| http is hyper text transfer protocol which is | | | | from eavesdroppers and (provided it is |
| responsible for transmitting and receiving | | | | implemented properly and the top level |
| information across the Internet where as https is | | | | certification authorities do their job properly) |
| secure http, which is used exchanging confidential | | | | man-in-the-middle attacks. |
| information with a server, which needs to be | | | | The default TCP port of an https: URL is 443 (for |
| secured in order to prevent unauthorized access. | | | | unsecured HTTP, the default is 80). To prepare a |
| HTTP is Hyper Text Transport Protocol and is | | | | web-server for accepting https connections the |
| transmitted over the wire via PORT 80(TCP). You | | | | administrator must create a public key certificate |
| normally use HTTP when you are browsing the | | | | for the web-server. These certificates can be |
| web, it's not secure, and so someone can | | | | created for Linux based servers with tools such |
| eavesdrop on the conversation between your | | | | as Open SSL's ssl or SuSE's gensslcert. This |
| computer and the web server. HTTP can support | | | | certificate must be signed by a certificate |
| the client asking for a particular file to be sent | | | | authority of one form or another, who certifies |
| only if it has been updated after a certain date | | | | that the certificate holder is who they say they |
| and time. This would be used if the client has | | | | are. Web browsers are generally distributed with |
| already retrieved a copy of a file by that name | | | | the signing certificates of major certificate |
| from that server, but wants to check to see if it | | | | authorities, so that they can verify certificates |
| has been updated since then. The server | | | | signed by them. |
| responds either with the updated file, with a | | | | Main Features |
| message to say the file has not been changed, or | | | | Dedicated to HTTP protocol, show a wide range |
| with a message that the file no longer exists. | | | | of HTTP related information, request and |
| HTTPS (Hypertext Transfer Protocol over Secure | | | | response header, content, sent and received |
| Socket Layer or HTTP over SSL) is a Web | | | | cookies, stream, query strings, post form |
| protocol developed by Netscape and built into its | | | | values… |
| browser that encrypts and decrypts user page | | | | Request builder, Users can handcraft an HTTP |
| requests as well as the pages that are returned | | | | request by using the HTTP Request Builder, or |
| by the Web server. HTTPS is really just the use | | | | they can use a drag-and-drop operation to move |
| of Netscape's Secure Socket Layer (SSL) as a | | | | an existing request from the session grid to the |
| sub layer under its regular HTTP application | | | | Request Builder to execute it again. |
| layering. (HTTPS uses port 443 instead of HTTP | | | | Hex Viewer allows users to view and edit binary |
| port 80 in its interactions with the lower layer, | | | | files in hexadecimal and textual format. New |
| TCP/IP.) SSL uses a 40-bit key size for the RC4 | | | | Displays Winsock traffic originating from Java |
| stream encryption algorithm, new-age browsers | | | | applets and JavaScript embedded in a Web page, |
| use 128-bit key size which is more secure than | | | | displays Winsock traffic originating from ActiveX |
| the former, it is considered an adequate degree | | | | controls and COM objects instanced by an |
| of encryption for commercial exchange. HTTPS is | | | | application (Stand-alone Edition Only) |
| normally used in login pages, shopping/commercial | | | | "Before request and after response" browser |
| sites. | | | | cache comparisons |
| How it Work | | | | Support HTTPS, show you unencrypted data sent |
| Https is not a separate protocol, but refers to the | | | | over HTTPS / SSL connections, HTTPS is |
| combination of a normal HTTP interaction over an | | | | available if the application uses the Microsoft |
| encrypted Secure Sockets Layer (SSL) or | | | | WININET API (ex. ie, outlook) or Mozilla NSS API. |
| Transport Layer Security (TLS) transport | | | | (ex. |
| mechanism. This ensures reasonable protection | | | | |