The Hypertext Transfer Protocol (HTTP) is the how computers on the World Wide Web communicate with each other. It is used by all of today’s websites. Although it is not constrained to using TCP/IP, the Internet Protocol Suite is its most popular implementation. However, HTTP’s emphasis on reliable communication means it can be used on any other protocol or network.
HTTP uses a message-based model where a client sends a request message and the server returns a response message. HTTP uses the TCP protocol as its transport mechanism.
Both HTTP request and response messages consist of one or more headers each on a separate line. A typical HTTP request is shown below.
GET /home/course1 HTTP/1.1
Accept: image/gif, image/jpeg,
application/xshockwaveflash , application/msword, */*
Referer: http://twitter.com/365security
Accept-Language: en-gb, en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0)
Host: www.365computersecuritytraining.com
Cookie: lang=en; JSESSIONID=0000123456789ABCD
The first line of every HTTP request consists of three items:
- The HTTP method: The most commonly used method is GET and POST. Though there are numerous methods these two are the most commonly used by attackers. The GET method request resources from the server.
- The requested URL: Resources to be accessed by HTTP are identified using Uniform Resource Locators (URLs). In this case the client wishes to go to /home/course1.
- The HTTP version used: The only versions in common use are 1.0 and 1.1.
Other interesting items in the HTTP request include:
- The Accept header, used to tell the server what types of files the browser will accept.
- The Referer header indicates the URL from which the request originated.
- The User-Agent header provides information about the browser or software that generated the request.
- The Host header specifies the hostname being accessed.
- The Cookie header submits additionally parameters that the server has issued the client.
In addition to the GET and POST methods, the HTTP protocols supports other methods that are useful to a potential attacker. These include:
- HEAD – functions similar to a GET request and can be used for check whether a resource is present.
- TRACE- can be used to detect the effect of any proxies between the client and server that may manipulate the request and can sometimes be used as part of attack against other website users.
- PUT – if enabled, attackers may be able to upload malicious programs that can be executed on the server.
Using tools readily available an attacker can manipulate the contents of an HTTP request or response in order to trick the server into performing unwanted actions or hijack the session of an authorized user’s cookies.
The HTTP response from the server is similar in structure to the HTTP request but includes additional instructions, like cookie parameters, and an actual message body that contains the requested files, such as HTML documents.
Sources:
- http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
- http://www.http.header.free.fr/http.html
- http://en.wikipedia.org/wiki/List_of_HTTP_headers
- Discovering and Exploiting Security Holes, Wiley Publishing
- Network Security Fundamentals, Cenage Learning, M. Ciampa
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=56f6a51e-28f1-4fa6-9fb7-5aa630004133)
One Response to “Getting To Know: How Hackers Use The HTTP Protocol To Hack Your Website”
Trackbacks/Pingbacks
- Tweets that mention Getting To Know: How Hackers Use The HTTP Protocol To Hack Your Website | Tech N Life -- Topsy.com - [...] This post was mentioned on Twitter by Konrad Walsh. Konrad Walsh said: Getting To Know: How Hackers Use The ...
Hacker programs do not deal with HTML Codes, it is more concentrated Server command which means that all hidden instructions would have to be non-detectable esp the protocol I/O to collect after the information has been placed into a secret location as it normally is not scattered about the servers storage, yet for CD/DVD storage techniques access to a empty CD/DVD would have to create a disc of the information collected which would be encrypted and more than likely only readable once so of it has been removed from the system readers & the backup encoders destroyed plus has to be overwritten before the hacker robot removes itself through a simple batch like file the CD/DVD cannot be accessed nor read. Every aspect of server communication such as to whom when occurring and how often would be a pre-study of the hacker also taking into consideration other servers and all the protocols being used. If everything went well as it can the hack is not detected, its not a HTML thing because your seeking information within databases which cannot be read without program support requiring perhaps a identical server to work with in discovery.
The best way to eliminate hacking is to segment stored info within a multitude of zip files which indexes to a database which defines which zips and segments must be arranged in order to decrypt the extracted files in precise order by the server before the information can be sent to office workers workstations. Once that is accomplished it becomes a tedious task to unleash into a server which is monitoring its performance and CPU usage setting off alarms if a intrusion is detected of some unrecognized usage which is also monitored as each user has tasks to perform and have clearance for only completion of those tasks. New zip files are compiled just as the original files into zip archives and stored selective segment locations given into the same database file.
Good luck programmers.