SlideShare ist ein Scribd-Unternehmen logo

Http VS. Https

Raed Aldahdooh
Raed Aldahdooh
Technologie
1 von 42
 By: Eng. Raed T. Aldahdooh
 He try to solve a problem of integrating and exchanging information held on different computers in often widely scattered places.  It was in March 1989 that Tim first outlined the advantages of a hypertext-based, linked information system.  This method incorporated the use of hypertext, a system that links documents from different sources, named it Enquire.  by the end of 1990, Berners-Lee, along with Robert Cailliau, created the first Web browsers and servers and designed the first version of HTTP V0.9 (1991).
 Hyper Text Transfer Protocol  One of the application layer protocols that make up the Internet  HTTP over TCP/IP  Like SMTP, POP, IMAP, NNTP, FTP, etc.  The underlying language of the Web  Three versions have been used, two are in common use and have been specified:  RFC 1945 HTTP 1.0 (1996)  RFC 2616 HTTP 1.1 (1999)
HTTP sits atop the TCP/IP Protocol Stack Network Interfaces HTTP TCP IP Application Layer Transport Layer Network Layer Data Link Layer
 When the HTTP application has a message to send, it hands that message to a lower layer protocol (TCP).  TCP provides segments that ride inside the IP packets and add connection information based on source and destination ports.  TCP also provides mechanisms to make the connection reliable “handshake, sequence numbers, checksums, control flags”. The ports let TCP carry multiple protocols that connect services running on default ports: • HTTP on port 80 • HTTP with SSL (HTTPS) on port 443 • FTP on port 21 • SMTP on port 25 • POP on port 110 • SSH on port 22
 The IP process builds on TCP segment by adding more information, in effect adding another envelope. The result is an IP datagram.  Datagram reaches the protocol implementation controlling the system’s network technology, and leaves in the form of a packet or frame.
How an HTTP Message is delivered over TCP/IP connection: GET /index.html HTTP/1.1<CRLF> Host: www.hostname.com Con… HTTP Message’s data stream is chopped up into chunks small enough to fit in a TCP segment The segments are shipped to the right destination inside IP datagrams The chunks ride inside TCP segments used to reassemble them correctly on the other end of the connection
 URLs used early on by all Internet protocols, including various document retrieval protocols.  More specifications (both from 1994): ◦ URL : Uniform Resource Locators - RFC 1738. ◦ URI : Universal Resource Identifiers - RFC 1630. ◦ URL is just one type of a URI.  Hypertext came to predominate as the most efficient way of providing access to resources ◦ Fast, flexible, generic, extensible ◦ Facilitated searching, collaboration, annotation  HTTP now the central mechanism for requesting and serving URL based resources.
 URL (Uniform Resource Locators ) ◦ Provides single short string to identify network-accessible resource ◦ <scheme>://<host>[:<port>]/<path>[?<query>] ◦ http://www.w3.org/Icons/w3c_home.gif  URI (Uniform Resource Identifier) ◦ Identifies a resource either by location or name. ◦ The selection of the representation can be determined by the web server through HTTP content negotiation. ◦ A superset of URLs ◦ http://www.w3.org/Icons/w3c_home. ◦ http request line contains a non-URL URI
Identifies the application protocol needed to access the resource, in this case HTTP. Username : If the protocol supports the concept of user names, this provides a user name that has access to the resource; the example has a user name “guest.” Password: The password associated with the user name, “secret” in the example. host : The communication system that has the resource; for HTTP this is the Web server, www.ietf.org in the example. port : The TCP port that the application protocols should use to access the resource; many protocols have an implied TCP port (for HTTP that port is 80 path : The path through a hierarchical organization under which the resource is located, often a file system’s directory structure or equivalent. File: The resource itself. Query: Additional information about the resource or the client. Fragment: A particular location within a resource.
 URLs point to resources (“content”).  Resources are represented using different Internet Media Types (MIME Types) ◦ Multipurpose Internet Mail Extensions RFC2045,6  MIME Type tells how content should be handled ◦ File extensions are mapped to certain MIME Types  .html usually means a MIME Type of text/html  .jpg usually means a MIME Type of image/jpeg  The most common MIME Types used on the Web come from the text, image and application top-level groups  text/html, text/css  image/gif, image/jpeg, image/png  application/pdf, application/octet-stream  application/x-javascript, application/x-shockwave-flash
