SlideShare a Scribd company logo

HTTP Request and Response Structure

B
BhagyashreeGajera1

The document provides a comprehensive overview of the Hypertext Transfer Protocol (HTTP), detailing its evolution from HTTP/0.9 to HTTP/3.0 and the various HTTP methods used in web communication. It covers the structure and components of HTTP requests and responses, including headers, status codes, and parameters. Additionally, it discusses related vulnerabilities and exploitation methods, illustrating the significance of security in HTTP transactions.

Presentations & Public Speaking
1 of 46
Downloaded 27 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Most read
27
28
29
30
Most read
31
32
33
34
35
36
37
38
39
40
41
42
43
Most read
44
45
46
HyperText Transfer Protocol REQUEST & RESPONSE STRUCTURE @_ShreeGajera 19/04/2020
#Whoami @_ShreeGajera #Newbie in InfoSec #Bughunter #Developer
Agenda ● What is HTTP? ● HTTP Methods ● Directory and File name ● Parameters and it’s value ● HTTP Version ● HTTP Request Header ● CR&LF Character ● Status Code ● HTTP Response Header
What is HTTP ? Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia documents, such as HTML. It was designed for communication between web browsers and web servers.
Evolution of HTTP HTTP/0.9 Extremely simple: requests consist of a single line. GET /mypage.html HTTP/1.0 Added HTTP Version in request and HTTP headers has been introduced. A status code line is also sent at the beginning of the response. HTTP/1.1 Allowing to send a second request before the answer for the first one. Additional cache control, including language, encoding, or type, has been introduced. Host header, the ability to host different domains at the same IP address. HTTP/2.0 Binary protocol rather than text.It can no longer be read and created manually HTTP/3.0 Still in draft mode.
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers
HTTP METHODS
HTTP request methods are the assets that indicate the specific desired action to be performed on a given resource These method names are case sensitive and they must be used in uppercase.
Most Common HTTP Methods GET : used to request data from a specified resource. POST : used to send data to a server to create/update a resource. HEAD : almost identical to GET, but without the response body. OPTIONS : Describes the communication options for the target resource. DELETE : deletes the specified resource. PUT : used to send data to a server to create/update a resource. … … ...
HTTP METHODS OPTIONS GET HEAD POST PUT DELETE TRACE CONNECT PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK VERSION-CONTROL REPORT CHECKOUT CHECKIN UNCHECKOUT MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL MKACTIVITY ORDERPATCH ACL PATCH SEARCH ARBITRAR TRACK
Exploit of PUT method https://medium.com/@asfiyashaikh10/exploiting-put-method-d2d0cd7ba662
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers
DIRECTORY & FILE NAME
URL Path and file. Path start with application root directory e.g. /var/www/html, which is not appear in user side and manage by application server. Directory path : /var/www/html/blog/2020/03/10/upcoming_meets/ File : meet.php
Directory Listing
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers
PARAMETERS & ITS VALUES
Parameters are in the form of attribute/value pairs. In GET URL Path and parameter is separated through ? symbole. Two parameters are separated through & symbol.
REST request URL GET /API/v1/data/getdata/account/123/id/1337 POST /API/v1/data/putdata/account/123/id/1337/name/bhagyashree http://infosecgirls.in/index.php?page=foo http://infosecgirls.in/products?category=2&pid=25 http://infosecgirls.in/index.php?mod=profiles&id=193 http://infosecgirls.in/kb/index.php?cat=8&id=41 http://infosecgirls.in/foo http://infosecgirls.in/products/2/25 http://infosecgirls.in/profiles/193 http://infosecgirls.in/kb/8/41 = = = =
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers
HTTP VERSION
HTTP
HTTP/1.1 vs HTTP/2
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers
CRLF
