🌐 Day 13: HTTP
HTTP (HyperText Transfer Protocol) is the language of the web. It is a "Request-Response" protocol. 🌐
1. What is HTTP?
- Real-Life Example: Think of a waiter in a restaurant. You (the Client) ask for a menu (the Request). The waiter (the Protocol) takes that request to the kitchen (the Server) and brings back your food (the Response).
Hacker Insight: HTTP is plain text. If you are on an unencrypted Wi-Fi, a hacker using a tool like Wireshark can read your HTTP requests exactly like reading a text message.
2. HTTP vs. HTTPS
| Feature | HTTP (Insecure) | HTTPS (Secure) |
|---|---|---|
| Encryption | None. Data is "in the clear." | Encrypted via TLS/SSL. |
| Port | 80 | 443 |
| Hacker's View | Easy to "sniff" passwords. | Must use advanced "Man-in-the-Middle" (MITM) attacks. |
3. Client vs. Server
- The Client: This is you. Your Browser (Chrome/Firefox), your mobile app, or even a Python script. The Client always starts the conversation.
- The Server: A powerful computer (running software like Apache or Nginx) that sits and waits for requests. It holds the "goods"—databases, files, and private user data.
4. Request vs. Response
This is the heartbeat of the web. Every single "click" triggers this cycle.
A. The Request (What you send)
GET /profile.php HTTP/1.1
Host: socialmedia.com
User-Agent: Mozilla/5.0
Cookie: session_id=abc123xyz- The Verb (GET): "Give me this file."
- The Path (/profile.php): Where the file is located.
- HTTP Version
- Headers: Extra info (like "I am using a phone" or "Here is my login cookie").
B. The Response (What you get back)
HTTP/1.1 200 OK
Content-Type: text/html
<html><body>Welcome, Usman!</body></html>- HTTP Version
- Status Code (200 OK): "I found it, here you go!"
- Status Message: OK in above example.
- Body: The actual HTML code the browser turns into a website.
5. The "Stateless" Concept (The Amnesia Problem)
HTTP is stateless. This means the server has a memory of exactly 0 seconds. It doesn't know that the person who just asked for profile.php is the same person who logged in 5 seconds ago.
- How we fix it: Cookies.
- Hacker Example: When you log in, the server gives you a "Session ID" cookie. It’s like a wristband at a concert. You show the wristband (cookie) with every request so the server knows it's still you.
- The Attack: If a hacker steals your cookie, they become you without ever needing your password.
6. What happens when you type a URL?
(Example: https://google.com)
- DNS Lookup: Your computer turns "google.com" into an IP address (e.g.,
142.250.190.46). Hacker trick: DNS Spoofing can send you to a fake IP. - The Handshake: Your computer establishes a TCP connection (the "Hello" phase).
- The Request: Your browser sends the HTTP GET request.
- Processing: The server checks its database.
- The Response: The server sends back the HTML/CSS/JS.
- Rendering: Your browser paints the pretty website on your screen.
🛠️ Practical 1: "The Developer's Eye"
Task: See the "text" behind the beauty.
- Open any website in Chrome.
- Right-click anywhere and click Inspect.
- Go to the Network tab.
- Refresh the page.
- Click on the first item in the list (usually the name of the website).
- Look at Headers. You are now seeing the raw Request and Response.