 The first versions of HTTP required clients to establish a separate TCP connection with each request.  HTTP 1.1 protocol eliminates the problem of multiple TCP connections with a feature known as persistence.
 Persistence allows another http feature that improves performance pipelining.  Pipelining, a client does not have to wait for a response to one request before issuing a new request on the connection.
 User agent (client) issues an HTTP request to a host (server) for a given resource using its URL  Server “resolves” the URL, acts on the resource  Server sends an HTTP response back to the client  Each request is discontinuous with all previous requests – HTTP is stateless HTTP Request HTTP Client Asks for resource by its URL: http://www.Site.com/test.html HTTP Server www.Site.com HTTP Response Resource /test
 HTTP requests and responses are both types of Internet Messages (RFC 822), and share a general format: – A Start Line, followed by a CRLF • Request Line for requests • Status Line for responses – Zero or more Message Headers • field-name “:” [field-value] CRLF – An empty line • Two CRLFs mark the end of the Headers – An optional Message Body if there is a payload • All or part of the “Entity Body” or “Entity”
GET / HTTP/1.1[CRLF] Host: www.iugaza.edu.ps[CRLF] Connection: close[CRLF] User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)[CRLF] Accept-Encoding: gzip[CRLF] Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF] Cache-Control: no-cache[CRLF] Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF] Referer: http://web-sniffer.net/[CRLF] [CRLF]
 GET ◦ By far most common method ◦ Retrieves a resource from the server ◦ Supports passing of query string arguments  HEAD ◦ Retrieves only the Headers associated with a resource but not the entity itself ◦ Highly useful for protocol analysis, diagnostics  POST ◦ Allows passing of data in entity rather than URL ◦ Can transmit of far larger arguments that GET ◦ Arguments not displayed on the URL
 OPTIONS ◦ Shows methods available for use on the resource (if given a path) or the host (if given a “*”)  TRACE ◦ Diagnostic method for assessing the impact of proxies along the request-response chain  PUT, DELETE ◦ Used in HTTP publishing (e.g., WebDav)  CONNECT ◦ A common extension method for Tunneling other protocols through HTTP Web-based Distributed Authoring and Versioning (WebDAV) is a set of methods based on the Hypertext Transfer Protocol (HTTP) that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers.
HTTP/1.1 302 Moved Temporarly [CRLF] Cache-Control: private[CRLF] Content-Type: text/html; charset=utf-8 [CRLF] Location: http://www.iugaza.edu.ps/ar [CRLF] Server: Microsoft-IIS/7.0 [CRLF] X-AspNet-Version: 2.0.50727 [CRLF] X-Powered-By: ASP.NET [CRLF] Date: Sat, 24 Dec 2011 19:00:27 GMT [CRLF] Connection: close [CRLF] Content-Length: 519 [CRLF] [CRLF] http://web-sniffer.net/
 Consists of three major parts:  The HTTP Version ◦ Just like third part of Request Line  Status Code ◦ 5 groups of 3 digit integers indicating the result of the attempt to satisfy the request: ◦ 1xx are informational ◦ 2xx are success codes ◦ 3xx are for alternate resource locations (redirects) ◦ 4xx indicate client side errors ◦ 5xx indicate server side errors  The Reason Phrase followed by the CRLF ◦ Short textual description of the status code
 Open a TCP connection to a host  Can borrow telnet protocol to do this, by pointing it at the default HTTP port (80)  C:>telnet www.google.com 80  Ask for a resource using a minimal request syntax:  GET / HTTP/1.1 <CRLF>  Host: www.google.ps <CRLF><CRLF>  A Host header is required for HTTP 1.1 connections, though not for HTTP 1.0
Headers come in four major types, some for requests, some for responses, some for both: – General Headers • Provide info about messages of both kinds – Request Headers • Provide request-specific info – Response Headers • Provide response-specific info – Entity Headers • Provide info about request and response entities – Extension headers are also possible
 Connection – lets clients and servers manage connection state ◦ Connection: Keep-Alive ◦ Connection: close  Date – when the message was created ◦ Date: Sat, 31-May-03 15:00:00 GMT  Via – shows proxies that handled message ◦ Via: 1.1 www.myproxy.com (Squid/1.4)  Cache-Control – Among the most complex of headers, enables caching directives ◦ Cache-Control: no-cache
