LemonBooster
CareersCourses
    Web Hacking Fundamentals

    Web Hacking Fundamentals

    Master the core concepts of web security and ethical hacking.

    Duration

    27h

    Lessons

    35

    Students

    1.2k

    Rating

    4.9

    0% Completed
    350 XP
    Module 1
    Professional Bug Hunter
    Intermediate
    Course Content
    0 of 35 lessons completed0%

    Understanding Web Protocols

    9h

    Exploring Attacks in Web Applications

    13h

    Using Web Proxies

    6h

    Sign in to Access

    Please sign in to access this content.
    First time? You'll receive a verification code via email to sign in securely.

    HTTP

    10m

    HyperText Transfer Protocol (HTTP)

    The majority of modern web and mobile applications interact heavily with the internet. Most communications over the internet occur via web requests using the HTTP protocol. HTTP is a widely used application-level protocol for accessing resources on the World Wide Web. The term hypertext refers to text embedded with links that allow easy navigation to other resources.

    HTTP communication follows a client-server model, where the client sends a request to the server for a specific resource, and the server processes this request and responds. By default, HTTP operates on port 80, though this can be configured to use alternative ports based on server setup. For instance, when visiting a website, users typically provide a Fully Qualified Domain Name (FQDN) as a Uniform Resource Locator (URL) to access the desired resource, such as www.lemonbooster.com.


    URL

    HTTP resources are accessed through URLs, which provide much more detail than just specifying a website. Below is an example of a URL structure:

    http url format

    Components of a URL

    ComponentExampleDescription
    Schemehttp://, https://Identifies the protocol used (e.g., HTTP or HTTPS). It ends with ://.
    User Infoadmin:password@Optional. Specifies user credentials (username and password), separated by : and followed by @.
    Hostlemonbooster.comIndicates the resource location, which could be a hostname or an IP address.
    Port:80Optional. Defaults to port 80 for HTTP and port 443 for HTTPS if omitted.
    Path/dashboard.phpPoints to the specific resource, such as a file or folder. If not specified, the server returns a default file like index.html.
    Query String?key=valueStarts with ?, followed by parameters (e.g., key) and their values (e.g., value). Multiple parameters are separated by &.
    Fragment#sectionPoints to a specific section within the resource. Fragments are processed client-side by the browser.

    Not all components are required to access a resource. At a minimum, the scheme and host are essential to initiate an HTTP request.


    HTTP Steps

    1. A user enters a URL, such as lemonbooster.com, into their browser.
    2. The browser queries a DNS server to resolve the domain name into an IP address.
    3. After resolution, the browser sends an HTTP GET request to the server on port 80, requesting the root path /.
    4. The server processes the request and responds with the resource and an HTTP status code (e.g., 200 OK).

    Note: Browsers first check the local /etc/hosts file for DNS records. If the domain is not found locally, they query external DNS servers.


    cURL

    In this module, we will use two tools for sending HTTP requests: web browsers (e.g., Chrome, Firefox) and cURL.

    cURL is a command-line tool and library that supports HTTP and many other protocols. It is especially useful for automation and scripting. Below is an example of sending an HTTP request with cURL:

    curl lemonbooster.com

    Output:

    <!DOCTYPE>
    <html><head></head><body>...</body></html>
    

    Unlike web browsers, cURL outputs raw HTML, CSS, or JavaScript, making it more suitable for analyzing request and response details.

    Saving HTTP Responses with cURL

    To save the response from a server to a file, use the -O option:

    curl -O lemonbooster.com/index.html

    This saves the file using its remote name (index.html). To specify a custom file name, use the -o option:

    curl -o custom_name.html lemonbooster.com/index.html

    Silent mode can be enabled using the -s flag to suppress progress messages:

    curl -s -O lemonbooster.com/index.html

    Additional cURL Options

    To list available cURL options, use the -h flag:

    curl -h

    Example output:

    Usage: curl [options...] <url>
     -d, --data <data>   HTTP POST data
     -h, --help <category> Get help for commands
     -o, --output <file> Write output to a specified file
     -O, --remote-name   Save output using the remote file name
     -s, --silent        Enable silent mode
     -u, --user <user:password> Server user and password
     -A, --user-agent <name> Send User-Agent <name> to server
    

    For more detailed help, consult the cURL manual using the man curl command or --help all.


    Questions

    Question 1: Identifying Key Components

    Task: In a URL like http://user:pass@lemonbooster.com:8080/path?query=value#fragment, what is the purpose of the path and query components? Explain their differences.


    Question 2: Analyzing HTTP Requests

    Task: Use cURL to send a GET request to http://lemonbooster.com. Save the response as output.html, but ensure no progress information is displayed in the terminal. Provide the exact cURL command.