What happens when you type google.com into your browser and press enter? (Detailed Analysis)

Hussein Nasser

1 Jan 202045:02

Summary

TLDRIn this comprehensive video, software engineering enthusiast Hussain delves into the intricate processes occurring when you enter 'google.com' into your browser and press enter. Emphasizing the networking and software engineering perspectives, Hussain breaks down the journey into eight detailed parts, excluding keyboard events and low-level operating system details. Starting with the initial URL input to DNS queries and TCP connections, he explains the protocols, ports, and secure communication steps involved. Highlighting aspects like HTTPS, HSTS, DNS over HTTPS, and the mechanics of TCP/IP communication, Hussain provides a deep dive into the technical underpinnings that make web browsing possible on a brand-new machine with the latest browser versions.

Takeaways

💻 The video explains the complex process that occurs when you type 'google.com' into a browser and press enter, focusing on the networking and software engineering aspects.
📈 It breaks down the process into eight detailed components, starting from the initial typing of the URL to the final rendering of the webpage.
🔍 The first step involves the browser's autocomplete feature that predicts the URL you're typing based on your browsing history.
🛩 Determining the protocol and port to connect to is crucial, with the browser defaulting to HTTPS (port 443) for security reasons, unless otherwise specified.
📶 DNS resolution is highlighted as a complex step, where the browser must find the IP address associated with 'google.com' to establish a connection.
📞 The video covers the transition from unencrypted to encrypted DNS queries, including DNS over HTTPS (DoH) and DNS over TLS (DoT), emphasizing privacy concerns.
🛫 Establishing a TCP connection and the TCP three-way handshake are essential steps for setting up a secure communication channel.
🔒 TLS (Transport Layer Security) setup is a key phase for encrypting data before transmission, ensuring secure communication between the client and server.
📨 The HTTP request, including GET requests for webpage resources, is sent over this secure channel, demonstrating how web content is requested and received.
👁‍🗨 The final steps involve parsing and rendering the webpage content in the browser, including executing JavaScript and displaying images and CSS.

Q & A

What is the main focus of the video?
-The main focus of the video is to explain what happens under the hood when you type google.com into your browser and hit enter, with a particular emphasis on networking aspects and software engineering.
Why were certain low-level details, like keyboard events and operating systems, excluded from the discussion?
-These details were excluded because the creator is more interested in the networking and software engineering aspects of the process, and deemed those low-level details as not relevant to the core focus.
How does the browser decide what to do when you start typing 'google.com'?
-The browser first checks your history for pages starting with 'g', showing an autocomplete list based on that. If nothing relevant is found in history, it may check a locally cached index or send a request to a server, depending on the browser's functionality.
What is HSTS, and why is it important?
-HSTS stands for HTTP Strict Transport Security. It is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks by enforcing secure connections, ensuring that browsers only use HTTPS to communicate with the website.
What determines whether the browser uses HTTP or HTTPS to connect to a website?
-If the URL entered doesn't specify a protocol (HTTP or HTTPS), the browser must decide which to use. Modern browsers default to HTTPS for security reasons, often guided by HSTS lists that enforce HTTPS for certain websites.
What is DNS, and why is it a crucial step in accessing a website?
-DNS, or Domain Name System, translates human-friendly domain names (like google.com) into IP addresses that computers use to identify each other on the network. It's crucial because it allows users to access websites using easy-to-remember domain names instead of numerical IP addresses.
What role does TCP/IP play in accessing a website?
-TCP/IP (Transmission Control Protocol/Internet Protocol) is fundamental to the operation of the internet, defining how data should be packeted, addressed, transmitted, routed, and received at the destination. A TCP connection is established between the client and the server for reliable communication.
Why is TLS negotiation important after establishing a TCP connection?
-TLS (Transport Layer Security) negotiation is important because it establishes a secure encrypted connection between the client and the server. This ensures that all data transmitted over the connection is secure from eavesdropping and tampering.
What is the significance of HTTP/2 in web communications?
-HTTP/2 improves the efficiency of web communications by allowing multiple simultaneous requests and responses between the client and server over a single TCP connection. This reduces latency, improves page load times, and enhances the overall user experience.
How do browsers decide to use HTTP/1.1, HTTP/2, or HTTP/3 for a connection?
-Browsers and servers negotiate the protocol version to use during the TLS handshake. The choice depends on the protocol versions supported by both the client and the server, with a preference for the most advanced version supported by both for efficiency and security reasons.

