Cybersecurity

User Tools

Site Tools

Trace: 02_discovery 03_how_internet_works
bbc:03_how_internet_works

This is an old revision of the document!

Table of Contents

Ch 3: How the Internet Works

Source: Bug Bounty Bootcamp by Vickie Li (No Starch Press, 2021)

Client-Server Model

Web apps operate on a client-server model:

  • Client (browser) sends HTTP requests
  • Server processes requests and returns HTTP responses
  • Everything in between (DNS, CDNs, load balancers, proxies) is part of the network path

DNS

  • DNS maps domain names to IP addresses
  • A record – domain to IPv4
  • AAAA record – domain to IPv6
  • CNAME – alias to another domain (important for subdomain takeover)
  • MX – mail server
  • TXT – arbitrary text (SPF, DMARC, verification tokens)
  • NS – name server records (dangling NS = takeover vector)

HTTP Basics

Request structure: 

METHOD /path HTTP/1.1
Host: example.com
Header-Name: value

[optional body]

Common methods:

  • GET – retrieve resource
  • POST – submit data
  • PUT – replace resource
  • PATCH – partial update
  • DELETE – remove resource
  • OPTIONS – list allowed methods
  • HEAD – like GET but no body

Response structure: 

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: session=abc123

[body]

Status Codes

Code Meaning
200 OK
301/302 Redirect (permanent/temporary)
400 Bad request
401 Unauthorized (need auth)
403 Forbidden (have auth, no permission)
404 Not found
500 Server error

Ports

  • HTTP: 80
  • HTTPS: 443
  • SSH: 22
  • FTP: 21
  • Common non-standard: 8080, 8443, 3000, 8888

Always scan for open ports during recon – admin panels and dev services often run on alternate ports.

Content Encoding

Servers declare content type with Content-Type header. Common types:

  • `text/html` – HTML pages
  • `application/json` – API responses
  • `application/x-www-form-urlencoded` – form submissions
  • `multipart/form-data` – file uploads
  • `application/xml` – XML data

Cookies

Cookies are key-value pairs stored in the browser and sent automatically with every request to the matching domain.

Security attributes:

  • HttpOnly – JS cannot read the cookie (prevents XSS cookie theft)
  • Secure – only sent over HTTPS
  • SameSite – controls cross-site sending (Strict/Lax/None)
  • Domain – which domain receives the cookie
  • Path – which path receives the cookie

Missing HttpOnly or Secure flags = findings worth reporting.

Security Controls

  • Same-Origin Policy (SOP) – browser blocks cross-origin reads of responses
  • CORS – server opts certain origins into cross-origin access via headers
  • HTTPS/TLS – encrypts traffic in transit
  • Content Security Policy (CSP) – restricts which scripts/resources can load
  • HSTS – forces HTTPS for a domain for a specified duration

Sessions

HTTP is stateless. Sessions layer stateful identity on top:

  • Server issues a session token after login
  • Token stored in cookie or localStorage
  • Sent with each request to identify the user
  • Server-side: token maps to a user record

Attack surface: weak tokens, token fixation, token leakage in logs/referrers, insecure storage.

bbc/03_how_internet_works.1778749508.txt.gz · Last modified: by drew
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki