SlideShare a Scribd company logo

Juglouvain http revisited

Download as PPT, PDF
marctritschler
marctritschler

JUG Louvain - HTTP revisited

Internet
1 of 51
HTTP revisited & some Java networking Java User Group Louvain-La-Neuve @ EPHEC 20/11/2014 Marc Tritschler 24/10/2014 Copyrigth (c) Marc Tritschler 1
Program 1.Introduction 2.Internet Stack (reminder ?) 3.Java and the Internet stack 4.Coding time  PLEASE PLEASE INTERRUPT ME (IRQ-0 or any other ) 24/10/2014 Copyrigth (c) Marc Tritschler 2
1. Introduction Already heard of Gopher ? Internet = HTTP 24/10/2014 Copyrigth (c) Marc Tritschler 3
Internet = HTTP • Google • Facebook • Gmail • Yahoo HTTP • Youtube • Twitter • Amazon • … 24/10/2014 Copyrigth (c) Marc Tritschler 4
Almost EVERYTHING runs over HTTP • HTTP ~ 75 % of traffic (http://www.caida.org/publications/papers/1998/Inet98/Inet98.html MUST READ) – WebServices (SOAP & REST) – HTML – AJAX – Email (webmail) • Exceptions • Email (smtp/imap/pop3) • DNS • FTP • WebSocket which 'upgrades' from HTPP (previous JUG) 24/10/2014 Copyrigth (c) Marc Tritschler 5
HTML, JS, GIF, MP4 … over HTTP 24/10/2014 Copyrigth (c) Marc Tritschler 6
2. The Internet Stack Forget about the 7 layers OSI model 24/10/2014 Copyrigth (c) Marc Tritschler 7
The Internet Stack (4 layers) My App HTTP TCP/IP familly Physical Layer SSL 80 443 In the JRE. Java Part of OS. C/C++ Number of Job & Products Opportunities Electronics Assembly 24/10/2014 Copyrigth (c) Marc Tritschler 8
Where's HTML in this Stack ??? DO NOT MIX DATA, API and PROTOCOL •Data (= contents = payload = BYTES) – Binary vs Text – HTML, CSS, XML, JavaScript, JPEG, MP4, … – Text Data  Encodings (UTF-8) •API  vertical links (no bytes on the wire) •Protocol horizontal links •AJAX = JavaScript performing HTTP requests 24/10/2014 Copyrigth (c) Marc Tritschler 9
TCP ports http://fr.wikipedia.org/wiki/Liste_de_ports_logiciels Well Known (0 – 1024) 20, 21 FTP 22 SSH 23 Telnet 25, 110 SMTP/POP3 80 HTTP 53 DNS 137 … 139 NETBIOS 389 LDAP 443 HTTPS Others (1025-65535) 1521 Oracle DB 8080 http proxies, Tomcat 24/10/2014 Copyrigth (c) Marc Tritschler 10
HTTP versions • HTTP 1.0 @DEPRECATED – each request/response  new TCP connection (= exchange of 3 TCP packets (SYN, SYN/ACK, ACK)) • HTTP 1.1 CURRENT – Keep TCP session • HTTP 2.0 FUTURE (around DEC 2014) – Negotiation (1.1, 2.0, other protocols) – Close to 1.1 (methods, status codes, …) – Server Push – Fix HOL problem – Loads page elements in parallel over single TCP connection http://en.wikipedia.org/wiki/HTTP/2 for more info 24/10/2014 Copyrigth (c) Marc Tritschler 11
HTTP Refresher  • RFC/IETF Standards (read this only if …) • Simple request/response • Header + [Body] • Stateless • Bytes and Chars (use UTF-8 encoding) • Synchronous HALF-DUPLEX (request ALWAYS initiated by the client remeber the problems for interactive games • Can be verbose (http headers) (~600 bytes for simple Hello World) 24/10/2014 Copyrigth (c) Marc Tritschler 12
HTTP Overview REQUEST (GET, POST, …) Client Server RESPONSE (CODE + [DATA]) 1xx : Informational - Request received, continuing process 2xx : Success - The action was successfully received, understood, and accepted 3xx : Redirection - Further action must be taken in order to complete the request 4xx : Client Error - The request contains bad syntax or cannot be fulfilled 5xx : Server Error - The server failed to fulfill an apparently valid request 24/10/2014 Copyrigth (c) Marc Tritschler 13
HTTP Request : methods http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html • Safe (GET/HEAD) & Idempotents methods • GET, HEAD • OPTIONS • POST, PUT • DELETE • TRACE • CONNECT FREEDOM  24/10/2014 Copyrigth (c) Marc Tritschler 14
HTTP Responses : Status Codes • 200 OK • 400 Bad Request • 401 Unauthorized (WWW-Authenticate header) • 403 Forbidden • 404 Not Found • 407 Proxy Authentication Required (Proxy-Authenticate header) • 500 Internal Server Error • Complete List http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1.1 24/10/2014 Copyrigth (c) Marc Tritschler 15
HTTP Headers http://en.wikipedia.org/wiki/List_of_HTTP_header_fields • A lot of "standards" and "non standards" defined … a little bit messy  • Firefox Dev console 24/10/2014 Copyrigth (c) Marc Tritschler 16
HTTP Request Example POST http://sghrsot.cc.cec.eu.int:1045/hermes/Proxy/1.17/DocumentWebServicePS HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "" User-Agent: Jakarta Commons-HttpClient/3.1 Host: host1.domain1.company :1045 Content-Length: 585 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="http://xx.xxxxxx.eu/sg/hrs/types"> <soapenv:Header/> <soapenv:Body> <typ:getDocument> <typ:header> <typ:userName>xyz</typ:userName> <typ:ticket>onetimeticket</typ:ticket> <typ:applicationId>myapp</typ:applicationId> </typ:header> <typ:documentId>080166e48102103b</typ:documentId> </typ:getDocument> </soapenv:Body> </soapenv:Envelope> 24/10/2014 Copyrigth (c) Marc Tritschler 17
HTTP Response Example HTTP/1.1 200 OK Date: Mon, 20 Oct 2014 16:12:22 GMT Content-Length: 9159 Content-Type: text/xml; charset=utf-8 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <S:Body> <typ:getDocumentResponse xmlns:typ="http://xx.xxxxxx.eu/sg/hrs/types"> <typ:document><typ:documentId>080166e48102103b</typ:documen tId> … (stripped) </typ:getDocumentResponse></S:Body></S:Envelope> 24/10/2014 Copyrigth (c) Marc Tritschler 18
Quizz Time Guess number of HTTP requests per web site … 24/10/2014 Copyrigth (c) Marc Tritschler 19
Example 1 : www.lesoir.be HOW Many HTTP requests ? 24/10/2014 Copyrigth (c) Marc Tritschler 20
Example 2: mon-programmetv.be HOW Many HTTP requests ? 24/10/2014 Copyrigth (c) Marc Tritschler 21
Example 3: www.google.be HOW Many HTTP requests ? 24/10/2014 Copyrigth (c) Marc Tritschler 22
Number of HTTP requests per single web site visited 1. 200 requests/responses for www.lesoir.be OMG !!! 2. It's full of advertisements (visible) and invisible personal tracking systems (cookies, javascript, re-directs, …) 3. js is evill Conclusion : YOU ARE NOT ANONYMOUS 24/10/2014 Copyrigth (c) Marc Tritschler 23
How your browser gets its proxy ? • Web Proxy Autodiscovery Protocol 24/10/2014 Copyrigth (c) Marc Tritschler 24
HTTP Advanced • Authentication • HTTP Proxies • HTTP Tunnelling • HTTP Pipelining • HTTPS 24/10/2014 Copyrigth (c) Marc Tritschler 25
