HTTP Protocol

HTTP Requests

All HTTP messages (requests and responses) consist of one or
more headers, each on a separate line, followed by a mandatory blank line,
followed by an optional message body.

 

The first line of every HTTP request consists of three
items, separated by spaces:

 

  • A very
    indicated the HTTP method. The most commonly used method is GET, whose
    function is to retrieve a resource from the web server. GET requests do
    not have a message body, so there is no further data following the blank
    line after the message headers.

 

  • The
    requested URL. The URL functions as a name for the resource being
    requested, together with an optional query string containing parameters
    that the client is passing to that resource.

 

  • The
    HTTP version being used. The only HTTP versions in common use on the
    Internet are 1.0 and 1.1, and most browsers use version 1.1 by default.
    There are a few differences between the specifications of these two
    versions; however, the only difference you are likely to encounter when
    attacking web applications is that in version 1.1 the host request header
    is mandatory.

 

HTTP Responses

The first line of every HTTP response consists of three
items, separated by spaces:

 

  • The
    HTTP version being used.

 

  • A
    numeric status code indicating the result of the request. 200 is the most
    common status code; it means that the request was successful and the
    requested resource is being treturned.

 

  • A
    textual “reason phrase” further describing the status of the response.
    This can have any value and is not used for any purpose by current
    browsers.

 

HTTP Methods

The two main methods are GET and POST. There are others such
as the following:

 

  • HEAD –
    This functions in the same way as a GET request except that the server
    should not return a message body in its response. The server should return
    the same headers that it would have returned to the corresponding GET
    request. Hence, this method can be used for checking whether a resource is
    present before making a GET request for it.

 

  • TRACE
    – This method is designed for diagnostic purposes. The server should
    return in the response body the exact contents of the request message that
    it received. This can be used to detect the effect of any proxy servers
    between the client and server that may manipulate the request. It can also
    sometimes be used as part of an attack against other applications users.

 

  • OPTIONS
    – This method asks the server to report the HTTP methods that are
    available for a particular resource. The server will typically return a
    response containing an Allow header that lists the available methods.

 

  • PUT –
    This method attempts to upload the specified resource to the server, using
    the content contained in the body of the request. If this method is
    enabled, then you may be able to leverage it to attack the application;
    for example, by uploading an arbitrary script and executing this on the
    server.

 

[NOTE]

The correct technical term for a URL is actually URI (or
uniform resource identifier), but his term is really only used in formal
specifications.)

 

HTTP Headers

 

General Headers

 

  • Connection
    – This is used to inform the other end of the communication whether it
    should close the TCP connection after the HTTP transation has completed or
    keep it open for further messages.

 

  • Content
    Encoding – This is used to specify what kind of encoding is being used for
    the content contained in the message body, such as gzip, which is used by
    some applications to compress responses for faster transmission.

 

  • Content-Length
    – This is used to specify the length of the message body, in bytes (except
    in the case of responses to HEAD requests, when it indicates the length of
    the body in the response to the corresponding GET request).

 

  • Content-Type
    – This is used to specify the type of content contained in the message
    body; for example, text/html for HTML documents.

 

  • Transfer-Encoding
    – This is used to specify any encoding that was performed on the message
    body to facilitate its transfer over HTTP. It is normally used to specify
    chunked encoding when this is employed.

 

Request Headers

 

  • Accept
    – This is used to tell the server what kinds of content the client is
    willing to accept, such as image types, office document formats, and so
    on.

 

  • Accept-Encoding
    – This is used to tell the server what kinds of content encoding the
    client is willing to accept.

 

  • Authorization
    – This is used to submit credentials to the server for one of the built-in
    HTTP authentication types.

 

  • Cookie
    – This is used to submit cookies to the server which were previously
    issued by it.

 

  • Host –
    This is used to specify the hostname that appeared in the full URL being
    requested.

