The HTTP Protocol: GET /test.html - web 0x01

LiveOverflow · Beginner ·🌐 Frontend Engineering ·9y ago

Key Takeaways

The video demonstrates how to perform an HTTP GET request by hand and understand how a web server works, using tools like PHP, netcat, and browser developer tools. It covers the basics of the HTTP protocol, including HTTP methods, headers, and status codes, as well as the underlying TCP protocol.

Full Transcript

[Music] in the last video we looked at what HTML CSS and JavaScript is and how the browser uses that to rendom display a web page in this video we will now talk about how the HTML code gets to your browser in the first place so we will learn about the URLs and the HTTP protocol let's start by running a simple web server on our local machine depending on what kind of language you want to use for development there are different options for running a production or development server for example if you want to write PHP code there are all projects like xampp that sets up an Apache with a database and PHP enabled for development purposes or if you want to write a python web app in flask it will come with its built-in debug web server but let's start last video we wrote a very simple HTML page and open it in the browser from our local file system now let's try to serf this HTML page via HTTP from a web server instead recent versions of PHP as well as python have cool features to run a simple HTTP server so a server is just a program that gives you a file if you ask for them let's start a simple server with PHP if you don't have PHP installed yet install it with aptg install PHP 5 CLI on Ubuntu or whatever matches your operating system then write PHP minus capital S followed by an IP address and a port where to listen from in this case we only want to listen on one 27001 which is a special IP referencing Local Host meaning this IP points at your own computer and then Port 880 Port 80 is the default port for webs ites because people on the internet agreed on that but generally you can run a server on any port you like a port is just a number inside of a TCP packet so when the network card and your operating system receives a TCP packet meaning it's just a bunch of bites it will look at the port number inside that packet and then it will check in a table if a program is listening meaning if it's waiting for a packet on that particular port then the operating system will give the content of that packet to that program and we registered PHP to listen on port 8080 so now let's open this in the browser we want to load a site via HTTP whatever that means then the IP address which is Local Host and pointing to this local machine um and the port 880 hm not found the requested resource slash is not found found let's look at the terminal we can see here that on that day this IP address tried to access slash but there is no such file when we start the server it displayed to us that the document route is here and we know we have the test HTML file in here so let's try to access test.html cool that worked and in the terminal we can see that this IP performed another request test this time to test.html we can also see that we apparently tried to access favicon.ico we didn't type that in the browser well see see those tiny icons for websites you visit well those are favicons and people on the internet agreed that file is supposed to be called favicon.ico by default so the browser is checking if you have such a file so that it can display a neat icon for you now let's open the browser developer tools again and go to the network tab then we reload this page here you can see now all the requests the browser is doing to display this page in this case it's just two simple requests to test.html and the image but if you do the same for example on Reddit this is going nuts it's loading so many resources so let's look at that test.html request so first of all it accessed the file with the name test HTML and the status return code was 200 this means everything went fine for example earlier we saw the arrow status code 404 which stands for not found there's a huge list on what certain status code numbers mean now let's click on it let's first check the response tab this is what the server returned to us after we asked if we can get the file test.html that's just the content of the file we requested but how did we actually ask this server to give us test.html let's do an HTTP request by hand we use a simple tool called netcat for that netcat is a simple Unix utility which reads and writes data across network connections using TCP or UDP but why would that help us with the HTTP protocol well HTTP is spilled on top of TCP the TCP layer is responsible for the ports and TCP sits on top of the IP layer which handles the IP addresses IP addresses identify the receiving computer in a network and the ports are used by the operating system to decide to which application it should forward the content of the packet so the web Ser will handle the content of that packet and the content will follow a special format which is HTTP so this means we can use netkat to send a TCP p packet to the web server with any payload we want and we can decide that we want to talk HTTP now let's request the test. htme page first we open our connection to the IP and port and when we type something that text will be sent as a TCP payload to the web server to request test.html we have to do the following we start with the HTTP method get so we tell the server that you want to get a resource followed by a space and then the resource path in this case SL test.html now some Webers want to follow the HTP protocol more strictly but in this case this is already enough to finish up this request we have to indicate that with an empty line and we get immediately a response back from the server so it responded to us with code 200 everything is okay and there are some value pairs called HTTP headers for example informing us that the request resource has the content type text HTML and how long the content will be followed by an empty line and the content of the resource now if we were a browser we would read that content type and we would know we have HTML and then take the file content and render that in a window so HTTP is literally just human readable plain text that is sent between your browser and the web server and yes that makes it super inefficient why not use binary but that makes it super easy for us to understand now let's go back to the developer console and check the first tab of the request the headers here you can see the response headers from the server again those key value pairs before the content of the file but you can also see request headers so the browser also added some key value pairs to the HTT P request and did not only send this one line we did we can also see this if we quit our web server and use netcat instead to listen on that Port so we can see the content of the TCP packet and now when we refresh the page the browser will send the HTTP request again to this IP and Port but this time netkit will display us what was received we just want to see a full proper HTTP request from the browser and here it is you can see it's a bit longer than what we sent the first time for example it sent a user agent with chrome so the web server knows that uh web browser Chrome is requesting the file and can act accordingly for example if the user agent were phone it might want to send a special mobile version of the file instead it also sent an accept header telling the web server what kind of content types it can work with or what language the user prefers oh and with netkit we can also send back a response so we can just sent here some text not including any HTTP header the browser will make sense of it so HTTP is super easy right a browser simply creates a connection to a server which is another program that has a purpose of providing files when requested and the browser can ask for files or Resources by using this plain text human readable HTTP format and the server will respond with the content of the requested file in the next video we will write a little bit of shitty PHP code which can be used to dynamically create files that are returned by the web server instead of only serving static files from the file system and after we got that knowledge we can then soon head slowly into security related topics [Music]

