Lesson Plan Title: Http Basics

 

Concept / Topic To Teach:

This lesson presents the basics for understanding the transfer of data between the browser and the web application.

Client Request: How HTTP works:

All HTTP transactions follow the same general format. Each client request and server response has three parts: the request or response line, a header section, and the entity body. The client initiates a transaction as follows:

The client contacts the server and sends a document request

        GET /index.html?param=value HTTP/1.0

Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.

        User-Agent: Mozilla/4.06 Accept: image/gif, image/jpeg, */*

After sending the request and headers, the client may send additional data. This data is mostly used by CGI programs using the POST method.

 

General Goal(s):

Enter your name in the input field below and press "go" to submit. The server will accept the request, reverse the input, and display it back to the user, illustrating the basics of handling an HTTP request.

The user should become familiar with the features of WebGoat by manipulating the above buttons to view hints and solution. We have to use WebScarab for the first time

 

Solution:

Add a Proxy on localhost in the settings of your browser. Then you can start WebScarab .We have to select "intercept request" in the tab "Intercept".

1 Intercept Request

 

Fill out your name and click the button Go! We get a new WebScarab window, where we can find the parameter person.