Outlines

00:00

🌐 Introduction to the Intricacies of Typing Google.com

The video begins by outlining the intent to explore the detailed processes that occur when google.com is entered into a browser's address bar. Inspired by Alex's GitHub page, which provides a thorough description of the event, the video aims to delve deeper into the networking aspects while omitting low-level details like keyboard events and operating system mechanics. The focus is on the networking and software engineering facets of what transpires behind the scenes. The narrative is set in either 2019 or 2020, using the latest versions of browsers like Chrome and Firefox, and is premised on the scenario of using a brand new machine and browser that has never visited Google before. The video is structured to break down the process into eight parts, promising a comprehensive walkthrough of each step involved in accessing Google's homepage.

05:02

🔍 From URL Typing to Protocol Determination

This segment details the initial steps from typing Google.com to determining the protocol and port for connection. It starts with the browser checking the user's history for autocomplete suggestions as soon as the first letter is typed. The video explains how the browser decides whether the input is a URL or a search term, and the subsequent action taken. It then covers the transition to determining the correct protocol (HTTP or HTTPS) and port (80 for HTTP and 443 for HTTPS) to use. The importance of HSTS (HTTP Strict Transport Security) is discussed, explaining how it forces browsers to use HTTPS for sites known to support it, enhancing security and mitigating man-in-the-middle attacks.

10:03

🌍 DNS Lookup and Establishing a Connection

This paragraph delves into the complexities of the DNS lookup process and establishing a connection to Google.com. It highlights the role of DNS in translating domain names into IP addresses, explaining the layered approach from browser cache to system files and potentially encrypted DNS queries. The discussion extends to the technicalities of DNS queries, including the use of UDP and the debates surrounding DNS over HTTPS (DoH) versus DNS over TLS (DoT). This step is crucial for initiating a connection by identifying Google's IP address, setting the stage for the subsequent TCP connection establishment and data transmission phases.

15:05

🔌 TCP Connection and Initial HTTPS Handshake

This part explains the intricacies of establishing a TCP connection with Google.com and the initial steps towards an HTTPS handshake. It outlines the necessity of a TCP connection for secure communication, detailing the three-way handshake process and the subsequent encryption negotiation. The discussion covers how the browser and server agree on encryption protocols and keys, emphasizing the significance of this phase in ensuring data privacy and integrity over the network. The section serves as a bridge to the comprehensive explanation of the TLS handshake and secure data exchange that follows.

20:06

🔐 Advanced Details of TLS Handshake

In this segment, the video provides an in-depth analysis of the TLS handshake process, crucial for establishing a secure connection. It covers the generation and exchange of keys, the negotiation of symmetric encryption for data transfer, and the selection of ciphers. The role of ALPN (Application Layer Protocol Negotiation) and SNI (Server Name Indication) in this process is also highlighted, explaining their importance in determining the specific protocols and domains for the secure session. This detailed exploration showcases the complex mechanisms at play to secure communication between the client and Google.com.

25:08

🌐 Sending the HTTP Request and Receiving the Response

This paragraph focuses on the final steps of sending the HTTP GET request to Google.com and processing the received response. It explains how, after establishing a secure TCP connection and negotiating TLS, the browser sends an encrypted HTTP request to the server. The server then responds with the requested web page, which is decrypted by the client. This section also touches on the use of HTTP/2 for efficient communication, describing how it allows multiple requests and responses to be multiplexed over a single connection. The explanation underscores the complexity and efficiency of modern web communication protocols.

30:09

🔧 Advanced HTTP/2 Features and Security Considerations

This segment elaborates on the nuances of HTTP/2, including server push capabilities and potential security implications. It discusses how servers can preemptively send resources to clients, potentially improving load times. Additionally, it addresses security features like content type headers to prevent MIME sniffing attacks, illustrating how browsers and servers work together to ensure data integrity and privacy. The detailed overview of HTTP/2's features and the emphasis on security measures highlight the ongoing evolution of web standards to enhance performance and safeguard user data.