Original Description

We perform a HTTP GET Requesy by hand and learn how a webserver works. -=[ 🔴 Stuff I use ]=- → Microphone:* https://geni.us/ntg3b → Graphics tablet:* https://geni.us/wacom-intuos → Camera#1 for streaming:* https://geni.us/sony-camera → Lens for streaming:* https://geni.us/sony-lense → Connect Camera#1 to PC:* https://geni.us/cam-link → Keyboard:* https://geni.us/mech-keyboard → Old Microphone:* https://geni.us/mic-at2020usb US Store Front:* https://www.amazon.com/shop/liveoverflow -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #WebSecurity
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from LiveOverflow · LiveOverflow · 28 of 60

1 LiveOverflow - Trailer
LiveOverflow - Trailer
LiveOverflow
2 Introduction to Linux - Installation and the Terminal - bin 0x01
Introduction to Linux - Installation and the Terminal - bin 0x01
LiveOverflow
3 Writing a simple Program in C
Writing a simple Program in C
LiveOverflow
4 Writing a simple Program in Python - bin 0x03
Writing a simple Program in Python - bin 0x03
LiveOverflow
5 Live Hacking - Twitch Recording overthewire.org - Vortex 0x01-0x03 (3h)
Live Hacking - Twitch Recording overthewire.org - Vortex 0x01-0x03 (3h)
LiveOverflow
6 Reversing and Cracking first simple Program - bin 0x05
Reversing and Cracking first simple Program - bin 0x05
LiveOverflow
7 Abusing the exception handler to leak flag - 32C3CTF readme (pwnable 200)
Abusing the exception handler to leak flag - 32C3CTF readme (pwnable 200)
LiveOverflow
8 ROP with a very small stack - 32C3CTF teufel (pwnable 200)
ROP with a very small stack - 32C3CTF teufel (pwnable 200)
LiveOverflow
9 Uncrackable Programs? Key validation with Algorithm and creating a Keygen - Part 1/2 - bin 0x07
Uncrackable Programs? Key validation with Algorithm and creating a Keygen - Part 1/2 - bin 0x07
LiveOverflow
10 Uncrackable Program? Finding a Parser Differential in loading ELF - Part 2/2 - bin 0x08
Uncrackable Program? Finding a Parser Differential in loading ELF - Part 2/2 - bin 0x08
LiveOverflow
11 Syscalls, Kernel vs. User Mode and Linux Kernel Source Code - bin 0x09
Syscalls, Kernel vs. User Mode and Linux Kernel Source Code - bin 0x09
LiveOverflow
12 Smashing the Stack for Fun and Profit - setuid, ssh and exploit.education - bin 0x0B
Smashing the Stack for Fun and Profit - setuid, ssh and exploit.education - bin 0x0B
LiveOverflow
13 Live Hacking - EFF-CTF 2016 - Level 0-4 (Enigma Conference)
Live Hacking - EFF-CTF 2016 - Level 0-4 (Enigma Conference)
LiveOverflow
14 First Stack Buffer Overflow to modify Variable - bin 0x0C
First Stack Buffer Overflow to modify Variable - bin 0x0C
LiveOverflow
15 First Exploit! Buffer Overflow with Shellcode - bin 0x0E
First Exploit! Buffer Overflow with Shellcode - bin 0x0E
LiveOverflow
16 Buffer Overflows can Redirect Program Execution - bin 0x0D
Buffer Overflows can Redirect Program Execution - bin 0x0D
LiveOverflow
17 Doing ret2libc with a Buffer Overflow because of restricted return pointer - bin 0x0F
Doing ret2libc with a Buffer Overflow because of restricted return pointer - bin 0x0F
LiveOverflow
18 Reverse engineering C programs (64bit vs 32bit) - bin 0x10
Reverse engineering C programs (64bit vs 32bit) - bin 0x10
LiveOverflow
19 pwnable.kr - Levels: fd, collision, bof, flag