 Host – The hostname (and optionally port) of server to which request is being sent  Referer – The URL of the resource from which the current request URI came ◦ Referer: http://www.host.com/login.asp  User-Agent – Name of the requesting application, used in browser sensing ◦ User-Agent: Mozilla/4.0 (Compatible; MSIE 6.0)  Accept and its variants – Inform servers of client’s capabilities and preferences ◦ Enables content negotiation ◦ Accept: image/gif, image/jpeg;q=0.5 ◦ Accept- variants for Language, Encoding, Charset  Cookie How clients pass cookies back to the servers that set them ◦ Cookie: id=23432;level=3
 Server – The server’s name and version ◦ Server: Microsoft-IIS/5.0 ◦ Can be problematic for security reasons  Set-Cookie – This is how a server sets a cookie on a client ◦ Set-Cookie: id=234; path=/shop; expires=Sat, 31-May-03 15:00:00 GMT; secure
 Allow – Lists the request methods that can be used on the entity ◦ Allow: GET, HEAD, POST  Location – Gives the alternate or new location of the entity ◦ Used with 3xx response codes (redirects) ◦ Location: http://www.iugaza.edu.ps/ar/  Content-Encoding – specifies encoding performed on the body of the response ◦ Used with HTTP compression ◦ Corresponds to Accept-Encoding request header ◦ Content-Encoding: gzip  Content-Length – The size of the entity body in bytes  Content-Location – The actual if different than its request URL  Content-Type – specifies Media (MIME) type of the entity body
HTTPS = HTTP + SSL
 (HTTPS) Hypertext Transfer Protocol over Secure Socket Layer (SSL).  First implementation of HTTP over SSL was issued in 1995 by Netscape.
Important information Data, Data, Data. Encryption Encryption Algorithm = cipher Hh2sh!~hH==E#@ns8676%===sdf Plain Text Cipher Text Some random String
Decryption Algorithm Important information Data, Data, Data. Hh2sh!~hH==E#@ns8676%===sdf Some random String Symmetric Key
ImportantinformationData,Data,Data. Hh2sh!~hH==E#@ns8676%===sdf ImportantinformationData,Data,Data. DecryptEncrypt Public Key Private Key
 Uses asymmetric encryption to privately share the session key ◦ Asymmetric has a lot of overhead  Uses symmetric encryption to encrypt data ◦ Symmetric encryption is quicker and uses less resource
Client requests HTTPS session Certificate sent back (with public key) Client creates session key (53) Session key encrypted with public key(X$qp0) At this point only client knows session key Session encrypted with symmetric session key (53) session key decrypted with private key At this point both client and server knows session key Encrypted session key sent to server
Server Port 443 Client Hello Highest SSL Version: 2.0 Cipher: SMAL-SHAL-DES Compression: gzip Random:”sdf31nbj2” Server Hello SSL Version: 2.0 Cipher: SHAL Compression: gzip SessionID: “dash342h” Random:”sdf31nbj2” Certificates Public key: 324fdg3 Issued TO: google.com Issued By: Thene SG Valid From: 26102011 Valid From: 1102013 Certificate verify Change Cipher SPEC Finished Digest: ef432kjkjh4kjh234h23h 42h4h32i@32=23=424 =324kjl32jlj23j23klj432 jj23432422 Change Cipher SPEC Finished Digest: ef432kjkjh4kjh234h2 3h42h4h32i@32=23 =424=324kjl32jlj23j 23klj432jj23432422 Symmetric Session Key: Wehkj$@hjgd=wef=we$ #D%^fjh3dgqgdgq
 There were away to get around the encryption instead o0f trying to break it  Ali wants to send secure messages to Ahmed.  Man intercepts Ali’s messages.  Man talks to Ali and pretends to be Ahmed.  Man talks to Ahmed and pretends to be Ali. Ali AhmedMan Ea Ec Ec Eb E{a,b,c} = Ali’s, Ahmed’s, and Man’s public keys, respectively
 Ali uses the public key she thinks she received from Ahmed (Man’s)  Ahmed uses the key he thinks is Ali’s (also Man’s)  As a result, Man not only gains access to secure information but also can modify it (e.g. transfer money to a different account etc.)
 Digital Certificates designed to solve the problem but do they always help ?  The MITM would have to create his own certificate with a private/public key.  He still sit between client and server, acting as server to the client and client to the server, listening in on everything sent between the two.
 To verify the authenticity and identity of the certificates themselves.  linked back to a trustworthy source of certificates.  Web browsers and operating systems will only trust certificates that directly or indirectly link back to one of a handful of CAs, the "root CAs.“  Any certificate that doesn't link back to a root CA such as a self-signed certificate will generate a big scary warning in the browser.  How to create a self-signed SSL Certificate ...  http://www.akadia.com/services/ssh_test_certificate.html
 HTTPS only slightly slower than HTTP. - Cost Of Security  HTTP Essentials Protocols for Secure, Scaleable Web Sites by Stephen Thomas .  HTTP The Definitive Guide.  View HTTP Request and Response Header < http://web- sniffer.net/ >
Thank You!