35:10

🖥️ Comprehensive Breakdown of Web Page Rendering

The final part of the video script offers a comprehensive breakdown of the web page rendering process once the data is received from Google.com. It delves into how the browser interprets the content type of the received data, parsing HTML, executing JavaScript, and rendering images based on the MIME types. The discussion also revisits the potential for HTTP/2 server push to optimize resource loading and the complexities involved in secure, efficient web communication. This conclusive segment underscores the intricate web of processes that work in concert to display a web page, from initial request to final rendering, highlighting the complexity behind seemingly simple user actions like typing Google.com into a browser.

Mindmap

Keywords

💡DNS (Domain Name System)

DNS is a hierarchical and decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. In the video, DNS is described as a critical step in the process of accessing a website like google.com. The narrator explains how the browser checks its cache, the operating system, and then potentially makes a query to a DNS server to resolve the domain name into an IP address, emphasizing the significance of DNS in establishing a connection to a website.

💡HTTPS (Hypertext Transfer Protocol Secure)

HTTPS is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). The video highlights the importance of HTTPS in providing a secure connection to google.com, indicating how browsers decide whether to use HTTP or HTTPS based on factors like the presence of the site in the HSTS list, which enforces secure connections.

💡HSTS (HTTP Strict Transport Security)

HSTS is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. The video discusses how browsers use HSTS lists to determine whether to connect to a site using HTTPS, highlighting the role of HSTS in enhancing web security.

💡TCP/IP (Transmission Control Protocol/Internet Protocol)

TCP/IP is a set of communication protocols used to interconnect network devices on the internet. TCP/IP can also be used as a communications protocol in a private network (an intranet or an extranet). When you access a website, your browser uses TCP/IP to make a connection to the server and send requests and receive responses. The video describes the process of establishing a TCP connection, emphasizing its importance in the data exchange between the client (browser) and the server (google.com).

💡IP Address

An IP address is a unique address that identifies a device on the internet or a local network. IP stands for 'Internet Protocol,' a set of rules governing the format of data sent via the internet or local network. The video details the necessity of resolving a domain name to an IP address through DNS to establish a connection, underlining the concept that IP addresses are crucial for the browser to connect and communicate with the server hosting google.com.

💡TLS (Transport Layer Security)

TLS is a cryptographic protocol designed to provide communications security over a computer network. Websites use TLS to secure all communications between their servers and web browsers. The video discusses establishing a TLS connection as a step after establishing a TCP connection, emphasizing TLS's role in encrypting data and ensuring secure communication between the client and google.com.

💡HTTP/2

HTTP/2 is the second major version of the HTTP network protocol, used by the World Wide Web. It brings key improvements over HTTP/1.x such as reduced latency by enabling full request and response multiplexing, more efficient use of network resources, and improved perceived performance of web browsing. The video explains how after establishing a secure connection, the browser might use HTTP/2 to communicate with google.com, taking advantage of its benefits for faster and more efficient data exchange.

💡SNI (Server Name Indication)

SNI is an extension to the TLS protocol that indicates which hostname the client is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. The video references SNI in the context of TLS handshaking, showing its importance in the modern web where a single server can host multiple secure websites.

💡NAT (Network Address Translation)

NAT is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The video illustrates how NAT is used in the process of establishing a connection to google.com, especially in translating the private IP addresses of devices on a local network to a public IP address before the data leaves the network.

💡SSL Stripping

SSL stripping is a technique for circumventing the security enforcement of SSL/TLS by converting a secure HTTPS connection into an unsecured HTTP connection. This man-in-the-middle attack can lead to sensitive information being transmitted in plain text and easily intercepted. The video briefly mentions SSL stripping when discussing the importance of HTTPS over HTTP, underlining the security risks associated with not securing web communications.

Highlights

Introduction to the intricate process that unfolds when typing google.com in the browser.

Differentiation between history lookup and autocomplete in the browser.

Explanation of how the browser decides whether input is a URL or search term.

Discussion on protocol determination, emphasizing HTTP vs HTTPS.

Introduction of HSTS to enforce secure connections.

Deep dive into DNS resolution and caching mechanisms.

Exploration of DNS over HTTPS and DNS over TLS controversies.

Explanation of UDP packet handling for DNS queries.

Detailing the process of MAC address resolution and IP packet forwarding.

TCP connection establishment through a three-way handshake.

Discussion on the intricacies of TLS and secure communication setup.

