Web Hacking Fundamentals Flashcards
1
Q
What process (request) is made first after entering URL?
A
- a DNS request
- URL –> IP
2
Q
What request is used to get web page? (HTML)
A
- HTTP GET request
3
Q
Are CSS, JS and image files within first HTTP GET request?
A
- no
- those will be retrieved in separate GET requests
4
Q
What and why is encryption use in HTTP?
A
- TLS (1.3)
- encryption is used to not:
- Other parties being able to read the data
- Other parties being able to modify the data
5
Q
What is POST request for?
A
- send data to the web server
- adding a comment or login
6
Q
What part of request contain cookies?
A
- header
7
Q
What is in body part of the request (GET and POST)?
A
- GET - body is usually ignored by the server
- POST - content that is sent to the server
8
Q
What does contain the actual web content?
A
- the response for GET request contains a web content
9
Q
What are cookies and what are they send within?
A
- small bits of data stored in browser
- common usage - session management, advertising (tracking cookies)
- they are send with every HTTP request made to a server
10
Q
Why are cookies used?
A
- HTTP is stateless
- cookies - shopping cart, who I am, what I have done, …
11
Q
What are parts of cookie?
A
- name - identifies a cookie
- value - where the data is stored
- expiry date - browser get rid automatically
- path - determines what request the cookie will be sent with
- cookies are normally only sent with requests to the site that set them (Weird things happen with advertising/tracking).
12
Q
How are the cookies set?
A
- server is normally what sets cookies, and these come in the response headers (“Set-Cookie”)
- alternatively, these can be set from JavaScript inside your browser.
13
Q
What is a session token?
A
- When you log in to a web application, normally you are given a Session Token.
- this allows the web server to identify your requests from someone else’s
- stealing someone else’s session token can often allow you to impersonate them.