Friday, February 10, 2012

How Web Servers Work : How to Hack Web Servers

  • The browser breaks the URL into three parts:

    1. The protocol ("http")

    2. The server name ("www.website.com")

    3. The file name ("webpage.html")

  • The browser communicates with a name server, which translates the server name, www.website.com, into an IP address

  • The browser then forms a connection to the Web server at that IP address on port 80.

  • Following the HTTP protocol, the browser sends a GET request to the server, asking for the file http://webpage.html.

  • The server sends the HTML text for the Web page to the browser.

  • The browser reads the HTML tags and formats the page onto the screen.

  • Let us take a look at the basic working of a web server. What happens when you type http://www.eccouncil.org/Certification.htm in your browser?

    • The browser differentiates the URL into three parts:

      1. The protocol ("http")

      2. The server name (www.eccouncil.com)

      3. The file name ("Certification.htm")

    • The browser initiates the connection by communicating with a name server to translate the server name www.eccouncil.com into a valid IP Address.

    • It then uses this IP address to connect to the target web server machine.

    • The browser then establishes a connection to the web server at the specific IP address on port 80. This is the default port. (It can be any other port as well)

    • According to the HTTP protocol, the browser sends a GET request to the server, to retrieve the file "http://www.eccouncil.org/certification.htm"

    • The web server then sends the HTML text for the particular Web page to the browser.

    • The browser reads the HTML tags and formats the page on the user's screen.

    Other HTTP methods like POST, PUT, are used in subsequent communications if needed. The response from the server includes the HTTP response code suitable for the result of the request. In the case of successful data retrieval, an HTTP 200 OK response is generated. Other HTTP response codes exist: common ones include 404 Not Found, 403 Access Denied, and 302 Object Moved (often used to redirect requests to a login page to authenticate a user).

    Popular Web Servers and Common Security Threats
    • Apache Web Server

    • IIS Web Server

    • Sun ONE Web Server

    • Nature of Security Threats in a Web Server Environment.

      • Bugs or Web Server Misconfiguration.

      • Browser-Side or Client Side Risks.

      • Sniffing

      • Denial of Service Attack.

    ---Regards,
    Amarjit Singh

    No comments:

    Post a Comment