Scribd
Upload
2 views

WAS-Lab1

The lab focuses on sending HTTP requests to a web server and analyzing the responses. Students will use tools like Apache2 and Netcat to perform various tasks, including GET and POST requests, and examine cookies and session data. The lab aims to enhance understanding of web application security through practical experience with HTTP protocols.

Uploaded by

•ShoruChi•
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

WAS-Lab1

The lab focuses on sending HTTP requests to a web server and analyzing the responses. Students will use tools like Apache2 and Netcat to perform various tasks, including GET and POST requests, and examine cookies and session data. The lab aims to enhance understanding of web application security through practical experience with HTTP protocols.

Uploaded by

•ShoruChi•
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Setif I University

Faculty of Sciences
Department of Computer Science
Web Application Security (WAS)
1st Year Master CS

Lab #1
Objective
The purpose of this lab is to send HTTP requests to a web server and display and analyze the
responses returned by it.

Tools required

• Apache2 (or any other web server) with PHP module enabled (or EasyPHP,
WampServer…)

• Netcat (nc) tool

Lab tasks
1. Place the HTTP directory in the published directory of the Apache2 server on your machine
(/var/www/html).

2. Start the Apache2 server using the command sudo systemctl start apache2.

3. Use the netcat tool to connect to the web server on port 80 by typing the command:
nc -v [address or name] 80

Connect to the web server with netcat each time you want to send him an HTTP request.

4. Send the following HTTP request to the web server and note the server's response:
GET / HTTP/1.1\r\n
Host: [address or name]\r\n
\r\n

5. Send the following HTTP request to the web server and note the server's response:
GET /unknown.html HTTP/1.1\r\n
Host: [address or name]\r\n
\r\n

6. Send the following HTTP request to the web server and note the server's response:
GET /HTTP/get_form.php?name=Belaid&fname=Tarek HTTP/1.1\r\n
Host: [address or name]\r\n
\r\n

7. Send the following HTTP request to the web server and note the server's response:
POST /HTTP/post_form.php HTTP/1.1\r\n
Host: [address or name]\r\n
Content-Type: application/x-www-form-urlencoded\r\n
Content-Length: 23\r\n
\r\n
name=Belaid&fname=Tarek\r\n
\r\n

8. Send the following HTTP request to the web server and note the server's response:
GET /HTTP/cookie.php HTTP/1.1\r\n
Host: [address or name]\r\n
\r\n

9. What is the name and value of the cookie returned in the response? What is its lifespan?
10. Send the following HTTP request to the web server and note the server's response:
GET /HTTP/cookie.php HTTP/1.1\r\n
Host: [address or name]\r\n
Cookie: visits=12\r\n
\r\n

11. What is the cookie value returned in the response?

12. Send the following HTTP request to the web server and note the server's response:
GET /HTTP/session.php HTTP/1.1\r\n
Host: [address or name]\r\n
\r\n

13. What is the name and value of the cookie returned in the response?

14. What does the value of this session cookie represent?

15. Is it possible to manipulate the number of visits to the website as was done with the
cookie.php script?

16. Is it possible to send multiple HTTP requests through the same TCP connection? Try to do so.

17. How many HTTP requests can you send through the same TCP connection, and how long can
you keep doing that?

18. Write a text web browser by using python and the socket library.

You might also like