Scribd
Upload
10 views92 pages

Lecture 02

Uploaded by

hosamhamid20022020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views92 pages

Lecture 02

Uploaded by

hosamhamid20022020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 92

CS 253: Web Security

DNS, HTTP

1 Feross Aboukhadijeh
Admin
• Assignment 0 is out!

2 Feross Aboukhadijeh
What happens when you type a URL
and press enter?

3 Feross Aboukhadijeh
4 Feross Aboukhadijeh
Domain Name System (DNS)

5 Feross Aboukhadijeh
DNS

6 Feross Aboukhadijeh
DNS

7 Feross Aboukhadijeh
DNS

8 Feross Aboukhadijeh
How does the "DNS server" work?

9 Feross Aboukhadijeh
DNS

10 Feross Aboukhadijeh
DNS

11 Feross Aboukhadijeh
DNS

12 Feross Aboukhadijeh
DNS

13 Feross Aboukhadijeh
DNS

14 Feross Aboukhadijeh
DNS

15 Feross Aboukhadijeh
DNS

16 Feross Aboukhadijeh
DNS

17 Feross Aboukhadijeh
DNS

18 Feross Aboukhadijeh
DNS

19 Feross Aboukhadijeh
DNS

20 Feross Aboukhadijeh
DNS

21 Feross Aboukhadijeh
What happens when you type a URL
and press enter?
1. Client asks DNS Recursive Resolver to lookup a hostname (stanford.edu).
2. DNS Recursive Resolver sends DNS query to Root Nameserver
• Root Nameserver responds with IP address of TLD Nameserver (".edu" Nameserver)
3. DNS Recursive Resolver sends DNS query to TLD Nameserver
• TLD Nameserver responds with IP address of Domain Nameserver ("stanford.edu" Nameserver)
4. DNS Recursive Resolver sends DNS query to Domain Nameserver
• Domain Nameserver is authoritative, so replies with server IP address.
5. DNS Recursive Resolver finally responds to Client, sending server IP address (171.67.215.200)

22 Feross Aboukhadijeh
DNS + HTTP

23 Feross Aboukhadijeh
DNS + HTTP

24 Feross Aboukhadijeh
DNS + HTTP

25 Feross Aboukhadijeh
DNS + HTTP

26 Feross Aboukhadijeh
DNS + HTTP

27 Feross Aboukhadijeh
Attacks on DNS

28 Feross Aboukhadijeh
DNS hijacking
• Attacker changes target DNS record to point to attacker IP address
• Causes all site visitors to be directed to attacker's web server
• Motivation
• Phishing
• Revenue through ads, cryptocurrency mining, etc.
• How do they do it?

29 Feross Aboukhadijeh
DNS hijacking

30 Feross Aboukhadijeh
DNS hijacking

31 Feross Aboukhadijeh
DNS hijacking

32 Feross Aboukhadijeh
DNS hijacking

33 Feross Aboukhadijeh
DNS hijacking

34 Feross Aboukhadijeh
DNS hijacking vectors
• Hijacked recursive DNS resolver (shown previously)
• Hijacked DNS nameserver
• Compromised user account at DNS provider
• Malware changes user's local DNS settings
• Hijacked router

35 Feross Aboukhadijeh
36 Feross Aboukhadijeh
37 Feross Aboukhadijeh
DNS privacy
• Queries are in plaintext
• ISPs have been known to sell this data

• Pro tip: Consider switching your DNS settings to 1.1.1.1 or


another provider with a good privacy policy

38 Feross Aboukhadijeh
39 Feross Aboukhadijeh
What happens when you type a URL
and press enter?

40 Feross Aboukhadijeh
HTTP

41 Feross Aboukhadijeh
HTTP

42 Feross Aboukhadijeh
HTTP

43 Feross Aboukhadijeh
Demo: Make an HTTP request

44 Feross Aboukhadijeh
Demo: Make an HTTP request
curl https://twitter.com

curl https://twitter.com > twitter.html


open twitter.html

45 Feross Aboukhadijeh
HTTP request
GET / HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 ...

46 Feross Aboukhadijeh
47 Feross Aboukhadijeh
HTTP response
HTTP/1.1 200 OK
Content-Length: 9001
Content-Type: text/html; charset=UTF-8
Date: Tue, 24 Sep 2019 20:30:00 GMT

<!DOCTYPE html ...

48 Feross Aboukhadijeh
49 Feross Aboukhadijeh
HTTP
• Client-server model - Client asks server for resource, server replies
• Simple - Human-readable text protocol
• Extensible - Just add HTTP headers
• Transport protocol agnostic - Only requirement is reliability
• Stateless - Two requests have no relation to each other

50 Feross Aboukhadijeh
HTTP is stateless?
• Obviously, we interact with "stateful" servers all the time
• "Stateless" means the HTTP protocol itself does not store state
• If state is desired, is implemented as a layer on top of HTTP

51 Feross Aboukhadijeh
HTTP Status Codes
• 1xx - Informational ("Hold on")
• 2xx - Success ("Here you go")
• 3xx - Redirection ("Go away")
• 4xx - Client error ("You messed up")
• 5xx - Server error ("I messed up")

52 Feross Aboukhadijeh
HTTP Success Codes
• 200 OK - Request succeeded
• 206 Partial Content - Request for specific byte range succeeded

53 Feross Aboukhadijeh
Range Request

GET /video.mp4 HTTP/1.1


Range: bytes=1000-1499

Response
HTTP/1.1 206 Partial Content
Content-Range: bytes 1000-1499/1000000

54 Feross Aboukhadijeh
HTTP Redirection Codes
• 301 Moved Permanently - Resource has a new permanent URL
• 302 Found - Resource temporarily resides at a different URL
• 304 Not Modified - Resource has not been modified since last
cached

