How does the Website work? | HTTP Request & HTTP Response | HTTP Header

Websites are coming with new features with time. So, If you want to be a bug hunter then you need to know about these web application technologies and how a website works. In today’s article, we will take a look at web application technologies and HTTP requests & HTTP responses.

HTTP Protocol | HyperText Transfer Protocol

The HTTP protocol is a core communication protocol used to access web applications. HTTP is a simple protocol used for text sharing on web pages in the past. But in today’s world, we can see a fully customized website with images, videos, and text.

HTTP used a message-based model in which the client ( Browser ) sends a request message and the server returns a response message. Each HTTP protocol uses a TCP protocol that helps to send and receive a response in an encrypted form such that 3rd party can’t access that data.

HTTP Requests | HTTP Requests Header

When anyone visits a website then an auto-request is sent to the server from the browser which is also known as HTTP Request. A request can contain two or more headers. Let’s know about HTTP Requests Practical using Burpsuite.

  1. Open your Burpsute and If you don’t know about burp suite then don’t worry take a look at the given screenshots.
  2. Visit bing.com
  3. Now you can see an HTTP Request Message in your burp suite.
GET  /blog HTTP/2
Host: www.bing.com
Cookie: MUID=31EFB157E49569F22276A376E5626826
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/xml
Content-Length: 7889
Origin: https://www.bing.com
Referer: https://www.bing.com/blog

Let’s know more about this HTTP Request message.

In the first line of the HTTP message, three items are given separated by space. Here GET is an HTTP method most commonly used to retrieve any information from the server. /blog is a path whose files we want to receive from the server. At Last, an HTTP version is given that shows the latest version of HTTP.

The host is another header used to specify the domain of the website. Here www.bing.com is the host that we have requested.

A Cookie Header is used to send a copy of the request to the server that helps the server to authenticate the client.

User-Agent Header specifies the browser/client you requested.

Origin Header specifies the URL of the domain client requested.

Referer Header specifies the path of files/directory you want to access.

There are also a lot of other headers given that you can read in detail on our website.

HTTP Response | HTTP Respose Header

Let’s talk about the HTTP response. When a request sends to the server then in response server sends an HTTP Response that you can see below. Here several Headers are given that we will understand one by one.

HTTP/1.1 200 OK
Content-Length: 153
Content-Type: application/json
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: MC1=GUID=117e312ddac14e6d91e99cb32ebae71c&HASH
Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
Access-Control-Allow-Methods: POST
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.bing.com
Access-Control-Expose-Headers: time-delta-millis
Date: Thu, 22 Sep 2022 08:56:54 GMT
Connection: close

In the first line, three parameters are given in which first is the version on HTTP, the second is ( 200 ) HTTP Status Code, and OK indicates that your request had been responded to correctly.

Content-Type Header indicates the type of any content. It can be Html, application, or JSON.

Server Header indicates the server information like version & service.

Set-Cookie Headeris used to store the cookies in your browser that will help the server to auth you when you request anything again.

There were some main HTTP Response Headers. If you want to know more about the HTTP Response header then check out our website now.

I hope you have understood how a website works. If you like this information share it with your friends and wish you a Hacking day.

Leave a Comment

Your email address will not be published.