Scribd Logo
Upload

Welcome to Scribd!

  • CNLAB Week3

    Uploaded by

    Varun Y Tirthani
    28 views14 pages
    The document summarizes the results of 3 tasks investigating HTTP headers: 1) Password authentication using HTTP headers is demonstrated by enabling authentication in Apache configuration files. Successful authentication is indicated by a key symbol in the browser. 2) Setting and reading cookies is demonstrated using a PHP file. Base64 encoding is used to securely transmit cookies containing a username and password. 3) The If-Modified-Since header is tested to conditionally return a 304 status or download the full file. Tests were done both with and without clearing the cache between requests.

    Original Description:

    Original Title

    CNLAB_Week3

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes the results of 3 tasks investigating HTTP headers: 1) Password authentication using HTTP headers is demonstrated by enabling authentication in Apache configuration files. Successful authentication is indicated by a key symbol in the browser. 2) Setting and reading cookies is demonstrated using a PHP file. Base64 encoding is used to securely transmit cookies containing a username and password. 3) The If-Modified-Since header is tested to conditionally return a 304 status or download the full file. Tests were done both with and without clearing the cache between requests.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    28 views14 pages

    CNLAB Week3

    Uploaded by

    Varun Y Tirthani
    The document summarizes the results of 3 tasks investigating HTTP headers: 1) Password authentication using HTTP headers is demonstrated by enabling authentication in Apache configuration files. Successful authentication is indicated by a key symbol in the browser. 2) Setting and reading cookies is demonstrated using a PHP file. Base64 encoding is used to securely transmit cookies containing a username and password. 3) The If-Modified-Since header is tested to conditionally return a 304 status or download the full file. Tests were done both with and without clearing the cache between requests.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 14

    Name:- Varun Tirthani SRN:- PES1201802027

    Week No:-3 Date:- 23/09/2020


    Name Of The Experiment:- Understanding Working Of HTTP Headers

    TASK 1:- Password Authentication

    Installation Of Packages

    Creating username and password

    Here the username is varuncn and the password is varuncnlab


    Enabling Authentication In Apache2 Configuration Files

    Authentication Required Prompt From Browser On Accessing localhost


    localhost on successful authentication

    NOTE: The key symbol on the top left of the screen near address tab indicates that the site is
    password protected.
    Wireshark Capture

    The first GET request results in HTTP 401 Unauthorized response.


    On entering the correct credentials, HTTP 200 OK response is received.

    TCP Stream Of the 2nd GET Request (After Successful Authentication)


    TASK 2:- COOKIE SETTING

    Screenshot of abc.php
    php file to be displayed

    Wireshark Capture
    TCP Stream Of HTTP Request-Response
    NOTE: As is observed in the 13th and 14th line, cookie is set.
    OBSERVATIONS:-
    1) BASE 64 ALGORITHM:-
    Base64 encoding is used to convert binary data into a text-like format that allows it to be
    transported in environments that can handle only text safely. Their applications include
    encoding unique ID's for use in HTTP URL's, encoding encryption keys and certificates to
    make them safely portable through e-mail amongst many others.

    Base64 encoding takes the original data of 3 bytes(24 bits in total) and divides these in packets
    of 6 bits each. These 4 new tokens are compiled and then their equivalent from the base64 table
    (corresponding to characters from 0-63) is taken and this is how conversion into four printable
    characters from the ASCII standard is completed.

    For the decoding of Base64 to ASCII, the reverse procedure is applied, i.e. bits of length 24
    are divided into 3 tokens of 8 each and the ASCII table is referred for the same.