Presentation of HTTP/2 and its benefits for optimizing web traffic.

Handling of HTTP GET requests and server-client communication.

Details on the rendering and parsing process in the browser.

Consideration of HTTP/2 server push and its impact on web performance.

Transcripts

00:00

in this video i want to go through what

00:02

really happens under the hood when you

00:05

type google.com

00:07

and you hit enter in your browser this

00:10

video is inspired by alex's github page

00:13

below i'm going to reference it below it

00:15

has a great detailed description of what

00:18

really happens when you do that thing

00:20

right i did however add more details

00:23

like the networking aspects of things

00:25

and i also removed stuff that like

00:27

keyboard events and low-level operating

00:29

systems that i i don't really care about

00:31

i i'm really interested in the

00:32

networking aspect and the software

00:35

engineering aspect of it all right so if

00:37

you're interested to know what really

00:39

happened when you type google.com and

00:40

hit enter stay tuned are you here

00:43

welcome my name is hussain and this

00:45

channel we discuss all sorts of software

00:47

engineering by example so if you want to

00:49

become a better software engineer

00:51

consider subscribing and hit that bell

00:52

icon so you get notified every time i

00:55

upload a new software engineering video

00:57

with that said let's just jump

00:59

into this video

01:00

all right i'm gonna break up this video

01:02

into eight parts eight components to

01:05

talk through right and we're gonna go

01:07

through each component one by

01:10

one and i am assuming that i'm hitting

01:13

google.com it is 2020 or 2019 latest so

01:18

it's i'm using the latest chrome version

01:20

the latest there is a firefox version

01:22

i'm not going to specify which browser

01:23

i'm going to use because i'm going to

01:24

talk i want to talk through different

01:26

browsers technologies and

01:29

that is the most important thing this is

01:31

a brand new machine assuming this is a

01:32

brand new machine this is a brand new

01:34

browser i never visited google

01:37

ever i this is a brand new machine

01:39

nobody ever opened the browser so

01:42

google.com will be the first page i ever

01:45

visit okay so that's that's the caveat i

01:49

want it i want to go that's the context

01:51

i want to go through okay that's there

01:53

first step initial typing you start

01:56

typing g

01:57

o o g l e dot com you start typing and

02:01

the first letter you type g

02:04

what happened is

02:06

many things

02:07

the browser will either start looking

02:10

for your history and pages that start

02:13

with the letter g

02:15

in your recent visited history and start

02:17

showing you an autocomplete list

02:20

or

02:21

some browser will actually do a search

02:26

to an index that is local through this

02:29

locally searched index that is cached

02:32

some browsers might actually send the

02:34

request to a server to this default

02:37

search engine

02:39

baked into the browser right i'm not

02:42

going to go through any of those i'm

02:43

going to go through the first step where

02:45

you're listing the visited

02:48

the history of the pages that you

02:50

visited okay let's assume that so you're

02:51

getting a list of the visual pages which

02:54

is nothing because universe visited any

02:55

pages okay so all right so

02:58

that's the first step

03:04

you finished typing google.com second

03:06

step google.com has finished typing in

03:09

and you're about to hit enter you didn't

03:12

add any http slash you didn't add

03:14

anything you just type google.com and

03:16

hit enter so the browser does is now it

03:20

accepted that that's what alex is start

03:22

explaining it's like okay there's a

03:24

keyboard event that you're listening to

03:25

i don't want to go through this i want

03:27

to go through actual networking aspects

03:30

and the software engineering high level

03:31

stuff right so you hit that now you have

03:34

google.com as a string

03:36

the browser will stop parsing this thing

03:38

and it asks a question

03:39

is this a url or is this a search term

03:43

all right if it's a search term it

03:45

actually does a search and i'm not gonna

03:47

go through that okay if it's a url it

03:50

visits that page all right it starts the

03:53

process to visit the google.com page

03:56

okay and we're going through this route

03:58

okay we're going to google.com it's a

04:01

page i figured out it's a page it's a

04:03

website so i want to establish a

04:05

connection with that website and i want

04:08

to send a get request to that website so

04:10

that's the next thing we need to do okay

04:12

so step two done okay we know it's a url

04:15

we know it's a page

04:17

let's go ahead and visit it

04:23

third step

04:25

determining which protocol

04:27

and which port to connect to right

04:31

why do we need to know which protocol

04:33

well we know it's a page so it's either

04:35

http or https so that's the trick is it

04:38

http unencrypted port 80 or is it https

04:44

encrypted on port 443

04:46

because

04:47

the user didn't tell us it only he only

04:50

or she only told us google.com it didn't

04:53

tell us http colon slash slash that

04:56

would be easier for the browser right or

04:58

it didn't say https colon slash slash

05:02

google.com it says just google.com so

05:04

the browser has to figure out what's the

05:07

protocol okay and by default

05:10

prior to certain version

05:12

browsers were always going to uh

05:16

http let's always assume that it's http

05:18

which is unencrypted that causes a lot

05:21

of man in the middle attacks

05:23

and we we talked about a video called

05:25

ssl stripping and hsts i want you to go

05:28

and check our video out to learn more

05:30

about why it is bad to visit for the

05:33

user to visit a as website as a plain

05:35

http it's so bad right

05:39

even that the web server has actually

05:40

supports https right so

05:44

this the browser invented concepts

05:46

called hsts and we made a video about

05:48

that i'm going to reference it below go

05:50

ahead and check it out but hsts stands

05:53

for http strict transport security and

05:57

it's essentially a list that the

06:00

browsers keep

06:02

cached in it's

06:04

in a local database and it has the most

06:08

famous

06:09

web pages that forces

06:12

users or clients to communicate only

06:14

through https

06:17

so what does what the client does is it

06:19

looks through this list and says hey is

06:22

google.com an https site or is just a

06:25

normal http if if found that in hsts

06:29

list then

06:31

it uses the https protocol

06:34

that means the port will be 443 okay if

06:37

it if it's not in the list then it will

06:39

be forced to use http which is unsecure

06:43

which which means that the port is 80.

