http is hyper text transfer protocol which is responsible for transmitting and receiving information across the Internet where as https is secure http, which is used exchanging confidential information with a server, which needs to be secured in order to prevent unauthorized access.
HTTP is Hyper Text Transport Protocol and is transmitted over the wire via PORT 80(TCP). You normally use HTTP when you are browsing the web, it's not secure, and so someone can eavesdrop on the conversation between your computer and the web server. HTTP can support the client asking for a particular file to be sent only if it has been updated after a certain date and time. This would be used if the client has already retrieved a copy of a file by that name from that server, but wants to check to see if it has been updated since then. The server responds either with the updated file, with a message to say the file has not been changed, or with a message that the file no longer exists.
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is really just the use of Netscape's Secure Socket Layer (SSL) as a sub layer under its regular HTTP application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.) SSL uses a 40-bit key size for the RC4 stream encryption algorithm, new-age browsers use 128-bit key size which is more secure than the former, it is considered an adequate degree of encryption for commercial exchange. HTTPS is normally used in login pages, shopping/commercial sites.
How it Work
Https is not a separate protocol, but refers to the combination of a normal HTTP interaction over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport mechanism. This ensures reasonable protection from eavesdroppers and (provided it is implemented properly and the top level certification authorities do their job properly) man-in-the-middle attacks.
The default TCP port of an https: URL is 443 (for unsecured HTTP, the default is 80). To prepare a web-server for accepting https connections the administrator must create a public key certificate for the web-server. These certificates can be created for Linux based servers with tools such as Open SSL's ssl or SuSE's gensslcert. This certificate must be signed by a certificate authority of one form or another, who certifies that the certificate holder is who they say they are. Web browsers are generally distributed with the signing certificates of major certificate authorities, so that they can verify certificates signed by them.
Main Features
Dedicated to HTTP protocol, show a wide range of HTTP related information, request and response header, content, sent and received cookies, stream, query strings, post form values…
Request builder, Users can handcraft an HTTP request by using the HTTP Request Builder, or they can use a drag-and-drop operation to move an existing request from the session grid to the Request Builder to execute it again.
Hex Viewer allows users to view and edit binary files in hexadecimal and textual format. New
Displays Winsock traffic originating from Java applets and JavaScript embedded in a Web page, displays Winsock traffic originating from ActiveX controls and COM objects instanced by an application (Stand-alone Edition Only)
"Before request and after response" browser cache comparisons
Support HTTPS, show you unencrypted data sent over HTTPS / SSL connections, HTTPS is available if the application uses the Microsoft WININET API (ex. ie, outlook) or Mozilla NSS API. (ex. firefox, thunderbird)
Selectively clear caches and cookies which are related with HTTP/HTTPS sessions
Posts
No comments:
Post a Comment