The Different of HTTP and HTTPs
The Different of HTTP and HTTPs
HTTP is the basis of data communications for the World Wide Web (WWW). Every time we open a website / web page we will use this protocol. The Different of HTTP and HTTPs.
Client asks the server side to open up communication on port 80, port 80 is open the server side and client side opens a random port.
Here is a picture when I opened http://www.kaskus.us and see which ports are open using netstat-an.
As we can see from the picture, the client computer and open a random local port 80 open port on the server side.
Is the HTTP (Hyper Text Transfer Protocol) Safe?
To answer this question, let’s look at these experiments.
In this experiment, there are two people in a wireless network and BadGuy NiceGuy. NiceGuy try to open http://friendster.com then log into it. In different places, BadGuy in the same wireless network with NiceGuy as shown in the figure below:
BadGuy use Wireshark to capture all packets of data transmitted to / from the access point. In this case BadGuy only collect and view data packets sent by other people.
Here is a picture when NiceGuy enter a username (email) and password in friendster.com
And then the data was captured by using Wireshark to BadGuy Username: email@example.com and password: heremypass.
Data packets are sent using HTTP is not encrypted, anyone can view the data in plain text as BadGuy do. That is why not use HTTP to banking or transactions on the Internet, and also it is not recommended if you open a website using HTTP login page on a public network such as a wireless hotspot. The Different of HTTP and HTTPs
HTTPS is a combination of the Hyper Text Transfer Protocol and Secure Sockets Layer protocol (SSL) / Transport Layer Security (TLS) to provide encrypted communications between web servers and clients. HTTPS typically used for internet banking, payment transactions, login pages, etc.
This protocol uses port 443 for communication. Websites that already use this protocol GMail.com, as well as other websites such as PayPal, Amazon, etc..
Let’s look at the relationship between our computers and the web server when you make a connection using HTTPS using netstat-an.
As we can see from the picture, the client computer and open a random local port open port 443 on the server side.
Is HTTPS (Hyper Text Transfer Protocol Secure) Safe?
To answer this question, let’s look at these experiments. In this experiment, there are two people in a wireless network and BadGuy NiceGuy.
NiceGuy try to open http://gmail.com then log into it. In different places, BadGuy in the same wireless network with NiceGuy as shown in the figure below:
When BadGuy try to capture all packets of data to / from the access point, it will be different when using an HTTPS connection to NiceGuy.
For details, let’s look at the picture below when NiceGuy Input username and password on the Gmail login page.
As you can see in the picture above, it uses https for the connection between client and web server. Then we will see what to do after NiceGuy BadGuy use HTTPS for its connection.
BadGuy like tools such as Wireshark, so he tried again to capture the data and hope there is something interesting in there.
BadGuy plain not find the data, any data sent to / sent from the server is encrypted. The picture above is the login information (possibly) data has been captured by BadGuy, but I think BadGuy can not break the encrypted data in just a few days / months / years, or maybe we could be called “impossible” (we still do not know when it is likely to enter into it).
Data packets are sent using encrypted HTTPS, people can not see the data packets in the public network. That’s why HTTPS is typically used for banking or transactions on the Internet, and also the login page or other pages need to encrypt data.
Hopefully we clarify all. The Different of HTTP and HTTPs