Hello everybody and welcome back.
In the previous lecture we discussed what was an HTTP request and right now we will discuss what an HTTP response is.
If you find anything helpful in this post or funny, will you please leave a like because you will feel great helping other people find it?
So as I said, they are very similar. The response is basically what the server sends back to us. For example, when we send an HTTP request with the GET and then the name of some page we basically want the server to send us that page back.
So it will send us the HTTP response with the HTML code of that server and that’s how we load the pages.
So let us see the basic structure of the HTTP response. Here I have a picture.
As we can see right here the upper part is the header of the HTTP response.
As I said, the HTTP response is consisted of two things which is the header and the body. In the header, we get these information about the server and in the body we basically get the content or the web site HTML code which is basically just the page itself.
So the HTTP response starts with the protocol which is current version 1.1 and then the status code. The status code basically represents the 200 right here. As we can see, it represents that the operation was successfully done.
Now, you can also have some of the other codes right here. For example, if the number starts with four that means that you have a certain error in a request. If the number starts for example, with five, there is an error. But this is not an error on the client-side. This is an error on the server side.
So the 400 and then some number is the error in the request side or on the client side and the 500 and then some number is the error on the server side.
Also as I said, 200 means that operation was successfully done and the 300 means redirection of the website.
So for example you try to visit some of the website and it redirects you to another website that will be specified with the status code of 300 and something.
Now, there are some of the things that we need to remember. The date doesn’t really matter to us that much. The server is basically important since it gives us the version and type of the server itself. As it says right here it is Apache 2.0.63 Unix and it is useful for us attackers, because we basically get the version of the server and we can usually just paste in Google and try to find any specific vulnerabilities for that version.
So today some of the websites even leave out the server version in the HTTP response just because it is so valuable to the attackers. But most of them still have it so we will be using this option as well in order to try to find and gather some of the other vulnerabilities for that specific version of the server.
The next thing we are interested in is a thing that isn’t really specified in this HTTP response, but it’s basically a set/set-cookie option. It is the server that is setting a cookie value for ourselves. So it is basically sending a cookie value that it assigns to my machine in order to track my session. So it is also an important thing.
Here you can see that the header and the body response is divided by this blank line.
So you don’t need to remember it like that. You can basically just remember it as in the content or in the body of the response. It will be an HTML code which is easy to recognize with these arrows. It basically always begins with these arrows and closes with these same arrows.
So you will easily know what the HTML code is. Now, that is some of the things that you need to know from the HTTP response. But before we continue, there is another thing that I want you to know which is the HTTP methods available.
Now, we covered one method already in our first HTTP request video. We covered the GET method.
So basically when I type google.com or let’s say facebook.com I send an HTTP request with the GET method. Which basically just requested from the server this page.
Now, there are a few other methods for example POST, head, trace, boot, delete options. Those are all a bunch of the methods that you can send to the server. The most important for us would be the GET method which we already covered which is just requesting the website and the POST method.
Now, the POST method is basically us sending some of the information to the server.
Now, you might be asking, what kind of information do we want to send? Well a simple example would be us sending a username and password. It is done with the POST method.
So we opened the request header and here we can see the GET method.
Now, instead of the GET, if we did a post request it would be POST instead of GET.
So basically just P-O-S-T. So, the POST request would be if we for example on email type here anything and pressed here ‘Log in’.
This is us sending a POST request. Now, I will explain it a little bit further once we get to the Burp Suite configuration since it can be a little bit difficult to configure first time. So I will lead you through that process but let me just show you how you can scan with the things that we did learn already the available HTTP methods on a certain website.
So for example, you want to scan a website and see if there is a POST method available, head method available, delete method available or any other method. You can do that with a simple Nmap script. So we already covered Nmap before so let us just go into our scripts folder which is under this path right here usr/share/nmap then scripts.
What we want to find is the HTTP method script. So let me just type here ls in order to list the methods try to grep the HTTP.
As we can see there is a lot of them.
So let me just type here ls grep and then method, maybe it lists less options.
As we can see there it is and this is the script that we want which is http – methods.nse.
So in order to run that onto our OWASP virtual machine that I showed how to install before, the IP address is .1.9, so we just write here Nmap and then – – script and then = and now we will copy the script name, paste it and then we will specify the ports that it should scan.
So it shouldn’t really scan all of the ports. It isn’t necessary. We know that the HTTP ports and HTTPS ports are 80 and 443. Now, we will also add the port 8080 since it can be relatively commonly used as an alternative port to 80. So let us just type here – p for the ports and type here 80 which is the HTTP port, 443 which is the port for HTTPS, and port 8080. And now at the end, we want to specify our IP address of the target so it is .1.9.
Now, let this run. I’m not really sure how long it should take. It should finish relatively fast. Here we go, and we can see that it gives us the output port 80 TCP open HTTP and available HTTP methods.
We can see right here supported methods GET, head, POST, options and trace. These are some of the HTTP methods and potentially risky method is trace.
So we can see that with this Nmap script we can gather the available methods for any website with the specified port. Now, in order for us to view the packets that are going to the website and back we need to use a proxy.
And for that proxy we will use Burp Suite which will let us see all of our packets that we are sending and which will let us change them and also it is used for some of the attacks such as a simple brute force onto the website, the session hijacking and bunch of other attacks.
Now, the process of making the Burp Suite as your proxy can be a little tricky so I will show you how to do that in the next video.
Until then I hope you’re having a great day and take care.
Final Words From Jerry Banfield
Thank you very much for finishing this entire video. We are honored you’ve spent this time here. We’ve got a complete course I imagine you will love and enjoy named Master Ethical Hacking in 2019.
Already it’s got six different ethical hacking courses in it we imagine you will love and enjoy from several different instructors showing you the very best of ethical hacking.
You can get this forever bundle meaning when you buy it today, you get all the rest of the courses added for life. I intend to add at least 20 courses to this bundle over its lifetime, new courses every year.
This course in particular is Master Ethical Hacking in 2019. You just watched a video from it for free which we’ve given you to both sell you the course and to give you a part of the course that we hope is helpful for whatever you are doing.
When you buy the course, you also get to have answers to questions from ethical hackers that can help you with anything from the basics into the advanced challenges you run into.
I find as a student answers to questions from an instructor are the very most valuable part of a course. You get two different places, a Facebook group and a Discord Server to get answers to your questions.
Thank you very much for being here with us, we trust if you look around in the description on this video, you might even find resources that are more helpful to you than just buying the course by itself.
There may even be some specials and some deals in the descriptions you might really appreciate.
Thank you very much for watching this video. I’m Jerry Banfield, the founder of Uthena.
Our purpose is to give you the very best professional education possible on the most in-demand subjects both on Uthena and on YouTube.
We love you.
Thanks for watching this and I imagine I’ll see you again soon especially if you subscribe then you will be able to see more of these videos easy.
Would You Like to Listen to My Music?
Just when you thought, “Oh, my god this dude can’t have anything else.” Yes, I’ve got music. Will you please try listening to a few of my songs, because I love them and listen to my own music as much as I listen to anyone else’s.
Here, I’ll give you a little taste right now. My favorite three songs are ‘Jack’s Dance,’ ‘Half Interesting,’ and ‘Baby On Chest Hair’.
I’ve got three albums and all these are from my ‘0=1. I’ll play a little bit of them for you right now.