http & smtp
TRANSCRIPT
-
8/8/2019 HTTP & SMTP
1/23
HTTP & SMTP
-
8/8/2019 HTTP & SMTP
2/23
HTTP HYPERTEXT TRANSFER PROTOCOL
Is anApplication Layer protocol for distributed, collaborative, and
hypermedia information systems.
Has request-response standard typical to client-server computing.
The web browser (e.g. IE, FF) acts as the client while an application
running on the host computer acts as the server (e.g. IIS and Apache).
The client(user agent) submits HTTP requests. The responding
server(origin server) responds to the requests accordingly.
Between the User Agent and Origin Server we have manyintermediaries such as proxies, gateways, and tunnels.
-
8/8/2019 HTTP & SMTP
3/23
ILLUSTRATION
-
8/8/2019 HTTP & SMTP
4/23
DEPENDENCY,CONSTRAINTS, IMPLEMENTATION
HTTP is not constrained in principle to be built on top of
TCP/IP.
HTTP can be built on top of any protocol on the internet or
other networks.
HTTP presumes a reliable transport any protocol that
provides such guarantees can be used.
Resources to be accessed and identified by URIs
and URLs using a certain URI scheme e.g. HTTP, or
HTTPS
-
8/8/2019 HTTP & SMTP
5/23
HISTORY& SITUATION
Its use for retrieving inter-linked resources,
called hypertext documents(HTML Web Pages), led to the
establishment of the World Wide Web in 1990.
Original, designated as HTTP/1.0, was revised in HTTP/1.1
HTTP/1.0 Separate connection to the same server forevery document.
HTTP/1.1 Can reuse the same connection to download
more than one file or resource for the just served page.
Making it much more efficient and faster.
Standards development of HTTP has been coordinated bythe World Wide Web Consortium and the Internet
Engineering Task Force (IETF).
Today and since June1999 HTTP/1.1 is the standard.
-
8/8/2019 HTTP & SMTP
6/23
THE HTTP SESSION
Sequence ofNetworkResponse Transactions.
HTTP client establishes TCP connection to a
hosts port (e.g. port 80) HTTP server working
on a certain port waits for a request. Uponreceiving a request, the server sends back to the
client:
1. Status Line e.g. HTTP/1.1 200 OK
2.
Message of its own.3. Body of requested resource.
4. Error message and some other information.
-
8/8/2019 HTTP & SMTP
7/23
THE REQUEST MESSAGE
Consists of The following:
Request Line e.g. GET /images/logo.png HTTP/1.1
Headers e.g. AcceptLanguage: en
An Empty Line Optional Message Body
Note:Request Line and Headers must end with
(carriage return), an empty line contains
only.
-
8/8/2019 HTTP & SMTP
8/23
THE REQUEST METHODS
HTTP Defines 8 methods(Verbs) indicating the desired
actions to be performed on the identified resource. The
resource can correspond to a file or an executable on the
server.
HEAD:Asks for a response, but without the response body.This is useful for retrieving meta-information written in
response headers, without having to transport the entire
content.
GET: Requests a representation of the specified resource.
POST: Submits data to be processed (e.g., from an HTMLform) to the identified resource.Data is included in the
body of the request. Results in the creation of a new
resource or an update of existing resources or both.
-
8/8/2019 HTTP & SMTP
9/23
THE REQUEST METHODS(CONTINUED)
PUT: Uploads a representation of the specified resource.
DELETE:Deletes the specified resource.
TRACE: Echoes back the received request, so that a client
can see what intermediate servers are adding or changing
in the request.
OPTIONS: Returns the HTTP methods that the serversupports for specified URL ( Used to check the functionality
of the web server).
CONNECT: Converts the request connection to a
transparent TCP/IP tunnel (To facilitate SSL-encrypted
communication (HTTPS) through an unencrypted
HTTP proxy).
PATCH: Is used to apply partial modifications to a
resource.
Remark: HTTP servers are required to implement at
least the GET and HEADmethods
-
8/8/2019 HTTP & SMTP
10/23
SAFE VS. UNSAFE METHODS
Safe Methods: They are intended only for information
retrieval and should not change the state of the server i.e.
Should not have side effects on the server beyond logging,
caching and incrementing web counters. Examples: HEAD,
GET, OPTIONS and TRACE.
Unsafe Methods:Are intended for actions which may cause
side effects(non-trivial changes on the server) either on the
server, or external side effects such as financial
transactions or transmission of email. Such methods aretherefore not usually used by web robots, that tend to make
requests without regard to context or consequences.
Examples: POST, PUT and DELETE.
-
8/8/2019 HTTP & SMTP
11/23
HTTP STATUS CODES
The first line of the HTTP response is called the status
line and includes a numeric status code (such as "404") and
a textual reason phrase (such as "Not Found").
The way the user agent handles the response primarilydepends on the code and secondarily on the response
headers.
