Hypertext Transfer Protocol (HTTP) / Hypertext Transfer Protocol Secure (HTTPS)
HTTP is an application protocol for distributed, collaborative, and hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web.



Commands

  • GET / - Returns the header and document root, if it exists and you have permissions.
  • HEAD / - Returns the header, if it exists and you have permissions.
  • POST / - The POST method is used to submit an entity to the specified resource, often causing a change in state or side effects on the server.
  • PUT / - The PUT method replaces all current representations of the target resource with the request payload.
  • DELETE / - The DELETE method deletes the specified resource.
  • CONNECT / - The CONNECT method establishes a tunnel to the server identified by the target resource.
  • OPTIONS / - The OPTIONS method is used to describe the communication options for the target resource.
  • TRACE / - The TRACE method performs a message loop-back test along the path to the target resource.
  • PATCH / - The PATCH method is used to apply partial modifications to a resource.


HTTP handshake

0 ms - HTTP runs over a reliable transport (TCP), which means that we must first complete the TCP three-way handshake, which takes one full roundtrip.
56 ms- With the TCP connection in place, the client sends the request.
84 ms - The server begins processing the request.
124 ms- The application data can now be sent.


HTTPS handshake

0 ms - TLS runs over a reliable transport (TCP), which means that we must first complete the TCP three-way handshake, which takes one full roundtrip.
56 ms - With the TCP connection in place, the client sends a number of specifications in plain text, such as the version of the TLS protocol it is running, the list of supported ciphersuites, and other TLS options it may want to use.
84 ms - The server picks the TLS protocol version for further communication, decides on a ciphersuite from the list provided by the client, attaches its certificate, and sends the response back to the client. Optionally, the server can also send a request for the client’s certificate and parameters for other TLS extensions.
112 ms - Assuming both sides are able to negotiate a common version and cipher, and the client is happy with the certificate provided by the server, the client initiates either the RSA or the Diffie-Hellman key exchange, which is used to establish the symmetric key for the ensuing session.
140 ms - The server processes the key exchange parameters sent by the client, checks message integrity by verifying the MAC, and returns an encrypted Finished message back to the client.
168 ms - The client decrypts the message with the negotiated symmetric key, verifies the MAC, and if all is well, then the tunnel is established and application data can now be sent.


Applications and Tools

  • Browsers
    • Browser Extensions
      • Adblock Plus 3.5
        • Adblock Plus Filters
          • Adblock Warning Removal List
          • Fanboy's Annoyance List
          • ABP filters
          • EasyList
          • Allow nonintrusive advertising
      • Tampermonkey
        • Manage your userscripts and provides features like a clear overview over the running scripts
      • uBlock Origin
        • Block Ads, Pop Ups, and Trackers
      • Web Developer
        • Write HTML without a WYSIWYG
        • View Source
    • Comparison of web browsers
    • Google Chrome 73.0.3683.75
    • Firefox
      • Plug ins
        • No Script provides extra protection for your Firefox browser. This extension allows JavaScript and Java execution only for trusted domains of your choice. This white list based pre-emptive script blocking approach prevents exploitation of security vulnerabilities with no loss of functionality. You can enable JavaScript or Java execution for sites you trust with a simple left-click on the NoScript status bar icon or using the context menu in pop-up status bar. It is great for getting content off websites that have pop-ups.
    • Tor Browser
  • CSS
  • HTTP
  • HTML
  • WinWGet - a Windows Graphical User Interface (GUI) for wget


References


 
Donate Donate An illustration of a heart shape                               1999 - 2021 paultclark.com