Router Day05 ：HTTP

HTTP

Web server is vulnerable in router. And for communicating with the web server, HTTP protocol is essential.

For HTTP request ,I guess the writer used the IBM Doc.(https://www.ibm.com/docs/en/cics-ts/5.3?topic=protocol-http-requests)

A correctly composed HTTP request contains the following elements:
1.A request line.
2.A series of HTTP headers, or header fields.
3.A message body, if needed.

HTTP request line

Request line begins with a method,separated by spaces ,followed by requested URI and version of protocol.

Method Request-URI HTTP-Version CRLF // template
GET /software/htp/cics/index.html HTTP/1.1 // instance

CRLF means ‘Carriage return and line feed ‘.And Method can be seen from the pic below.

GET: just simple coding, Using GET to submit form data introduces security risks. And it can’t submit large amouts of data.
POST: A replacement for GET. Used to submit form data to Web server.Especially large amounts of data.

HTTP message header

HTTP message is formed with C-S request and S-C response.HTTP message inclues request message and response message. We can structure this as fuzzing data. Request should be cared while responses do not.

Request message header allow clients send request as additional information and the information of client itself.
The format is like : Name +:+space+value
message header:
Accept :Tell what source c wants to acc.
Accept-ENcoding: Specify acceptable content encoding.
Cookie: Give server cookie check.
Accept-Language: Specify a language.
Authorizaiton: Prove the right of C to check some source. (S-C:401 C-S:Authrization)
Host: Specify the host and port number of the source provider. Usually taken from HTTP URL. Necessary when sending request.
User-Agent: Allow C give its OS,browser,and other attributes to S. It’s not necessary.

HTTP message body

Between header and body there is a blank line means the end of header
Body includes the submit from C of enquiry string message or etc.