The Journey
Cyber Security
Cyber Security
  • Chapter 1: Setting up Debian
    • Make User Sudoer
    • Change SSH Keys
    • Add Kali Repositories
    • Bidirectional Clipboard
    • Create Flameshot Keybind
    • Install Peek and add keybind
    • Customizing Looks and Feels
    • Disable Suspend/Hibernation
    • Add Min/Max buttons to Windows
    • Install and Configure ZSH for Terminal Syntax Highlighting
  • Chapter 2: Bug Bounty Basics
    • Web Requests
      • HTTP Fundamentals
        • HTTP
        • URL
        • HTTP Flow
        • cURL
        • HTTPS
        • HTTPS Flow
        • cURL for HTTPS
        • HTTP Request
        • HTTP Response
        • HTTP Headers
        • More cURL
        • Browser DevTools
      • HTTP Methods
  • Cheat Sheets
    • cURL / DevTools
Powered by GitBook
On this page
  1. Chapter 2: Bug Bounty Basics
  2. Web Requests
  3. HTTP Fundamentals

HTTPS Flow

PreviousHTTPSNextcURL for HTTPS

Last updated 3 years ago

When visiting a page that uses HTTPS:

  1. Browser attempts to resolve the domain and redirects to the webserver.

  2. The first request is sent to port 80, the server will notice this and redirect to port 443. When this happens you will get a 301 Moved Permanently response code.

  3. Client sends a "client hello" packet which gives information about itself.

  4. Server responds with "server hello" and sends its SSL certificate.

  5. The client will verify the key/certificate and then send its own.

  6. Encrypted handshake is initiated, and encrypted communication can begin.

Note: Depending on the circumstances, an attacker may be able to perform an HTTP downgrade attack, which downgrades HTTPS communication to HTTP, making the data transferred in clear-text. This is done by setting up a Man-In-The-Middle (MITM) proxy to transfer all traffic through the attacker's host without the user's knowledge. However, most modern browsers, servers, and web applications protect against this attack. (HTB)