55 Feross Aboukhadijeh
HTTP Client Error Codes
• 400 Bad Request - Malformed request
• 401 Unauthorized - Resource is protected, need to authorize
• 403 Forbidden - Resource is protected, denying access
• 404 Not Found - Ya'll know this one

56 Feross Aboukhadijeh
HTTP Server Error Codes
• 500 Internal Server Error - Generic server error
• 502 Bad Gateway - Server is a proxy; backend server is unreachable
• 503 Service Unavailable - Server is overloaded or down for
maintenance
• 504 Gateway Timeout - Server is a proxy; backend server
responded too slowly

57 Feross Aboukhadijeh
HTTP with a proxy server

58 Feross Aboukhadijeh
HTTP with a proxy server

59 Feross Aboukhadijeh
HTTP with a proxy server

60 Feross Aboukhadijeh
HTTP with a proxy server

61 Feross Aboukhadijeh
HTTP with a proxy server

62 Feross Aboukhadijeh
HTTP proxy servers
• Can cache content
• Can block content (e.g. malware, adult content)
• Can modify content
• Can sit in front of many servers ("reverse proxy")

63 Feross Aboukhadijeh
HTTP request
GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 ...

64 Feross Aboukhadijeh
65 Feross Aboukhadijeh
HTTP headers
• Let the client and the server pass additional information with an
HTTP request or response
• Essentially a map of key-value pairs
• Allow experimental extensions to HTTP without requiring protocol
changes

66 Feross Aboukhadijeh
Useful HTTP request headers
• Host - The domain name of the server (e.g. example.com)

• User-Agent - The name of your browser and operating system

• Referer - The webpage which led you to this page (misspelled)

• Cookie - The cookie server gave you earlier; keeps you logged in

• Range - Specifies a subset of bytes to fetch

67 Feross Aboukhadijeh
Useful HTTP request headers (pt 2)
• Cache-Control - Specifies if you want a cached response or not

• If-Modified-Since - Only send resource if it changed recently

• Connection - Control TCP socket (e.g. keep-alive or close)

• Accept - Which type of content we want (e.g. text/html)

• Accept-Encoding - Encoding algorithms we understand (e.g. gzip)

• Accept-Language - What language we want (e.g. es)


68 Feross Aboukhadijeh
Demo: Make an HTTP request with
headers

69 Feross Aboukhadijeh
Demo: Make an HTTP request with
headers
curl https://twitter.com --header "Accept-Language: es" --silent | grep JavaScript

curl https://twitter.com --header "Accept-Language: ar" --silent | grep JavaScript

70 Feross Aboukhadijeh
Demo: User-Agent Examples

71 Feross Aboukhadijeh
HTTP response
HTTP/1.1 200 OK
Content-Length: 9001
Content-Type: text/html; charset=UTF-8
Date: Tue, 24 Sep 2019 20:30:00 GMT

<!DOCTYPE html ...

72 Feross Aboukhadijeh
Useful HTTP response headers
• Date - When response was sent

• Last-Modified - When content was last modified

• Cache-Control - Specifies whether to cache response or not

• Expires - Discard response from cache after this date

• Set-Cookie - Set a cookie on the client

• Vary - List of headers which affect response; used by cache


73 Feross Aboukhadijeh
Vary on user language
HTTP/1.1 200 OK
Cache-Control: public, max-age=31536000
Vary: Accept-Langauge

74 Feross Aboukhadijeh
Useful HTTP response headers (pt 2)
• Location - URL to redirect the client to (used with 3xx responses)

• Connection - Control TCP socket (e.g. keep-alive or close)

• Content-Type - Type of content in response (e.g. text/html)

• Content-Encoding - Encoding of the response (e.g. gzip)

• Content-Language - Language of the response (e.g. ar)

• Content-Length - Length of the response in bytes


75 Feross Aboukhadijeh
76 Feross Aboukhadijeh
77 Feross Aboukhadijeh
Demo: Implement an HTTP client
• Not magic!
• Steps:
• Open a TCP socket
• Send HTTP request text over the socket
• Read the HTTP response text from the socket

78 Feross Aboukhadijeh
Implement an HTTP client
const net = require('net')

const socket = net.createConnection({


host: 'example.com',
port: 80
})

const request = `
GET / HTTP/1.1
Host: example.com

`.slice(1)

socket.write(request)
socket.pipe(process.stdout)

79 Feross Aboukhadijeh
Implement an HTTP client (take 2)
const dns = require('dns')
const net = require('net')

dns.lookup('example.com', (err, address) => {


if (err) throw err

const socket = net.createConnection({


host: address,
port: 80
})

const request = `
GET / HTTP/1.1
Host: example.com

`.slice(1)

socket.write(request)
socket.pipe(process.stdout)
})

80 Feross Aboukhadijeh
Demo: Chrome DevTools

81 Feross Aboukhadijeh
What happens when you type a URL
and press enter?
1. Perform a DNS lookup on the hostname (example.com) to get an IP address (1.2.3.4)

2. Open a TCP socket to 1.2.3.4 on port 80 (the HTTP port)

3. Send an HTTP request that includes the desired path (/)


4. Read the HTTP response from the socket
5. Parse the HTML into the DOM
6. Render the page based on the DOM
7. Repeat until all external resources are loaded:
• If there are pending external resources, make HTTP requests for these (run steps 1-4)
• Render the resources into the page

82 Feross Aboukhadijeh
83 Feross Aboukhadijeh
84 Feross Aboukhadijeh
85 Feross Aboukhadijeh
86 Feross Aboukhadijeh
END

92 Feross Aboukhadijeh

You might also like