Empfohlen

HTTPS
HTTPSHTTPS
HTTPSmaroti164
 
HTTP & HTTPS
HTTP & HTTPSHTTP & HTTPS
HTTP & HTTPSNetProtocol Xpert
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https . simplyharshad
 
Https
HttpsHttps
HttpsPooya Sagharchiha
 
Http vs Https
Http vs HttpsHttp vs Https
Http vs Httpsshikherwalia
 
Http and its Applications
Http and its ApplicationsHttp and its Applications
Http and its ApplicationsNayan Dagliya
 
Https
HttpsHttps
HttpsBala Bhaskar Karakavalasa
 
HTTPS
HTTPSHTTPS
HTTPSR.K. University
 

Empfohlen

HTTPS
HTTPSHTTPS
HTTPSmaroti164
 
HTTP & HTTPS
HTTP & HTTPSHTTP & HTTPS
HTTP & HTTPSNetProtocol Xpert
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https . simplyharshad
 
Https
HttpsHttps
HttpsPooya Sagharchiha
 
Http vs Https
Http vs HttpsHttp vs Https
Http vs Httpsshikherwalia
 
Http and its Applications
Http and its ApplicationsHttp and its Applications
Http and its ApplicationsNayan Dagliya
 
Https
HttpsHttps
HttpsBala Bhaskar Karakavalasa
 
HTTPS
HTTPSHTTPS
HTTPSR.K. University
 
Http protocol
Http protocolHttp protocol
Http protocolArpita Naik
 
HTTP Presentation
HTTP Presentation HTTP Presentation
HTTP Presentation Lana Dujanovic
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basicssanjoysanyal
 
Https presentation
Https presentationHttps presentation
Https presentationpatel jatin
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer ProtocolShubham Srivastava
 
Http Protocol
Http ProtocolHttp Protocol
Http ProtocolN R Z Malik
 
HTTP Protocol Basic
HTTP Protocol BasicHTTP Protocol Basic
HTTP Protocol BasicChuong Mai
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocolAviran Mordo
 
Http-protocol
Http-protocolHttp-protocol
Http-protocolToushik Paul
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and responseSahil Agarwal
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 
HTTP
HTTPHTTP
HTTPvaibhavrai1993
 
Ssl https
Ssl httpsSsl https
Ssl httpsAndrada Boldis
 
Https
HttpsHttps
HttpsBilla Kota Sriram
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocolselvakumar_b1985
 
HTTP/2 Changes Everything
HTTP/2 Changes EverythingHTTP/2 Changes Everything
HTTP/2 Changes EverythingLori MacVittie
 
Basics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadBasics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadCefalo
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Shimona Agarwal
 
Http Introduction
Http IntroductionHttp Introduction
Http IntroductionAkshay Dhole
 
HTTP Definition and Basics.
HTTP Definition and Basics.HTTP Definition and Basics.
HTTP Definition and Basics.Halah Salih
 
Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP webhostingguy
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedPort80 Software
 

Weitere ähnliche Inhalte

Was ist angesagt?

Https presentation
Https presentationHttps presentation
Https presentationpatel jatin
 
HTTP Protocol Basic
HTTP Protocol BasicHTTP Protocol Basic
HTTP Protocol BasicChuong Mai
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocolAviran Mordo
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and responseSahil Agarwal
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference Real Estate
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocolselvakumar_b1985
 
HTTP/2 Changes Everything
HTTP/2 Changes EverythingHTTP/2 Changes Everything
HTTP/2 Changes EverythingLori MacVittie
 
Basics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadBasics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadCefalo
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Shimona Agarwal
 
HTTP Definition and Basics.
HTTP Definition and Basics.HTTP Definition and Basics.
HTTP Definition and Basics.Halah Salih
 

Was ist angesagt? (20)

Http protocol
Http protocolHttp protocol
Http protocol
 
HTTP Presentation
HTTP Presentation HTTP Presentation
HTTP Presentation
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
 
Https presentation
Https presentationHttps presentation
Https presentation
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
 
Http Protocol
Http ProtocolHttp Protocol
Http Protocol
 
HTTP Protocol Basic
HTTP Protocol BasicHTTP Protocol Basic
HTTP Protocol Basic
 
Introduction to HTTP protocol
Introduction to HTTP protocolIntroduction to HTTP protocol
Introduction to HTTP protocol
 
