Talking Web


CIS 5510

In the vast expanse of the digital realm, HTTP (Hypertext Transfer Protocol) stands as the lingua franca, the common tongue through which web applications, servers, and clients converse. This module, Talking Web, delves deep into the intricate dance of crafting, decoding, and manipulating HTTP requests and responses.

Both novice web developers and cybersecurity aficionados will come to realize that to truly grasp the heartbeat of the web, one must not only understand but master the nuances of HTTP communication. Mastery, however, is more than just absorbing theory; it's about rolling up your sleeves and getting hands-on. By the end of this journey, you won't be solely reliant on your web browser to make HTTP requests on your behalf. You'll possess the skills to converse directly with web servers, thus opening a new world of versatility and power.

To aid you in this journey, this module arms you with formidable tools: curl, netcat, and python requests, setting the stage for dialogues with web servers, specifically on localhost at port 80.

As you venture into the detailed intricacies of:

As you sail through these challenges, you won't be navigating blind:

hacker@talking-web-level-1:~$ /challenge/run
 * Serving Flask app 'run'
 * Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
 * Running on http://127.0.0.1:80
Press CTRL+C to quit

This real-time feedback loop, made available through $ /challenge/run, serves as your personal compass, directing your gaze into the heartbeat of the web server's activities. While navigating, take note: the server's responses are not mere acknowledgments. They often whisper hints, nudging you towards the right path when you stumble.

Yet, as with any craft, your tools are only as effective as your knowledge of them. Should you ever find yourself at a crossroads, uncertain of how to harness these tools, remember that knowledge is just a click away:

To truly initiate this journey, why not start by reaching out to the server in its native tongue? Let's put theory into practice. Go on, and use curl to speak with localhost.


Lectures and Reading


Challenges

Send an HTTP request using curl

Send an HTTP request using nc

Send an HTTP request using python

Set the host header in an HTTP request using curl

Set the host header in an HTTP request using nc

Set the host header in an HTTP request using python

Set the path in an HTTP request using curl

Set the path in an HTTP request using nc

Set the path in an HTTP request using python

URL encode a path in an HTTP request using curl

URL encode a path in an HTTP request using nc

URL encode a path in an HTTP request using python

Specify an argument in an HTTP request using curl

Specify an argument in an HTTP request using nc

Specify an argument in an HTTP request using python

Specify multiple arguments in an HTTP request using curl

Specify multiple arguments in an HTTP request using nc

Specify multiple arguments in an HTTP request using python

Include form data in an HTTP request using curl

Include form data in an HTTP request using nc

Include form data in an HTTP request using python

Include form data with multiple fields in an HTTP request using curl

Include form data with multiple fields in an HTTP request using nc

Include form data with multiple fields in an HTTP request using python

Include json data in an HTTP request using curl

Include json data in an HTTP request using nc

Include json data in an HTTP request using python

Include complex json data in an HTTP request using curl

Include complex json data in an HTTP request using nc

Include complex json data in an HTTP request using python

Follow an HTTP redirect from HTTP response using curl

Follow an HTTP redirect from HTTP response using nc

Follow an HTTP redirect from HTTP response using python

If you think this level is too easy: that's intended! You are achieving the same behavior as the previous level, but now with python-requests, a very friendly user-agent.

Include a cookie from HTTP response using curl

Include a cookie from HTTP response using nc

Include a cookie from HTTP response using python

If you think this level is too easy: that's intended! You are achieving the same behavior as the previous level, but now with python-requests, a very friendly user-agent.

Make multiple requests in response to stateful HTTP responses using curl

Make multiple requests in response to stateful HTTP responses using nc

Make multiple requests in response to stateful HTTP responses using python

If you think this level is too easy: that's intended! You are achieving the same behavior as the previous level, but now with python-requests, a very friendly user-agent.