The Basics

Websites use the hypertext transfer protocol (HTTP) to transfer data. This data consist of hypertext markup language (HTML), cascading style sheets (CSS), and javascript ( JS). A web browser, such as Firefox or Chrome, will first send a request to a web server. If the request is valid and the content exists, the server will respond by sending the browser the HTML, CSS, and JS, which your browser will then render.

Cookies, Response Codes, and Headers

There is more to HTTP than just sending HTML, CSS, and JS. Cookies are small pieces of data that are stored on your computer. They are used to store information about you, such as your session and other preferences. Cookies are sent to the server with every request, and the server can use this information to customize your experience. Response codes are numbers that are sent back to the browser to indicate the status of the request. The most common response codes are 200, which means the request was successful, and 404, which means the content was not found. Headers are pieces of information that are sent with every request. They contain information about the request, such as the browser and OS (also known as a " user agent"), the IP address of the client, and other information used to identify the request.

Client-Side vs Server-Side

The content your browser renders is known as client-side code. This code is visible to you, and can be modified by you. Server-side code is the underlying code of the web application, and is not visible by your browser. This code is used to process requests and to determine what content to send back to the client. Server-side code is usually written in a server-side scripting language, such as PHP, Python, or Javascript. Web Exploitation relies on exploiting the server-side code to gain access to sensitive information, such as user data, or to gain access to the server itself.