What Is HTTP?
HTTP stands for HyperText Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.
For instance, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page. The other main standard that controls how the World Wide Web works is HTML, which covers how web pages are formatted and displayed.
HTTP Work through different methods:
- GET – Get some resource from the server.
Here I am making a request to google.com port 80 root file using Netcat tool to show you the demo.
OPTIONS – to check what methods are enable in server.
HEAD – Go get only http header
PUT – to place/put some file into sever, this is dangerous methods because attacker can able to put some malicious file into server.
DELETE – we can delete any file from sever if incase if this method is enable in the server.
TRACE -The HTTP TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests that use the exact request that was received.
This behavior is often harmless, but occasionally leads to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. This functionality could historically be used to bypass the HttpOnly cookie flag on cookies, but this is no longer possible in modern web browsers.
TRACE / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
The server will send the following message in response to the above request:
HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
- 1XX – information
- 2XX – ok
- 3XX – redirection
- 4XX – client-side error
- 5XX – server-side error