Http-protocol
Http-protocolHttp-protocol
Http-protocol
 
HTTP request and response
HTTP request and responseHTTP request and response
HTTP request and response
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
 
HTTP
HTTPHTTP
HTTP
 
Ssl https
Ssl httpsSsl https
Ssl https
 
Https
HttpsHttps
Https
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
 
HTTP/2 Changes Everything
HTTP/2 Changes EverythingHTTP/2 Changes Everything
HTTP/2 Changes Everything
 
Basics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadBasics of HTTP - Nafis Fuad
Basics of HTTP - Nafis Fuad
 
Hypertext transfer protocol (http)
Hypertext transfer protocol (http)Hypertext transfer protocol (http)
Hypertext transfer protocol (http)
 
Http Introduction
Http IntroductionHttp Introduction
Http Introduction
 
HTTP Definition and Basics.
HTTP Definition and Basics.HTTP Definition and Basics.
HTTP Definition and Basics.
 

Ähnlich wie Http VS. Https

Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP webhostingguy
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedPort80 Software
 
HTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
HTTPProtocol HTTPProtocol.pptHTTPProtocol.pptHTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
HTTPProtocol HTTPProtocol.pptHTTPProtocol.pptVietAnhNguyen337355
 
Web Services 2009
Web Services 2009Web Services 2009
Web Services 2009Cathie101
 
Web Services 2009
Web Services 2009Web Services 2009
Web Services 2009Cathie101
 
HTTPs Strict Transport Security
HTTPs Strict Transport Security HTTPs Strict Transport Security
HTTPs Strict Transport Security Gol D Roger
 
Hypertex transfer protocol
Hypertex transfer protocolHypertex transfer protocol
Hypertex transfer protocolwanangwa234
 
Internet Protocols
Internet ProtocolsInternet Protocols
Internet ProtocolsAnil Neupane
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcaRenu Thakur
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer ProtocolRajan Pandey
 

Ähnlich wie Http VS. Https (20)

Web Server Technologies I: HTTP
Web Server Technologies I: HTTP Web Server Technologies I: HTTP
Web Server Technologies I: HTTP
 
Web Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting StartedWeb Server Technologies I: HTTP & Getting Started
Web Server Technologies I: HTTP & Getting Started
 
An Introduction to HTTP
An Introduction to HTTPAn Introduction to HTTP
An Introduction to HTTP
 
HTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
HTTPProtocol HTTPProtocol.pptHTTPProtocol.pptHTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
HTTPProtocol HTTPProtocol.pptHTTPProtocol.ppt
 
The HTTP and Web
The HTTP and Web The HTTP and Web
The HTTP and Web
 
Web
WebWeb
Web
 
HTTP1.1/2 overview
HTTP1.1/2 overviewHTTP1.1/2 overview
HTTP1.1/2 overview
 
CN UNIT V.pptx
CN UNIT V.pptxCN UNIT V.pptx
CN UNIT V.pptx
 
Web Services 2009
Web Services 2009Web Services 2009
Web Services 2009
 
Web Services 2009
Web Services 2009Web Services 2009
Web Services 2009
 
HTTPs Strict Transport Security
HTTPs Strict Transport Security HTTPs Strict Transport Security
HTTPs Strict Transport Security
 
Http
HttpHttp
Http
 
Fit project
Fit projectFit project
Fit project
 
Hypertex transfer protocol
Hypertex transfer protocolHypertex transfer protocol
Hypertex transfer protocol
 
Internet Protocols
Internet ProtocolsInternet Protocols
Internet Protocols
 
Unit 6 : Application Layer
Unit 6 : Application LayerUnit 6 : Application Layer
Unit 6 : Application Layer
 
Network basics
Network basicsNetwork basics
Network basics
 
internet programming and java notes 5th sem mca
internet programming and java notes 5th sem mcainternet programming and java notes 5th sem mca
internet programming and java notes 5th sem mca
 
Http
HttpHttp
Http
 
Hypertext Transfer Protocol
Hypertext Transfer ProtocolHypertext Transfer Protocol
Hypertext Transfer Protocol
 

Kürzlich hochgeladen

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Kürzlich hochgeladen (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Http VS. Https

