Week 2 Solutions: HTTP
#Activity
#2.1 - Activity
We are given the IP 10.0.2.2. The default HTTP port is 80. We can use netcat to connect to the HTTP server:
> nc 10.0.2.2 80
Running netcat...
Do Ctrl + C to disconnectTry sending a GET request:
GET /
<p>Error: Use HTTP 1.1! You used HTTP/0.9 instead.</p>
Netcat exited with status 0We are asked to use HTTP 1.1. Try again:
> nc 10.0.2.2 80
Running netcat...
Do Ctrl + C to disconnect
GET / HTTP/1.1
HTTP/1.1 404 NOT FOUND
Server: Werkzeug/3.1.8 Python/3.12.13
Date: Wed, 08 Apr 2026 23:58:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 97
Connection: close
<p>Error: Host 'None' not found.</p>
<p>Did you mean 'sockets.net'? Set it as a Host header.</p>
Netcat exited with status 0We forgot to set the Host header! We try again with sockets.net as our Host header:
> nc 10.0.2.2 80
Running netcat...
Do Ctrl + C to disconnect
GET / HTTP/1.1
Host: sockets.net
HTTP/1.1 200 OK
Server: Werkzeug/3.1.8 Python/3.12.13
Date: Thu, 09 Apr 2026 00:01:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 226
Set-Cookie: mycookie=chocolate_chip; Path=/
Connection: close
<h1>Welcome!</h1>
<h2>Flag: cs118{2.1:1n1t14l_c0nn3ct10n}</h2>
<p>Hello! You've successfully connected to my http server! Now, revisit the server, but following my instructions, including the cookie via the Cookie header.</p>
Netcat exited with status 0Flag: cs118{2.1:1n1t14l_c0nn3ct10n}
#2.2 - Activity
Our HTTP response from the previous activity shows that a cookie was set:
Set-Cookie: mycookie=chocolate_chipThe HTML file tells us to revisit the server with the cookie included:
> nc 10.0.2.2 80
Running netcat...
Do Ctrl + C to disconnect
GET / HTTP/1.1
Host: sockets.net
cookie: mycookie=chocolate_chip
HTTP/1.1 401 UNAUTHORIZED
Server: Werkzeug/3.1.8 Python/3.12.13
Date: Thu, 09 Apr 2026 00:07:54 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 219
Connection: close
<p>cs118{2.2:c00k13s} Om nom nom - thanks for the cookie! Remember to keep sending this cookie every time! That being said, I don't know who you are. Can you set a user agent? Just set it to your name or something.</p>
Netcat exited with status 0Flag: cs118{2.2:c00k13s}
#2.3 - Activity
The HTML file received in the previous activity tells us to set a User-Agent header. We can set the header to our name:
> nc 10.0.2.2 80
Running netcat...
Do Ctrl + C to disconnect
GET / HTTP/1.1
Host: sockets.net
cookie: mycookie=chocolate_chip
User-Agent: Your CS 118 LAs
HTTP/1.1 200 OK
Server: Werkzeug/3.1.8 Python/3.12.13
Date: Thu, 09 Apr 2026 00:11:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 141
Connection: close
<p>cs118{2.3us34_4g3nt} Nice to meet you, Your CS 118 LAs!</p>
<p>Let's change paths, shall we? <a href="/new_path">Just click here!</a></p>
Netcat exited with status 0Flag: cs118{2.3us34_4g3nt}
#2.4 - Activity
The HTML file received in the previous activity tells us that our new path should be /new_path. Visit the new path in a GET request:
> nc 10.0.2.2 80
Running netcat...
Do Ctrl + C to disconnect
GET /new_path HTTP/1.1
Host: sockets.net
cookie: mycookie=chocolate_chip
User-Agent: Your CS 118 LAs
HTTP/1.1 200 OK
Server: Werkzeug/3.1.8 Python/3.12.13
Date: Thu, 09 Apr 2026 00:13:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 442
Connection: close
<p>cs118{2.4:7h3_p47h_n0t_t4k3n} You made it! Last request: make a POST request to this same endpoint (aka same path) with the data 'favorite_pet=cat' or 'favorite_pet=dog' or whatever your favorite pet is!</p>
<p>If you need help, check out <a href='https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/POST#url-encoded_form_submission'>https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/POST#url-encoded_form_submission</a></p>
Netcat exited with status 0Flag: cs118{2.4:7h3_p47h_n0t_t4k3n}
#2.5 - Activity
According to the HTML file received in the previous activity, we need to make a POST request to the same endpoint. The resource given tells us that a POST request with a URL-encoded form submission is formatted like this:
POST /test HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
field1=value1&field2=value2We can structure our POST request like the one above and submit our favorite pet:
> nc 10.0.2.2 80
Running netcat...
