Open in app

Sign in

Write

Sign in

WEB APPLICATION TECHNOLOGIES

Rishavmehra
7 min readMar 28, 2021
  1. HTTP PROTOCOL
  2. WEB FUNCTIONALITY
  3. ENCODING SCHEMES

1) HTTP Protocol

  • HTTP Requests.
  • HTTP Responses.
  • HTTP Methods.
  • URLs.
  • REST.
  • HTTP Headers.
  • Cookies.
  • Status Codes.
  • HTTPS.
  • HTTP proxies.
  • HTTP Authentication.

HTTP Protocol

Hypertext transfer protocol (HTTP) HTTP uses a message-based model in which a client sends a request message and the server returns a response message.

HTTP Requests

The HTTP (requests/responses)message consists of one or more headers.

HTTP REQUESTS

Every HTTP requests consist of 3 items in their first line.

  • GET/POST the most commonly used method is GET, which is used to retrieve information from the server. And post method used to send loads of data to the server for a specific resource
  • The requested URL. The URL typically functions as a name for the resource being requested, together with an optional query string containing parameters that the client is passing to that resource.
  • The HTTP version. The only HTTP version used on the internet is 1.0/1.1, and most browsers used 1.1 default. HTTP version discusses later in this session.

Some other request headers

  • Referer: URL from which the request originated.
  • User-Agent: information about the browser.
  • Host: hostname that appeared in the full URL being accessed. this is necessary when multiple websites are hosted on the same server.
  • Cookie: submit additional parameters that the server has issued to the client.

HTTP RESPONSES

HTTP Responses

Every HTTP (requests/responses) consists of 3 items in their first line.

  • HTTP version.
  • numerical status of the result (i.e. 200).
  • A textual status of the responses.

Some other request headers

  • Server: webserver software, installed modules, and server OS.
  • set-cookies: issue the browser further cookies. this is submitted back to the cookie.
  • Pragma: browser not to store the responses in its cache.
  • Expire: content expired in the past and therefore should not be cached.
  • Content-type: indicates that the body of this message contains an HTML document.
  • Content-length: message body in bytes.

HTTP Methods

there are two types of HTTP methods: GET or POST

GET: It is a method in which data is passed through the URL (as variables) which is visible in the address bar of the web-browser.

POST: It is a method in which data is passed through packets that are not visible to the user on a web-browser. So, it is much safer to use POST instead of GET.

URL

URL (uniform resource locator). . A URL is the address of a specific webpage or file on the Internet. the port number included only if it differs from the default used by the relevant protocol.

URL

REST

REST (representational state transfer) Style of architecture for distribution style in which request and response contain the representation of the system resource.

Although URL contains a parameter within the query string do themselves conform to REST constraints

URL containing a query string

http://example.com/search?make=tesla&model=roadster

URL containing “REST-STYLE”

http://example.com/search/roadster

HTTP Headers

Chrome (on Windows, similar on macOS)

Use “Inspect Element” or pressure “Ctrl+Shift+I”. Move to the Network tab and reload the page. Select the resource you wish to look into then select the “Headers” tab.

HTTP Headers

Cookies

cookies are stored in a client-side machine. cookies are a key part of the HTTP protocol that most web applications rely on.

A server issues cookies using set-cookie responses header, as you have seen:

set-cookie: tarcking=t8r6nbiufgb3477PShgrWsbd

the user browser automatically adds the following header to subsequent requests back to the same server.

cookies: tracking=t8r6nbiufgb3477PShgrWsbd.

Status code

it descrives in five group

  • 1xx: Informational
  • 2xx: the request was successful
  • 3xx: the client is redirected to a different resource
  • 4xx: the request contains an error of some kind
  • 5xx: The server encountered an error fulfilling the requests.

clear here for status code in detail

HTTPS

HTTPS is the same application layer as HTTP the only difference is that HTTPS uses SSL (secure sockets layer) which used to secure our web-application more advanced manner.