  • 1.  By: Eng. Raed T. Aldahdooh
  • 2.  He try to solve a problem of integrating and exchanging information held on different computers in often widely scattered places.  It was in March 1989 that Tim first outlined the advantages of a hypertext-based, linked information system.  This method incorporated the use of hypertext, a system that links documents from different sources, named it Enquire.  by the end of 1990, Berners-Lee, along with Robert Cailliau, created the first Web browsers and servers and designed the first version of HTTP V0.9 (1991).
  • 3.  Hyper Text Transfer Protocol  One of the application layer protocols that make up the Internet  HTTP over TCP/IP  Like SMTP, POP, IMAP, NNTP, FTP, etc.  The underlying language of the Web  Three versions have been used, two are in common use and have been specified:  RFC 1945 HTTP 1.0 (1996)  RFC 2616 HTTP 1.1 (1999)
  • 4. HTTP sits atop the TCP/IP Protocol Stack Network Interfaces HTTP TCP IP Application Layer Transport Layer Network Layer Data Link Layer
  • 5.  When the HTTP application has a message to send, it hands that message to a lower layer protocol (TCP).  TCP provides segments that ride inside the IP packets and add connection information based on source and destination ports.  TCP also provides mechanisms to make the connection reliable “handshake, sequence numbers, checksums, control flags”. The ports let TCP carry multiple protocols that connect services running on default ports: • HTTP on port 80 • HTTP with SSL (HTTPS) on port 443 • FTP on port 21 • SMTP on port 25 • POP on port 110 • SSH on port 22
  • 6.  The IP process builds on TCP segment by adding more information, in effect adding another envelope. The result is an IP datagram.  Datagram reaches the protocol implementation controlling the system’s network technology, and leaves in the form of a packet or frame.
  • 7. How an HTTP Message is delivered over TCP/IP connection: GET /index.html HTTP/1.1<CRLF> Host: www.hostname.com Con… HTTP Message’s data stream is chopped up into chunks small enough to fit in a TCP segment The segments are shipped to the right destination inside IP datagrams The chunks ride inside TCP segments used to reassemble them correctly on the other end of the connection
  • 8.  URLs used early on by all Internet protocols, including various document retrieval protocols.  More specifications (both from 1994): ◦ URL : Uniform Resource Locators - RFC 1738. ◦ URI : Universal Resource Identifiers - RFC 1630. ◦ URL is just one type of a URI.  Hypertext came to predominate as the most efficient way of providing access to resources ◦ Fast, flexible, generic, extensible ◦ Facilitated searching, collaboration, annotation  HTTP now the central mechanism for requesting and serving URL based resources.
  • 9.  URL (Uniform Resource Locators ) ◦ Provides single short string to identify network-accessible resource ◦ <scheme>://<host>[:<port>]/<path>[?<query>] ◦ http://www.w3.org/Icons/w3c_home.gif  URI (Uniform Resource Identifier) ◦ Identifies a resource either by location or name. ◦ The selection of the representation can be determined by the web server through HTTP content negotiation. ◦ A superset of URLs ◦ http://www.w3.org/Icons/w3c_home. ◦ http request line contains a non-URL URI
  • 10. Identifies the application protocol needed to access the resource, in this case HTTP. Username : If the protocol supports the concept of user names, this provides a user name that has access to the resource; the example has a user name “guest.” Password: The password associated with the user name, “secret” in the example. host : The communication system that has the resource; for HTTP this is the Web server, www.ietf.org in the example. port : The TCP port that the application protocols should use to access the resource; many protocols have an implied TCP port (for HTTP that port is 80 path : The path through a hierarchical organization under which the resource is located, often a file system’s directory structure or equivalent. File: The resource itself. Query: Additional information about the resource or the client. Fragment: A particular location within a resource.
  • 11.  URLs point to resources (“content”).  Resources are represented using different Internet Media Types (MIME Types) ◦ Multipurpose Internet Mail Extensions RFC2045,6  MIME Type tells how content should be handled ◦ File extensions are mapped to certain MIME Types  .html usually means a MIME Type of text/html  .jpg usually means a MIME Type of image/jpeg  The most common MIME Types used on the Web come from the text, image and application top-level groups  text/html, text/css  image/gif, image/jpeg, image/png  application/pdf, application/octet-stream  application/x-javascript, application/x-shockwave-flash