CRLF Character CR and LF are control characters or bytecode that used to mark a line break in a text file. CR = Carriage Return (r, 0x0D in hexadecimal, 13 in decimal) LF = Line Feed (n, 0x0A in hexadecimal, 10 in decimal)   
CRLF Injection A CRLF injection vulnerability exists if an attacker can inject the CRLF characters into a web application. 
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers
HTTP REQUEST HEADERS
HTTP Request Headers The client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value. Whitespace before the value is ignored. Cookie, User-Agent, or Referer precise the context so that the server can build the answer.
HTTP Request Headers ShellShock Exploitation CVE-2014-6271
HTTP Request Headers CVE-2019-5418 - File Content Disclosure on Rails
HTTP Request Headers Accept Accept-Charset Accept-Encoding Accept-Language Accept-Ranges Access-Control-Request-Method, Access-Control-Request-Headers Authorization Cache-Control Vai Range Max-Forwards Pragma Proxy-Authorization Referer TE Transfer-Encoding X-Forwarded-For X-Requested-With X-Forwarded-Host Proxy-Connection Save-Data ….. ….. ….. Connection Content-Encoding Content-Length Content-MD5 Content-Range Content-Type Date Warning Upgrade Origin Trailer User-Agent If-Unmodified-Since Expect From Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since Cookie
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers
STATUS CODE 1xx 2xx 3xx 4xx 5xx
Status Code and Reason Phrase 1xx: Informational - Request received, continuing process 2xx: Success - The action was successfully received, understood, and accepted 3xx: Redirection - Further action must be taken in order to complete the request 4xx: Client Error - The request contains bad syntax or cannot be fulfilled 5xx: Server Error - The server failed to fulfill an apparently valid request
Status Code 100 : Continue 101 : Switching Protocols 200 : OK 201 : Created 202 : Accepted 203 : Non-Authoritative Info 204 : No Content 205 : Reset Content 206 : Partial Content 300 : Multiple Choices 301 : Moved Permanently 302 : Found 303 : See Other 304 : Not Modified 305 : Use Proxy 307 : Temporary Redirect 414 : Request-URI Too Large 415 : Unsupported Media Type 416 : Requested range not satisfiable 417 : Expectation Failed 500 : Internal Server Error 501 : Not Implemented 502 : Bad Gateway 503 : Service Unavailable 504 : Gateway Time-out 505 :HTTP Version not supported 400 : Bad Request 401 : Unauthorized 402 : Payment Required 403 : Forbidden 404 : Not Found 405 : Method Not Allowed 406 : Not Acceptable 407 : Proxy Authentication Required 408 : Request Time-out 409 : Conflict 410 : Gone 411 : Length Required 412 : Precondition Failed 413 : Request Entity Too Large
Status Code
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers
HTTP RESPONSE HEADERS
HTTP Response Headers The response-header fields allow the server to pass additional information about the response which cannot be placed in the Status- Line. These header fields give information about the server and about further access to the resource identified by the Request-URI. Response headers, like Age, Location or Server are used to give a more detailed context of the response.
HTTP Response Headers disclose server information
Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Access-Control-Expose-Headers, Access-Control-Max-Age, Access-Control-Allow-Methods, Access-Control-Allow-Headers Accept-Ranges Accept-Patch Age Allow Strict-Transport-Security Content-Security-Policy X-Content-Security-Policy Cache-Control Vary Connection Content-Disposition Content-Encoding Content-Language Content-Length Content-Location Content-MD5 Content-Range Content-Type Date Status ETag Warning WWW-Authenticate Via Last-Modified Location Expires Set-Cookie Server X-Frame-Options Pragma Proxy-Authenticate Retry-After Tk Trailer Transfer-Encoding Upgrade X-Powered-By X-XSS-Protection HTTP Response Headers
HTTP/1.1 https://tools.ietf.org/html/rfc2616HTTP Methods Directory & File Name Parameters & it’s value HTTP version CR & LF character HTTP Request headers Status code Response body Response headers
?? QA ??
Thanks! @_ShreeGajera