 

  • If-Modified-Since
    – This is used to specify the time at which the browser last received the
    requested resource. If the resource has not changed since that time, the
    server may instruct the client to use its cached copy, using a response
    with status code 304.

 

  • If-None-Match
    – This is used to specify an entity tag, which is an identifier denoting
    the contents of the message body. The browser submits the entity tag that
    the server issued with the requested resource when it was last received.
    The server can use the entity tag to determine whether the browser may use
    its cached copy of the resource.

 

  • Referer
    – This is used to specify the URL from which the current request
    originated.

 

  • User-Agent
    – This is used to provide information about the browser or other client
    software that generated the request.

 

Response Headers

 

  • Cache-Control
    – This is used to pass caching directives to the browser (for example,
    no-cache)

 

  • ETag –
    This is used to specify an entity tag. Clients can submit this identifier
    in future requests for the same resource in the If-None-Match header to
    notify the server which version of the resource the browser currently
    holds in its cache.

 

  • Expires
    – This is used to instruct the browser how long the contents of the message
    body are valid for. The browser may use the cached copy of this resource
    until this time.

 

  • Location
    – This is used in redirection responses (those with a status code starting
    with a 3) to specify the target of the redirect.

 

  • Pragma
    – This is used to pass caching directive to the browser (for example, no
    cache).

 

  • Server
    – This is used to provide information about the web server software being
    used.

 

  • Set-Cookie
    – This is used to issue cookies to the browser that it will submit back to
    the server in subsequent requests.

 

  • WWW-Authenticate
    – This is used in responses with a 401 status code to provide details of
    the type(s) of authentication supported by the server.

 

Cookies

 

  • The
    cookie mechanism enabled the server to send items of data to the client,
    which the client stores and resubmits back to the server.

 

  • Expires
    – Used to set a date until which the cookie is valid. This will cause the
    browser to save the cookie to persistent storage, and it will be reused in
    subsequent browser sessions until the expiration date is reached. If this
    attribute is not set, the cookie is used only in the current browser
    session.

 

  • Domain
    – Used to specify the domain for which the cookie is valid. This must be
    the same or a parent of the domain from which the cookie is received.

 

  • Path –
    Used to specify the URL path for which the cookie is valid.

 

  • Secure
    – If this attribute is set, the the cookie will only ever be submitted in
    the HTTPS requests.

 

  • HttpOnly
    – If this attribute is set, then the cookie cannot be directly accessed
    via client-side JavaScript, although not all browsers support this
    restriction.

 

Status Codes

Each HTTP response message must contain a status code in its
first line, indicating the result of the request. The status codes fall into
five groups, accoding to the first digit of the code.

 

1xx – Informational.

2xx – The request was successful.

3xx – The client is redirected to a different resource.

4xx – The request contains an error of some kind.

5xx – The server encountered an error fulfilling the
request.

 

Some of the common Status Codes you will encounter when
trying to hack a web application are as follows:

 

100 Continue – This response is sent in some circumstances
when a client submits a request containing a body. The response indicates that
the request headers were received and that the client should continue sending
the body. The server will then return a second response when the request has
been completed.

 

200 Ok – This indicates that the request was successful and
the response body contains the result of the request.

 

201 Created – This is returned in response to a PUT request
to indicate that the request was successful.

 

301 Moved Permanently – This redirects the browser
permanently to a different URL, which is specified in the Location header. The
client should use the new URL in the future rather than the original.

 

302 Found – This redirects the browser temporarily to a
different URL, which is specified in the Location header. The client should
revert to the original URL in subsequent requests.

 

304 Not Modified – This instructs the browser to use its
cached copy of the requested resource. The server uses the If-Modified-Since
and If-None-Match request headers to determine whether the client has the
latest version of the resource.

 

400 Bad Request – This indicates that the client submitted
an invalid HTTP request. You will probably encounter this when you have
modified a request in certain invalid ways, for example by placing a space
character into the URL.

