https retrieves data from the server in secure way, http or https post method as I know sends data encoded for reassuring sensitive information. If both https and post method secures data what is the difference
HTTP POST request will be sent unencrypted and any middle man in the communication can see the plain text
However with HTTPS all the data is encrypted and only the server can decrypt it to see the data that's coming
You maybe misunderstanding that encoding is not encryption by the way.
Related
I want to encrypt the data inside the HTTP POST request so that the client himself cant see the format of request he is sending to the server via softwares like Charles.
I have implemented HTTPS but when I used Charles I can see whole request I am sending and the response I am receiving. So I thought to encrypt the POST request data.
Q1 Is it good practice to encrypt data of POST request?
Q2 Is there any other way to achieve this ie client cant see his request?
When a web server receives a http(s) GET request from a client, it has access to some information such as:
The client IP
The request itself :
the headers (including the cookies)
the content
and... that's all ?
I am wondering if there is something else.
Indeed, I am trying to make a server that can access to a page where it can collect some information to update its database. The site denied access to my server but not to web browsers, even if I replicate the IP, the headers and the content.
Thanks for your help.
Yes, it's only what is contained in the request itself. The server cannot reach back to the client to "pull" information, it only has the information contained in the HTTP request and the underlying TCP/IP packet. That's:
the requesting IP address
the HTTP headers, including requested URL and HTTP method
the HTTP request body, if any
if it's HTTPS, any data exchanged during the TLS handshake, which is usually not very relevant for identifying anything significant
All of that information is voluntarily provided by the requesting client.
I am curious to know the difference between the data sent over a HTTP connection and over HTTPS connection. I mean, what is the content, how it looks like in both cases. I am able for find for HTTP, but what is the corresponding content if same information is shared over HTTPS? HTTP contains Request Line, Header and Message body. I hope difference will be wrt Message body. Can anyone explain? Certificate content is embedded in this Message body or how is it?
In HTTPS (HTTP over SSL) the HTTP request is performed over a SSL tunel, hence both the HTTP headers and the payload are encrypted.
The certificate is sent by the server when the connection is established, as part of the TLS handshake. Such certificate must be trusted by either the client itself or a party that the client trusts.
Probably this article will give you a better understanding of the handshake.
I am curious to know the difference between the data sent over a HTTP connection and over HTTPS connection.
There is no difference.
I mean, what is the content, how it looks like in both cases.
It is the same in both cases.
I am able for find for HTTP, but what is the corresponding content if same information is shared over HTTPS?
It is the same.
HTTP contains Request Line, Header and Message body.
And so does HTTPS.
I hope difference will be wrt Message body.
The difference is in the fac that the entire payload is encrypted.
Can anyone explain?
I have endeavoured to do so.
Certificate content is embedded in this Message body
No.
or how is it?
It is embedded in the TLS handshake, which precedes any data exchange over the connection, including the entirety of any HTTP content.
Just a quick question, and probably a stupid one.
But usually when a client connects to an http server, the server sends them the header and the html, correct?
I'm packet sniffing a realtime-chat, and attempting to reverse engineer a plain text protocol, and it's connected to a http server. This is why I ask, for verification.
Basically, this is correct. Anyways, you have to differentiate between for example GET and POST Requests.
While POST Requests normally have a "real" body with information that they are delivering to the Server, the body of GET Requests is empty for most of the time.
For the responses, your Claim is correct. The Header is sent to tell how big the response is, which MIME Type is used, etc.
when we use https.........for example to send login credentials(https://example.com?username=aaaa&password=aaaa123). HTTPS encrypts the data using SSL certificate. So the url will be encrypted string. I am giving two requests with the same url(https://example.com?username=aaaa&password=aaaa123). On every request the url will be encrypted. Will the encrypted url of the first request be same as the encrypted url of the second request? Is the SSL certificate going to be different everytime btween client and server?
Thanks,
Iqbal
Will the encrypted url of the first request be same as the encrypted url of the second request?
The URL will be the same, because you said so. If you're asking whether the encryption of the URL will be different, the question is meaningless. It's impossible for anyone to tell, because the entire request is encrypted, so it is impossible to pick out the part that consists of the encrypted URL.
Is the SSL certificate going to be different everytime btween client and server?
The SSL certificate is the same for the entire SSL session, which persists beyond the current connection for as long as both client and server remember it.