What is HTTP
HTTP is a hypertext transfer protocol that underlies the Internet. It`s located at the last layer of the OSI and TCP/IP model (application layer). HTTP is implemented in two programs: a client program and a server program. Client and server programs running on different end systems. They communicate with each other by exchanging HTTP messages.
HTTP defines the structure of these messages and how the client and server exchange messages. The problem with this protocol is that the data is transmitted in clear text and anyone can intercept your traffic.
What is HTTPS
The problem with HTTP protocol is solved by its extended version HTTPS. HTTPs - HyperText Transfer Protocol Secure. This protocol adds to the regular version the ability to encrypt data using the TLS cryptographic protocol. The HTTPs protocol provides that when a connection is established, the client and server agree to use a temporary key with which they will encrypt and decrypt messages. This key is called a “session” key and is valid only for the current session. Each new session will generate a new key.
To transfer a website to HTTPS, the owner must obtain a special certificate information from which is used to verify the authenticity of the web resource. Accordingly, the organization that issued such a certificate becomes a third party whose participation allows the users not to fear that their data will be stolen.
The main danger of HTTP
What's so scary about the fact that traffic with the HTTP protocol is quite easy to intercept? By using sites with the HTTP protocol on the open network you are open to a person with bad intentions. He or she can easily intercept your traffic and be able to access your cookies, server software versions and see everything that you enter into various forms including bank cards , logins, passwords and other metadata that can be used to test the system or identify potential vulnerabilities.
Capturing an HTTP packet using WireShark
As I wrote earlier, the danger of the HTTP protocol is that its packets are quite easy to intercept, and now I will clearly demonstrate this.
I created my own simple web server on Apache HTTP Server with an authorization window. How I created it will be described in the next article. Thanks to it, I can show how unprotected you will be with the HTTP protocol on an open network.
You see a typical authorization window with the ability to enter a login and password (in my case it’s email, but this doesn’t change the essence).
I enter hypothetical data.
My web server has a database with existing users and if the data entered in the form does not correspond to the basic data, the tab with the basic information will not be displayed. Unfortunately, even without gaining access to the My web server has a database with existing users and if the data entered in the form does not correspond to the basic data, the tab with the basic information will not be displayed. Unfortunately, even without gaining access to the treasured information, your data can be stolen.
WireShark has a convenient filtering feature. I will use it to quickly find the necessary http packages.
We need the POST method because it could cause our data to end up in the hands of an attacker. POST is a method of sending data to the server, for example, after filling out a registration form or authorization on a website.
Click “Follow TCP Stream” and get a window in which the entire exchange between two nodes will be clearly demonstrated.
And look! Without any encryption we are presented with a login and email (there could be a password).
I hope my article clearly showed why you CANNOT use sites with an unsecured HTTP protocol especially on open unsecured networks where all your network traffic is in full view. I also advise you not to enter confidential information through an unsecured network. Again, your traffic can be intercepted. If you want to protect yourself, use a VPN.
Top comments (0)