17acef57b4
chore: add pre-commit hooks chore: add pre-commit hooks chore: add pre-commit hooks chore: add pre-commit hooks
28 lines
1.3 KiB
Plaintext
28 lines
1.3 KiB
Plaintext
= HTTP Basics
|
|
|
|
== Concept
|
|
|
|
This lesson presents the basics for understanding the transfer of data between the browser and the web application and how to trap a request/response with a HTTP proxy.
|
|
|
|
== Goals
|
|
|
|
The user should become familiar with the features of WebGoat by manipulating the above
|
|
buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code. You may also try using
|
|
link:https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project[OWASP Zed Attack Proxy] for the first time.
|
|
|
|
=== How HTTP works:
|
|
|
|
All HTTP transactions follow the same general format. Each client request and server response has three parts: the request or response line, a header section and the entity body.
|
|
|
|
The client initiates a transaction as follows:
|
|
|
|
* The client contacts the server and sends a document request. A GET request can have url parameters and those parameters will be available in the web access logs.
|
|
|
|
** GET /index.html?param=value HTTP/1.0
|
|
|
|
* Next, the client sends optional header information to inform the server of its configuration and the document formats it will accept.
|
|
|
|
** User-Agent: Mozilla/4.06 Accept: image/gif,image/jpeg, */*
|
|
|
|
* In a POST request, the user supplied data will follow the optional headers and is not part of the contained within the POST URL.
|