06:46

okay so that is essentially the step so

06:50

i know the protocol now let's assume we

06:52

went through the https part okay which

06:55

is port 443 and i know it's secure so

06:58

now i will only establish a secure

07:01

communication to the google.com first

07:05

right before i actually establish

07:08

i do anything i need to establish a

07:10

communication if animatic i'm gonna have

07:13

to start adding a lot of f's here right

07:16

if google.com was not in the hsts list

07:19

then the protocol will be http then the

07:23

port will be 80 then the tcp connection

07:26

will go through the 80 port which is a

07:28

completely different connection okay

07:31

we're going through https let's jump

07:34

into it step four

07:40

dns the most complicated step here okay

07:44

here's the thing

07:45

dns domain name server okay or systems

07:50

i know google.com

07:51

i know the port i know the protocol the

07:54

port is 443

07:56

the protocol https but i don't know the

07:59

iep i need to know the ip address in

08:02

order to communicate with google.com

08:05

right because that's how how tcp works

08:08

right everything's through tcp the

08:10

network layer i need to know the iep

08:11

address and you know the ipads i know i

08:13

need to know even something lower than

08:15

that called the mac address which we're

08:16

going to talk about in a minute

08:18

so how do i know the ip address of the

08:20

google.com i ask a dns query and here

08:23

are the layers of dns right first thing

08:26

the browser will check okay google.com

08:28

do i have an ip address for google.com

08:31

ever right

08:33

it's a it's it's in its own cache it has

08:35

its own cache of this local dns right

08:39

every browser have that it says hey did

08:40

i ever visit google.com well no if it

08:43

did we're gonna pull up the ipads from

08:45

its cache which is very quick

08:47

if it doesn't right which which is our

08:50

case because we never opened any page

08:53

before right it's going to move to the

08:55

next thing it's going to ask the

08:55

operating system hey

08:57

os

08:59

do you know this google.com thingy ever

09:02

and uh i don't know if you hacked ever

09:04

by a windows machine old days in the 90s

09:07

there's a host's file we always used to

09:10

play with that file and that's

09:11

essentially a mapping between a host and

09:14

it's ip you can hard code that list in a

09:16

host file and we used to do it in all

09:19

the time we can we can we can fix the

09:22

fix an ip address for a given especially

09:24

when we do an online gaming bet on 90 we

09:26

want to force an ip address that is

09:28

highly available we were doing all this

09:30

goofy stuff back then all right so

09:34

the host file it looks through the host

09:36

file is google.com in the host file is

09:38

there an ip address associated with it

09:41

well obviously we don't have anything in

09:43

the host file so it jumps and here's the

09:45

thing

09:46

there is something new wish there's a

09:50

and there are a lot of drama

09:53

people talking about is called

09:55

dns over https and there's another thing

09:58

called dns over tls okay there's a lot

10:01

of drama controversy around this stuff

10:03

right some people wants one over the

10:06

other here's the thing about dns guys

10:08

dns if you don't know is a udp

10:11

service uh listening on portfolio 53

10:14

okay

10:15

and it's unencrypted so anyone can know

10:19

which

10:21

domains you're going anyone on the

10:23

internet if you're using dns right

10:25

people know that you're going through

10:27

dns okay well

10:29

there's a question mark there but sure

10:32

okay so dns requests

10:34

are visible to your isp so all your isp

10:36

your work actually know which page

10:40

you're going to you're going to

10:41

facebook.com you're going to google.com

10:43

but they cannot know these days 2019

10:46

2020 they they cannot see what you're

10:48

searching for right let's be honest

10:50

