Web Hacking Fundamentals
Master the core concepts of web security and ethical hacking.
Duration
27h
Lessons
35
Students
1.2k
Rating
4.9
0% Completed
350 XP
Module 1
Professional Bug Hunter
Intermediate
Sign in to Access
Please sign in to access this content.
First time? You'll receive a verification code via email to sign in securely.
HTTP
10m
HyperText Transfer Protocol (HTTP)
The majority of modern web and mobile applications interact heavily with the internet. Most communications over the internet occur via web requests using the HTTP protocol. HTTP is a widely used application-level protocol for accessing resources on the World Wide Web. The term hypertext refers to text embedded with links that allow easy navigation to other resources.
HTTP communication follows a client-server model, where the client sends a request to the server for a specific resource, and the server processes this request and responds. By default, HTTP operates on port 80, though this can be configured to use alternative ports based on server setup. For instance, when visiting a website, users typically provide a Fully Qualified Domain Name (FQDN) as a Uniform Resource Locator (URL) to access the desired resource, such as www.lemonbooster.com.
URL
HTTP resources are accessed through URLs, which provide much more detail than just specifying a website. Below is an example of a URL structure:
Components of a URL
| Component | Example | Description |
|---|---|---|
| Scheme | http://, https:// | Identifies the protocol used (e.g., HTTP or HTTPS). It ends with ://. |
| User Info | admin:password@ | Optional. Specifies user credentials (username and password), separated by : and followed by @. |
| Host | lemonbooster.com | Indicates the resource location, which could be a hostname or an IP address. |
| Port | :80 | Optional. Defaults to port 80 for HTTP and port 443 for HTTPS if omitted. |
| Path | /dashboard.php | Points to the specific resource, such as a file or folder. If not specified, the server returns a default file like index.html. |
| Query String | ?key=value | Starts with ?, followed by parameters (e.g., key) and their values (e.g., value). Multiple parameters are separated by &. |
| Fragment | #section | Points to a specific section within the resource. Fragments are processed client-side by the browser. |
Not all components are required to access a resource. At a minimum, the scheme and host are essential to initiate an HTTP request.
HTTP Steps
- A user enters a URL, such as
lemonbooster.com, into their browser. - The browser queries a DNS server to resolve the domain name into an IP address.
- After resolution, the browser sends an HTTP GET request to the server on port 80, requesting the root path
/. - The server processes the request and responds with the resource and an HTTP status code (e.g.,
200 OK).
Note: Browsers first check the local /etc/hosts file for DNS records. If the domain is not found locally, they query external DNS servers.
cURL
In this module, we will use two tools for sending HTTP requests: web browsers (e.g., Chrome, Firefox) and cURL.
cURL is a command-line tool and library that supports HTTP and many other protocols. It is especially useful for automation and scripting. Below is an example of sending an HTTP request with cURL:
curl lemonbooster.com
Output:
<!DOCTYPE>
<html><head></head><body>...</body></html>
Unlike web browsers, cURL outputs raw HTML, CSS, or JavaScript, making it more suitable for analyzing request and response details.
Saving HTTP Responses with cURL
To save the response from a server to a file, use the -O option:
curl -O lemonbooster.com/index.html
This saves the file using its remote name (index.html). To specify a custom file name, use the -o option:
curl -o custom_name.html lemonbooster.com/index.html
Silent mode can be enabled using the -s flag to suppress progress messages:
curl -s -O lemonbooster.com/index.html
Additional cURL Options
To list available cURL options, use the -h flag:
curl -h
Example output:
Usage: curl [options...] <url>
-d, --data <data> HTTP POST data
-h, --help <category> Get help for commands
-o, --output <file> Write output to a specified file
-O, --remote-name Save output using the remote file name
-s, --silent Enable silent mode
-u, --user <user:password> Server user and password
-A, --user-agent <name> Send User-Agent <name> to server
For more detailed help, consult the cURL manual using the man curl command or --help all.
Questions
Question 1: Identifying Key Components
Task: In a URL like http://user:pass@lemonbooster.com:8080/path?query=value#fragment, what is the purpose of the path and query components? Explain their differences.
Question 2: Analyzing HTTP Requests
Task: Use cURL to send a GET request to http://lemonbooster.com. Save the response as output.html, but ensure no progress information is displayed in the terminal. Provide the exact cURL command.