HTTP Authentication (RFCs 2616, 2617, 7235) Basic The client sends the user name and password as unencrypted base64 encoded text. It should only be used with HTTPS, as the password can be easily captured and reused over HTTP. Digest The client sends a hashed form of the password to the server. Although, the password cannot be captured over HTTP, it may be possible to replay requests using the hashed password. NTLM (Windows) This uses a secure challenge/response mechanism that prevents password capture or replay attacks over HTTP. 24/10/2014 Copyrigth (c) Marc Tritschler 26
HTTP Authentication 401 – Access Denied GET /securefiles/ HTTP/1.1 HTTP/1.1 401 Access Denied WWW-Authenticate: Basic realm="My Server" Content-Length: 0 GET /securefiles/ HTTP/1.1 Host: www.httpwatch.com Authorization: Basic aHR0cHdhdGNoOmY= Client (browser) Server User types his/her password 24/10/2014 Copyrigth (c) Marc Tritschler 27
HTTP Authentication 407 – Proxy Authentication Required • Same as 401 excepted proxy MUST return a Proxy-Authenticate header • Browser asks user to type his/her password 24/10/2014 Copyrigth (c) Marc Tritschler 28
HTTP Proxy/Reverse Proxy • Proxy : local net  internet • Reverse Proxy: internet  local net Direct Connection HTTP Client Client HTTP Proxyied Connection HTTP Client Proxy Server 24/10/2014 Copyrigth (c) Marc Tritschler 29
HTTP Tunnelling HTTP TCP Client Proxy Server CONNECT Port forwarding 24/10/2014 Copyrigth (c) Marc Tritschler 30
HTTP Pipelining http://en.wikipedia.org/wiki/HTTP_pipelining 24/10/2014 Copyrigth (c) Marc Tritschler 31
HTTPS • HTTP over SSL • Secure Browsing ? – HeartBleed – SSL3.0 recently found weak – TLS 1.0 min – Root certificate 24/10/2014 Copyrigth (c) Marc Tritschler 32
3. Java & The Internet Stack ? 24/10/2014 Copyrigth (c) Marc Tritschler 33
Java and Internet • Java is (my favorite) language to work @ application layer, up to TCP/IP … (wait next slide ) • Java has no access to protocols below IP (needs call to native libs, not in the HTTP scope) • Don't underestimate the complexity of SSL interactions, even in Java !!! 24/10/2014 Copyrigth (c) Marc Tritschler 34
Java and the Internet Stack ONLY FOCUS My Application My App ON YOUR BUSINESS F Web D SMTP/POP3 T Socke N P t S Web Services 53 80/443 25, 110 JavaMail javax.mail Web Browser Socket API (java.net) or JSSE (javax.ssl) TCP/UDP HTTP IPv4 and IPv6 ICMP, ARP, DHCP, … Physical Layer Available in Java SE Open Source or future Implemented in the OS. Java has limited access via API Implemented in OS or hardware. No 'direct' access JRE Linux 24/10/2014 Copyrigth (c) Marc Tritschler 35
API vs Protocol • API  vertical links (no bytes on the wire) • Protocol horizontal links 24/10/2014 Copyrigth (c) Marc Tritschler 36
Socket API (java.net) • Most important (access • Server Sockets • Client sockets • Base for YOUR protocol ! • Base for HTTP, SMTP, … 24/10/2014 Copyrigth (c) Marc Tritschler 37
Socket API - Main Classes • Socket & ServerSocket https://docs.oracle.com/javase/7/docs/api/java/net/Socket.html (Java 7) https://docs.oracle.com/javase/8/docs/api/java/net/Socket.html (Java 8 :-)) • URL • URLConnection • HttpURLConnection • … • java.net package http://docs.oracle.com/javase/8/docs/api/java/net/package-summary.html • Stack properties http://docs.oracle.com/javase/8/docs/technotes/guides/net/properties.html 24/10/2014 Copyrigth (c) Marc Tritschler 38
SMTP/POP3 (java mail) https://javamail.java.net/nonav/docs/api/com/sun/ma il/smtp/package-summary.html 24/10/2014 Copyrigth (c) Marc Tritschler 39
SSL/TLS (java.net javax.ssl) • Socket API(java.net)  JSSE (javax.ssl) • Sockets – (Client) Socket  SSLSocket – ServerSocket  SSLServerSocket • HttpUrlConnection  HttpsUrlConnection 24/10/2014 Copyrigth (c) Marc Tritschler 40
Others • WebSocket – http://www.websocket.org/ • Java Specifics – RMI – JMX • Web Services – SOAP  JAX-WS – REST  JAX-RS 24/10/2014 Copyrigth (c) Marc Tritschler 41
Part 3: Code Time WARNING Several packages and many classes  challenge is to use the right classes 24/10/2014 Copyrigth (c) Marc Tritschler 42
Setup - Toolbox • Developer – Java JDK (of course) – Editor (Eclipse, NetBeans, …) • Client Side – Putty – Web Browser + DEV console ! (Chrome, IE, FireFox, …) – soapUI (Web Services) • Server Side – Apache HTTP server (min) – Apache Tomcat (recommended) – Full JEE (GlassFish, WildFly, …) • Cloud – Red Hat OpenShift – … https://github.com/tritschler/LLN_JUG/tree/master/2014_11_20 24/10/2014 Copyrigth (c) Marc Tritschler 43
Example 1 – Echo protocol (ClientSocket & ServerSocket) • No HTTP, directly over TCP https://docs.oracle.com/javase/tutorial/displayCode.html? code=https://docs.oracle.com/javase/tutorial/networking/sockets/examples/Echo Server.java DON'T DO THIS IN REAL LIFE 24/10/2014 Copyrigth (c) Marc Tritschler 44
Example 1 - Echo Echo (Client) JVM Socket API (java.net) TCP IPv4 Physical Layer Echo (Server) JVM Socket API (java.net) TCP IPv4 Physical Layer Hello logical flow Hello IP real data flow 24/10/2014 Copyrigth (c) Marc Tritschler 45
Example 2 – Basic Web Crawler (URL, HttpUrlConnection) •Example 1 : no proxy •Example 2 : proxy + basic http authentication DON'T DO THIS IN REAL LIFE 24/10/2014 Copyrigth (c) Marc Tritschler 46
Java HTTP Client App My Application … Socket API HTTP (JVM) TCP/UDP IP Physical Layer ANY HTTP Server (Apache, Nginex, Tomcat, Jboss, Microsoft IIS, …) implemented in any programming language (Java, PHP, C, …) ANY OS (Linux, Windows, Mac OS, …) 24/10/2014 Copyrigth (c) Marc Tritschler 47
Example 3 – Servlet No networking code on the Server Side • Servlet = java spec for writing the HTTP server side • No networking code ! (thanks to your AS) • Web.xml + class extends HttpServlet  1. Browser – Servlet 2. Browser – HttpTrace – Servlet 3. HttpUrlConnection (no proxy) – Servlet 4. HttpUrlConnection – HttpTrace – Servlet DON'T DO THIS IN REAL LIFE 24/10/2014 Copyrigth (c) Marc Tritschler 48
Java HTTP Client App – Java Servlet ANY HTTP Server + Servlet Container Apache Tomcat ANY OS (Linux, Windows, Mac OS, …) ANY HTTP Client (Web Browser, …) ANY OS (Linux, Windows, Mac OS, …) 24/10/2014 Copyrigth (c) Marc Tritschler 49
Example 4 – HTTP proxy • Start local Tomcat • Start HttpTrace • Start Browser and point to localhost • Launch httpclient 24/10/2014 Copyrigth (c) Marc Tritschler 50
Resources (on the web of course, over HTTP ) 24/10/2014 Copyrigth (c) Marc Tritschler 51

