TryHackMe: HTTP Web Fundamentals
How do we load websites?
Web browser → DNS request → DNS server returns the IP address of the website → Once the IP address is known, browser forwards a GET request to the web server → Web server then responds by returning the web page content.
- If the web page is loading extra resources like JavaScript, images or CSS files, they will be retrieved in separate GET requests.
- HTML defines the structure of the page and the content; CSS defines the looks of the page; JavaScript is a programming language that allows you to make pages interactive or load extra content.
Server Response Status Code
- 100–199: Information
- 200–299: Successes (200 OK is the “normal” response for a GET)
- 300–399: Redirects (the information you want is elsewhere)
- 400–499: Client errors (You did something wrong, like asking for something that doesn’t exist)
- 500–599: Server errors (The server tried, but something went wrong on their side)
What are cookies?
Cookies are used to keep track of your browsing session (who you are, what items you have in your shopping cart, what have you done on the website and etc.) and they are stored in your browser. But, remember, cookies are not shared between different browsers.
Cookies have a name, a value, an expiry date and a path. Server is the one who set the cookies using the “Set-Cookie” field in HTTP response header. Once the cookies are set, they will be sent by the browser with every HTTP request made to the server.
- Name: Identify the cookie
- Value: Where the data is stored
- Expiry date: When the browser will get rid of the cookies autonmatically
- Path: Determine what requests the cookie will be sent with
HTTP/2.0 200 OK
Content-Type: text/html
Set-Cookie: yummy_cookie=choco
Set-Cookie: tasty_cookie=strawberryWhen you log into a web application, you will be given a session token so that the web browser can identify you. Stealing someone else’s session token can then allow you to impersonate them.
One of the ways to manipulate cookies is by using browser’s developer tools.
Open dev tools with F12 → Go to storage tab and view the cookies → There’s also a “+” button for you to create your own cookies.
Mini CTF
There’s a web server running on http://10.10.31.112:8081. Connect to it and get the flags!
- GET request. Make a GET request to the web server with path /ctf/get
- POST request. Make a POST request with the body “flag_please” to /ctf/post
- Get a cookie. Make a GET request to /ctf/getcookie and check the cookie the server gives you
- Set a cookie. Set a cookie with name “flagpls” and value “flagpls” in your devtools (or with curl!) and make a GET request to /ctf/sendcookie
#1 What’s the GET flag.
curl http://10.10.31.112:8081/ctf/get#2 What’s the POST flag.
curl http://10.10.31.112:8081/ctf/post -X POST -d "flag_please"#3 What’s the “Get a cookie” flag.
curl http://10.10.31.112:8081/ctf/getcookie -c cookies.txt
cat cookies.txt#4 What’s the “Set a cookie” flag.
curl http://10.10.31.112:8081/ctf/snedcookie --cookie flagpls=flagpls