Foundation of the world wide web:

In our day to day Internet use, a certain protocol allows a client through a web browser to request for information from a server which then sends a response. This protocol is referred to as the HTTP( Hypertext transfer protocol). It loads web pages using Hypertext links.

So what is HTTP? :

HTTP is an application layer protocol designed to transfer information between networked device. This involves a client machine making requests to a server which then sends a response .The process through which Internet communication platforms ask for the information they need t oo load a website is called HTTP request .

A typical HTTP request has 5 parts; (1)HTTP version type,(2)a URL,(3) A HTTP method,(4) HTTP request headers,(5)Optional HTTP body. Let's explore each term

What is an HTTP method?

A HTTP method, sometimes referred to as a HTTP verb, indicates the action that the HTTP request expects from the queried server. For example, two of the most common HTTP methods are ‘GET’ and ‘POST’; a ‘GET’ request expects information back in return (usually in the form of a website), while a ‘POST’ request typically indicates that the client is submitting information to the web server (such as form information, e.g. a submitted username and password).

What are HTTP request headers?

HTTP headers contain text information stored in key-value pairs, and they are included in every HTTP request (and response, more on that later). These headers communicate core information, such as what browser the client is using and what data is being requested. They show the web browser a client is using and the data a client is looking for

What is in an HTTP response?

An HTTP response is what web clients (often browsers) receive from an Internet server in answer to an HTTP request. These responses communicate valuable information based on what was asked for in the HTTP

What is a URL?

URL(Uniform Resource Locator) is the address of a specific resource on the internet. It's what you type into the address bar of your web browser (like Chrome, Safari, or Firefox) to visit a website, an image, a video, or any other file available online.

Think of it like a home address. If you want to send a letter to a friend, you need their specific street address, city, and zip code. Similarly, to "visit" a webpage, your browser needs its exact URL.

2 .HTTPS

The core difference between the HTTP a and https is that the https is a more secured version of the HTTP. This is made possible by the TLS/SSL which was discussed in the previous article which is a protocol that creates a secure, encrypted connection between two devices over the internet. Its primary job is to ensure that any data sent between these devices remains private and secured

The process by which a HTTPS connection is made is explained as thus:

First of all, a TCP connection is made which involves the three way TCP handshake of SYN, SYN+ ACK and ACK.

Think of it like a formal greeting before a important conversation:

1. SYN(Client to Server): "Hello, are you there and available to talk?"

2. SYN-ACK(Server to Client): "Yes, I am here. I am ready to talk. Are you ready?"

3. ACK (Client to Server): "Yes, I am ready. Let's start talking."

After this three way handshake, another handshake is made by the TLS to ensure a safe and private connection. This second handshake can be broken down into the process of exchanging of session keys by the web browser and the server. This is first done when the browser sends the server cipher suites( A list of encrypted algorithms) and supported TLS versions and a client random(string of random bytes created by the client) this process is commonly called the client hello

The next step is the server hello. This is where the server responds with the selected TLS versions, the preferred cipher suites , server random and the SSL certificate

The browser then checks the SSL certificate to ensure if it's authentic . Then the browser then uses the client public key from the certificate , generates a pre master secret , encrypts it and sends it back to the server.

Only the server can decrypt the pre master secret because only the server has the private key (which would never leave the server to ensure complete privacy and to prevent hackers).

Both the client and the server now have three pieces of information: the Client Random, the Server Random and the Pre-Master Secret.

They each independently use this information to generate the same set of symmetric session keys. These keys will be used to encrypt and decrypt all data for the rest of the session. Both sides send a "Finished" message encrypted with the new session keys. This message verifies that the handshake was successful and that keys were generated correctly. After this, the set up for a secure network channel is complete and safe .

Written by

Cyber Pete.