This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe (thm)1 website.

It is based on the learning content provided in the HTTP in detail room.

Task 1 - What is HTTP(S)?

After the nice introduction to HTTP and HTTPS, check out the static website provided in the task. Notice, how the little lock symbol at the top of the page is crossed out. Indicating, that either your connection is unsecure (connected via HTTP) or that there is an issue with the site’s certificate. Click on the problem indicator to get the flag.

Bad certificate - 1

Bad certificate - 2

Question 1: What does HTTP stand for?

HyperText Transfer Protocol

Question 2: What does the S in HTTPS stand for?

secure

Question 3: On the mock webpage on the right there is an issue, once you’ve found it, click on it. What is the challenge flag?

flag

Task 2 - Requests And Responses

Check out the various features an URL may possess in a request. An example request and response pair is also provided here.

Question 1: What HTTP protocol is being used in the above example?

HTTP/1.1

Question 2: What response header tells the browser how much data to expect?

Content-Length

Task 3 - HTTP Methods

Read the introduction to the most commonly used HTTP methods.

Question 1: What method would be used to create a new user account?

POST

Question 2: What method would be used to update your email address?

PUT

Question 3: What method would be used to remove a picture you’ve uploaded to your account?

DELETE

Question 4: What method would be used to view a news article?

GET

Task 4 - HTTP Status Codes

Learn about the most common HTTP status codes, and the different ranges with their respective meanings.

Deploying the site in this task will help you with getting a better picture, about how some of the HTTP status messages might look like in real life.

HTTP status codes - 1

HTTP status codes - 2

HTTP status codes - 3

Question 1: What response code might you receive if you’ve created a new user or blog post article?

201

Question 2: What response code might you receive if you’ve tried to access a page that doesn’t exist?

404

Question 3: What response code might you receive if the web server cannot access its database and the application crashes?

503

Question 4: What response code might you receive if you try to edit your profile without logging in first?

401

Task 5 - Headers

Check out the most common request and response headers.

Question 1: What header tells the web server what browser is being used?

User-Agent

Question 2: What header tells the browser what type of data is being returned?

Content-Type

Question 3: What header tells the web server which website is being requested?

Host

Task 6 - Cookies

Read the into about cookies and the way they might be used. To view your own cookies, deploy the static site that is shipped with the task, and follow the guide to open up developer tools in your own browser. Then, follow the instructions left behind in the task.

Check out the various ways you might use to access developer tools in the different browsers.

Accessing Developer Tools - 1

Accessing Developer Tools - 2

Accessing Developer Tools - 3

Accessing Developer Tools - 4

Accessing Developer Tools - 5

Question 1: Which header is used to save cookies to your computer?

Set-Cookie

Task 7 - Making Requests

Create the demo requests with the very nice emulator that is provided here.

Making requests - 1

Check out, how configuring the request method, and setting the URL will modify our request. For the first question only the URL need to be adjusted.

Making requests - 2

First, set the id parameter to 1 and then adjust the URL to answer the second question.

Making requests - 3

Making requests - 4

Remember to clear the set parameters before proceeding with the third question.

Making requests - 5

Making requests - 6

For the fourth question, first we set the username parameter to admin before sending in the request. This will then update the set username value on the website.

Making requests - 7

Making requests - 8

Making requests - 9

For the last question, we try to log on to the website by setting the appropriate parameter values.

Making requests - 10

This marks the end of this room, see you in the next one.

Question 1: Make a GET request to /room

flag

Question 2: Make a GET request to /blog and using the gear icon set the id parameter to 1 in the URL field

flag

Question 3: Make a DELETE request to /user/1

flag

Question 4: Make a PUT request to /user/2 with the username parameter set to admin

flag

Question 5: POST the username of thm and a password of letmein to /login

flag

  1. thm - shorthand for TryHackMe from now on ↩︎