More Related Content

What's hot (20)

PPTX
JSON: The Basics
Jeff Fox
 
PDF
Fundamentals of Web Development For Non-Developers
Lemi Orhan Ergin
 
PPT
CSS Basics
WordPress Memphis
 
PPTX
Html5 tutorial for beginners
Singsys Pte Ltd
 
PPTX
Server Side Programming
Milan Thapa
 
PPT
Proxy Server
guest095022
 
PDF
Basics of JavaScript
Bala Narayanan
 
PPT
HTTP Basics
sanjoysanyal
 
ODP
Introduction of Html/css/js
Knoldus Inc.
 
PDF
Web Development with HTML5, CSS3 & JavaScript
Edureka!
 
PPTX
Introduction to Web Architecture
Chamnap Chhorn
 
PPT
Php Presentation
Manish Bothra
 
PPT
JQuery introduction
NexThoughts Technologies
 
PPT
PHP - Introduction to Object Oriented Programming with PHP
Vibrant Technologies & Computers
 
PPSX
Javascript variables and datatypes
Varun C M
 
PPTX
Lecture 1 introduction to vb.net
MUKALU STEVEN
 
PPTX
Hypertext transfer protocol (http)
Shimona Agarwal
 
PDF
Lecture-1: Introduction to web engineering - course overview and grading scheme
Mubashir Ali
 
PPTX
Http request and http response
Nuha Noor
 
PPTX
What is an API?
Muhammad Zuhdi
 
JSON: The Basics
Jeff Fox
 
Fundamentals of Web Development For Non-Developers
Lemi Orhan Ergin
 
CSS Basics
WordPress Memphis
 
Html5 tutorial for beginners
Singsys Pte Ltd
 
Server Side Programming
Milan Thapa
 
Proxy Server
guest095022
 
Basics of JavaScript
Bala Narayanan
 
HTTP Basics
sanjoysanyal
 
Introduction of Html/css/js
Knoldus Inc.
 
Web Development with HTML5, CSS3 & JavaScript
Edureka!
 
Introduction to Web Architecture
Chamnap Chhorn
 
Php Presentation
Manish Bothra
 
JQuery introduction
NexThoughts Technologies
 
PHP - Introduction to Object Oriented Programming with PHP
Vibrant Technologies & Computers
 
Javascript variables and datatypes
Varun C M
 
Lecture 1 introduction to vb.net
MUKALU STEVEN
 
Hypertext transfer protocol (http)
Shimona Agarwal
 
Lecture-1: Introduction to web engineering - course overview and grading scheme
Mubashir Ali
 
Http request and http response
Nuha Noor
 
What is an API?
Muhammad Zuhdi
 

Similar to HTTP Request and Response Structure (20)

PPTX
HTTP
vaibhavrai1993
 
PPT
Http request&response by Vignesh 15 MAR 2014
Navaneethan Naveen
 
PPTX
Web technology Unit-I Part D - message format
SSN College of Engineering, Kalavakkam
 
PPT
Hyper text transport protocol
HarshithaAllu
 
PDF
Introduction to HTTP
Seble Nigussie
 
PPT
HyperText Transfer Protocol
ponduse
 
PDF
21 HTTP Protocol #burningkeyboards
Denis Ristic
 
PPT
Http
Eri Alam
 
PPTX
http presentation 1.pptx
DeepakKumar408406
 
PPTX
Http
NITT, KAMK
 
PDF
Communicating on the web
Adrian Cardenas
 
PDF
HTTP
MaeEstherMaguadMaralit
 
PPTX
Hypertex transfer protocol
wanangwa234
 
PPTX
HTTP Protocol Basic
Chuong Mai
 
PPT
Http request&response session 1 - by Vignesh.N
Navaneethan Naveen
 
PPT
Http VS. Https
Raed Aldahdooh
 
PPTX
Compute rNetwork.pptx
ShehryarFreelancer
 
PPTX
Httpbasics 1207412539273264-9-converted
computerorganization
 
PPTX
Http and its Applications
Nayan Dagliya
 
PPT
HTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
VietAnhNguyen337355
 
HTTP
vaibhavrai1993
 
Http request&response by Vignesh 15 MAR 2014
Navaneethan Naveen
 
Web technology Unit-I Part D - message format
SSN College of Engineering, Kalavakkam
 
Hyper text transport protocol
HarshithaAllu
 
Introduction to HTTP
Seble Nigussie
 
HyperText Transfer Protocol
ponduse
 
21 HTTP Protocol #burningkeyboards
Denis Ristic
 
Http
Eri Alam
 
http presentation 1.pptx
DeepakKumar408406
 
Http
NITT, KAMK
 
Communicating on the web
Adrian Cardenas
 
HTTP
MaeEstherMaguadMaralit
 
Hypertex transfer protocol
wanangwa234
 
HTTP Protocol Basic
Chuong Mai
 
Http request&response session 1 - by Vignesh.N
Navaneethan Naveen
 
Http VS. Https
Raed Aldahdooh
 
Compute rNetwork.pptx
ShehryarFreelancer
 
Httpbasics 1207412539273264-9-converted
computerorganization
 
Http and its Applications
Nayan Dagliya
 
HTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
VietAnhNguyen337355
 
Ad

Recently uploaded (20)

