Web Requests

Web Requests  Fundamental

Web applications provide a large potential attack surface and need to be secured properly. A firm grasp of the basics of how applications communicate is critical for anyone interested in learning how to assess and attack web applications.

Created by MinatoTW

Back to Catalogue Preview
To start this course Sign Up!

Summary

This module introduces key fundamentals that must be mastered in order to be successful in information security. An understanding of how web applications work is necessary before attempting to attack or secure them.

In this module, we will cover:

  • An overview of the HyperText Transfer Protocol (HTTP)
  • An overview of the Hypertext Transfer Protocol Secure (HTTPS)
  • HTTP requests and responses
  • HTTP methods and response codes
  • Common HTTP methods such as GET, POST, PUT, and DELETE
  • Using cURL to interact with web applications

This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover.

As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the Pwnbox provided in the interactive sections or your own virtual machine.

You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

The module is classified as "Fundamental" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.

A firm grasp of the following modules can be considered prerequisites for successful completion of this module:

  • Networking Fundamentals
  • Linux Fundamentals

Sections

  • HyperText Transfer Protocol (HTTP) Basics
  • Hypertext Transfer Protocol Secure (HTTPS)
  • Request and Response
  • Headers
  • Methods and Codes
  • GET Method
  • POST Method
  • PUT and DELETE Methods
  • cURL

Relevant Paths

This module progresses you towards the following Paths

Card image
Cracking into Hack the Box

Easy 20 Sections

Cubes Required: 20

An understanding of HTTP/HTTPS, common HTTP methods, and response codes are essential for anyone getting started with attacking web applications. This knowledge will help us break down and analyze the components of a web application, such as JavaScript, which most modern websites use to perform their functions. It is not uncommon for developers to obfuscate some of their code to hide its functions and prevent reuse or copying without their permission or as an attempt to provide an additional layer of security. Attackers may also obfuscate their code for malicious purposes. Both attackers and defenders need to understand the principles of code obfuscation and techniques that can be used to deobfuscate code back to its original state. The modules in this path teach core concepts that can be applied to completing and understanding the invite code challenge to join the main Hack the Box platform at https://www.hackthebox.eu/invite.

 Web Requests

Fundamental 9 Sections

Web applications provide a large potential attack surface and need to be secured properly. A firm grasp of the basics of how applications communicate is critical for anyone interested in learning how to assess and attack web applications.

 JavaScript Deobfuscation

Easy 11 Sections

This module will take you step-by-step through the fundamentals of JavaScript Deobfuscation until you can deobfuscate basic JavaScript code and understand its purpose.

Back to Catalogue
To start this course Sign Up!