Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What the Heck is HTTP?

What the Heck is HTTP?

You see it on the front of URLs. You know that it's important to APIs. When you write applications that are connecting to services on other machines you're using it. So you're likely using it in everything you build. But, what the heck is HTTP, really?

In this talk, we'll dive into the mechanics of HTTP starting from requests & responses, diving into nouns & verbs, and going deep into the mechanics of how authentication works over the protocol. Come join us as we learn all about something that most of us use everyday.

This talk was given at Nebraska.Code() 2023.

Scott McAllister

July 24, 2023
Tweet

More Decks by Scott McAllister

Other Decks in Programming

Transcript

  1. HTTP @stmcallister A set of rules or standards for clients

    and web servers to communicate effectively
  2. © ngrok. All rights reserved. Confidential Information of ngrok Header

    Body HTTP Message Information about the message Data being sent Method The action being taken. POST, GET, PUT, DELETE @stmcallister HTTP Message
  3. HTTP Request @stmcallister GET / HTTP/1.1 Host: demo.ngrokpaperscissors.com User-Agent: Mozilla/5.0

    (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml
  4. HTTP Request @stmcallister GET / HTTP/1.1 Host: demo.ngrokpaperscissors.com User-Agent: Mozilla/5.0

    (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml Method or Verb
  5. HTTP Request @stmcallister GET / HTTP/1.1 Host: demo.ngrokpaperscissors.com User-Agent: Mozilla/5.0

    (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml Headers
  6. HTTPS TLS Handshake @stmcallister Presents certificate & public key Client

    Server Verifies cert. Generates random string. Encrypts with public key.
  7. HTTPS TLS Handshake @stmcallister Presents certificate & public key Client

    Server Verifies cert. Generates random string. Encrypts with public key. Decrypts message with private key. Client and server now have same secret string. Secret string used to generate Session Key
  8. Basic Authentication @stmcallister Client Server Responds with 401 (Unauthorized) status.

    WWW-Authenticate header w/ challenge GET / HTTP/1.1 GET / HTTP/1.1 Authorization: Basic bAs364enc0d3Cr3ds
  9. Basic Authentication @stmcallister Client Server Responds with 401 (Unauthorized) status.

    WWW-Authenticate header w/ challenge GET / HTTP/1.1 GET / HTTP/1.1 Authorization: Basic bAs364enc0d3Cr3ds HTTP/1.1 200 OK
  10. OAuth ❏ Open standard for authorizing secure access on HTTP

    service ❏ Uses tokens rather than password data to prove identity ❏ Provides “secure delegated access” to client applications ❏ Limits user’s scope of access @stmcallister
  11. Resources @stmcallister HTTP Docs on MDN https://developer.mozilla.org/en-US/docs/Web/HTTP What is HTTP

    and How Does It Work? https://youtu.be/2yfDgnm6eAs Learning ngrok: Inspect and Replay https://dev.to/stmcallister/learning-ngrok-inspect-and-replay-14ge HTTP Status Dogs https://httpstatusdogs.com/ HTTP Status Cats https://httpcats.com/ SSL, TLS, HTTPS Explained https://youtu.be/j9QmMEWmcfo