    The encoded message is dmFydW5jbjp2YXJ1bmNubGFi

    Group of 4 Base64 Table Converting To Bits ASCII Table


    dmFy 29 38 5 50 011101100110000101110010 118 97 114 = var
    dW5j 29 22 57 35 011101010110111001100011 117 110 99 = unc
    bjp2 27 35 41 54 011011100011101001110110 110 58 118 = n:v
    YXJ1 24 23 9 53 011000010111001001110101 97 114 117 = aru
    bmNu 27 38 13 46 011011100110001101101110 110 99 110 = ncn
    bGFi 27 6 5 34 011011000110000101100010 108 97 98 = lab
    Thus the decoded text is varuncn:varuncnlab, i.e. (Username: Password)

    Screenshot Of Online Base64 Decoder(base64decode.org)


    2) PHP COOKIES
    The cookies set in the php file are setcookie(“namecookie”,”netqwerty”,time()+123)
    and setcookie(“nickname”, “work”)
    The syntax for setcookie() method in PHP is :-
    setcookie(name, value, expire, path, domain, secure, httponly);
    • name parameter is required. It specifies the name of the cookie
    • value parameter is optional. It specifies the value of the name of that cookie.
    • expire parameter is optional. Given value is time()+123 which indicates that it
    will expire after 123 seconds. If set to 0, it means that it will expire at the end of
    the session. Default value is 0.
    • path parameter specifies server path of the cookie. It is an optional parameter. If
    set to “/” it will be available within entire domain. If set to “/php/”, it will be
    available within php directory. Default value is “/”.
    • domain parameter specifies domain name of cookie. It is also an optional
    parameter.
    • secure parameter, which is optional, specifies whether the cookie should be
    transmitted over a secure HTTP connection only or not. TRUE indicates the
    cookie will be sent only if secure connection and FALSE means that it is sent
    even in case of unsecure connection. Default value is FALSE.
    • httponly parameter is an optional parameter that if given value TRUE the cookie
    will be accessible only through HTTP Protocol and not by scripting
    languages. Default value is FALSE.
    TASK 3:- CONDITIONAL GET: IF-MODIFIED-SINCE
    A) Task Mentioned In The Manual
    TCP Stream Of HTTP Request-Response

    OBSERVATIONS:-
    1) If-Modified-Since was not mentioned in the 1st Request TCP Stream but was
    mentioned in the 2nd Request TCP Stream.
    2) The server implicitly responded the contents of the file. This can be observed by
    the fact that only HTTP Headers are present in the TCP stream of the entire
    Request-Response Mechanism whereas the body is blank.
    3) Yes, as mentioned previously, in the 2nd HTTP GET Request, the If-Modified-
    Since header is present and is followed by the time stamp of when the content in
    the first response fetched from the server was last modified.
    4) HTTP 304 Not Modified is returned by the server. Content is returned
    implicitly(if any).
    B) Using Single Image On Server and Not Deleting Cache In Between(EXTRA)

    TCP Stream of 1st HTTP GET Request


    TCP Stream of 2nd HTTP GET Request (Includes If-Modified-Since)
    OBSERVATIONS:-
    1) If-Modified-Since was not mentioned in the 1st Request TCP Stream but was
    mentioned in the 2nd Request TCP Stream.
    2) The server explicitly responded the contents of the file. This can be observed by
    the fact that along with the HTTP Headers the body content is also present in the
    TCP Stream.
    3) Yes, as mentioned previously, in the 2nd HTTP GET Request, the If-Modified-
    Since header is present and is followed by the time stamp of when the content in
    the first response fetched from the server was last modified.
    4) HTTP 304 Not Modified is returned by the server. Content is returned
    explicitly(if any).
    C) Initially using one image and then inserting another in the php file without
    deleting cache (EXTRA)

    1st Request TCP Stream


    2nd Request TCP Stream

    OBSERVATIONS:-
    1) If-Modified-Since was neither mentioned in the 1st Request TCP Stream nor in
    the 2nd Request TCP Stream.
    2) The server explicitly responded the contents of the file. This can be observed by
    the fact that along with the HTTP Headers the body content is also present in the
    TCP Stream.
    3) There was no such If-Modified-Since Header as the contents of the file were
    changed midway without clearing the cache.
    4) HTTP 200 OK is returned by the server. Content is returned explicitly. Even the
    initial image was sent again along with the new image to the client as there was a
    modification in the php file.

    You might also like