Do Ctrl + C to disconnect
POST /new_path HTTP/1.1
Host: sockets.net
cookie: mycookie=chocolate_chip
User-Agent: Your CS 118 LAs
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
favorite_pet=dog
HTTP/1.1 200 OK
Server: Werkzeug/3.1.8 Python/3.12.13
Date: Thu, 09 Apr 2026 00:22:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 109
Connection: close
<p>I love that! Congrats on making it all the way through! Here is your final flag: cs118{2.5:http_guru}</p>
Netcat exited with status 0Flag: cs118{2.5:http_guru}
#Cookies
#Cookies 1
When the user visits the site for the first time, the client sends a typical HTTP request with no Cookie header (5). Upon receiving the request, the server creates an entry in the backend database (4). The server then sends an HTTP response with a Set-Cookie header (6). The client receives the response and stores the cookie in a local file (2). When the user visits the site again, the client sends an HTTP request with a Cookie header (1). Finally, upon receiving the request, the server gets the cookie from its backend database (3).
Answer: 5,4,6,2,1,3
#Cookies 2
The four components of the cookie system are the backend database at the website (8), the Set-Cookie header in the first HTTP response (4), the cookie file kept by your browser (5), and the Cookie header in subsequent HTTP requests (1).
Answer: 1,4,5,8
#HOL Blocking
#HOL Blocking 1
A frame is a basic unit of communication. A message is composed of one or more frames. A stream is a virtual channel that carries messages in both directions.
Answer: 2,3,1
#HOL BLocking 2
If the third frame of O1 gets lost, none of the frames that come after this frame can be delivered before the loss is recovered (since we are running over 1 TCP connection). All frames for O2 and O4 are delivered before the third frame of O1, but this is not the case for O1 and O3. Therefore, only O2 and O4 can be delivered in full.
Answer: 2,4
#HTTP
#HTTP 1
A nonpersistent HTTP model with parallel TCP connections consumes a larger amount of server resources than a single persistent connection with pipelining. Since there are many small images and JS/CSS files, many TCP connections are created, each of which saves TCP state to memory. The large number of connections quickly exhausts server memory.
Answers may vary.
#HTTP 2
The components found in every HTTP/1.0 and later request message are those in the request line: the method, the path, and the HTTP version.
Answer: 4,5,6
#HTTP 3
The components found in every HTTP/1.0 and later response message are those in the status line: the human-readable status, the HTTP version, and the status code.
Answer: 1,6,8
#HTTP Delay
#HTTP Delay 1
Each large object is 8 Mb. The network bandwith is 10 Mbps. We can find the transmission time of one large object:
$$\frac{8 \text{ Mb}}{10 \text{ Mbps}} = 0.8 \text{ s}$$
It takes 0.5 seconds to establish the TCP connection required to request the initial index.html file. Each of the 8 large objects requires a new TCP connection, which takes 0.5 seconds to set up. Additionally, each of the large and takes 0.8 seconds to transmit. We can add up these values to get the total amount of time:
$$0.5 \text{ s} + 8(0.5 \text{ s} + 0.8 \text{ s}) = 10.9 \text{ s}$$
Answer: 10.9
#HTTP Delay 2
With the degraded bandwith, the transmission time of one large object increases:
$$\frac{8 \text{ Mb}}{1.25 \text{ Mbps}} = 6.4 \text{ s}$$
It takes 0.5 seconds to establish the TCP connection required to request the initial index.html file. The 8 parallel connections collectively take 0.5 seconds to establish the TCP connection and another 6.4 seconds to transmit the files in parallel. We can add up these values to get the total amount of time:
$$0.5 \text{ s} + 0.5 \text{ s} + 6.4 \text{ s} = 7.4 \text{ s}$$
Answer: 7.4
#HTTP Delay 3
It takes 0.5 seconds to establish the TCP connection. The bandwidth is 10 Mbps as in HTTP Delay 1, so it takes 0.8 s to transmit each of the 8 large files. We can add up these values to get the total amount of time:
$$0.5 \text{ s} + 8(0.8 \text{ s}) = 6.9 \text{ s}$$
Answer: 6.9
#HTTP Delay 4
The latency does not significantly improve in this scenario. In both cases, the total transmission time is the same, and this is the bottleneck since other delays are negligible.
Answers may vary.
#HTTP Versions
#HTTP Versions 1
HTTP/1.0 supports parallel connections.
Answer: 1
#HTTP Versions 2
HTTP/1.1 supports parallel connections, persistent connections, and pipelining.
Answer: 1,2,3
#HTTP Versions 3
HTTP/2 supports persistent connections, multiplexing, binary encoding, and header compression.
Answer: 2,4,5,6
#HTTP Versions 4
The first version of HTTP which allowed for virtual hosting is HTTP/1.1. This was enabled via the Host header.
Answer: 1.1,host