What is HTTP? (HyperText Transfer Protocol)

What does HTTP stand for?

HyperText Tranfer Protocol

What does the S in HTTPS stand for?

secure

On the mock webpage on the right there is an issue, once you've found it, click on it. What is the challenge flag?

Click on the "View Site"-button to deploy the site. After the site is deployed click on the crossed out lock-icon and you will receive the requested flag:

THM{INVALID_HTTP_CERT}

Requests and Responses

What HTTP protocol is being used in the above example?

HTTP/1.1

What response header tells the browser how much data to expect?

Content-Length

HTTP Methods

What method would be used to create a new user account?

POST

What method would be used to update your email address?

PUT

What method would be used to remove a picture you've uploaded to your account?

DELETE

What method would be used to view a news article?

GET

HTTP Status Codes

What response code might you receive if you've created a new user or blog post article?

201

What response code might you receive if you've tried to access a page that doesn't exist?

404

What response code might you receive if the web server cannot access its database and the application crashes?

503

What response code might you receive if you try to edit your profile without logging in first?

401

Headers

What header tells the web server what browser is being used?

User-Agent

What header tells the browser what type of data is being returned?

Content-Type

What header tells the web server which website is being requested?

Host

Cookies

Which header is used to save cookies to your compute?

Set-Cookie

Making Requests

Make a GET request to /room

Deploy the static lab site by clicking on the "View Site"-button. You can get the flag by selecting the "GET"-option in the drop-down-list and appending "room" to the content of the url-bar. After clicking the "Go"-button, the lab-site will provide the flag:

THM{YOU'RE_IN_THE_ROOM}

Make a GET request to /blog and using the gear icon set the id parameter to 1 in the URL field

Select the "GET"-option in the drop-down-list and append "blog" to the content of the URL bar. After this you have to click on the gear-icon. There you can set parameters for the request. Enter "id" into the "key"-input-field and the value 1 into the "value"-input-field. Press the save-icon and close the pop-up-window. Click on the "Go"-button and you will get the flag:

THM{YOU_FOUND_THE_BLOG}

Make a DELETE request to /user/1

You can get the flag by selecting the "DELETE"-option in the drop-down-list and appending "user/1" to the content of the url-bar. After clicking the "Go"-button, the lab-site will provide the flag:

THM{USER_IS_DELETED}

Make a PUT request to /user/2 with the username parameter set to admin

Select the "PUT"-option in the drop-down-list and append "user/2" to the content of the URL bar. After this you have to click on the gear-icon. Enter "username" into the "key"-input-field and "admin" into the "value"-input-field. Press the save-icon and close the pop-up-window. Click on the "Go"-button and you will get the flag:

THM{USER_HAS_UPDATED}

POST the username of thm and a password of letmein to /login

Select the "POST"-option in the drop-down-list and append "login" to the content of the URL bar. After this you have to click on the gear-icon. Enter "username" into the "key"-input-field and "thm" into the "value"-input-field. Press the save-icon, enter "password" into the "key"-input-field and "letmein" into the "value"-input-field. Close the pop-up-window. Click on the "Go"-button and you will get the flag:

THM{HTTP_REQUEST_MASTER}