HTTP/S (Hypertext Transfer Protocol Secure) Service Enumeration

HTTP/S (Hypertext Transfer Protocol / Secure)

At a Glance

Default Ports

  • HTTP: 80
  • HTTPS (HTTP over TLS or SSL): 443

HTTP is an application-level protocol for distributed hypermedia information systems. It is the standard protocol that defines how messages are formatted and sent across the web.

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). Therefore, the protocol is also referred to as HTTP over TLS or HTTP over SSL.

HTTP

Netcat

nc example.com 80

HTTPS

openssl 1

openssl s_client -connect example.com:443
Parameters
  • s_client: SSL/TLS client program.

Directory Enumeration

Enumerate files and directories. Look for unlinked content, temporary directories, and backups. Widely used tools include dirbuster, gobuster, dirb, and Burp Suite.

Wordlists

Included in Kali’s wordlists package under /usr/share/wordlists.

  • /dirbuster/directory-list-2.3-medium.txt ( 1.9M - 220560 lines )
  • /dirbuster/directory-list-2.3-small.txt ( 709K - 87664 lines )
  • /dirb/common.txt ( 36K - 4614 lines )
  • /dirb/big.txt ( 180K - 20469 lines )

Other lists.

Note: For more wordlists refer to Wordlists and Wordlist Generaion.

gobuster 2

gobuster dir -t 30 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://10.0.0.3/
Parameters
  • dir: directory brute-forcing mode.
  • -t <n>: number of concurrent threads (default 10).
  • -w <wordlist>: path to the wordlist.
  • -u <URL>: target URL.

Note:

  • Iterate over the results.
  • Include status code 403 (Forbidden Error) and brutefoce these directories.
  • Add more file extensions to search for; In gobuster: -x sh,pl.

Source Code

Inspect

It is a good habit to take a quick look at the pages’ source code, scripts, and console outputs.

To active View Source, context-click on the page and select View Page Source or with the Ctrl+U or Cmd+U shortcut.

Note: Many browsers include a powerful suite of tools, also known as devtools, to inspect and interact with the target website.

Download

If the target uses an open-source app, downloading its codebase will provide helpful information about configuration files, open resources, default credentials, etc.


  1. OpenSSL Foundation, Inc. “/Docs/Manmaster/Man1/Openssl.Html.” OpenSSL.Org, https://www.openssl.org/docs/manmaster/man1/openssl.html. ↩︎

  2. Reeves, OJ. “GitHub - OJ/Gobuster.” GitHub, https://github.com/OJ/gobuster. ↩︎