understanding web penetration testing
- Interacting with web applications via HTTP and the Requests library
- Analyzing HTTP responses
- Web crawling with Scrapy
- Extracting information
- Discovering resources
- Testing passwords
- Detecting and exploiting SQL injection vulnerabilities
- Intercepting HTTP requests