PDF
Buy Verified Payoneer Accounts — The Ultimate Guide for 2025 (Rank #1 on Goog...
Buy Verified Cash App Accounts
 
PDF
Buy Verified Coinbase Accounts — The Ultimate Guide for 2025 (Rank #1 on Goog...
Buy Verified Cash App Accounts
 
PPTX
Great-Books. Powerpoint presentation. files
tamayocrisgie
 
PPTX
INTRO-TO-EMPOWERMENT-TECHNOLGY grade 11 lesson
ReyAcosta8
 
PDF
Performancesonore_sudouest_EN.pdf
Pont Samuel-De Champlain Bridge
 
DOCX
How Digital Marketplaces are Empowering Emerging MedTech Brands
Ram Gopal Varma
 
PDF
Committee-Skills-Handbook---MUNprep.org.pdf
SatvikAgarwal9
 
PDF
Planning the parliament of the future in greece – considerations for a data-d...
Dr. Fotios Fitsilis
 
PPTX
Présentation Bruit Verdun - juin 2025_TG_EN_Final.pptx
Pont Samuel-De Champlain Bridge
 
PPTX
To Live Is For Christ 06 29 2025.pptx
FamilyWorshipCenterD
 
PPTX
Melbourne_Keynote_June_19_2013_without_photos.pptx
BryInfanteRayos
 
PDF
Jotform Presentation Agents: Use Cases and Examples
Jotform
 
PDF
Jotform Presentation Agents: Features and Benefits
Jotform
 
PPTX
presentation on legal and regulatory action
raoharsh4122001
 
PDF
Model Project Report_36DR_G&P.pdf for investors understanding
MeetAgrawal23
 
PDF
From Draft to DSN - How to Get your Paper In [DSN 2025 Doctoral Forum Keynote]
vschiavoni
 
PDF
The Origin - A Simple Presentation on any project
RishabhDwivedi43
 
PPTX
Lesson 1-3(Learners' copy).pptxucspctopi
KrizeAnneCorneja
 
PPTX
Unit 1, 2 & 3 - Pharmacognosy - Defn_history_scope.pptx
bagewadivarsha2024
 
PDF
The Impact of Game Live Streaming on In-Game Purchases of Chinese Young Game ...
Shibaura Institute of Technology
 
Buy Verified Payoneer Accounts — The Ultimate Guide for 2025 (Rank #1 on Goog...
Buy Verified Cash App Accounts
 
Buy Verified Coinbase Accounts — The Ultimate Guide for 2025 (Rank #1 on Goog...
Buy Verified Cash App Accounts
 
Great-Books. Powerpoint presentation. files
tamayocrisgie
 
INTRO-TO-EMPOWERMENT-TECHNOLGY grade 11 lesson
ReyAcosta8
 
Performancesonore_sudouest_EN.pdf
Pont Samuel-De Champlain Bridge
 
How Digital Marketplaces are Empowering Emerging MedTech Brands
Ram Gopal Varma
 
Committee-Skills-Handbook---MUNprep.org.pdf
SatvikAgarwal9
 
Planning the parliament of the future in greece – considerations for a data-d...
Dr. Fotios Fitsilis
 
Présentation Bruit Verdun - juin 2025_TG_EN_Final.pptx
Pont Samuel-De Champlain Bridge
 
To Live Is For Christ 06 29 2025.pptx
FamilyWorshipCenterD
 
Melbourne_Keynote_June_19_2013_without_photos.pptx
BryInfanteRayos
 
Jotform Presentation Agents: Use Cases and Examples
Jotform
 
Jotform Presentation Agents: Features and Benefits
Jotform
 
presentation on legal and regulatory action
raoharsh4122001
 
Model Project Report_36DR_G&P.pdf for investors understanding
MeetAgrawal23
 
From Draft to DSN - How to Get your Paper In [DSN 2025 Doctoral Forum Keynote]
vschiavoni
 
The Origin - A Simple Presentation on any project
RishabhDwivedi43
 
Lesson 1-3(Learners' copy).pptxucspctopi
KrizeAnneCorneja
 
Unit 1, 2 & 3 - Pharmacognosy - Defn_history_scope.pptx
bagewadivarsha2024
 
The Impact of Game Live Streaming on In-Game Purchases of Chinese Young Game ...
Shibaura Institute of Technology
 
Ad

HTTP Request and Response Structure