Recommended

Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...NoNameCon
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28Jxck Jxck
 
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveOWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveCheckmarx
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesBrent Shaffer
 
gofortution
gofortutiongofortution
gofortutiongofortution
 
15network Programming Clients
15network Programming Clients15network Programming Clients
15network Programming ClientsAdil Jafri
 
16network Programming Servers
16network Programming Servers16network Programming Servers
16network Programming ServersAdil Jafri
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 

Recommended

Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...NoNameCon
 
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28
SPDY & HTTP2.0 & QUIC - #bpstudy 2013-08-28Jxck Jxck
 
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveOWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveCheckmarx
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesBrent Shaffer
 
gofortution
gofortutiongofortution
gofortutiongofortution
 
15network Programming Clients
15network Programming Clients15network Programming Clients
15network Programming ClientsAdil Jafri
 
16network Programming Servers
16network Programming Servers16network Programming Servers
16network Programming ServersAdil Jafri
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 
Introduction to HTTP
Introduction to HTTPIntroduction to HTTP
Introduction to HTTPYihua Huang
 
DEF CON 27- ALBINOWAX - http desync attacks
DEF CON 27- ALBINOWAX - http desync attacksDEF CON 27- ALBINOWAX - http desync attacks
DEF CON 27- ALBINOWAX - http desync attacksFelipe Prado
 
Http request&response
Http request&responseHttp request&response
Http request&responseAswin Krishnamoorthy
 
HTTP
HTTPHTTP
HTTPDaniel Kummer
 
Hidden Gems in HTTP
Hidden Gems in HTTPHidden Gems in HTTP
Hidden Gems in HTTPBen Ramsey
 
HTTP 2.0 Why, How and When
HTTP 2.0 Why, How and WhenHTTP 2.0 Why, How and When
HTTP 2.0 Why, How and WhenCodemotion
 
Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1PacSecJP
 
Attacking http2 implementations (1)
Attacking http2 implementations (1)Attacking http2 implementations (1)
Attacking http2 implementations (1)John Villamil
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0Cory Forsyth
 
Under the Covers with the Web
Under the Covers with the WebUnder the Covers with the Web
Under the Covers with the WebTrevor Lohrbeer
 
Cracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFCracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFRiyaz Walikar
 
Iss letcure 7_8
Iss letcure 7_8Iss letcure 7_8
Iss letcure 7_8Ali Habeeb
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocolAviran Mordo
 
Uncloaking IP Addresses on IRC
Uncloaking IP Addresses on IRCUncloaking IP Addresses on IRC
Uncloaking IP Addresses on IRCDerek Callaway
 
Http
HttpHttp
HttpNITT, KAMK
 
rest3d Web3D 2014
rest3d Web3D 2014rest3d Web3D 2014
rest3d Web3D 2014Remi Arnaud
 
Computer network (10)
Computer network (10)Computer network (10)
Computer network (10)NYversity
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsBalazs Bucsay
 
Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Rich Bowen
 
RT Resume3
RT Resume3RT Resume3
RT Resume3Robert Toomb
 
Collaboration project group 42
Collaboration project group 42Collaboration project group 42
Collaboration project group 42LaJasmine
 
Paris eta Londreseko ereduak
Paris eta Londreseko ereduakParis eta Londreseko ereduak
Paris eta Londreseko ereduakZestoako Harrobia
 

More Related Content

What's hot

Introduction to HTTP
Introduction to HTTPIntroduction to HTTP
Introduction to HTTPYihua Huang
 
DEF CON 27- ALBINOWAX - http desync attacks
DEF CON 27- ALBINOWAX - http desync attacksDEF CON 27- ALBINOWAX - http desync attacks
DEF CON 27- ALBINOWAX - http desync attacksFelipe Prado
 
Hidden Gems in HTTP
Hidden Gems in HTTPHidden Gems in HTTP
Hidden Gems in HTTPBen Ramsey
 
HTTP 2.0 Why, How and When
HTTP 2.0 Why, How and WhenHTTP 2.0 Why, How and When
HTTP 2.0 Why, How and WhenCodemotion
 
Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1PacSecJP
 
Attacking http2 implementations (1)
Attacking http2 implementations (1)Attacking http2 implementations (1)
Attacking http2 implementations (1)John Villamil
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0Cory Forsyth
 
Under the Covers with the Web
Under the Covers with the WebUnder the Covers with the Web
Under the Covers with the WebTrevor Lohrbeer
 
Cracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFCracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFRiyaz Walikar
 
Iss letcure 7_8
Iss letcure 7_8Iss letcure 7_8
Iss letcure 7_8Ali Habeeb
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocolAviran Mordo
 
Uncloaking IP Addresses on IRC
Uncloaking IP Addresses on IRCUncloaking IP Addresses on IRC
Uncloaking IP Addresses on IRCDerek Callaway
 
rest3d Web3D 2014
rest3d Web3D 2014rest3d Web3D 2014
rest3d Web3D 2014Remi Arnaud
 
Computer network (10)
Computer network (10)Computer network (10)
Computer network (10)NYversity
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsBalazs Bucsay
 
Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Rich Bowen
 

What's hot (19)

Introduction to HTTP
Introduction to HTTPIntroduction to HTTP
Introduction to HTTP
 
DEF CON 27- ALBINOWAX - http desync attacks
DEF CON 27- ALBINOWAX - http desync attacksDEF CON 27- ALBINOWAX - http desync attacks
DEF CON 27- ALBINOWAX - http desync attacks
 
Http request&response
Http request&responseHttp request&response
Http request&response
 
HTTP
HTTPHTTP
HTTP
 
Hidden Gems in HTTP
Hidden Gems in HTTPHidden Gems in HTTP
Hidden Gems in HTTP
 
HTTP 2.0 Why, How and When
HTTP 2.0 Why, How and WhenHTTP 2.0 Why, How and When
HTTP 2.0 Why, How and When
 
Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1
 
Attacking http2 implementations (1)
Attacking http2 implementations (1)Attacking http2 implementations (1)
Attacking http2 implementations (1)
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
 
Under the Covers with the Web
Under the Covers with the WebUnder the Covers with the Web
Under the Covers with the Web
 
Cracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFCracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTF
 
Iss letcure 7_8
Iss letcure 7_8Iss letcure 7_8
Iss letcure 7_8
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocol
 
Uncloaking IP Addresses on IRC
Uncloaking IP Addresses on IRCUncloaking IP Addresses on IRC
Uncloaking IP Addresses on IRC
 
Http
HttpHttp
Http
 
rest3d Web3D 2014
rest3d Web3D 2014rest3d Web3D 2014
rest3d Web3D 2014
 
Computer network (10)
Computer network (10)Computer network (10)
Computer network (10)
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The Things
 
Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011
 

Viewers also liked

Collaboration project group 42
Collaboration project group 42Collaboration project group 42
Collaboration project group 42LaJasmine
 
Paris eta Londreseko ereduak
Paris eta Londreseko ereduakParis eta Londreseko ereduak
Paris eta Londreseko ereduakZestoako Harrobia
 
DERIAN CEDEÑO
DERIAN CEDEÑODERIAN CEDEÑO
DERIAN CEDEÑOsinsonp
 
Top Marketing + Social Media Trends for 2015 (Webinar Slides)
Top Marketing + Social Media Trends for 2015 (Webinar Slides)Top Marketing + Social Media Trends for 2015 (Webinar Slides)
Top Marketing + Social Media Trends for 2015 (Webinar Slides)Influence Central
 
Java user group 2015 02-09-java8
Java user group 2015 02-09-java8Java user group 2015 02-09-java8
Java user group 2015 02-09-java8marctritschler
 
