Lab 07: HTTP protocol

1. Overview
In this lab, students will explore several aspects of the HTTP protocol: the basic GET/response
interaction, HTTP message formats, retrieving large HTML files.

2. Objectives
This lab aims to provide students with ability:

a) To identify components of HTTP messages.

b) To examine behavior of various HTTP methods in http request message.
c) To examine long document html messages.

3. Lab Environment preparation

a) This lab must be done with the Hftpd-slim docker container set. It can also be done in wireshark
with Hftpd docker container set. However, his will take quite a long time to build and start up
the whole docker container set).
b) In the windows terminal:
(i) Make Hftpd-slim your working folder,
(ii) Start docker-compose up -d, and

Important notes:

On some system the web-server container might fail to start because of different ways that
newline character is encoded in script file. When that happen, please follow the steps below to fix:

o Open file run.sh in folder apache\Dockerfiles in VSCode.

o Click at CRLF on the status bar, choose LF to change the way newline is encoded.
o Save the file.
o Delete the recently built alpine-apache-php image then rebuild it.
(iii) Attach to the sniffer-host console
docker exec -it sniffer-host sh -l
At the terminal of sniffer-host container:
<sniffer-host containerid>#ipaddr
Listing of network interfaces, ip address & configuration will be displayed. Find Interface
starts with br- . . . with ip address equals to 172.16.10.1 then replace interface name in file
sniffer3.py at line: sniff(iface=’br-. . . . ‘, . . .).

<sniffer-host containerid>#cd /mapdir

<sniffer-host containerid>#python sniff3.py
Any network packet generated will be captured and displayed from now on.
(iv) In a new Windows Terminal, attach to the client-host console

docker exec -it client-host sh -l

4. Tasks
4.1. Exploring HTTP messages

You must read section 2.2 (page 98) of textbook [3] before doing this task.

• On the host machine, start the browser.

• Enter the following to your browser’s address bar: http://localhost:5050, which requests the
web server to response with the home page.
In console of the sniffer-host, list of packets and their contents will be displayed.
• Identify HTTP messages (refer to section 2.2.3 – page 103 in the Textbook [3]): The GET
message (from your browser) and the response message from the server to your browser. The
packet-contents window shows details of the selected message (in this case the HTTP OK
message).
Answer the following questions:
a) Identify request line, header lines, blank line of HTTP request message, as well as
the Status line, Header lines, blank line, Entity body of HTTP response message.
b) Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the
server running?
c) What languages (if any) does your browser indicate that it can accept to the server?
d) What is the status code returned from the server to your browser?
e) What is the User-Agent? Try different browser to see various values of User-Agent.
f) How many bytes of content are being returned to your browser?

Open the developer tools in your browser, then use network tab to examine request/response header.
More information about its interface, please refer to this link.
4.2. The HTTP CONDITIONAL GET/response interaction

Recall from Section 2.2.5 of the text, that most web browsers perform object caching and thus often
perform a conditional GET when retrieving an HTTP object. Before performing the steps below, make
sure your browser’s cache is empty.

• Enter the following URL into your browser http://localhost:5050/bill_of_rights.html, Your

browser should display a simple HTML file.
• Watch http request/response in sniffer-host.
• Quickly enter the same URL into your browser again (or simply select the refresh button on
your browser)
Answer the following questions:

a) Inspect the contents of the first HTTP GET request from your browser to the server. Do you
see an “IF-MODIFIED-SINCE” line in the HTTP GET?
b) Inspect the contents of the server response. Did the server explicitly return the contents of the
file? How can you tell?
 c) Now inspect the contents of the second HTTP GET request from your browser to the server.
Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET1? If so, what information follows
the “IF-MODIFIED-SINCE:” header?
d) What is the HTTP status code and phrase returned from the server in response to this second
HTTP GET? Did the server explicitly return the contents of the file? Explain.

4.3 Examine HTTP request Methods:

In the browser of the host machine, input http://localhost:5050/welcome.php, a page contains 2 forms
will be displayed. These forms will send GET or POST message when involving submit button is clicked.

Try various Input form values, then click submit. Explore request messages both in terminal of sniffing
host and developer tools in browser for GET/POST messages. What can you conclude about the
behavior of these request messages.

For the HEAD request, the web server will reply only the response header, try this by issuing this
command at the client-host’s terminal:

curl -I http://172.16.10.100

What do you see in the response header?

4.4. Examine cookies:

You must read section 2.2.4 (page 108) of textbook [3] before doing this task.

Examine the cookies’ behavior by accessing http://localhost:5050/cookies.php. Watch http

request/response for the 1st and 2nd access. What can you conclude about the cookies’ behavior?

1
Hint: ideally, you should see an If-Modified-Since header since you’ve just downloaded this page a few seconds
ago. However, depending on the browser you’re using, and the format of the server’s earlier response to your
initial GET, your browser may not include an If-Modified-Since even if the document has been downloaded and
caches. The Chrome browser is pretty good at regularly using If-Modified-Since. But Safari and Firefox are much
more finicky about when to use If-Modified-Since. Life isn’t always as easy in practice as it is in theory!