HTTP Hypertext Transfer Protocol

History: Is it really used only for hypertext (an image…)?

Methods:

Get

Post

Others (head)

Status codes

100 continue

200 Success

300 redirect

400 errors

500 server errors

Headers

Keep Alive

MIME type

Accepted encoding (compression)

HTTP version (1.0 limitation – compression and Keep alive)

HTTPS

Requirement:

  1. Signing (Identification)
  2. Encryption

RSA (Rivest, Shamir & Adleman)

Using two (big) Prime numbers, Power and Modulus to create hard to reverse encryption function.

Multiplying two numbers are easy, but factoring a number is very hard.

Public / Private keys

Encrypt – using public key

Sign – using private key

SSL – Secure Socket Layer

Using RSA to create a secured channel for transfer symmetric cipher (Handshake)

Which then used to secure the rest of the traffic.

https://technet.microsoft.com/en-us/library/cc783349%28v=ws.10%29.aspx

HTTPS

HTTP Protocol over SSL connection

Certificate Authority

Comes install on the OS

Can add more

They only validate you are who you claim before granting a certificate

Certificate validation

Authority Chain

Dates

Host name (Wildcard vs. Subject Alternative Name vs. single)

Man in the middle – Fiddler sample

Handshake failure

 

 

 

Web Server / App Server

Web Server – HTTP and HTTPS of static files

IIS Demo

Application Server

ASP.NET

Oracle WebLogic

Apache Tomcat

IBM WebSphere

Java vs. .NET vs. PHP vs. etc.

ASP.NET Demo

Open Source vs. Proprietary

. Net on Linux (Mono)

. NET become open source (will run on Linux and Mac)

Mandatory: Mapping, Booking, Searches ( 1 type)

Post-Sale: As much commercial info as possible

Pre-development: technical info

Caching-storing data that is more accessible

Sorting is important based on promotions (price, location, etc.)

Destination web service is most effective way of doing mapping

Exact Destination – Specific (Compared to surrounding)

Compression – make file smaller

Supplement – resort, tax, cleaning

Caching – 30 minutes

Gethoteldetails -> Pulls static data

Understand the difference in classes: Class A, Class B, Class C

There is a service to hide IP’s called hidemyip; which is a VPN

You can change administration on your machines

DNS-Domain Naming System-Will tell you the IP address of a domain

Server replies to NS system names

Option to buy host names and IP addresses

Organization is divided names by country and

  • .com, .ac, .edu, .org, .net, .gov, .gov.il,

http://whois.domaintools.com/- to look up domain names

Just search DNS server for websites that you cannot reach

Click on Internet Access->Open Network and Sharing Center->Local Area Connection->Details->Properties

Security-Firewall (Problems in China)

Ping allows you to see speed you expect from a website and allows you to see the IP address

Tracert-using pings

Windows Powershell: measure-command {nslookup www.google.com}

Ipconfig /flushdns

-d2

Broadcasting vs. Direct Communication

Gateway-server (software, hardware); if you want to send something out

BGP

DNS has capability to point to another Domain

What is a CDN?

Data Cacheing

Proxy=Fiddler, Akamaki; can cache external sites/do not need to external sites to get

Lookback-speak with yourself

Protocol-the method of communication

A dedicated line

Clearing cache in settings, incognito mode,

CPCU works with 32/64 bits

Microsoft message analyzer-instead of a proxy, sits on your network card and listens to every package of information that is going on

Compression-ZIP, RAM, gzip (protocol for compression), deflate

Check what we know about the client: Are they data cacheing, what’s the speed

Fiddler is for http;

Why ping is block or why it is sending some, voice over ip=not fiddler

Telnet is a good tool for you to see if something is open

Control Panel->All Control Panel Items->Programs and Features

Ping doesn’t have to go far so that is why it is so fast

Sometimes the server is too small to compress

Compression takes a lot of power from CPU

Task Manager

Motherboard-has a socket that can hold CPU

Compression requirements (Can use Wireshark)

Client:

  • http 1.1
  • Accept encoding header
  • Via proxy header (Default)

Server side:

  • Mine type declared for Compression enabled (dynamic/static)
  • Folder exists (static)
  • File size
  • CPU load

Can you look for requests from Client and see if it is compressed.

Second option is to have the client install Wireshark

Web Server-Application that listens on port 80 until send someone sends an http request; Microsoft gives you ISS; Give you static information only

Remote Desktop=Telnet;

Internet Information Services

You can use different ports for different sites with the same IP

Application Server

ASP, THEN ASP.NET, allow you to create pages on the fly

HTTPS-Encrypt data by using the client and server and both have the right cyphers;

Key transfer was the main problem with encryption

1)         We will only encrypt a key

2)         We will change keys

View certificate to see key

Trusted Root Certification Authorities

GUI-Graphical User Interface

-Disadvantage: Extra data/unneeded\

-It’s slower

-No commitment from the company

Contain lots of additional not needed data; therefore slow

Changed frequently (wo a notice, wo\

Scraping-taking some automation to get information from a website

Scraping fees the revenue management tool

Webscraping: https://www.youtube.com/watch?v=y00t5NpW7pY#t=221

Adjacent format-used in mobile applications; the data can be parsed easily

Cn-check-in

Cons: Jason is hard to read

XML-markup language; based on tags to share data

Ted Talk about a guy breaking into codes with graphical interface to detect binary code

Go to W3 schools and get XML Certification

File->New->XML File->

Schemes are used to declare an XML

Leave a Reply

Your email address will not be published. Required fields are marked *