  • 12.
  • 13.  The first versions of HTTP required clients to establish a separate TCP connection with each request.  HTTP 1.1 protocol eliminates the problem of multiple TCP connections with a feature known as persistence.
  • 14.  Persistence allows another http feature that improves performance pipelining.  Pipelining, a client does not have to wait for a response to one request before issuing a new request on the connection.
  • 15.
  • 16.  User agent (client) issues an HTTP request to a host (server) for a given resource using its URL  Server “resolves” the URL, acts on the resource  Server sends an HTTP response back to the client  Each request is discontinuous with all previous requests – HTTP is stateless HTTP Request HTTP Client Asks for resource by its URL: http://www.Site.com/test.html HTTP Server www.Site.com HTTP Response Resource /test
  • 17.  HTTP requests and responses are both types of Internet Messages (RFC 822), and share a general format: – A Start Line, followed by a CRLF • Request Line for requests • Status Line for responses – Zero or more Message Headers • field-name “:” [field-value] CRLF – An empty line • Two CRLFs mark the end of the Headers – An optional Message Body if there is a payload • All or part of the “Entity Body” or “Entity”
  • 18. GET / HTTP/1.1[CRLF] Host: www.iugaza.edu.ps[CRLF] Connection: close[CRLF] User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)[CRLF] Accept-Encoding: gzip[CRLF] Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF] Cache-Control: no-cache[CRLF] Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF] Referer: http://web-sniffer.net/[CRLF] [CRLF]
  • 19.  GET ◦ By far most common method ◦ Retrieves a resource from the server ◦ Supports passing of query string arguments  HEAD ◦ Retrieves only the Headers associated with a resource but not the entity itself ◦ Highly useful for protocol analysis, diagnostics  POST ◦ Allows passing of data in entity rather than URL ◦ Can transmit of far larger arguments that GET ◦ Arguments not displayed on the URL
  • 20.  OPTIONS ◦ Shows methods available for use on the resource (if given a path) or the host (if given a “*”)  TRACE ◦ Diagnostic method for assessing the impact of proxies along the request-response chain  PUT, DELETE ◦ Used in HTTP publishing (e.g., WebDav)  CONNECT ◦ A common extension method for Tunneling other protocols through HTTP Web-based Distributed Authoring and Versioning (WebDAV) is a set of methods based on the Hypertext Transfer Protocol (HTTP) that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers.
  • 21. HTTP/1.1 302 Moved Temporarly [CRLF] Cache-Control: private[CRLF] Content-Type: text/html; charset=utf-8 [CRLF] Location: http://www.iugaza.edu.ps/ar [CRLF] Server: Microsoft-IIS/7.0 [CRLF] X-AspNet-Version: 2.0.50727 [CRLF] X-Powered-By: ASP.NET [CRLF] Date: Sat, 24 Dec 2011 19:00:27 GMT [CRLF] Connection: close [CRLF] Content-Length: 519 [CRLF] [CRLF] http://web-sniffer.net/
  • 22.  Consists of three major parts:  The HTTP Version ◦ Just like third part of Request Line  Status Code ◦ 5 groups of 3 digit integers indicating the result of the attempt to satisfy the request: ◦ 1xx are informational ◦ 2xx are success codes ◦ 3xx are for alternate resource locations (redirects) ◦ 4xx indicate client side errors ◦ 5xx indicate server side errors  The Reason Phrase followed by the CRLF ◦ Short textual description of the status code
  • 23.  Open a TCP connection to a host  Can borrow telnet protocol to do this, by pointing it at the default HTTP port (80)  C:>telnet www.google.com 80  Ask for a resource using a minimal request syntax:  GET / HTTP/1.1 <CRLF>  Host: www.google.ps <CRLF><CRLF>  A Host header is required for HTTP 1.1 connections, though not for HTTP 1.0
  • 24. Headers come in four major types, some for requests, some for responses, some for both: – General Headers • Provide info about messages of both kinds – Request Headers • Provide request-specific info – Response Headers • Provide response-specific info – Entity Headers • Provide info about request and response entities – Extension headers are also possible
  • 25.  Connection – lets clients and servers manage connection state ◦ Connection: Keep-Alive ◦ Connection: close  Date – when the message was created ◦ Date: Sat, 31-May-03 15:00:00 GMT  Via – shows proxies that handled message ◦ Via: 1.1 www.myproxy.com (Squid/1.4)  Cache-Control – Among the most complex of headers, enables caching directives ◦ Cache-Control: no-cache
