DEV Community

Cover image for Understand difference between HTTP and HTTPs
Akshay Rao
Akshay Rao

Posted on

Understand difference between HTTP and HTTPs

Introduction

In this we will see what will be the practical difference between http and https.

Procedure

Wireshark tool is used to capture the TCP packets and examine them.
There are two websites:-
1- (https disabled) 192.102.104.3

2- (https enabled)192.102.104.4

We will try to put our username:-bee and password:-bug in both the websites and examine each TCP packets.
Now i had to setup Wireshark to capture the packets as we put the username, password and click on Login.
Then the Wireshark catch this packet.
First let’s examine the HTTP website’s TCP packet but flowing the TCP stream.

By analysing the TCP/HTTP packet, we can see that the username and password are in text format.

Now we will put the same credentials in the https enabled website(192.102.104.4) and analyse the packet.

The whole HTTP/TCP packet is encrypted and none information is shared including the username and password.

Conclusion

This explains technically that using https enabled websites are better than using https disabled ones.
This experiment was done in ine.com website's pen-testing student course's lab

Top comments (0)