Collaboration Presentation: Julius Caesar - THEA 1331 (Jon Egging)
Collaboration Presentation: Julius Caesar - THEA 1331 (Jon Egging)Collaboration Presentation: Julius Caesar - THEA 1331 (Jon Egging)
Collaboration Presentation: Julius Caesar - THEA 1331 (Jon Egging)thuriay
 
E-Commerce Reviews & Marketing: The Dramatic Reshaping of the Consumer Experi...
E-Commerce Reviews & Marketing: The Dramatic Reshaping of the Consumer Experi...E-Commerce Reviews & Marketing: The Dramatic Reshaping of the Consumer Experi...
E-Commerce Reviews & Marketing: The Dramatic Reshaping of the Consumer Experi...Influence Central
 

Viewers also liked (12)

RT Resume3
RT Resume3RT Resume3
RT Resume3
 
Collaboration project group 42
Collaboration project group 42Collaboration project group 42
Collaboration project group 42
 
Paris eta Londreseko ereduak
Paris eta Londreseko ereduakParis eta Londreseko ereduak
Paris eta Londreseko ereduak
 
DERIAN CEDEÑO
DERIAN CEDEÑODERIAN CEDEÑO
DERIAN CEDEÑO
 
Top Marketing + Social Media Trends for 2015 (Webinar Slides)
Top Marketing + Social Media Trends for 2015 (Webinar Slides)Top Marketing + Social Media Trends for 2015 (Webinar Slides)
Top Marketing + Social Media Trends for 2015 (Webinar Slides)
 
In-House Fabrication Pvt, Ltd Corporate brochure
In-House Fabrication Pvt, Ltd Corporate brochureIn-House Fabrication Pvt, Ltd Corporate brochure
In-House Fabrication Pvt, Ltd Corporate brochure
 
video
videovideo
video
 
RESUME
RESUMERESUME
RESUME
 
Java user group 2015 02-09-java8
Java user group 2015 02-09-java8Java user group 2015 02-09-java8
Java user group 2015 02-09-java8
 
Collaboration Presentation: Julius Caesar - THEA 1331 (Jon Egging)
Collaboration Presentation: Julius Caesar - THEA 1331 (Jon Egging)Collaboration Presentation: Julius Caesar - THEA 1331 (Jon Egging)
Collaboration Presentation: Julius Caesar - THEA 1331 (Jon Egging)
 
E-Commerce Reviews & Marketing: The Dramatic Reshaping of the Consumer Experi...
E-Commerce Reviews & Marketing: The Dramatic Reshaping of the Consumer Experi...E-Commerce Reviews & Marketing: The Dramatic Reshaping of the Consumer Experi...
E-Commerce Reviews & Marketing: The Dramatic Reshaping of the Consumer Experi...
 
سمینار اقدام و عمل
سمینار اقدام و عملسمینار اقدام و عمل
سمینار اقدام و عمل
 

Similar to Juglouvain http revisited

Juglouvain http revisited
Juglouvain http revisitedJuglouvain http revisited
Juglouvain http revisitedMarc Tritschler
 
HTTP 프로토콜의 이해와 활용
HTTP 프로토콜의 이해와 활용HTTP 프로토콜의 이해와 활용
HTTP 프로토콜의 이해와 활용SangJin Kang
 
Presentation (PowerPoint File)
Presentation (PowerPoint File)Presentation (PowerPoint File)
Presentation (PowerPoint File)webhostingguy
 
Presentation (PowerPoint File)
Presentation (PowerPoint File)Presentation (PowerPoint File)
Presentation (PowerPoint File)webhostingguy
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7Karel Zikmund
 
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIsHTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIsRoan Brasil Monteiro
 
Http request&response by Vignesh 15 MAR 2014
Http request&response by Vignesh 15 MAR 2014Http request&response by Vignesh 15 MAR 2014
Http request&response by Vignesh 15 MAR 2014Navaneethan Naveen
 
Cleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the Web
Cleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the WebCleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the Web
Cleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the WebSteffen Gebert
 
Web Architecture and Technologies
Web Architecture and TechnologiesWeb Architecture and Technologies
Web Architecture and TechnologiesFulvio Corno
 
Using Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 WorldUsing Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 WorldGil Fink
 
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software
 
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 eraHTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 erapeychevi
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICA new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICAPNIC
 
Apache web server installation/configuration, Virtual Hosting
Apache web server installation/configuration, Virtual HostingApache web server installation/configuration, Virtual Hosting
Apache web server installation/configuration, Virtual Hostingwebhostingguy
 
HTTP/2 Introduction
HTTP/2 IntroductionHTTP/2 Introduction
HTTP/2 IntroductionWalter Liu
 
Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...
Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...
Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...Ontico
 
Primer to Browser Netwroking
Primer to Browser NetwrokingPrimer to Browser Netwroking
Primer to Browser NetwrokingShuya Osaki
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 

Similar to Juglouvain http revisited (20)

Juglouvain http revisited
Juglouvain http revisitedJuglouvain http revisited
Juglouvain http revisited
 
HTTP 프로토콜의 이해와 활용
HTTP 프로토콜의 이해와 활용HTTP 프로토콜의 이해와 활용
HTTP 프로토콜의 이해와 활용
 
6 app-tcp
6 app-tcp6 app-tcp
6 app-tcp
 
Presentation (PowerPoint File)
Presentation (PowerPoint File)Presentation (PowerPoint File)
Presentation (PowerPoint File)
 
Presentation (PowerPoint File)
Presentation (PowerPoint File)Presentation (PowerPoint File)
Presentation (PowerPoint File)
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7
 
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIsHTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
 
Http request&response by Vignesh 15 MAR 2014
Http request&response by Vignesh 15 MAR 2014Http request&response by Vignesh 15 MAR 2014
Http request&response by Vignesh 15 MAR 2014
 
Cleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the Web
Cleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the WebCleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the Web
Cleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the Web
 
Web Architecture and Technologies
Web Architecture and TechnologiesWeb Architecture and Technologies
Web Architecture and Technologies
 
Using Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 WorldUsing Communication and Messaging API in the HTML5 World
Using Communication and Messaging API in the HTML5 World
 
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
 
Network basics
Network basicsNetwork basics
Network basics
 
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 eraHTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICA new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
 
Apache web server installation/configuration, Virtual Hosting
Apache web server installation/configuration, Virtual HostingApache web server installation/configuration, Virtual Hosting
Apache web server installation/configuration, Virtual Hosting
 
HTTP/2 Introduction
HTTP/2 IntroductionHTTP/2 Introduction
HTTP/2 Introduction
 
Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...
Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...
Проксирование HTTP-запросов web-акселератором / Александр Крижановский (Tempe...
 