pwnable.kr - Levels: fd, collision, bof, flag
LiveOverflow
20 Reverse Engineering and identifying Bugs - BKPCTF cookbook (pwn 6) part 1
Reverse Engineering and identifying Bugs - BKPCTF cookbook (pwn 6) part 1
LiveOverflow
21 Leaking Heap and Libc address - BKPCTF cookbook (pwn 6) part 2
Leaking Heap and Libc address - BKPCTF cookbook (pwn 6) part 2
LiveOverflow
22 Arbitrary write with House of Force (heap exploit) - BKPCTF cookbook (pwn 6) part 3
Arbitrary write with House of Force (heap exploit) - BKPCTF cookbook (pwn 6) part 3
LiveOverflow
23 Live Hacking - Internetwache CTF 2016 - web50, web60, web80
Live Hacking - Internetwache CTF 2016 - web50, web60, web80
LiveOverflow
24 Live Hacking - Internetwache CTF 2016 - crypto60, crypto70, crypto90
Live Hacking - Internetwache CTF 2016 - crypto60, crypto70, crypto90
LiveOverflow
25 A simple Format String exploit example - bin 0x11
A simple Format String exploit example - bin 0x11
LiveOverflow
26 NEW VIDEOS ARE COMING - loopback 0x00
NEW VIDEOS ARE COMING - loopback 0x00
LiveOverflow
27 HTML + CSS + JavaScript introduction - web 0x00
HTML + CSS + JavaScript introduction - web 0x00
LiveOverflow
The HTTP Protocol: GET /test.html - web 0x01
The HTTP Protocol: GET /test.html - web 0x01
LiveOverflow
29 Building Poor Man's Logic Analyzer with an Arduino - Reverse Engineering A/C Remote part 1
Building Poor Man's Logic Analyzer with an Arduino - Reverse Engineering A/C Remote part 1
LiveOverflow
30 What is PHP and why is XSS so common there? - web 0x02
What is PHP and why is XSS so common there? - web 0x02
LiveOverflow
31 Introducing the AngularJS Javascript Framework - XSS with AngularJS 0x00
Introducing the AngularJS Javascript Framework - XSS with AngularJS 0x00
LiveOverflow
32 Sandbox Bypass in Version 1.0.8 - XSS with AngularJS 0x1
Sandbox Bypass in Version 1.0.8 - XSS with AngularJS 0x1
LiveOverflow
33 Capturing & Analyzing Packets with Saleae Logic Pro 8 - Reverse Engineering A/C Remote part 2
Capturing & Analyzing Packets with Saleae Logic Pro 8 - Reverse Engineering A/C Remote part 2
LiveOverflow
34 XSS Contexts and some Chrome XSS Auditor tricks - web 0x03
XSS Contexts and some Chrome XSS Auditor tricks - web 0x03
LiveOverflow
35 Previous Bypass is now fixed in version 1.4.7 - XSS with AngularJS 0x2
Previous Bypass is now fixed in version 1.4.7 - XSS with AngularJS 0x2
LiveOverflow
36 New Sandbox Bypass in 1.4.7 - XSS with AngularJS 0x3
New Sandbox Bypass in 1.4.7 - XSS with AngularJS 0x3
LiveOverflow
37 The Heap: what does malloc() do? - bin 0x14
The Heap: what does malloc() do? - bin 0x14
LiveOverflow
38 The Heap: How to exploit a Heap Overflow - bin 0x15
The Heap: How to exploit a Heap Overflow - bin 0x15
LiveOverflow
39 Reverse Engineering with Binary Ninja and gdb a key checking algorithm - TUMCTF 2016 Zwiebel part 1
Reverse Engineering with Binary Ninja and gdb a key checking algorithm - TUMCTF 2016 Zwiebel part 1
LiveOverflow
40 Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
LiveOverflow
41 Live Hacking - Internetwache CTF 2016 - exp50, exp70, exp80
Live Hacking - Internetwache CTF 2016 - exp50, exp70, exp80
LiveOverflow
42 Sandbox bypass for the latest AngularJS version 1.5.8 - XSS with AngularJS 0x4
Sandbox bypass for the latest AngularJS version 1.5.8 - XSS with AngularJS 0x4
LiveOverflow
