Web Hacking Fundamentals Flashcards

1
Q

What process (request) is made first after entering URL?

A
  • a DNS request

- URL –> IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What request is used to get web page? (HTML)

A
  • HTTP GET request
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Are CSS, JS and image files within first HTTP GET request?

A
  • no

- those will be retrieved in separate GET requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What and why is encryption use in HTTP?

A
  • TLS (1.3)
  • encryption is used to not:
    • Other parties being able to read the data
    • Other parties being able to modify the data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is POST request for?

A
  • send data to the web server

- adding a comment or login

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What part of request contain cookies?

A
  • header
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is in body part of the request (GET and POST)?

A
  • GET - body is usually ignored by the server

- POST - content that is sent to the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does contain the actual web content?

A
  • the response for GET request contains a web content
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are cookies and what are they send within?

A
  • small bits of data stored in browser
  • common usage - session management, advertising (tracking cookies)
  • they are send with every HTTP request made to a server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why are cookies used?

A
  • HTTP is stateless

- cookies - shopping cart, who I am, what I have done, …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are parts of cookie?

A
  • name - identifies a cookie
  • value - where the data is stored
  • expiry date - browser get rid automatically
  • path - determines what request the cookie will be sent with
  • cookies are normally only sent with requests to the site that set them (Weird things happen with advertising/tracking).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How are the cookies set?

A
  • server is normally what sets cookies, and these come in the response headers (“Set-Cookie”)
  • alternatively, these can be set from JavaScript inside your browser.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a session token?

A
  • When you log in to a web application, normally you are given a Session Token.
  • this allows the web server to identify your requests from someone else’s
  • stealing someone else’s session token can often allow you to impersonate them.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly