We can see this in more detail when using the command line tool “curl” which shows exactly the requests and responses: Your browser uses the host portion of the URL to determine what to put in the Host: header, so if you visit then the host header will be “ but when you visit the host header will be “104.124.13.124”. The server then knows which website you want, out of potentially thousands it might be hosting, and serves you the correct one. The way this works is that after establishing a connection, your browser sends a header called “Host” to the server, telling it which site it wants. If every website required its own unique address, then the shortage would be even worse. This allows a single IP address to host multiple sites, which is especially important with the legacy IPv4 protocol as there are a severe shortage of addresses. Well your browser is using version 1.1 or later of the HTTP protocol, and one of the features of HTTP/1.1 is virtual hosting. You get an error rather than the Microsoft site. If you were to monitor your network traffic, you would see communication between your machine and the addresses above.īut what if you put into the browser instead? It’s the same address, so it should display the same content right? Well, no… Your browser will then show the Microsoft website. So if you open up a browser, and put in your browser will look up the IP addresses, choose one of the 6 available, connect to it and request the page. If you perform a DNS lookup of you typically see 6 IP addresses, as below: Let’s take the Microsoft website as an example. The reason being that some protocols, most notably HTTP behave differently depending on how you address them. The traditional approach to a vulnerability scan or penetration test is to find the IP addresses that you want tested, throw them in and kick things off.īut doing a test based purely on IP addresses is a BAD IDEA and can often MISS THINGS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |