Currently we are working on web 2 and we are excited about web 3 and then jack dorsey says hey we are coming up with web 5 that is correct but then why do we need web 3 and web 5 when we have web 2.  web5 is here with web2+web3
 
Now think about this what is happening in the web 2 world now basically it provides you multiple services right so we have so many websites so many applications and they provide you some awesome services the only problem is for every different service you have to provide your information you share your personal information you share your post you share your photos you share your location and all this data is there with that particular website i mean that that is okay right not exactly you're not sure how they are using that data maybe they're using your data for marketing purpose they're using your data to sell to someone or they are using your data to influence you so that's one thing and again you might be thinking when you upload a photo on a website. web2


When you upload a post somewhere basically you own that data not exactly this company owns your data not just your post and photos your personal data as well so that's one issue the second issue is let's say if you are using a particular service maybe apple music so what you do is if you want to use that service you share information you share your email id phone number and all the details and then you are enjoying that particular service but what if you want to move to some other service again!! web3

You have to go to that particular website on an app you have to share your information then only you can access that particular service so basically if you want to switch you again have to share the information and this company they actually lock your data with them you can't even delete it and of course with the help of GDPR it may be possible but not in all the countries right so this company actually hold your information so can we do it this way can we just reverse it can we say hey let me hold my information. web2 tech

I have a box here in this box i will have my information and if you want to give that particular service you have to request for the service you have to request for the data i will give you data and then i'll be there of course when you don't have to share everything you just have to share that you have an identity and maybe a particular key and they can verify this is you what you're claiming to be right so that's the box.

I want that's the wallet that's the right word in the terms of web three we call it as a wallet which has your identity so that's why we were going for web3 right and that's where jack dorsey the founder of twitter says hey we have a better solution let's go for web 5 which is actually a combination of web 2 all the services and web 3 technology and that's your web 5 and this is actually built on bitcoin blockchain so basically web5 provides you with decentralized identity and the storage for your application to learn more let's go to that particular website so this is basically the company by jack dorsey a blockchain project company and it was formerly called as square and now we have a different name they're coming up with web five it's an extra decentralized web platform and you can see this is actually a combination of web 2 and web3. world wide web



If you want to learn more about it there's a amazing pdf available you can just explore that pdf in fact i will show you some introduction part as well now what they are providing you is first they are providing you with the wallets they are providing you with a decentralized web application uh in the web3 world we call them as dapps and they are also giving you decentralized web nodes the blockchain nodes actually if you explore this pdf which is an amazing pdf to go through so this is the same thing i've explained right so basically to access any a web you have to share information with each service but how about this can we just have one particular identity and we can share with multiple service and you don't even have to share information basically you will own your data and that's what i actually was talking about from a long time on this channel right basically we need privacy where you need to have a power where you need to have the hold on your own data.

image credit prototypr

 


So, we have talked about this this is actually web 2 and web3 which is creating web 5 and this is interesting so decentralized web application enables developers to write dapps or decentralized web application using the identifiers basically you'll be having your own identities and this identity is actually verifiable on the on the chain or on the network and important thing is they don't have a token here and don't think about the pricing of token or you know the inflation of tokens so that's a different thing.


We don't have any tokens here and it is decentralized web notes and they are combining everything to give you web five in fact this is just an introduction video of web5 i have not gone through the entire documentation how it will work how what kind of application you can build but this looks a promising start but again my bet is on web3 web5 is just an implementation just an idea so it's not a replacement for web3 in fact on twitter i saw this amazing tweet this is web one is scientists where in the driver's seat web 2 is techno entrepreneurs why the driver said web 3 is vcs because the entire web 3 is funded by vcs again it's a promising start but what about web five and jack dorsey said it is for the people uh people will be driving it and that looks promising so in future for sure we are moving from web 2 to web 3 it doesn't matter or i mean web 2 to web 3 or f5 so it doesn't matter whatever people are claiming about it's a scam or something you know maybe lack of knowledge but blockchain is there blockchain will be coming and then it will disrupt the entire ecosystem most of the companies are using private blockchains because they don't want to share the data with the world they want to use it for their own use cases maybe for supply chain maybe for hospital management or all those use cases and then for the consumer side.

 

Disclaimer

What is HTTP(S)?

What is HTTP? (HyperText Transfer Protocol)

HTTP is what's used whenever you view a website, developed by Tim Berners-Lee and his team between 1989-1991. HTTP is the set of rules used for communicating with web servers for the transmitting of webpage data, whether that is HTML, Images, Videos, etc. Learn about how you request content from a web server using the HTTP protocol

What is HTTPS? (HyperText Transfer Protocol Secure)

HTTPS is the secure version of HTTP. HTTPS data is encrypted so it not only stops people from seeing the data you are receiving and sending, but it also gives you assurances that you're talking to the correct web server and not something impersonating it.



When we access a website, your browser will need to make requests to a web server for assets such as HTML, Images, and download the responses. Before that, you need to tell the browser specifically how and where to access these resources, this is where URLs will help.

What is a URL? (Uniform Resource Locator)

If you’ve used the internet, you’ve used a URL before. A URL is predominantly an instruction on how to access a resource on the internet. The below image shows what a URL looks like with all of its features (it does not use all features in every request).

Scheme (http) - This instructs on what protocol to use for accessing the resource such as HTTP, HTTPS, FTP (File Transfer Protocol).

User (userNpass) - Some services require authentication to log in, you can put a username and password into the URL to log in.

Host (hackingtruth.in) - The domain name or IP address of the server you wish to access.

Port (80) - The Port that you are going to connect to, usually 80 for HTTP and 443 for HTTPS, but this can be hosted on any port between 1 - 65535.

Path (view-article) - The file name or location of the resource you are trying to access.

Query String (?id=10) - Extra bits of information that can be sent to the requested path. For example, /blog?id=1 would tell the blog path that you wish to receive the blog article with the id of 1.

Fragment (#task3) - This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page.

Making a Request

It's possible to make a request to a web server with just one line "GET / HTTP/1.1"

But for a much richer web experience, you’ll need to send other data as well. This other data is sent in what is called headers, where headers contain extra information to give to the web server you’re communicating with, but we’ll go more into this in the Header task.

Example

GET / HTTP/1.1
Host: hackingtruth.in
User-Agent: Mozilla/5.0 Firefox/87.0
Referer: https://hackingtruth.in/

To breakdown each line of this request:

• Line 1: This request is sending the GET method ( more on this in the HTTP Methods task ), request the home page with / and telling the web server we are using HTTP protocol version 1.1.
• Line 2: We tell the web server we want the website hackingtruth.in
• Line 3: We tell the web server we are using the Firefox version 87 Browser
• Line 4: We are telling the web server that the web page that referred us to this one is https://hackingtruth.in
• Line 5: HTTP requests always end with a blank line to inform the web server that the request has finished.

Example Response:

HTTP/1.1 200 OK
Server: Apache/2.4.46
Date: Fri, 09 Apr 2021 13:34:03 GMT
Content-Type: text/html
Content-Length: 98

<html>
<head>
    <title>HackingTruth</title>
</head>
<body>
    Welcome To HackingTruth.in
</body>
</html>

To breakdown each line of the response:

 

Line 1: HTTP 1.1 is the version of the HTTP protocol the server is using and then followed by the HTTP Status Code in this case "200 Ok" which tells us the request has completed successfully.

Line 2: This tells us the web server software and version number.

Line 3: The current date, time and timezone of the web server.

Line 4: The Content-Type header tells the client what sort of information is going to be sent, such as HTML, images, videos, pdf, XML.

Line 5: Content-Length tells the client how long the response is, this way we can confirm no data is missing.

Line 6: HTTP response contains a blank line to confirm the end of the HTTP response.

Lines 7-14: The information that has been requested, in this instance the homepage.

HTTP Methods

HTTP methods are a way for the client to show their intended action when making an HTTP request. There are a lot of HTTP methods but we'll cover the most common ones, although mostly you'll deal with the GET and POST method.

GET Request

This is used for getting information from a web server.

 

POST Request

This is used for submitting data to the web server and potentially creating new records

PUT Request

This is used for submitting data to a web server to update information

DELETE Request

This is used for deleting information/records from a web server.

HTTP Status Codes

In the previous task, you learnt that when a HTTP server responds, the first line always contains a status code informing the client of the outcome of their request and also potentially how to handle it. These status codes can be broken down into 5 different ranges:

100-199 -- Information Response	These are sent to tell the client the first part of their request has been accepted and they should continue sending the rest of their request. These codes are no longer very common.

200-299 -- Success	This range of status codes is used to tell the client their request was successful.

300-399 -- Redirection	These are used to redirect the client's request to another resource. This can be either to a different webpage or a different website altogether.

400-499 -- Client Errors	Used to inform the client that there was an error with their request.

500-599 -- Server Errors	This is reserved for errors happening on the server-side and usually indicate quite a major problem with the server handling the request.

Common HTTP Status Codes:

There are a lot of different HTTP status codes and that's not including the fact that applications can even define their own, we'll go over the most common HTTP responses you are likely to come across:

200 -- OK	The request was completed successfully.

201 -- Created	A resource has been created (for example a new user or new blog post).

301 -- Permanent Redirect	This redirects the client's browser to a new webpage or tells search engines that the page has moved somewhere else and to look there instead.