HTTP Proxies

HTTP proxy is a server that mediates access b/w the client browser and the destination web server.

Aware of two differences.

  1. when the web-browser issue unencrypted HTTP req. to the proxy server. It passes all the practical like prefix http://, hostname, port number, etc proxy except the server the hostname & port and it passes the request to the accurate destination wed server.
  2. when HTTP is being used the browser cannot perform an SSL handshake because this would break the secure tunnel and left communication. hence the browser must use the proxy as a pure TCP relay.

HTTP Authentication

BASIC is a simple authentication mechanism that sends user credentials as base-64-encoded strings in the request header with each other.

NTLM

Challenge-response mechanism and uses a version of the Windows NTLM protocol.

Digest

challenge-response mechanism and uses MD5 checksums of a nonce with the user’s credentials.

2) WEB FUNCTIONALITY

Server-Side Functionality :

some tasks like identify the user and provide the same information to the user can only be performed on Server(Apache server) having capable to read the server-side language(ASP, PHP Python) and translate to the Browser understandable language(Html).

Client-Side Functionality:

There are various reasons for client-side scripting, but it can just about all be stated as “browsers and client machines are faster and larger and more powerful than they want to be. Use that capability — only do things on the server that need server-side resources to try to, or that can’t be done more quickly and simply on the client”. This features a number of benefits:

  • It allows the server to serve more clients with equivalent system resources since a number of the things it wont to do (laying out the HTML for every page after an invitation, for example) is now being done on the client
  • aside from sending the first resources (images, CSS, HTML, JS files) to urge the page up and running, the sole thing that must be sent later is that the data that changes because the user uses the site/application. This cuts down on network traffic, which again allows more clients to be served.

It’s much faster to try to interact with things only on the client, rather than requiring a round-trip to the server (animations, button-press visual changes), timed events, etc.

3) ENCODING SCHEMES

URL Encoding:

Encoding is a technique to transform data into other formats so that it can be consumed by different systems. For example, if you want to send binary data over email you should encode the binary using some encoding scheme that makes it suitable for sending it over email.

URL encoding

UNICODE Encoding:

In order to accommodate the non-English characters, people started going a little crazy on how to use the numbers from 128 to 255 still available on a single byte. Different people would use different characters for the same numbers. Obviously, not only was it the wild wild west, but it quickly dawned that the extra available numbers could not even come close to represent the complete set of characters for some languages.

HTML Encoding:

An URL is encoded to convert non-ASCII characters into a format that can be used over the Internet because a URL is sent over the Internet by using the ASCII character-set only. If a URL contains characters outside the ASCII set, the URL has to be converted. The non-ASCII characters are replaced with a “%” followed by hexadecimal digits.

Base64 Encoding:

The idea behind Base64 is very simple.

Consider sending a message in binary. This transmission can be considered as composed of 8-bit characters so it is base256: each byte is a symbol from 0 to 255.

The problem with this coding is that it cannot be attached to emails and similar channels as some characters have special meaning.

Therefore instead of using 8-bit digits, the Base64 code uses 6-bit words, i.e. 64 combinations, but maps these 64 digits to ASCII characters from ‘A’ (meaning 0) to ‘/’ meaning 63.

The advantage is that to use only legal ASCII characters, that are perfectly compatible with any channel but to minimize the waste. In fact, on 7 bit per byte channels, only one bit is lost, on 8 bit per byte, only two bits are lost.

Base64 encoding table

HEX Encoding:

it is easier to convert binary to decimal via hexadecimal because there are
4 times fewer multiplications and additions necessary.

It's nice because 16=24 16=24 so there is a direct mapping and you can easily read hex into binary

Disclaimer: This article focuses on explaining some underlying implementation details of web technologies, which will be helpful for readers to better understand my blog article. The web application hacker’s handbook helps me a lot in making this blog, I hope this blog helps you.

Need any help contact me on Twitter.

Thanks, everyone for reading :)

--

--

Rishavmehra

Written by Rishavmehra

10 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams