Hey Everyone I am Vikram Salunke
and welcome to the Web Application Penetration Testing
and Secure Coding In the last video
we analyzed HTTP Request sent by the web browser to the web server
now in this video we will analyze
response coming back from web server to web browser
so, let's get started we are in our Kali machine once again
in the location bar type vulnerable.app
it is saying connecting that means our request is currently in the
Burp we will go the Burp
Request is going to vulnerable.app these are the request headers
which we saw in a last video we will click on Forward
and now request has reached to the web server and web server has sent
the response back this is a response back from the web server
and these are some new HTTP Response headers
and now let's analyze those now let's look at our connection once again
this is our Firefox web browser this is vulnerable.app web server
and we have configured burp proxy to listen to our connection
when we type vulnerable.app in the web browser
the request goes to Burp first after that when we click on Forward
the request will go to the web server and then web server will send response
and it will come to Burp proxy first
after that when we click on the Forward
that response will go to the Web Browser
in the last video we saw HTTP Request headers
now in this video we will see HTTP Response headers
coming back from web server to the web browser
let's look at Format of HTTP Message once again
first there are Headers after that there is blank line
and after that message body and this remains same for the
HTTP Request as well as for HTTP Response this is the HTTP Request header
which we saw in the last video and for that Request
web server sent the HTTP Response let's analyze the HTTP Response
first there is HTTP/1.1 200 OK
after that Date then Server
then Vary after that Content-Length
after that Connection: close and then Content-Type
and after that Actual Page Content
now let's analyze this HTTP Response
line by line first there is HTTP/1.1 200 OK
as we saw in the last video
the browser was communicating on HTTP/1.1 version
and same has been sent by the web server
after that there is 200 OK 200 is a Status Code
OK is that Status Code's meaning 200 OK status code means
the request has been successful
such as the Status codes
starts with 1xx are the information ones
the status codes which starts with 2xx
are success ones and in this case
we saw 200 OK the Status code
which starts with 3xx are Redirectional ones
and most common is 301 Moved Permanently
the status codes which starts with
4xx are known as Client Error and most common is
404 Not Found so, if the Resource is not available
to that web server then it sends Status Code
404 Not Found the Status Codes
which starts with 5xx are known as the
Server Error and most common is
500 Internal Server Error Now each of these Status codes
we will look in the detail in upcoming videos
next HTTP Response is Date
that means it is Date and Time of message created
next HTTP Response is Server the value for this
HTTP Response is Apache/2.4.29 (Debian)
that means it is web server banner different different
web server has different different banners in this case
the web server is Apache
that's why this Banner if there is some different
web server then banner will be different
next is as Accept-Encoding and as we saw
in the last video the Encoding information
was sent by the browser and this Response is generated
based on the Accept-Encoding next is Content-Length
this length is a message body length in bytes
next is a Connection: close that means we are closing this
connection and for the new request new
connection will be made next is a Content-Type
it is telling about the type of message body in this case
the type for message body is html at some cases it might be
some other format such as PDF etc.
now in this case these are the HTTP Response headers
after that there was a empty line and this is the actual message body of a
HTTP Response and this is actual content
which we see in a Web Browseer ok so, this is our
HTTP Response which we got from the server
HTTP/1.1 then Date
Server Content-Length
Connection etc. and there is
actual body of a message and when we click on Forward
this Response will go back to the Web Browser
click Forward and as we can see
the Response is back to the web browser That' what I had planned for this video
if you have any doubts, any questions then you can contact me on
following handles Thank you :)
Không có nhận xét nào:
Đăng nhận xét