302 -- Temporary Redirect	Similar to the above permanent redirect, but as the name suggests, this is only a temporary change and it may change again in the near future.

400 -- Bad Request	This tells the browser that something was either wrong or missing in their request. This could sometimes be used if the web server resource that is being requested expected a certain parameter that the client didn't send.

401 -- Not Authorised	You are not currently allowed to view this resource until you have authorised with the web application, most commonly with a username and password.

403 -- Forbidden	You do not have permission to view this resource whether you are logged in or not.

405 -- Method Not Allowed	The resource does not allow this method request, for example, you send a GET request to the resource /create-account when it was expecting a POST request instead.

404 -- Page Not Found	The page/resource you requested does not exist.

500 -- Internal Service Error	The server has encountered some kind of error with your request that it doesn't know how to handle properly.

503 -- Service Unavailable	

This server cannot handle your request as it's either overloaded or down for maintenance.

Headers

Headers are additional bits of data you can send to the web server when making requests.

Although no headers are strictly required when making a HTTP request, you’ll find it difficult to view a website properly.

 

Common Request Headers

These are headers that are sent from the client (usually your browser) to the server.

Host: Some web servers host multiple websites so by providing the host headers you can tell it which one you require, otherwise you'll just receive the default website for the server.

User-Agent: This is your browser software and version number, telling the web server your browser software helps it format the website properly for your browser and also some elements of HMTL, JavaScript and CSS are only available in certain browsers.

Content-Length: When sending data to a web server such as in a form, the content length tells the web server how much data to expect in the web request. This way the server can ensure it isn't missing any data.

Accept-Encoding: Tells the web server what types of compression methods the browser supports so the data can be made smaller for transmitting over the internet.

Cookie: Data sent to the server to help remember your information (see cookies task for more information).

Common Response Headers

These are the headers that are returned to the client from the server after a request.

Set-Cookie: Information to store which gets sent back to the web server on each request (see cookies task for more information).

Cache-Control: How long to store the content of the response in the browser's cache before it requests it again.

Content-Type: This tells the client what type of data is being returned, i.e., HTML, CSS, JavaScript, Images, PDF, Video, etc. Using the content-type header the browser then knows how to process the data.

Content-Encoding: What method has been used to compress the data to make it smaller when sending it over the internet.

Cookies

You've probably heard of cookies before, they're just a small piece of data that is stored on your computer. Cookies are saved when you receive a "Set-Cookie" header from a web server. Then every further request you make, you'll send the cookie data back to the web server. Because HTTP is stateless (doesn't keep track of your previous requests), cookies can be used to remind the web server who you are, some personal settings for the website or whether you've been to the website before. Let's take a look at this as an example HTTP request:

Get / HTTP/1.1           (The client requests the
Host: Cookies.ht           webpage from 
User-agent: xyxyx          https:/cookies.ht)

HTTP/1.1 200 Ok                         (The server responds back with
Server: Apache/2.4.46                    a simple webpage with a form          
Date: Tue 18 Feb 2021 07:07:19 GMT        asking for the users name)
Content-Type: text/html; charset=UTF-8  

POST / HTTP/1.1                                (The client sends back the
Host: cookies.ht                                form with the name 
User-Agent: xyxyx                                set to atul)    
Content-Type: application/x-www-form-urlencoded
content-Length: 12  

name = atul

HTTP/1.1 200 OK                          (The server responds with a set
server: Apache/2.4.46                      cookie header telling the 
Date: Tue 18 Feb 2021 07:07:19 GMT          client to save the data
Set-Cookie: name=atul                        name=atul)
Content-Type: text/html; chatset=UTF-8


HTML DATA.........

GET / HTTP/1.1                         (On the next and every further
Host: cookies.ht                        requests the client send the
User-Agent: xyxyx                       cookie data back to the server)
Cookie: name=atul

HTTP/1.1 200 OK                        (The server then see the cookie data and
Server: Apache/2.4.46                        instead of displaying the form
Date: Tue 18 Feb 2021 07:07:19 GMT               it displays a welcome back message instead)
Content-Type: text/html; chatset=UTF-8 
Welcome back atul

Cookies can be used for many purposes but are most commonly used for website authentication. The cookie value won't usually be a clear-text string where you can see the password, but a token (unique secret code that isn't easily humanly guessable).

Viewing Your Cookies

You can easily view what cookies your browser is sending to a website by using the developer tools, in your browser. If you're not sure how to get to the developer tools in your browser, click on the "View Site" button at the top of this task for a how-to guide.

Once you have developer tools open, click on the "Network" tab. This tab will show you a list of all the 

Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



- Hacking Truth by Kumar Atul Jaiswal



I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)