Initial Typing
As you type, the browser will attempt a search and display an auto complete result of the previously visited sites
Some browser does an actual search using the default configured search engine we will skip that part. This will have he same effect as next steps
URL PARSE
As you complete the phrase google.com and hit enter , the browser will parse and will figure out whether this is a url or a search term . It is a url so it will attempt to visit the website google.com
HTTP or HTTPS? Determine the port
The next step is to determine which protocol to use HTTP or HTTPS? to know that there is a protocol called HSTS list. It is a local list of websites that only need to communicate with HTTPS. Google.com is in the HSTS list so we will use HTTPS so we now know the port is 443! We need to figure out the IP address so we can establish the connection
DNS Lookup
To find out the IP address we do a DNS look up .first we ask the operating system, because the domain could be cached, we find that its not . The OS then looks through the hosts file and see if there is an hardcoded entry , there isnt.
Next the browser check if DoH is enabled DNS over HTTPS if yes then it communicate with the DNS provided (e.g cloud flair and ask for DNS) thats another TLS connection assume we are not using DoH Then we establish an insecure UDP request to port 53 on the default DNS Configured on our router (could be 8.8.8.8 or 1.1.1.1) that in itself is a connection so we need to send the packet..
TCP connection
We know the IP we know the port! we can now establish a connection, we also know that we should also do TLS since its HTTPS and our client is smart enough to do TLS 1.3 so we will first do 3 way handshake and establish a TCP connection between 10.0.0.2 port random 1234 and 4.1.2.3 port 443
TLS, ALPN, SNI
Assuming I’m using the latest browser so it supports TLS 1.3 and my server also supports TLS 1.3, next is Client Hello. Client generates a public and private key, merges public and private key in DH sends out public and merged keys which cannot be broken in a client hello. It also sends the supported cipher suites (supported for symmetric key algorithms) If TLS extensions are enabled such as ALPN & SNI the client also sends in the same request the host name google.com in the TLS client hello along with the fact that it actually supports HTTP2 (this might be different in Chrome since it uses HTTP/2 over UDP or QUIC)
First Request GET/
The client is now ready to send an actual HTTP data, so it builds header GET / since that is what we want to send, puts the hostname in the header and other stuff, checks if there are cookies and puts them, the whole thing is compressed and sent as a binary format. The data is then encrypted with the TLS symmetric key and sent..
The get request is then streamed into the HTTP/2 tcp connection and sent to the server.
HTML Parsing
Make multiple requests css? JS? Multiple streams?
If H1 then pipeline?
Note: Instead of google.com you should always try www.goggle.com on browser since www.google.com is in HSTS list and it will use https. google.com is not HSTS preloaded. This will avoid any MITM attack as it will be some http proxy and http proxy won't be able to see any encrypted packets.
As you type, the browser will attempt a search and display an auto complete result of the previously visited sites
Some browser does an actual search using the default configured search engine we will skip that part. This will have he same effect as next steps
URL PARSE
As you complete the phrase google.com and hit enter , the browser will parse and will figure out whether this is a url or a search term . It is a url so it will attempt to visit the website google.com
HTTP or HTTPS? Determine the port
The next step is to determine which protocol to use HTTP or HTTPS? to know that there is a protocol called HSTS list. It is a local list of websites that only need to communicate with HTTPS. Google.com is in the HSTS list so we will use HTTPS so we now know the port is 443! We need to figure out the IP address so we can establish the connection
DNS Lookup
To find out the IP address we do a DNS look up .first we ask the operating system, because the domain could be cached, we find that its not . The OS then looks through the hosts file and see if there is an hardcoded entry , there isnt.
Next the browser check if DoH is enabled DNS over HTTPS if yes then it communicate with the DNS provided (e.g cloud flair and ask for DNS) thats another TLS connection assume we are not using DoH Then we establish an insecure UDP request to port 53 on the default DNS Configured on our router (could be 8.8.8.8 or 1.1.1.1) that in itself is a connection so we need to send the packet..
TCP connection
We know the IP we know the port! we can now establish a connection, we also know that we should also do TLS since its HTTPS and our client is smart enough to do TLS 1.3 so we will first do 3 way handshake and establish a TCP connection between 10.0.0.2 port random 1234 and 4.1.2.3 port 443
TLS, ALPN, SNI
Assuming I’m using the latest browser so it supports TLS 1.3 and my server also supports TLS 1.3, next is Client Hello. Client generates a public and private key, merges public and private key in DH sends out public and merged keys which cannot be broken in a client hello. It also sends the supported cipher suites (supported for symmetric key algorithms) If TLS extensions are enabled such as ALPN & SNI the client also sends in the same request the host name google.com in the TLS client hello along with the fact that it actually supports HTTP2 (this might be different in Chrome since it uses HTTP/2 over UDP or QUIC)
First Request GET/
The client is now ready to send an actual HTTP data, so it builds header GET / since that is what we want to send, puts the hostname in the header and other stuff, checks if there are cookies and puts them, the whole thing is compressed and sent as a binary format. The data is then encrypted with the TLS symmetric key and sent..
The get request is then streamed into the HTTP/2 tcp connection and sent to the server.
HTML Parsing
Make multiple requests css? JS? Multiple streams?
If H1 then pipeline?
Note: Instead of google.com you should always try www.goggle.com on browser since www.google.com is in HSTS list and it will use https. google.com is not HSTS preloaded. This will avoid any MITM attack as it will be some http proxy and http proxy won't be able to see any encrypted packets.
No comments:
Post a Comment