Web Requests - HTTPS Flashcards
What is the main drawback of HTTP?
All data is transferred in clear-text, making it vulnerable to Man-in-the-middle (MiTM) attacks.
What protocol was created to counter the drawbacks of HTTP?
HTTPS (HTTP Secure)
How does HTTPS protect data during transmission?
All communications are transferred in an encrypted format.
What can be seen in an HTTP login request?
Login credentials in clear-text.
What does an intercepted HTTPS request look like?
Data is transferred as a single encrypted stream.
How can websites that enforce HTTPS be identified?
Through ‘https://’ in their URL and a lock icon in the address bar.
What is a potential risk even when using HTTPS?
The request may still reveal the visited URL if it contacted a clear-text DNS server.
What is recommended to ensure all traffic is properly encrypted?
Utilize encrypted DNS servers or a VPN service.
What happens if you type ‘http://’ instead of ‘https://’ to visit a secure website?
The browser attempts to resolve the domain and redirects to port 443 for HTTPS.
What response code is used to redirect from HTTP to HTTPS?
301 Moved Permanently
What is the first packet sent by the client in the HTTPS flow?
‘client hello’ packet
What does the server reply with after the ‘client hello’ packet?
‘server hello’
What is exchanged during the key exchange in HTTPS?
SSL certificates
What is a potential attack that can downgrade HTTPS to HTTP?
HTTP downgrade attack
How does cURL handle HTTPS communication?
It automatically performs a secure handshake and encrypts/decrypts data.
What happens when cURL encounters an invalid SSL certificate?
It does not proceed with the communication by default.
What flag can be used with cURL to skip the SSL certificate check?
-k
True or False: Modern web browsers will warn users against visiting websites with invalid SSL certificates.
True