Primer to Browser Netwroking
Primer to Browser NetwrokingPrimer to Browser Netwroking
Primer to Browser Netwroking
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 

Recently uploaded

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...SUHANI PANDEY
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...nilamkumrai
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.soniya singh
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...SUHANI PANDEY
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceEscorts Call Girls
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 

Recently uploaded (20)

(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 

Juglouvain http revisited

  • 1. HTTP revisited & some Java networking Java User Group Louvain-La-Neuve @ EPHEC 20/11/2014 Marc Tritschler 24/10/2014 Copyrigth (c) Marc Tritschler 1
  • 2. Program 1.Introduction 2.Internet Stack (reminder ?) 3.Java and the Internet stack 4.Coding time  PLEASE PLEASE INTERRUPT ME (IRQ-0 or any other ) 24/10/2014 Copyrigth (c) Marc Tritschler 2
  • 3. 1. Introduction Already heard of Gopher ? Internet = HTTP 24/10/2014 Copyrigth (c) Marc Tritschler 3
  • 4. Internet = HTTP • Google • Facebook • Gmail • Yahoo HTTP • Youtube • Twitter • Amazon • … 24/10/2014 Copyrigth (c) Marc Tritschler 4
  • 5. Almost EVERYTHING runs over HTTP • HTTP ~ 75 % of traffic (http://www.caida.org/publications/papers/1998/Inet98/Inet98.html MUST READ) – WebServices (SOAP & REST) – HTML – AJAX – Email (webmail) • Exceptions • Email (smtp/imap/pop3) • DNS • FTP • WebSocket which 'upgrades' from HTPP (previous JUG) 24/10/2014 Copyrigth (c) Marc Tritschler 5
  • 6. HTML, JS, GIF, MP4 … over HTTP 24/10/2014 Copyrigth (c) Marc Tritschler 6
  • 7. 2. The Internet Stack Forget about the 7 layers OSI model 24/10/2014 Copyrigth (c) Marc Tritschler 7
  • 8. The Internet Stack (4 layers) My App HTTP TCP/IP familly Physical Layer SSL 80 443 In the JRE. Java Part of OS. C/C++ Number of Job & Products Opportunities Electronics Assembly 24/10/2014 Copyrigth (c) Marc Tritschler 8
  • 9. Where's HTML in this Stack ??? DO NOT MIX DATA, API and PROTOCOL •Data (= contents = payload = BYTES) – Binary vs Text – HTML, CSS, XML, JavaScript, JPEG, MP4, … – Text Data  Encodings (UTF-8) •API  vertical links (no bytes on the wire) •Protocol horizontal links •AJAX = JavaScript performing HTTP requests 24/10/2014 Copyrigth (c) Marc Tritschler 9
  • 10. TCP ports http://fr.wikipedia.org/wiki/Liste_de_ports_logiciels Well Known (0 – 1024) 20, 21 FTP 22 SSH 23 Telnet 25, 110 SMTP/POP3 80 HTTP 53 DNS 137 … 139 NETBIOS 389 LDAP 443 HTTPS Others (1025-65535) 1521 Oracle DB 8080 http proxies, Tomcat 24/10/2014 Copyrigth (c) Marc Tritschler 10
  • 11. HTTP versions • HTTP 1.0 @DEPRECATED – each request/response  new TCP connection (= exchange of 3 TCP packets (SYN, SYN/ACK, ACK)) • HTTP 1.1 CURRENT – Keep TCP session • HTTP 2.0 FUTURE (around DEC 2014) – Negotiation (1.1, 2.0, other protocols) – Close to 1.1 (methods, status codes, …) – Server Push – Fix HOL problem – Loads page elements in parallel over single TCP connection http://en.wikipedia.org/wiki/HTTP/2 for more info 24/10/2014 Copyrigth (c) Marc Tritschler 11
  • 12. HTTP Refresher  • RFC/IETF Standards (read this only if …) • Simple request/response • Header + [Body] • Stateless • Bytes and Chars (use UTF-8 encoding) • Synchronous HALF-DUPLEX (request ALWAYS initiated by the client remeber the problems for interactive games • Can be verbose (http headers) (~600 bytes for simple Hello World) 24/10/2014 Copyrigth (c) Marc Tritschler 12
  • 13. HTTP Overview REQUEST (GET, POST, …) Client Server RESPONSE (CODE + [DATA]) 1xx : Informational - Request received, continuing process 2xx : Success - The action was successfully received, understood, and accepted 3xx : Redirection - Further action must be taken in order to complete the request 4xx : Client Error - The request contains bad syntax or cannot be fulfilled 5xx : Server Error - The server failed to fulfill an apparently valid request 24/10/2014 Copyrigth (c) Marc Tritschler 13
  • 14. HTTP Request : methods http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html • Safe (GET/HEAD) & Idempotents methods • GET, HEAD • OPTIONS • POST, PUT • DELETE • TRACE • CONNECT FREEDOM  24/10/2014 Copyrigth (c) Marc Tritschler 14
  • 15. HTTP Responses : Status Codes • 200 OK • 400 Bad Request • 401 Unauthorized (WWW-Authenticate header) • 403 Forbidden • 404 Not Found • 407 Proxy Authentication Required (Proxy-Authenticate header) • 500 Internal Server Error • Complete List http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1.1 24/10/2014 Copyrigth (c) Marc Tritschler 15
