Chapter 6. Web Servers
Web servers offer us more than the content of the web pages that I discussed in Chapter 5. As part of their transactions with browsers , they reveal information about themselves and offer important insights into the operation of server-side scripts that cannot be found in the web pages they produce. This chapter describes the various types of HTTP header and shows the important role they can play in Internet forensics.
Viewing HTTP Headers
In a typical HTTP transaction, the browser requests a specific page from the server. Along with the request, the browser sends several lines of header information. These tell the server what types of data the browser can handle, what type of browser it is, and so forth, which I discuss in detail in Chapter 7. The server responds with the content that was requested, but it precedes that with its own header lines. These are not usually revealed to the end user, but they can tell us a great deal about the server and the pages that it hosts.
Certain browsers are able to display these headers. Mozilla Firefox, for example, makes some of them available under the General tab of its Page Info window as shown in Figure 6-1.
Using a browser for this purpose can be convenient, but in order
to capture the headers directly to a file, a better solution is to
return to the command tool wget,
described in Chapter 5.
Supplying the -S option to wget causes the HTTP headers to be displayed at the same time as the content is saved to a file: ...
Get Internet Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
