Socket / Http Request - sockets

What is the difference between using socket to connect to a site, and simply making an HTTP request?
Does the connection established by the sockets make it possible not to authenticate during the request?

What is the difference between using socket to connect to a site, and simply making an HTTP request?
The act of using socket to connect to a site is more basic than making an HTTP request — the former is required by the latter, since a HTTP/TCP request cannot be sent without an established connection.
Does the connection established by the sockets make it possible not to authenticate during the request?
HTTP neither implies authentication.

Related

How to handle HTTP CONNECT tunnel on client side?

I am adding support for HTTP CONNECT request to a client and I can't seem to handle the tunnel properly.
I am able to send a CONNECT request to the proxy which response with a status code of 200. This RFC tell me that the tunnel has been formed with the end server.
How do I use this tunnel from a socket perspective?
On the client side, the socket I opened receives the 200 response from proxy initially. After checking the response should I just send more data into that socket?
I tried this approach and the client just hangs. The data doesn't seem to reach the final server. How to use this socket to do normal HTTP(S) after the tunnel is created?
After checking the response should I just send more data into that socket?
Yes. If you are speaking HTTPS you now start a TLS handshake and then send a properly formed HTTP request and read the response, both via TLS.
I tried this approach and the client just hangs. The data doesn't seem to reach the final server.
So either your handshake was wrong or your HTTP was malformed.

Why do we need the HTTP CONNECT Tunnel in Fiddler?

I saw many Tunnel to host:443 in Fiddler traffic interception, when I click it I saw below info:
The selected session is a HTTP CONNECT Tunnel. This tunnel enables a client to send raw traffic (e.g. HTTPS-encrypted streams or WebSocket messages) through a HTTP Proxy Server (like Fiddler).
I also searched this -
Fiddler2: Decrypt HTTPS traffic and Tunnel to host:443
But these didn't answer my question, why do we need the HTTP CONNECT Tunnel? Why does a client need to send raw traffic?
See https://textslashplain.com/2015/11/19/understanding-connect-tunnels/
tl;dr: Browsers need to send CONNECT tunnel requests to proxies in order for the proxy to know to what server the traffic should be sent.
The encryption provided by HTTPS prevents the proxy server from seeing the URLs or HOST headers of the requests, and these are how a proxy normally decides where to send the requests. So, for HTTPS traffic, a different approach is needed-- that approach is that the client tells the proxy: "Hey, give me a tunnel to example.com and let me know when it's ready." The proxy does so and tells the client HTTP/200 Connection established. At that point, the proxy becomes a blind byte-shuffler that takes bytes from the client and sends them to the server and returns the bytes the server replied with back to the client.

HTTPS with PSK using Bouncy Castle

I have established a secure socket connection using the Bouncy Castle Pre-Shared Key.
I would like to know how to use this socket connection to send my http request securely.
I am using a apache http client for sending my http request.
IN short, I have to use https but with PSK Implementation of Bouncy Castle. It is easy to create a socket connection with PSK BC, but how to redirect http request through it ?
Used the conventional method of routing http message.
Once the TLS PSK socket connection is established, the http request is sent by writing HTTP message to the socket connection in http standard, that involves writing http Request Line first, followed by Request Headers, and a new line followed with the content, if any.
Then, at the server side, read the decrypted Http Request in the reverse direction.
Basically, had to implement the httpClient and httpServer using Socket Connection from basic.

Does client making asmx call use ephemeral port?

I have a client which makes asmx call to a server. I have a question regarding the port that need to be open at the client to communicate with the server.
In our scenario, we intend to keep all ports closed in the client (its inside the firewall). As per my understanding when client makes a asmx call to the server, it opens an ephemeral port at the client and the server will response back at this port.
So, do I need to open these port at the client?
You can customize this by setting the BindIPEndPointDelegate of the ServicePoint which is being used in the HttpWebRequest being used for the connection.
See Ways to Customize your ASMX Client Proxy for details of customizing the HttpWebRequest.

BOSH sessions shares the HTTP connections with other HTTP traffic

The documentation of BOSH mentions that, "Each BOSH session MAY share the HTTP connections with other HTTP traffic ..." . Could anyone explain it a little bit more?
In the case of keep-alive http connections to the XMPP server, the browser may use the connection to access other HTTP services on the XMPP server.