 

401 Unauthorized – The server requires HTTP authentication
before the request will be granted. The WWW-Authenticate header contains
details of the type(s) of authentication supported.

 

403 Forbidden – This indicates that no one is allowed to
access the requested resource, regardless of authentication.

 

404 Not Found – This indicates that the requested resource
does not exist.

 

405 Method Not Allowed – This indicates that the method used
in the request is not supported for the specified URL. For example, you may
receive this status code if you attempt to use the PUT method where it is not
supported.

 

413 Request Entity Too Large – If you are probing for buffer
overflow vulnerabilities in native code, and so submitting long strings of
data, this indicates that the body of your request is too large for the server
to handle.

 

414 Request URI Too Long – Similar to the previous response,
this indicates that the URL used in the request is too large for the server to
handle.

 

500 Internal Server Error – This indicates that the server
encountered an error fulfilling the request. This normally occurs when you have
submitted unexpected input that caused an unhandled error somewhere within the
application’s processing. You should review the full contents of the server’s
response closely for any details indicating the nature of the error.

 

503 Service Unavailable – This normally indicates that,
although the web server itself Is functioning and able to respond to requests,
the application accessed via the server is not responding. You should verify
whether this is the result of any action that you have performed.

 

[NOTE]

SSL has now strictly been superseded by transport layer
security (TLS), but the latter is still normally referred to using the older
name.

 

HTTP Authentication

The HTTP protocol includes its own mechanisms for
authenticating users, using various authentication schemes, including:

 

Basic – This is a
very simple authentication mechanism that sends user credentials as a  Base64-encoded string in a request header
with each message.

 

NTLM - This is a
challenge-response mechanism and uses a version of the Windows NTLM protocol.

 

Digest - This is
a challenge-response mechanism and uses MD5 checksums of a nonce with the
user’s credentials.

 

 

 

Computer Hacking

So lately I have been getting back into computer security. I put Linux back on my laptop and installed some “security” software. I also am setting up another Linux test box to mess around with. I’m gonna put Snort and Nessus on it. I’m also setting up another box with windows. This will just be a dummy box to test exploits and whatever on.

I have been looking at a lot of books on security on Amazon. I’m currently debating on which books I should get. I’m really interested in Penetration testing. I want to be really good at testing networks security and finding ways into it. I am also looking at getting a few more certifications. I really don’t care about getting certifications, I just study harder when I’m gonna go take one. The certifications I’m looking at are not only for hacking/security though. I’m also looking at getting some Linux certifications. I really enjoy working from the command line. I don’t really care to much for the GUI (Graphical User Interface).

So… I’m gonna go look at some books right now on Amazon and hurry up and make a choice. On my next post I’ll let you know what books I decided on, and give updates on my certification progress.

Webmaster

So basically the whole Military decision has been going to shit. I wanted to be in the Army and that didn’t work out. I tried to get in the Marines and that didn’t work out. They told me that no Infantry slots will be open until October. So what it comes down to is, being color blind sucks.

Having being denied what I wanted to do Military wise, I have been doing a lot of thinking. I currently work as a webmaster. What is a webmaster? Basically I fix code, write code, and update code. I get to work with various programming languages such as PHP, ASP (VB.NET), and Perl. I also work on many websites and not just one. Seeing that I work on many sites and various programming languages, it tends to keep the job fun.

Do I like what I do? I most definitely like what I do. I don’t have to get up early and get to work by 8am like my last job. I usually show up between 10-11am. As long as I put in my 8 hours and are getting my assignments done, the company isn’t strict on when you come in. How are the people I work with? The people I work with are a lot of fun. We all talk through instant messangers and help each other out when needed. On Tuesdays and Thursdays we play ultimate frisbee for about an hour which is great. It’s a lot of fun and basically my only cardio for the week.