  • 16. HTTP Headers http://en.wikipedia.org/wiki/List_of_HTTP_header_fields • A lot of "standards" and "non standards" defined … a little bit messy  • Firefox Dev console 24/10/2014 Copyrigth (c) Marc Tritschler 16
  • 17. HTTP Request Example POST http://sghrsot.cc.cec.eu.int:1045/hermes/Proxy/1.17/DocumentWebServicePS HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "" User-Agent: Jakarta Commons-HttpClient/3.1 Host: host1.domain1.company :1045 Content-Length: 585 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="http://xx.xxxxxx.eu/sg/hrs/types"> <soapenv:Header/> <soapenv:Body> <typ:getDocument> <typ:header> <typ:userName>xyz</typ:userName> <typ:ticket>onetimeticket</typ:ticket> <typ:applicationId>myapp</typ:applicationId> </typ:header> <typ:documentId>080166e48102103b</typ:documentId> </typ:getDocument> </soapenv:Body> </soapenv:Envelope> 24/10/2014 Copyrigth (c) Marc Tritschler 17
  • 18. HTTP Response Example HTTP/1.1 200 OK Date: Mon, 20 Oct 2014 16:12:22 GMT Content-Length: 9159 Content-Type: text/xml; charset=utf-8 <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <S:Body> <typ:getDocumentResponse xmlns:typ="http://xx.xxxxxx.eu/sg/hrs/types"> <typ:document><typ:documentId>080166e48102103b</typ:documen tId> … (stripped) </typ:getDocumentResponse></S:Body></S:Envelope> 24/10/2014 Copyrigth (c) Marc Tritschler 18
  • 19. Quizz Time Guess number of HTTP requests per web site … 24/10/2014 Copyrigth (c) Marc Tritschler 19
  • 20. Example 1 : www.lesoir.be HOW Many HTTP requests ? 24/10/2014 Copyrigth (c) Marc Tritschler 20
  • 21. Example 2: mon-programmetv.be HOW Many HTTP requests ? 24/10/2014 Copyrigth (c) Marc Tritschler 21
  • 22. Example 3: www.google.be HOW Many HTTP requests ? 24/10/2014 Copyrigth (c) Marc Tritschler 22
  • 23. Number of HTTP requests per single web site visited 1. 200 requests/responses for www.lesoir.be OMG !!! 2. It's full of advertisements (visible) and invisible personal tracking systems (cookies, javascript, re-directs, …) 3. js is evill Conclusion : YOU ARE NOT ANONYMOUS 24/10/2014 Copyrigth (c) Marc Tritschler 23
  • 24. How your browser gets its proxy ? • Web Proxy Autodiscovery Protocol 24/10/2014 Copyrigth (c) Marc Tritschler 24
  • 25. HTTP Advanced • Authentication • HTTP Proxies • HTTP Tunnelling • HTTP Pipelining • HTTPS 24/10/2014 Copyrigth (c) Marc Tritschler 25
  • 26. HTTP Authentication (RFCs 2616, 2617, 7235) Basic The client sends the user name and password as unencrypted base64 encoded text. It should only be used with HTTPS, as the password can be easily captured and reused over HTTP. Digest The client sends a hashed form of the password to the server. Although, the password cannot be captured over HTTP, it may be possible to replay requests using the hashed password. NTLM (Windows) This uses a secure challenge/response mechanism that prevents password capture or replay attacks over HTTP. 24/10/2014 Copyrigth (c) Marc Tritschler 26
  • 27. HTTP Authentication 401 – Access Denied GET /securefiles/ HTTP/1.1 HTTP/1.1 401 Access Denied WWW-Authenticate: Basic realm="My Server" Content-Length: 0 GET /securefiles/ HTTP/1.1 Host: www.httpwatch.com Authorization: Basic aHR0cHdhdGNoOmY= Client (browser) Server User types his/her password 24/10/2014 Copyrigth (c) Marc Tritschler 27
  • 28. HTTP Authentication 407 – Proxy Authentication Required • Same as 401 excepted proxy MUST return a Proxy-Authenticate header • Browser asks user to type his/her password 24/10/2014 Copyrigth (c) Marc Tritschler 28
  • 29. HTTP Proxy/Reverse Proxy • Proxy : local net  internet • Reverse Proxy: internet  local net Direct Connection HTTP Client Client HTTP Proxyied Connection HTTP Client Proxy Server 24/10/2014 Copyrigth (c) Marc Tritschler 29
  • 30. HTTP Tunnelling HTTP TCP Client Proxy Server CONNECT Port forwarding 24/10/2014 Copyrigth (c) Marc Tritschler 30
  • 31. HTTP Pipelining http://en.wikipedia.org/wiki/HTTP_pipelining 24/10/2014 Copyrigth (c) Marc Tritschler 31
  • 32. HTTPS • HTTP over SSL • Secure Browsing ? – HeartBleed – SSL3.0 recently found weak – TLS 1.0 min – Root certificate 24/10/2014 Copyrigth (c) Marc Tritschler 32
  • 33. 3. Java & The Internet Stack ? 24/10/2014 Copyrigth (c) Marc Tritschler 33
  • 34. Java and Internet • Java is (my favorite) language to work @ application layer, up to TCP/IP … (wait next slide ) • Java has no access to protocols below IP (needs call to native libs, not in the HTTP scope) • Don't underestimate the complexity of SSL interactions, even in Java !!! 24/10/2014 Copyrigth (c) Marc Tritschler 34
