HTTP (Hypertext Transfer Protocol)

Port: 80
Type: Web Communication

Description

HTTP is the foundational protocol used for transferring hypertext and other data on the World Wide Web. It defines how clients such as browsers communicate with web servers to request and retrieve resources including HTML files images scripts and APIs. HTTP is application layer based and follows a simple request response model that made it easy to adopt and extend. Despite its simplicity HTTP remains one of the most widely used protocols on the internet powering nearly all modern web services.

Technical Details

  • Operates over TCP port 80 as the default communication endpoint.
  • Uses a request response model that includes methods such as GET POST PUT DELETE HEAD and OPTIONS.
  • HTTP is stateless meaning each request is independent unless state is added through cookies or sessions.
  • Headers carry metadata such as content type caching instructions and authentication details.
  • Supports multiple versions including HTTP 0.9 1.0 1.1 2 and 3 each improving efficiency and performance.

How To Work

HTTP begins operating when a client decides it needs to access a resource from a web server. The client usually a browser first establishes a TCP connection to the server using port 80 or another configured port. This connection allows data to be transmitted reliably through TCPs guaranteed delivery.

Once the connection is established the client sends an HTTP request. Every request includes a method that tells the server what action to take. GET is the most common method and is used for retrieving web pages while POST is used for sending data such as form submissions.

Along with the method the client sends a target path and version number. These define which resource is being requested and which HTTP rules apply. Additional headers may specify accepted content types cache preferences authentication information or connection behavior.

After receiving the request the server processes it by checking the resource path. If the requested file or endpoint exists the server prepares a response. The server may generate content dynamically through back end logic or retrieve static files stored locally.

The server responds with a status line. This includes a status code that indicates the outcome such as 200 for success 404 for missing resources or 500 for server errors. These codes help clients understand how to handle the response.

HTTP responses also include headers. These describe the data being returned the length the format caching policies cookie instructions and many other properties. The body of the response may contain HTML text JSON images or any other supported media.

Once the response is delivered the client interprets the content. Browsers render HTML display images or execute scripts depending on the type of resource retrieved. Applications may parse the data programmatically for API usage.

HTTP is stateless which means the server does not remember previous requests by default. To maintain continuity websites rely on cookies session identifiers local storage and other mechanisms. These techniques allow features such as login persistence and user personalization.

Modern versions of HTTP optimize performance by reusing connections and reducing overhead. HTTP 1.1 introduced persistent connections while HTTP 2 added multiplexing to send multiple requests simultaneously. HTTP 3 uses QUIC to improve speed over unreliable networks.

Although HTTP itself does not include encryption it is commonly paired with TLS to create HTTPS. HTTPS protects data integrity prevents tampering and secures authentication. Almost all modern websites function primarily through HTTPS for security and privacy.

Security Considerations

HTTP traffic is unencrypted which makes it vulnerable to interception and manipulation. Attackers can perform man in the middle attacks to read modify or inject malicious content. Session hijacking becomes easier if cookies are transmitted in plain text. Upgrading to HTTPS is essential to protect users from eavesdropping and tampering.

Potential Abuse Cases

HTTP can be abused to host phishing pages or deliver malware. Attackers may exploit vulnerable HTTP servers through insecure endpoints or outdated software. Botnets often communicate with command centers via HTTP to blend in with normal traffic. Open HTTP directories can expose sensitive data if not configured properly.

Detection Strategies

Security teams can monitor logs for suspicious HTTP requests such as unusual methods malformed headers or repetitive probing. Web application firewalls can detect common attack patterns like SQL injection or path traversal. Traffic inspection tools help identify abnormal payloads or unauthorized data exfiltration. Behavioral analysis can reveal compromised clients communicating with malicious servers.

Mitigation Techniques

Enforcing HTTPS ensures encryption and protects data in transit. Hardened server configurations help reduce exposure to common attacks. Regular patching prevents exploitation of known vulnerabilities. Using content security policies reduces the risk of cross site scripting. Implementing rate limiting prevents brute force attempts and automated probing.

References