Ethical Hacking
  • Introduction to Information Security
    • What is Hacking?
    • Type of Hacking
    • Exercise
    • Uses of Proxy Servers
    • Summary Proxy & VPN
    • Summary
  • Gathering Information About Websites
    • Gathering Information
    • Gathering Targeted Information
  • Google Droks
  • Introduction to Web Architecture and Understanding Common Security Misconceptions
    • Web Servers
    • Web Server Architecture
    • Web Server Architecture Combinations
  • VA & PT
    • OWASP
    • SQL Injection
    • Advanced SQL Injections
    • Burp Suit
      • Client Side Validation Burp Suite Bypass
      • Client Side Validation Burp Suite Bypass
      • GET Based IDOR in URL
      • Post Based IDOR Variant
      • GET Based IDOR in URL
      • Post Based IDOR in URL
      • Download based
  • Arbitrary File Upload Vulnerabilities
    • Server Side Attack
    • Server Side Attack
    • Client Side Attack
  • Understanding Response Headers
    • Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
    • Temporary XSS
  • Understanding Forced Browsing and Session-Cookie Flaws
    • Forced Browsing
    • Cross Site Request Forgery
    • Open Redirection
  • Dictionary Based Brute Force Attacks
    • Dictionary Based Bruteforcing
    • Logical Bruteforcing
    • PII Leakage Variant
  • Identifying Security is configurations and Exploiting Outdated Web Applications
    • Information Disclosure via Descriptive Messages
    • Default Debug Pages
    • How to guess password for a standard login page
    • Default/Weak Password in Custom CMS
    • Fingerprinting Components with Known Vulnerabilities
    • Finding Exploits for Components with Known Vulnerabilities
    • Default/Weak Password in Public Software
    • Vulnerable Components Installed
    • Vulnerable Components Installed 2
    • Vulnerable Components Installed 3
  • Scanning for Bugs in WordPress and Drupal
    • What is CMS?
    • Variant 1
    • Vulnerable CMS
    • How to Scan Drupal CMS for Known Vulnerabilities?
    • Joomla CMS
  • Automating VAPT and Secure Code Development
    • information gathering
    • Nmap Scans
    • Automating VAPT:
  • POC
    • Recommendations for Documenting a Vulnerability
    • PoC
    • Types of Reports
    • Recommendations for OWASP Top 10 Vulnerabilities
    • Components of a VAPT Report
    • Vulnerability Information (for each vulnerability)
    • Bad Practices to Avoid While Writing a Report
Powered by GitBook
On this page

Understanding Response Headers

PreviousClient Side AttackNextEvent Listeners

Last updated 1 year ago

So, we looked at some server side attacks. These attacks are used to attack the server or to take complete control of the server. It is important to know server side languages like PHP and sql to carry out these attacks, or to prevent them. However, in this module, we will look at the client side attacks. These attacks are used to cause harm to the users of a web application directly. So, by carrying out these attacks, the hacker can directly attack the browser of the victim. To understand these attacks, we need to know client side languages like HTML and Javascript. To understand client side attacks, let us first understand how a web browser works. We know that when we open a website, let’s say internshala, an HTTP request is sent to the server. The server then processes this request and sends back an HTTP response to our browser. Now, this HTTP response is parsed by our browser and displayed to us. But, this HTTP response contains something called HTTP headers. These headers are the metadata that is not shown to us. But, if we analyse these response headers, we can learn a lot about the way HTTP responses work. Now usually the http response headers are very lengthy, and we are not going to look at each and every line. We will mainly look at 3 important HTTP response headers. The first line of the header, that tells us about the nature of the response. The set-cookie header. Content length header. We will look at each one of these. Let’s start with the first line of the response header. So, this is a sample HTTP response captured by BurpSuite.

If we look at the first line of this response, it says, HTTP/1.1 200 OK. We have seen this response many times in the previous module. The 200 response means that everything is okay. Now, this is just one type of response. There are a few more important responses that we must know about. 30X: A response in the 300 range is used to signify redirection. For example, if you requested for page 1, but are being redirected to page 2. In this case, the response will say, “301 Moved Permanently to Location: page2”. 40X: These responses depict errors that occur due to the user’s fault. The most common response we have all come across is 404:Not Found error. We get this response when the page we have requested for does not exist. Another example is the 403: Forbidden response. This comes when you request for a page that you are not supposed to visit. 50X: These responses occur when there has been some error on the server side. For example, if a website is not able to connect to its database due to some server side code error, you might see 500 internal server error. So, these were some important responses sent in headers. You must remember these ranges and their meaning well, since by looking at this we can get an idea of what kind of response the server wants to give us. Now, after the first line of the response headers, we see some standard HTTP response headers. These headers basically tell the browser about the response and how to handle it. They are like the configuration settings sent by a web server to be stored in the browser for later usage. In these settings, you may choose to study about some of them in detail. These include the Content Security Policy, Referrer Policy, Allow Origin, X-powered-by, etc. We will not be covering these in our topic, but you can read more about them online.