Skip to content

Michaael01/HTTP-Protocol-Analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

HTTP-Protocol-Analysis

Objectives

The main goal of this lab is to understand how HTTP (Hypertext Transfer Protocol) enables communication between a web client (like a browser) and a server. By analyzing HTTP packets with Wireshark, you can:

  • Examine HTTP request and response headers to see what information is sent and received.

  • Understand the mechanics of web communication.

  • Detect potential HTTP-based attacks or data leaks, helping improve web security.

In short, it’s about learning how web traffic works and spotting security issues using packet analysis.

Protocol Structure

HTTP Request Header: once a TCP handshake and TL SSL handshake is done, the bowser chrome or edge sends a request to for example google.com which is HTTP get message.

  • GET: Requests a resource from the server.

  • POST: Sends data to the server (e.g., forms, login info).

  • DELETE: Removes a resource on the server.

image

HTTP Status Code

If the server is readz to talk, we will a response code. A response code for example 200 which means it is perfect

image image

HTTP Request Headers

The HTTP request header is a part of the HTTP request sent by a client (like a browser) to a server. It contains metadata about the request and instructions for the server on how to handle it. Key points:

  • Request Method: Specifies the type of request, e.g., GET to retrieve a resource, POST to send data.

  • Host: Indicates the server’s domain name (e.g., google.com) that the client wants to communicate with.

  • User-Agent: Identifies the client software, such as the browser type and version (e.g., Chrome, Edge).

  • Other Headers: Can include cookies, accepted content types, language preferences, etc.

When you open your browser’s Developer Tools → Network tab → click on a request, you can see:

  • The request method (GET, POST, etc.)

  • The status code (like 200, which is part of the response, not the request)

  • All headers sent by the browser in that request.

image

After opening the Host machine web browser, I can see request headers as show below:

image

HTTP Traffics

All HTTP traffics in wireshark as at the time of the lab show below:

image

Default Port

tcp.port == 80 to show the default ports

image

Get Request

http.request.method == "GET"

image

View Requested Resources

http.request.uri

image

Show Cookies in HTTP Response

http.set_cookie

image

HTTP Traffic To/From Specific Host

ip.addr == 192.168.1.22

image

Conclusion

  • HTTP traffic is readable and easy to analyze in Wireshark.
  • Analyzing HTTP helps detect:
  • Sensitive data exposure in URLs or headers
  • Malware beaconing to C2 servers
  • Suspicious file downloads or unauthorized access.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published