1
00:00:00,450 --> 00:00:03,670
How do we communicate with our website?

2
00:00:04,320 --> 00:00:10,200
Most of you probably know this already, but I will mention it in this video just so we can get a quick

3
00:00:10,200 --> 00:00:10,890
refresher.

4
00:00:11,460 --> 00:00:17,310
We explained all of these attacks in the previous video, but it's important we know the basics behind

5
00:00:17,310 --> 00:00:20,430
communication between a client and a website.

6
00:00:21,400 --> 00:00:29,770
So we send requests and receive pages back with the help of HTTP requests and HTP responses.

7
00:00:30,800 --> 00:00:37,490
HTTP request is something that we send to the website once we want to get a certain Web page from that

8
00:00:37,490 --> 00:00:44,720
website and HTP response is a response from the website telling us that either it found the page that

9
00:00:44,720 --> 00:00:47,030
we were looking for or it didn't.

10
00:00:47,780 --> 00:00:53,390
HTP response also contains an HTML code of the Web page that we requested.

11
00:00:53,930 --> 00:01:00,860
Now this would be a basic explanation of the process, but let us also take a look at how an HTP request

12
00:01:00,860 --> 00:01:03,530
and an HTP response look like.

13
00:01:04,040 --> 00:01:12,250
So if we take a look at this image right here in the red letters, we can see HTP request to some Web

14
00:01:12,260 --> 00:01:17,360
page while in deep blue letters we see and HTTP response.

15
00:01:18,330 --> 00:01:25,860
Let us focus first on HTTP request, so some of the known fields from the request would be fonts you

16
00:01:25,860 --> 00:01:33,000
see in the image we got hosts and that field defines the website domain that you are searching for.

17
00:01:33,870 --> 00:01:39,810
Sometimes this field can also have a port number due to Web servers, sometimes hosting more than one

18
00:01:39,810 --> 00:01:40,320
website.

19
00:01:41,040 --> 00:01:47,250
Besides that, we also got the user agent field and this field is used by server to identify the client

20
00:01:47,460 --> 00:01:49,650
that is connecting to the server.

21
00:01:50,340 --> 00:01:56,490
By identifying I mean, it would usually identify the Web browser that the client is using.

22
00:01:57,590 --> 00:02:04,130
HTP request can also have cookies, which we can see here in this picture, but what cookies are our

23
00:02:04,130 --> 00:02:10,450
values exchange between a client and the server that are used for holding data and information about

24
00:02:10,460 --> 00:02:12,470
a certain session that the user has?

25
00:02:13,570 --> 00:02:20,890
Sometimes and HTP request can also have authorisation parameter, which is used to check for the identity

26
00:02:21,460 --> 00:02:25,440
with this parameter, usernames and passwords are sent to the website.

27
00:02:25,960 --> 00:02:31,700
On the other hand, we got and HTP response, which also has some special fields of its own.

28
00:02:32,380 --> 00:02:35,290
First thing we see is the status code.

29
00:02:36,170 --> 00:02:42,860
Now, a field called status quo doesn't exist, but the value will be stored in the first line of the

30
00:02:42,860 --> 00:02:47,370
response most of you encountered at some point and fall for error.

31
00:02:47,510 --> 00:02:53,270
Once you try to search for a certain Web page and fall for in this case is a status code.

32
00:02:53,990 --> 00:03:00,410
In this picture we can see a status code of two hundred, which indicates that the page exists and therefore

33
00:03:00,410 --> 00:03:01,860
loaded it successfully.

34
00:03:02,570 --> 00:03:10,190
Besides this, we got set cookie field and this field, if defined, will establish values of cookies

35
00:03:10,400 --> 00:03:11,180
to the client.

36
00:03:12,040 --> 00:03:17,610
This value server can use later to identify the client and to also store clients data.

37
00:03:18,600 --> 00:03:24,930
We also got field called cash control, and this field is used if the content of the response should

38
00:03:24,930 --> 00:03:28,380
get stored inside the browser of the client or not.

39
00:03:29,300 --> 00:03:35,090
And we also got content that will tell us the size of the response in Bite's.

40
00:03:36,310 --> 00:03:43,510
Below all of these fields, we can see HTML tags opening and down there is the Web page that we requested

41
00:03:43,510 --> 00:03:44,660
from this website.

42
00:03:45,340 --> 00:03:51,640
It sends us the Web page code that will then get rendered inside of our browser and it will show us

43
00:03:51,640 --> 00:03:52,270
the Web page.

44
00:03:52,720 --> 00:03:54,110
Simple as that.

45
00:03:54,850 --> 00:03:55,240
Great.

46
00:03:55,450 --> 00:03:57,840
Now, that will refresh our memory about this.

47
00:03:58,240 --> 00:04:00,730
Let us finally start attacking websites.

48
00:04:01,300 --> 00:04:02,230
See you in the next video.