Request

An HTTP request is a message sent by a client to a web server to communicate with a web application and trigger an action. Since these requests are usually the first point of interaction between the client and the server, understanding how they work is crucial, especially for those of us in cybersecurity.

[METHOD] [/PATH] [HTTP/VERSION]

The request line, also known as the start line, is the first part of an HTTP request. It informs the server about the type of request being made and consists of three key components: HTTP method, URL path, and HTTP version.

HTTP Methods

An HTTP method tells the server what action the user wants to perform on the resource identified by the URL path. Here are some common methods:

URL Path

The URL path tells the server where to find the requested resource. For example, in the URL https://navidnaf/home, the path /home identifies a specific page.

HTTP Version

The HTTP version determines the protocol used for communication between the client and server. Over time, multiple versions have been introduced to improve performance, security, and functionality.

• HTTP/0.9 (released in 1991) was the first version, supporting only GET requests.

• HTTP/1.0 (introduced in 1996) added headers and improved content handling, including caching.

• HTTP/1.1 (released in 1997) introduced persistent connections, chunked transfer encoding, and advanced caching, making it widely used even today.

• HTTP/2 (introduced in 2015) improved multiplexing, header compression, and performance prioritization.

• HTTP/3 (launched in 2022) builds on HTTP/2 but uses the QUIC protocol for faster and more secure connections.

Despite improvements in HTTP/2 and HTTP/3, many systems still rely on HTTP/1.1 due to widespread support. However, upgrading to newer versions can significantly enhance performance and security as more systems adopt these protocols.

Request Headers

Request headers are part of an HTTP request that provide additional information about the request, such as client capabilities, preferred formats, and more. They help the server understand how to handle the request and respond appropriately.

Request Body

In HTTP requests such as POST and PUT, where data is sent to the web server, the data resides inside the HTTP Request Body. The formatting of the data can vary, with common formats including URL Encoded, Form Data, JSON, or XML. GET requests typically do not have a body.

Request Body Formats –

Example of a Full Request -

POST /contact HTTP/1.1
Host: navidnaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-US,en;q=0.5
Connection: keep-alive

name=Navid&email=navid@example.com&message=Hello%20Navidnaf%2C%20I%20would%20like%20to%20connect!

An HTTP request begins with a request line: POST /contact HTTP/1.1, indicating that the client is sending a POST request to the /contact endpoint using HTTP version 1.1. The Host header specifies the target server as navidnaf.com. The User-Agent header identifies the client as a specific version of Chrome running on a Windows 10 machine. The Accept header informs the server that the client can process responses in JSON format. The Content-Type header specifies that the data sent in the request body is URL-encoded form data. The Accept-Language header specifies English as the preferred response language, and the Connection header requests to keep the connection alive. Finally, the request body contains form data, including the user's name, email, and message, encoded in the following format:

name=Navid&email=navid@example.com&message=Hello%20Navidnaf%2C%20I%20would%20like%20to%20connect!.