If the user agent encounters a code it does not recognize, it
can use the first digit of the code to determine the generalclass of the response as each response code belongs to a
class.
-
8/8/2019 HTTP & SMTP
12/23
HTTP STATUS CODES (CONTINUED)
-
8/8/2019 HTTP & SMTP
13/23
HTTP SESSION STATE
HTTP is a stateless protocol.
An advantage is that hosts do not need to retain
information about users between requests.
For example, when a host needs to customize the content of
a website for a user, the web application must be written totrack the user's progress from page to page. A common
method for solving this problem involves sending and
receiving cookies.
Other methods include server side sessions, hidden
variables and URL encoded parameters (suchas /index.php?session_id=some_unique_session_code)
-
8/8/2019 HTTP & SMTP
14/23
REQUEST & RESPONSE EXAMPLE
-
8/8/2019 HTTP & SMTP
15/23
LIVE HTTP REQUEST/RESPONSE TEST
http://www.rexswain.com/httpview.html
http://web-sniffer.net/
-
8/8/2019 HTTP & SMTP
16/23
SMTP SIMPLE MAIL TRANSFER PROTOCOL
Contents:
Introduction
SMTP operation
Problems with SMTP
Security considerations in SMTP
-
8/8/2019 HTTP & SMTP
17/23
INTRODUCTION
Simple Mail TransferProtocol is the standard e-mail protocol on the
Internet and part of the TCP/IP protocol suite.
It is basically a server that receives your e-mails and sends them to
their destinations.
SMTP was originally designed for only plain text (ASCII text), butMultipurpose Internet Mail Extensions (MIME) and other encoding
methods enable executable programs and multimedia files to be
attached to and transported with the e-mail message.
SMTP is a relatively simple, text-based protocol, where one or more
recipients of a message are specified and then the message text istransferred. SMTP uses TCP port 25.
-
8/8/2019 HTTP & SMTP
18/23
OPERATION
When an SMTP client has a message to transmit, it establishes a
two- way transmission channel to an SMTP server. The
responsibility of an SMTP client is to transfer mail messages to one
or more SMTP servers.
Once the transmission channel is established and initial handshaking
completed, the SMTP client normally initiates a mail transaction.
Such a transaction consists of a series of commands to specify the
originator and destination of the mail and transmission of the
message content (including any headers or other structure) itself.
-
8/8/2019 HTTP & SMTP
19/23
OPERATION(CONTINUED)
The server responds to each command with a reply; replies may
indicate that the command was accepted, that additional commands
are expected, or that a temporary or permanent error condition
exists.
Once a given mail message has been transmitted, the client may
either request that the connection be shut down or may initiate other
mail transactions.
-
8/8/2019 HTTP & SMTP
20/23
BASIC COMMANDS
SMTP defines a small required command set, with several
optional commands included for convenience purposes. The
minimal set required for an SMTP sending client are:
HELO - Initial State Identification MAIL- Mail Sender Reverse Path
RCPT - One Recipients Forward Path
DATA - Mail Message Text State
RSET - Abort Transaction and Reset all buffers
NOOP - No Operation QUIT- Commit Message and Close Channel
-
8/8/2019 HTTP & SMTP
21/23
PROBLEMS WITH SIMPLE SMTP
The first one relates to message length. Some older implementations
couldnt handle messages exceeding 64KB.
Another problem relates to timeouts. If the Client and server have
different timeouts, one of them may give up while the other is stillbusy, unexpectedly terminating the connection.
Infinite mail storms can be triggered. For example, If host 1 holds
mailing list A and host 2 holds mailing list B and each list contains
an entry for the other one, then a message sent to either list couldgenerate a never ending amount of email traffic unless somebody
checks for it.
-
8/8/2019 HTTP & SMTP
22/23
EXTENSIONS
The following are the extensions to SMTP protocol (RFC 821):-
RFC 2920:-
SMTP extension to improve SMTP performance by
bundling multiple commands within a TCP sendoperation.
RFC 3030:-
This provides two extensions to the SMTP protocolfor the transfer of large and binary MIME messages.
RFC 2487:-
SMTP extension for transport-layer security duringsessions. This adds some security to email while intransit.
-
8/8/2019 HTTP & SMTP
23/23
SECURITY AND SPAMMING
One of the limitations of the original SMTP is that it has no facility
for authentication of senders. Therefore the SMTP-AUTHextension
was defined. In spite of this, E-mail spamming is still a major
problem. Modifying SMTP extensively, or replacing it completely, is
not believed to be practical, due to the network effects of the hugeinstalled base of SMTP.INTERNET MAIL 2000 is one such proposal
for replacement.
SMTP mail is inherently insecure in that it is feasible for even fairly
casual users to negotiate directly with receiving and relaying SMTPservers and create messages that will trick a naive recipient into
believing that they came from somewhere else.