HTTP(S)
For your computer and a webserver to communicate with each other, an intermediary protocol is required. This is where the HTTP (Hypertext Transfer Protocol) is introduced! The HTTP protocol is a client-server protocol to provide communication between a client and a webserver. HTTP requests are similar to a standard TCP network request; however, HTTP adds specific headers to the request to identify the protocol and other information.
When an HTTP request is crafted, the method and target header will always be included. The target header will specify what to retrieve from the server, and the method header will specify how.
When retrieving information from a web server, it is common to use the GET method, such as loading a picture.
When sending data to a web server, it is common to use the POST method, such as sending login information.
HTTP Response Codes
- 200 – All ok
- 300- Redirect
- 400 – Bad request
- 500 – Server error
Cookies
HTTP is a stateless protocol. When you send requests to a web server, the server cannot distinguish your request from someone else’s request. To solve the stateless problem and identify different users and access levels, the webserver will assign cookies to create and manage a stateful session between client and server.
Cookies are tiny pieces of data (metadata) or information locally stored on your computer that are sent to the server when you make a request.
Cookies can be assigned any name and any value allowing the webserver to store any information it wants. Today we will be focusing on authentication cookies, also known as session cookies. Authentication or session cookies are used to identify you and what access level is attached to your session.
Cookie Components
Cookies are made up of 11 different components; you can find an explanation of each component in the table below.
| Component | Purpose | Example |
| Name | Unique cookie identifier (arbitrarily set by web-server). Always paired with the value component. | SessionID |
| Value | Unique cookie value (arbitrarily set by web-server). Always paired with the name component | sty1z3kz11mpqxjv648mqwlx4ginpt6c |
| Domain | Originating domain of the cookie. Sets the scope of the cookie. | .tryhackme.com |
| Path | Local path to cookie. Sets the scope of the cookie. | / |
| Expires/Max-age | Date/time at which cookies expires | 2022-11-11T15:39:04.166Z |
| Size | Disk size of the cookie in bytes. This is typically {Name+Value} | 91 |
| HttpOnly | Cookie cannot be accessed through client-side scripts | (indicated by a checkmark) |
| Secure | Cookie is only sent over HTTPS | (indicated by a checkmark) |
| SameSite | Specifies when a cookie is sent through cross-site requests | none |
| SameParty | Extends functionality of SameSite attribute to First-Party sets. | (indicated by a checkmark) |
| Priority | Defines the importance of a cookie. Determines whether it should be removed or held on to | High |
Cookie Manipulation
Cookie manipulation is taking a cookie and modifying it to obtain unintended behavior determined by the web developer. Cookie manipulation is possible because cookies are stored locally on your host system, meaning you have complete control over them and modify them as you please.
Cookie values may seem random at first; however, they often have an encoded value or meaning behind them that can be decoded to a non-arbitrary value such as a Javascript object.
From an attacker’s perspective, you can decode the cookie value to identify the underlying objects. Once you have identified the underlying objects, you can modify them to what you want. To use the cookie, you will need to encode it back to the original encoding and replace the cookie value.
The entire exercise took ~20 min to complete. For some reason, the Cyberchef tool wasn’t very intuitive for me. Maybe for this reason, I took a different approach to find the cookie value for admin. Instead of changing the JSON username to admin, I just inputted ‘admin’ in the username and captured the cookie value from Chrome.