So what am I gonna do? I like what I’m doing now, and do enjoy coding a lot. I am deciding to put the Military on hold, and work hard at my current job. I have a bunch of PHP OOP (Object Oriented Programming) and Design books that I’m gonna start reading up on. I also have created a MT (Movable Type) website to practice with which is located at Tullyr.com.

html-code.jpg

Beer Pong With Jamerson

So last night I came out to the 626 to play some beer pong with my friend James. I met up with him at his friends house down in San Marino. We played a few games of pong against some of his friends, and won all of them. After hanging out down in San Marino we came back to his house.We set up the portable beer pong table again. We then played three games and I won all three. After playing pong, I ended up crashing out on his couch with his little dog. I’m not sure what I’m gonna do today. I might end up going back out to Marina Del Rey. For now, I think I’m gonna go visit my mom and probably get some food.

dog.jpg

Army Infantry Color Blind

So a week ago I took my ASVAB. I scored a 54 AFQT score. My GT score was 106 and my CO was 99. This was good enough for the Army Infantry. I wanted a GT of 110 or higher which is needed for Ranger and SF contracts. I could always take my ASVAB again tho after being regular infantry for awhile.

Yesterday I went down to MEPS (Military Entrance Processing Station) to take my Physical. It was definitely a experience. I met up with my recruiter at 4am in Pasadena. The first thing I did with my recruiter was take a drug test. I passed this test of course. After taking a piss test with my recruiter I headed down to the MEPS. My recruiter dropped me off and I entered the MEPS. Once in MEPS I started off taking the briefing in a room with a bunch of other people. This only lasted about 10 minutes. After the briefing room we were to go to the counsolors office for the respected branch you were entering. I went to the US Army office. They checked our papers and made sure we passed our pre-screening drug test with the recruiter.

After getting papers ready we proceeded down the hall to the physical area. The first thing we did down there was have a physical briefing and sign papers. When this finished, I started the physical. The physical consisted of hearing, vision, drug test, doctor exam, and group physical exam. I passed everything except the color vision test. I guess I’m colorblind… I can see every color but on color blind tests I fail. I’m not sure why this is. So basically, I found out I was red/green colorblind.

After finishing my physical I called my recruiter to pick me up. We discussed that I was color blind and 11B Infantry in the Army is not an option.Combat positions and computer positions in the Army require red/green color vision. This got me pretty upset because I really wanted to be Infantry. My recruiter explained� there is still other jobs in the Army that I could get but he wasn’t sure what they were yet. He is gonna look up what jobs are available to me and get back to me. Once I got back home I started doing some of my own research.

After doing some research online, I found out that you can be colorblind as a Infantryman in the Marine Corps. I confirmed this by calling a recruiter in Culver City. This opened up my eyes to joining the Marine Corps. I had looked at the Marines before I started working with the Army. The reason I had choose the Army over the Marines at first was the Army had more options for someone with a degree.� I have set up a appointment with a marine recruiter today. I’m going to hear more about what my options could be in the Marines. I really want to be Infantry because that seems like the best for me.

usmc.jpg

Royal T Cafe

So today was Tans (CO -Worker) going away lunch. We all went to a new place in Culver City called Royal T. When I first walked in the place I felt like I was walking into a warehouse. There was a lot of space and japanese art everywhere. The waitresses there dress pretty hot. I was dissapointed there was only two waitresses tho. On the website there is pictures with like 10 waitresses. Anyways, the food was pretty good and the service was great. In the back there is a big IPOD that you can go inside. When you go inside there is a plugin for your IPOD and disco lights. I thought that it was pretty tight.

Fun with the Royal T IPOD!

royal-t-ipod.jpg
royal-t-partying.jpg

royal-t-ipod-fun.jpg

Tully’s On Twitter

So I added my new cell phone number to my twitter account so I can start giving updates. If you haven’t used twitter before, it’s basically just a quick 1 to 2 sentence updates of what your doing. So now when I’m doing something like going to MEPS or whatever, I can just text my twitter accounts with “On my way to MEPS”. In order to be able to see my twitter updates you must have an account and request to follow me. Once I get your request I’ll accept and you’ll be able to see my updates. I more or less made this so my family can see what I’ve been getting into from time to time. You can click on the link below the image to get to my twitter account or from the contact page.

twitter.jpg

http://twitter.com/tullyrankin

White Power!

So today was a pretty tiring day. I’ve been caffeinated off loads of Mt.Dew which is probably the only way I’ve been able to stay awake and focused. I started off my day by getting up around 10am. I know that’s not very early, but I didn’t end up sleeping til at least 4 or 5am. So after getting out of bed and taking a quick shower, I popped a caffeine pill and started drinking my first Mt.Dew of the day.
After arriving at work, I found out that a database that was being imported last night did not go through. Only half of the tables in the database were present. I found out later that the database dump I took from my local dev box was bad. My devel box ran out of space when doing the dump so I had only taken half of what was needed. I spent a majority of the day deleting entries and various text from the sql dump. I did this to make it smaller. After doing this for awhile I was able to get the dump to a smaller size. I then SCP(Secure Copied) it over from my dev box to staging. I imported it into the staging DB and all went good.
After work I had Spanish class. I was late to class tonight. This was because I didn’t end up getting to work as early I anticipated. During class the professor handed back our graded quizzes and homework. I definitely figured out tonight that I need to do a lot more studying. Class ended around 10pm and I drove home.
Once arriving at my apartment, I made myself some food, checked my email/myspace/facebook, and watched Army Infantry videos on YouTube. I then took a shower and started watching band of brothers. I just finished watching episode 3 right now. I’m gonna finish this entry by leaving you with a video I came across on youtube. I thought this was pretty funny.



Band Of Brothers

So I downloaded Band Of Brothers the HBO series this last weekend. I finally got around to putting the series on a DVD tonight. The first episode is about to end right now. The 101st airborne is on there way to make there jump into Germany. This series is definitely my favorite of all the war movies that I have seen. I have seen this full series from start to finish at least 6 times.

Another series that I like is Generation Kill. Generation Kill is about a Marine Recon unit in Iraq. It’s kind of like the Band Of Brothers series but in Iraq. It’s another series that has been produced by HBO. I’ve seen the Generation Kill series about 5 times from start to finish. I also tend to put it on random episodes from time to time.

Anyways, I’m about to start the second episode of Band Of Brothers right now. It’s gonna start with the 101st airborne unit jumping into enemy fire. Just seeing what the paratroopers went through during the war is pretty crazy. Movies/Series like these make me have more and more respect for anyone that is or has served in a combat position in the Military.

I’m so hyped up right now on caffeine I think I’m gonna get through a lot of the series this morning. I’ve had about 8 Mountain Dews today and 2 pills that have caffeine in them. I actually have to get up earlier tomorrow tho because I have to make it to my Spanish class at night. I’m currently taking Spanish 101 at Santa Monica City College. I’m starting to fall behind tho because of side interests that I have been starting to do a lot. Well I’m gonna pay attention to the movie now!!

Web Programming

So basically I’ve been doing a lot of web programming outside of work recently. One site I have been working on a lot is Tullyr.com. This is basically a site full of Videos of only me and my friends. It’s using the MovableType content management system that has been working very well. Aside from Tullyr.com I have also been working on a new site called CrazyTijuana.com. This is a website for my friend Olivers book that he will be publishing in the near future. Crazy Tijuana is also running under the MovableType CMS and has been working like a charm.

Lately I have also been trying to work on SEOing my sites better in google. SEO(Search Engine Optimization) is techniques of getting your website indexed better in google. I have been working pretty hard on the architecture, keywords, and meta descriptions for Tullyr.com. I have already got a lot of good keyword phrases linked in Google. This is pretty good because my site is new and most of the pages are not even indexed yet.