  • 26.  Host – The hostname (and optionally port) of server to which request is being sent  Referer – The URL of the resource from which the current request URI came ◦ Referer: http://www.host.com/login.asp  User-Agent – Name of the requesting application, used in browser sensing ◦ User-Agent: Mozilla/4.0 (Compatible; MSIE 6.0)  Accept and its variants – Inform servers of client’s capabilities and preferences ◦ Enables content negotiation ◦ Accept: image/gif, image/jpeg;q=0.5 ◦ Accept- variants for Language, Encoding, Charset  Cookie How clients pass cookies back to the servers that set them ◦ Cookie: id=23432;level=3
  • 27.  Server – The server’s name and version ◦ Server: Microsoft-IIS/5.0 ◦ Can be problematic for security reasons  Set-Cookie – This is how a server sets a cookie on a client ◦ Set-Cookie: id=234; path=/shop; expires=Sat, 31-May-03 15:00:00 GMT; secure
  • 28.  Allow – Lists the request methods that can be used on the entity ◦ Allow: GET, HEAD, POST  Location – Gives the alternate or new location of the entity ◦ Used with 3xx response codes (redirects) ◦ Location: http://www.iugaza.edu.ps/ar/  Content-Encoding – specifies encoding performed on the body of the response ◦ Used with HTTP compression ◦ Corresponds to Accept-Encoding request header ◦ Content-Encoding: gzip  Content-Length – The size of the entity body in bytes  Content-Location – The actual if different than its request URL  Content-Type – specifies Media (MIME) type of the entity body
  • 30.  (HTTPS) Hypertext Transfer Protocol over Secure Socket Layer (SSL).  First implementation of HTTP over SSL was issued in 1995 by Netscape.
  • 31. Important information Data, Data, Data. Encryption Encryption Algorithm = cipher Hh2sh!~hH==E#@ns8676%===sdf Plain Text Cipher Text Some random String
  • 32. Decryption Algorithm Important information Data, Data, Data. Hh2sh!~hH==E#@ns8676%===sdf Some random String Symmetric Key
  • 34.  Uses asymmetric encryption to privately share the session key ◦ Asymmetric has a lot of overhead  Uses symmetric encryption to encrypt data ◦ Symmetric encryption is quicker and uses less resource
  • 35. Client requests HTTPS session Certificate sent back (with public key) Client creates session key (53) Session key encrypted with public key(X$qp0) At this point only client knows session key Session encrypted with symmetric session key (53) session key decrypted with private key At this point both client and server knows session key Encrypted session key sent to server
  • 36. Server Port 443 Client Hello Highest SSL Version: 2.0 Cipher: SMAL-SHAL-DES Compression: gzip Random:”sdf31nbj2” Server Hello SSL Version: 2.0 Cipher: SHAL Compression: gzip SessionID: “dash342h” Random:”sdf31nbj2” Certificates Public key: 324fdg3 Issued TO: google.com Issued By: Thene SG Valid From: 26102011 Valid From: 1102013 Certificate verify Change Cipher SPEC Finished Digest: ef432kjkjh4kjh234h23h 42h4h32i@32=23=424 =324kjl32jlj23j23klj432 jj23432422 Change Cipher SPEC Finished Digest: ef432kjkjh4kjh234h2 3h42h4h32i@32=23 =424=324kjl32jlj23j 23klj432jj23432422 Symmetric Session Key: Wehkj$@hjgd=wef=we$ #D%^fjh3dgqgdgq
  • 37.  There were away to get around the encryption instead o0f trying to break it  Ali wants to send secure messages to Ahmed.  Man intercepts Ali’s messages.  Man talks to Ali and pretends to be Ahmed.  Man talks to Ahmed and pretends to be Ali. Ali AhmedMan Ea Ec Ec Eb E{a,b,c} = Ali’s, Ahmed’s, and Man’s public keys, respectively
  • 38.  Ali uses the public key she thinks she received from Ahmed (Man’s)  Ahmed uses the key he thinks is Ali’s (also Man’s)  As a result, Man not only gains access to secure information but also can modify it (e.g. transfer money to a different account etc.)
  • 39.  Digital Certificates designed to solve the problem but do they always help ?  The MITM would have to create his own certificate with a private/public key.  He still sit between client and server, acting as server to the client and client to the server, listening in on everything sent between the two.
  • 40.  To verify the authenticity and identity of the certificates themselves.  linked back to a trustworthy source of certificates.  Web browsers and operating systems will only trust certificates that directly or indirectly link back to one of a handful of CAs, the "root CAs.“  Any certificate that doesn't link back to a root CA such as a self-signed certificate will generate a big scary warning in the browser.  How to create a self-signed SSL Certificate ...  http://www.akadia.com/services/ssh_test_certificate.html
  • 41.  HTTPS only slightly slower than HTTP. - Cost Of Security  HTTP Essentials Protocols for Secure, Scaleable Web Sites by Stephen Thomas .  HTTP The Definitive Guide.  View HTTP Request and Response Header < http://web- sniffer.net/ >