TryHackMe : How the Web Works — HTTP in Detail a Walkthrough
This is a step-by-step walkthrough of TryHackMe’s HTTP in Detail room, with screenshots.
Task 1: What is HTTP(S)
Question 1: “What does HTTP stand for?”
Per THM: HyperText Transfer Protocol
Question 2: “What does the S in HTTPS stand for?”
Per THM: Secure
Question 3: “On the mock webpage on the right there is an issue, once you’ve found it, click on it. What is the challenge flag?”
Click on “View Site”
This page will load:
Click on the crossed-out lock in the URL bar and the following box will pop up, giving you the flag:
Copy and paste the flag into the answer box:
Question 4: “What HTTP protocol is being used in the above example?”
Per THM: HTTP/1.1
Question 5: “What response header tells the browser how much data to expect?”
Per THM: Content-Length
Task 3: HTTP Methods
Question 6: “What method would be used to create a new user account?”
Per THM: POST
Question 7: “What method would be used to update your email address?”
Per THM: PUT
Question 8: “What method would be used to remove a picture you’ve uploaded to your account?”
Per THM: DELETE
Question 9: “What method would be used to view a news article?”
Per THM: GET
Task 4: HTTP Status Codes
Click on “View Site”
The following page will load in your browser:
Click on each to get an idea of what these codes will look like:
Question 10: “What response code might you receive if you’ve created a new user or blog post article?”
Per THM: 201
Question 11: “What response code might you receive if you’ve tried to access a page that doesn’t exist?”
Per THM: 404
Question 12: “What response code might you receive if the web server cannot access its database and the application crashes?”
Per THM: 503
Question 13: “What response code might you receive if you try to edit your profile without logging in first?”
Per THM: 401
Task 5: Headers
Question 14: “What header tells the web server what browser is being used?”
Per THM: User-Agent
Question 15: “What header tells the browser what type of data is being returned?”
Per THM: Content-Type
Question 16: “What header tells the web server which website is being requested?”
Per THM: Host
Task 6: Cookies
Click on “View Site” to get a look at how to navigate to the Developer Tools on various browsers.
Question 17: “Which header is used to save cookies to your computer?”
Per THM: Set-Cookie
Task 7: Making Requests
Click on “View Site”
This will open a window in your browser:
Question 18: “Make a GET request to /room”
In the dropdown box, select “GET”, after the url type “/room”.
Click the “Go” button. This will reveal the flag:
Copy and paste the flag into the answer box:
Question 19: “Make a GET request to /blog and using the gear icon set the id parameter to 1 in the URL field.”
In the dropdown box, select “GET”. In the URL add “/blog” at the end.
Click on the gear icon. In the pop-up box, in the “key” field enter “id”. In the “value” field, enter “1”. Click the save icon. Click the “x” to exit the pop-up.
Click “Go” and the flag will be revealed:
Copy and paste the flag into the answer box:
Question 20: “Make a DELETE request to /user/1”
In the dropdown box, select “DELETE”. In the URL, enter “/user/1”.
Click the “Go” button and the flag will be revealed:
Copy and paste the flag into the answer box:
Question 21: “Make a PUT request to /user/2 with the username parameter set to admin.”
In the dropdown box, select “PUT”. In the URL add “/user/2”.
Click on the gear icon. In the “key” field, enter “username”. In the “value” field enter “admin”. Click the save icon. Click on the “x” to exit the pop-up.
Click “Go” and the flag will be revealed:
Copy and paste the flag into the answer box:
Question 22: “POST the username of thm and a password of letmein to /login.”
In the dropdown box, select “POST”. In the URL, add “/login”.
In the pop-up box, in the “key” field, enter “username”. In the “value” field, enter “thm”. Click the save icon. Repeat the process for “password” and “letmein”. Click the “x” to close out the pop-up.
Click “Go” and the flag will be revealed:
Copy and paste the flag into the answer field:
Thank you for reading. If you think I bring you value, please clap and subscribe for more content.
