This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving.

HTTP In Detail Room - Learn about how you request content from a web server using the HTTP protocol

Overview

Walkthrough

1. What is HTTP(S)?

  • What does HTTP stand for?

=> Answer: HyperText Transfer Protocol

  • What does the S in HTTPS stand for?

=> Answer: Secure

  • On the mock webpage on the right there is an issue, once you've found it, click on it. What is the challenge flag?

  • Click on the lock on the URL

=> Answer: THM{INVALID_HTTP_CERT}

2. Requests And Responses

  • What HTTP protocol is being used in the above example?
HTTP/1.1 200 OK

Server: nginx/1.15.8
Date: Fri, 09 Apr 2021 13:34:03 GMT
Content-Type: text/html
Content-Length: 98


<html>
<head>
    <title>TryHackMe</title>
</head>
<body>
    Welcome To TryHackMe.com
</body>
</html>

=> Answer: HTTP/1.1

  • What response header tells the browser how much data to expect?

=> Answer: Content-Length

3. HTTP Methods

  • What method would be used to create a new user account?

=> Answer: POST

  • What method would be used to update your email address?

=> Answer: PUT

  • What method would be used to remove a picture you've uploaded to your account?

=> Answer: DELETE

  • What method would be used to view a news article?

=> Answer: GET

4. HTTP Status Codes

  • What response code might you receive if you've created a new user or blog post article?

=> Answer: 201

  • What response code might you receive if you've tried to access a page that doesn't exist?

=> Answer: 404

  • What response code might you receive if the web server cannot access its database and the application crashes?

=> Answer: 503

  • What response code might you receive if you try to edit your profile without logging in first?

=> Answer: 401

5. Headers

  • What header tells the web server what browser is being used?

=> Answer: User-Agent

  • What header tells the browser what type of data is being returned?

=> Answer: Content-Type

  • What header tells the web server which website is being requested?

=> Answer: Host

6. Cookies

  • Which header is used to save cookies to your computer?

=> Answer: Set-Cookie

7. Making Requests

  • Make a GET request to /room page

GET /room HTTP/1.1
Host: tryhackme.com
User-Agent: Mozilla/5.0 Firefox/87.0
Content-Length: 0

=> Answer: THM{YOU'RE_IN_THE_ROOM}

  • Make a GET request to /blog page and set the id parameter to 1
    Note: Use the gear button on the right to manage URI parameters

GET /blog?id=1 HTTP/1.1
Host: tryhackme.com
User-Agent: Mozilla/5.0 Firefox/87.0
Content-Length: 0

=> Answer: THM{YOU_FOUND_THE_BLOG}

  • Make a DELETE request to /user/1 page

DELETE /user/1 HTTP/1.1
Host: tryhackme.com
User-Agent: Mozilla/5.0 Firefox/87.0
Content-Length: 0

=> Answer: THM{USER_IS_DELETED}

  • Make a PUT request to /user/2 page with the username parameter set to admin
    Note: Use the gear button on the right to manage body parameters

PUT /user/2 HTTP/1.1
Host: tryhackme.com
User-Agent: Mozilla/5.0 Firefox/87.0
Content-Length: 14
Content-Type: application/x-www-form-urlencoded

username=admin

=> Answer: THM{USER_HAS_UPDATED}

  • Make a POST request to /login page with the username of thm and a password of letmein
    Note: Use the gear button on the right to manage body parameters

POST /login HTTP/1.1
Host: tryhackme.com
User-Agent: Mozilla/5.0 Firefox/87.0
Content-Length: 29
Content-Type: application/x-www-form-urlencoded

username=thm&password=letmein

=> Answer: THM{HTTP_REQUEST_MASTER}