  • 35. Java and the Internet Stack ONLY FOCUS My Application My App ON YOUR BUSINESS F Web D SMTP/POP3 T Socke N P t S Web Services 53 80/443 25, 110 JavaMail javax.mail Web Browser Socket API (java.net) or JSSE (javax.ssl) TCP/UDP HTTP IPv4 and IPv6 ICMP, ARP, DHCP, … Physical Layer Available in Java SE Open Source or future Implemented in the OS. Java has limited access via API Implemented in OS or hardware. No 'direct' access JRE Linux 24/10/2014 Copyrigth (c) Marc Tritschler 35
  • 36. API vs Protocol • API  vertical links (no bytes on the wire) • Protocol horizontal links 24/10/2014 Copyrigth (c) Marc Tritschler 36
  • 37. Socket API (java.net) • Most important (access • Server Sockets • Client sockets • Base for YOUR protocol ! • Base for HTTP, SMTP, … 24/10/2014 Copyrigth (c) Marc Tritschler 37
  • 38. Socket API - Main Classes • Socket & ServerSocket https://docs.oracle.com/javase/7/docs/api/java/net/Socket.html (Java 7) https://docs.oracle.com/javase/8/docs/api/java/net/Socket.html (Java 8 :-)) • URL • URLConnection • HttpURLConnection • … • java.net package http://docs.oracle.com/javase/8/docs/api/java/net/package-summary.html • Stack properties http://docs.oracle.com/javase/8/docs/technotes/guides/net/properties.html 24/10/2014 Copyrigth (c) Marc Tritschler 38
  • 39. SMTP/POP3 (java mail) https://javamail.java.net/nonav/docs/api/com/sun/ma il/smtp/package-summary.html 24/10/2014 Copyrigth (c) Marc Tritschler 39
  • 40. SSL/TLS (java.net javax.ssl) • Socket API(java.net)  JSSE (javax.ssl) • Sockets – (Client) Socket  SSLSocket – ServerSocket  SSLServerSocket • HttpUrlConnection  HttpsUrlConnection 24/10/2014 Copyrigth (c) Marc Tritschler 40
  • 41. Others • WebSocket – http://www.websocket.org/ • Java Specifics – RMI – JMX • Web Services – SOAP  JAX-WS – REST  JAX-RS 24/10/2014 Copyrigth (c) Marc Tritschler 41
  • 42. Part 3: Code Time WARNING Several packages and many classes  challenge is to use the right classes 24/10/2014 Copyrigth (c) Marc Tritschler 42
  • 43. Setup - Toolbox • Developer – Java JDK (of course) – Editor (Eclipse, NetBeans, …) • Client Side – Putty – Web Browser + DEV console ! (Chrome, IE, FireFox, …) – soapUI (Web Services) • Server Side – Apache HTTP server (min) – Apache Tomcat (recommended) – Full JEE (GlassFish, WildFly, …) • Cloud – Red Hat OpenShift – … https://github.com/tritschler/LLN_JUG/tree/master/2014_11_20 24/10/2014 Copyrigth (c) Marc Tritschler 43
  • 44. Example 1 – Echo protocol (ClientSocket & ServerSocket) • No HTTP, directly over TCP https://docs.oracle.com/javase/tutorial/displayCode.html? code=https://docs.oracle.com/javase/tutorial/networking/sockets/examples/Echo Server.java DON'T DO THIS IN REAL LIFE 24/10/2014 Copyrigth (c) Marc Tritschler 44
  • 45. Example 1 - Echo Echo (Client) JVM Socket API (java.net) TCP IPv4 Physical Layer Echo (Server) JVM Socket API (java.net) TCP IPv4 Physical Layer Hello logical flow Hello IP real data flow 24/10/2014 Copyrigth (c) Marc Tritschler 45
  • 46. Example 2 – Basic Web Crawler (URL, HttpUrlConnection) •Example 1 : no proxy •Example 2 : proxy + basic http authentication DON'T DO THIS IN REAL LIFE 24/10/2014 Copyrigth (c) Marc Tritschler 46
  • 47. Java HTTP Client App My Application … Socket API HTTP (JVM) TCP/UDP IP Physical Layer ANY HTTP Server (Apache, Nginex, Tomcat, Jboss, Microsoft IIS, …) implemented in any programming language (Java, PHP, C, …) ANY OS (Linux, Windows, Mac OS, …) 24/10/2014 Copyrigth (c) Marc Tritschler 47
  • 48. Example 3 – Servlet No networking code on the Server Side • Servlet = java spec for writing the HTTP server side • No networking code ! (thanks to your AS) • Web.xml + class extends HttpServlet  1. Browser – Servlet 2. Browser – HttpTrace – Servlet 3. HttpUrlConnection (no proxy) – Servlet 4. HttpUrlConnection – HttpTrace – Servlet DON'T DO THIS IN REAL LIFE 24/10/2014 Copyrigth (c) Marc Tritschler 48
  • 49. Java HTTP Client App – Java Servlet ANY HTTP Server + Servlet Container Apache Tomcat ANY OS (Linux, Windows, Mac OS, …) ANY HTTP Client (Web Browser, …) ANY OS (Linux, Windows, Mac OS, …) 24/10/2014 Copyrigth (c) Marc Tritschler 49
  • 50. Example 4 – HTTP proxy • Start local Tomcat • Start HttpTrace • Start Browser and point to localhost • Launch httpclient 24/10/2014 Copyrigth (c) Marc Tritschler 50
  • 51. Resources (on the web of course, over HTTP ) 24/10/2014 Copyrigth (c) Marc Tritschler 51

Editor's Notes

  1. http://www.tutorialspoint.com/http/http_quick_guide.htm
  2. DNS also implemented in the OS http://www.xbill.org/dnsjava/
  3. http://www.tutorialspoint.com/servlets/servlets-first-example.htm