Day 06: My Bug Bounty Challenge ... 0–100k without knowledge in one year!

Hello everyone once again, today is the sixth day of learning my challenge as mentioned above in the title, today I am learning about HTTP Requests and Responses in the CBBH certification module of hack the box where it is explained how communication is carried out using the HTTP protocol /HTTPS , the requests contains all of the details we require from the server, including the resource and many other informations about the server, then I learned about the http request structure which contains some important information for my future in bug bounty as (HTTP method, path, HTTP version, HTTP headers and values):

The headers are used to specify various attributes of a request, the headers are terminated with a new line which is necessary for the server to validate the request.
In the section about response code I learned that the response codes are used to determine the request’s status, after the first line the response headers are similar to an HTTP request.
I also learned the basics of Browser DevTools in which I can do various tests on web applications, learned how to make http requests with the cURL command to obtain some important information about the target such as (method used, data, server, host, code, version…)

In the study of HTTP methods, the methods (GET, POST, HEAD, PUT, DELETE, OPTIONS, PATCH) were discussed, which are the most used methods as reported in the module studied. The most used methods in current web applications are the GET and POST methods. The availability of a particular method depends on the server as well as the application configuration.

The most common HTTP methods are:
200 OK — successful request
302 Found — redirect the client to another URL
400 Bad Request — Returned on encountering malformed requests
403 Forbidden — client don’t have appropriate access to the resource
404 Not found — request resource does not exist on the server
500 Internal server error — server can not process the request

Reading about POST Request HTTP method in the study module of the day by HackTheBox I discovered that the post method can also upload some files (I should study this more in depth later), the POST request places dta in the body which can accept binary data, the maximum URL length varies between browsers, web servers like IIS, apache and ngix, content delivery networks and even URL shorteners, a url’s lengths should be kept to below two thousand characters, so they cannot handle a lot of data.

Continuing with the POST method block, I saw that having a valid cookie may be enough to get authenticated into many web applications. This can be an essential part of some web attacks, like Corss-Site-Scripiting.
NOTE: new knowledge acquired (we can use several ways with the curl command to obtain data, log in, requests with cookies, users, etc. and we can also edit some files in the database in some cases [PUT method]), I really couldn’t imagine the power of the cURL command, even knowing that APIs don’t work the same way, the knowledge is coming and we are understanding how things work.

I managed to finish the http request block in 06 days. Now I’m moving on to the introduction to web applications block. Let’s follow the plan without stopping, each day more motivated! see you tomorrow guys, aaah I almost forgot, today I’m still going to read RFC2616 because I haven’t finished it yet! All knowledge is valid, so let’s go!

#keeplearning

Hours studied today: 4h