= HTTP Basics

== Concept

This lesson presents the basics for understanding the transfer of data between the browser and the web application and how to trap a request/response with a HTTP proxy.

== Goals

The user should become familiar with the features of WebGoat by manipulating the above
buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code. You may also try using
link:https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project[OWASP Zed Attack Proxy] for the first time.

=== How HTTP works:

All HTTP transactions follow the same general format. Each client request and server response has three parts: the request or response line, a header section and the entity body.

The client initiates a transaction as follows:

* The client contacts the server and sends a document request.  A GET request can have url parameters and those parameters will be available in the web access logs.

** GET /index.html?param=value HTTP/1.0

* Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.

** User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, */*

* In a POST request, the user supplied data will follow the optional headers and is not part of the contained within the POST URL.