HTTP(S)

Hypertext Transfer Protocol

• Request & response mechanism
• • Structured way to perform communication
• Client & Server model
• Authentication optional
  • HTTP and HTTPS are not stateful, they are stateless
    • Client downloads content from the server and that's it. No established connection perdures.
  • For it to feel like a stateful connection we have Cookies
  • A session token is gonna be included in your future requests so that the server knows that is you
• Clear text
  • Messages will all be visible to eavesdropping
• Encryption Optional (HTTPS)
  • S referring to SSL

HTTP Methods

• GET

• POST

• PUT

• HEAD

• PATCH

• DELETE

• TRACE

• CONNECT

• OPTIONS

• Kind of like the verbs of HTTP from the client to the server

• There are some additional HTTP Methods

HTTP Client

• Browser
  • Firefox
  • Chrome
  • Safari
  • Edge
• Text Client
  • wget
    • Very useful tool in Linux to get content from a web in a text format
  • lynx
    • Text-based browser
  • curl (ftp, http, smtp, imap, tftp, scp, rtmp, sftp, smb, etc)
    • Gives us access to many different protocols, whatever type of document that we want to receive curl handles the protocol for us.

HTTP Server

• Common HTTP Server
  • Apache
  • Internet Information Server
  • NGINX
• Common HTTP Platforms
  • Linux
    • It's free!
  • FreeBSD
  • Windows

HTTPS

• Protection for HTTP using TLS/SSL
  • Provides us with the CIA triad
    • Confidentiality
      • The use of encryption
    • Integrity
      • Use of hashing operations
    • Authentication
      • Username and Password
      • Using digital certificates to authenticate
        • Handshake builds encryption key
      • Authenticating data means performing an integrity check