43 Channel is growing and Riscure hardware CTF starting soon - loopback 0x01
Channel is growing and Riscure hardware CTF starting soon - loopback 0x01
LiveOverflow
44 Explaining Dirty COW local root exploit - CVE-2016-5195
Explaining Dirty COW local root exploit - CVE-2016-5195
LiveOverflow
45 What is CTF? An introduction to security Capture The Flag competitions
What is CTF? An introduction to security Capture The Flag competitions
LiveOverflow
46 The Heap: How do use-after-free exploits work? - bin 0x16
The Heap: How do use-after-free exploits work? - bin 0x16
LiveOverflow
47 The Browser is a very Confused Deputy - web 0x05
The Browser is a very Confused Deputy - web 0x05
LiveOverflow
48 The Heap: Once upon a free() - bin 0x17
The Heap: Once upon a free() - bin 0x17
LiveOverflow
49 Simple reversing challenge and gaming the system - BruCON CTF part 1
Simple reversing challenge and gaming the system - BruCON CTF part 1
LiveOverflow
50 int0x80 from DualCore lent me his lockpicking set and I'm a horse - BruCON CTF part 2
int0x80 from DualCore lent me his lockpicking set and I'm a horse - BruCON CTF part 2
LiveOverflow
51 The Heap: dlmalloc unlink() exploit - bin 0x18
The Heap: dlmalloc unlink() exploit - bin 0x18
LiveOverflow
52 MD5 Length Extension and Blind SQL Injection - BruCON CTF part 3
MD5 Length Extension and Blind SQL Injection - BruCON CTF part 3
LiveOverflow
53 TCP Protocol introduction - bin 0x1A
TCP Protocol introduction - bin 0x1A
LiveOverflow
54 Socket programming in python and Integer Overflow - bin 0x1B
Socket programming in python and Integer Overflow - bin 0x1B
LiveOverflow
55 Linux signals and core dumps - bin 0x1C
Linux signals and core dumps - bin 0x1C
LiveOverflow
56 [Live] Remote oldschool dlmalloc Heap exploit - bin 0x1F
[Live] Remote oldschool dlmalloc Heap exploit - bin 0x1F
LiveOverflow
57 Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
LiveOverflow
58 Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195
Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195
LiveOverflow
59 How to learn hacking? ft. Rubber Ducky
How to learn hacking? ft. Rubber Ducky
LiveOverflow
60 Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)
Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)
LiveOverflow

This video teaches the basics of the HTTP protocol, including how to perform an HTTP GET request by hand, and how web servers work. It covers the underlying TCP protocol and demonstrates how to use tools like netcat and PHP to send HTTP requests. By watching this video, viewers can gain a deeper understanding of how the web works and learn practical skills for web development.

Key Takeaways
  1. Run a simple HTTP server with PHP on port 8080
  2. Access a local HTML file via HTTP using the browser
  3. View browser developer tools to see network requests
  4. Start with the HTTP method get
  5. Followed by a space and then the resource path
  6. Indicate that with an empty line
  7. Send a TCP packet to the web server with any payload we want
  8. Use a tool like netcat to send a TCP packet to the web server
💡 The HTTP protocol is a plain text, human-readable protocol that is easy to use and understand, but also super inefficient.

Related AI Lessons

Up next
The masks we wear | Zora Krstić | TEDxLuxembourgCity
TEDx Talks
Watch →