~/writeups/thmhttpindetail
Published on

TryHackMe - HTTP in Detail

464 words3 min read
Authors
Cybersecurity home lab setup

TryHackMe: HTTP in Detail

Hey hackers👋 this is the write-up for the HTTP in Detail room on TryHackMe

Room Link: https://tryhackme.com/room/httpindetail

The room provides a beginner-friendly walkthrough of how the HyperText Transfer Protocol (HTTP) works, including its secure version, HTTPS. It covers essential concepts like HTTP methods (GET, POST, etc.), status codes, headers, cookies, and how requests and responses are structured. The room includes hands-on exercises to help users understand web communication and how data is transmitted between clients and servers, making it a solid foundation for anyone starting in web security or networking.

1️⃣ Task 1: What is HTTP(S)?

  1. What does HTTP stand for?
HyperText Transfer Protocol
  1. What does the S in HTTPS stand for?
secure
  1. On the mock webpage on the right there is an issue, once you've found it, click on it. What is the challenge flag?
THM{INVALID_HTTP_CERT}

2️⃣ Task 2. Requests And Responses

  1. What HTTP protocol is being used in the above example?
HTTP/1.1
  1. What response header tells the browser how much data to expect?
Content-Length

3️⃣ Task 3. HTTP Methods

  1. What method would be used to create a new user account?
POST
  1. What method would be used to update your email address?
PUT
  1. What method would be used to remove a picture you've uploaded to your account?
DELETE
  1. What method would be used to view a news article?
GET

4️⃣ Task 4. HTTP Status Codes

  1. What response code might you receive if you've created a new user or blog post article?
201
  1. What response code might you receive if you've tried to access a page that doesn't exist?
404
  1. What response code might you receive if the web server cannot access its database and the application crashes?
503
  1. What response code might you receive if you try to edit your profile without logging in first?
401

5️⃣ Task 5. Headers

  1. What header tells the web server what browser is being used?
User-Agent
  1. What header tells the browser what type of data is being returned?
Content-Type
  1. What header tells the web server which website is being requested?
Host

6️⃣ Task 6. Cookies

  1. Which header is used to save cookies to your computer?
Set-Cookie

7️⃣ Task 7. Making Requests

  1. Make a GET request to /room page
THM{YOU'RE_IN_THE_ROOM}
  1. Make a GET request to /blog page and set the id parameter to 1
THM{YOU_FOUND_THE_BLOG}
  1. Make a DELETE request to /user/1 page
THM{USER_IS_DELETED}`
  1. Make a PUT request to /user/2 page with the username parameter set to admin
THM{USER_HAS_UPDATED}`
  1. Make a POST request to /login page with the username of thm and a password of letmein
THM{HTTP_REQUEST_MASTER}