unless they're using a terminating proxy

10:53

a tls proxy terminating proxy that

10:56

if they are not

10:58

then they cannot see anything except

10:59

this thing and people are starting to

11:01

solve this problem the dns encrypted

11:03

versus unencrypted so how do they solve

11:05

it

11:06

two technologies were involved

11:09

dns over tls so let's establish a tls

11:11

connection and do dns over that or let's

11:14

do dns over https because

11:17

it's just we noticed dps

11:20

we can use http 2 because beautiful

11:22

bi-directional streaming technology and

11:25

we can stream over that okay so we we

11:27

can use the existing tech why do we have

11:30

to create a custom port for dns right

11:33

and there's a file between networking

11:35

admins and and and the web

11:38

security gurus right

11:40

and i kind of leaned towards doh to be

11:44

honest

11:45

the the admin guys want to know to not

11:48

to monitor but because they can't but

11:50

they want to see dns requests

11:53

they want to differentiate dns requests

11:55

from regular network web traffics right

11:58

okay and if you're using doh you cannot

12:01

do that right you just hide all the dns

12:03

requests will become

12:05

normal stuff right so long story short

12:08

doh right if the browser supports doh

12:12

which is dns over https

12:16

it will

12:17

do that through the dos right the dns

12:21

is going to do the dns over https so it

12:24

will see what is your default https dns

12:27

provider maybe cloud frame maybe google

12:30

and it will establish a tls connection

12:32

that's a different thing i'm not going

12:33

to talk about it right and it's going to

12:35

do the dns over there

12:37

let's assume it's disabled which is as

12:39

if 2019 december

12:42

27 today right 27 december 27th 2019

12:47

this thing is disabled by default right

12:49

a lot of problems right so it's still

12:51

controversy right so it's disabled so

12:53

let's assume it's disabled on my browser

12:55

so i'm not going to do a encrypted dns

12:57

so people will see my request so the

12:59

final step is to actually do a dns so

13:02

what do we do is we're going to do a dns

13:05

to find out my ip address you see how

13:08

complicated this thing is guys right i

13:10

hope you're still watching this video

13:12

because

13:13

it is is a long process i'm just talking

13:15

about and i'm skipping through so much

13:17

stuff okay so if i'm connecting to a

13:21

if i'm connecting

13:23

if i want to know that google.com ipad

13:25

is i'm going to establish a udp there's

13:28

no udp connection by the way it's just

13:30

i'm going to send a udb

13:33

datagram user datagram to

13:36

the my default dns provider which

13:39

usually is configured on my router which

13:41

is usually provided my

13:44

by my isp which is in this case a

13:47

frontier i did change mine to b111

13:52

which is the cloud frayer default

13:54

dns

13:57

right

13:58

okay

13:59

so my dns is one one one one okay

14:03

1.1.1.1 or maybe yours could be google

14:06

so a2.8.8.a

14:08

okay so you have to know the ip address

14:10

of the dns because you want to send a

14:12

packet so what do you do

14:14

you send a packet right so

14:16

let's go through that okay let's go

14:18

through the details of how do we send a

14:20

a packet

14:22

to

14:24

1.1.1.1 on port 53. okay

14:28

so i am a client right

14:30

and let's assume my machine here that's

14:33

the first communication with the outside

14:34

world here guys right

14:36

let's assume my ipad is 1002

14:40

and my gateway which is the router is

14:42

100

14:44

and the dns provider that i want to

14:46

communicate with is

14:47

1.1.1.1 okay and my mac address is aaa

14:51

and

14:52

my router mac address is ff right and

14:54

that's

14:55

all what we need to know so far okay i

14:57

want to send a udp request what do we do

15:00

we

15:02

create an ip packet okay and the iep

15:05

packet will have in its layer three will

15:08

have the destination ipad is saying

15:10

1.1.1.1 okay

15:13

and it will have the port 53 and the

15:16

source

15:17

ip will be 1001 which is me i am the

15:20

client and the port the source port will

15:23

be a random port let's say three three

15:26

three three okay random okay

15:28

so now

15:30

what we do is

15:32

before we send that packet we need to

15:34

encapsulate into a frame okay and the

15:36

frame is a layer two thingy okay which

15:39

needs a mac address right what the heck

15:41

is the mac address for 1.1.1.1 so we

15:44

asked ourselves this question and he

15:45

says well

15:47

1.1.1.1 is not in my subnet which is

15:49

1001 because i my subnet mask does not

15:53

fit this thing right so since it's not

15:56

in my subnet i cannot send it locally so

15:59

i cannot know it's my address so who the

16:02

heck knows the mac address of this thing

16:05

i don't know right the answer to that is

16:07

the gateway okay if you don't know where

16:10

to send it you always send it to the

16:12

gateway and my gateway is

16:14

10.0.0.1 which is my router right

16:17

usually usually it's my router and and i

16:20

have like just a plain router in this

16:22

case okay sweet

16:24

right so

16:25

i know that my router mac address is ff

16:28

so i'm going to send it to raw my router

16:30

my source is a a mac address and i send

16:33

it to the router

16:34

the router will receive the packet right

16:36

and says okay you want to i received the

16:39

packet the frame right it's ff but i

16:41

look at it and you is

16:44

it looks like the client want to go to

16:45

1.1.1.1

16:47

okay so what do we do how do we send it

16:50

to 1.1.1 i'm going to take care of this

16:52

i'm going to go through it and do it

16:53

exactly the same process is this in my

16:55

subnet right

16:57

but

16:58

i need to do some changing first i'm

17:00

going to do a nat because i cannot send

17:02

this packet on the internet naked like

17:06

that because who the heck knows what the

17:08

source

17:10

ip10.0.0.2 is because that's my that's

17:13

an internal thing so we need to change

17:15

it to the public ip of the router which

17:18

is i forgot to say but it's 44.1.2.4

17:22

so i'm going to change that thing and

17:24

i'm going to send it through the wire

17:26

and then and then i'm going to use the

17:28

same port 3333 and i'm going to add a

17:31

nat table this thing network address

17:33

translation because i need to remember

17:35

it's because it's a very stateful thing

17:37

right the whole thing i'm going to add

17:39

an entry in my nat table saying that hey

17:42

1002 on port 333 is actually going to

17:46

one one one one on port 53 and it's

17:48

going and i converted it to my powerball

17:51

so whenever we give back a response

17:54

we're gonna forward this to swizzle it

17:55

back and send it back to the client

17:57

because that's what we do so we send it

17:58

over we communicate with the one one one

18:00

one and we get a response okay

18:03

we get back a response saying hey

18:05

what is google.com

18:07

right is google.com we received the ip

18:10

errors from google.com and it is

18:12

4.1.2. and we receive a response and the

18:16

1.1.1 server will actually reply to my

18:20

public router

18:22

saying that hey this is my response for

18:24

the 21.23 is the answer you're looking

18:26

for distance to forty four one two four

18:28

on port three three three three because

18:30

that's the port i am looking for again

18:32

the dns doesn't know my client which is

18:35

ten zero zero two it knows only the

18:36

router the router receives it and says

18:38

oh port 333 oh yeah i know where this is

18:41

going this is supposed to go to ip

18:43

address 1002 because i looked up the nat

18:45

table and then it goes back and then

18:47

goes to that

18:48

and the router

18:50

just forwards back the packets right and

18:53

it does maybe another arp request and it

18:55

sends the information back to the client

18:59

okay

19:00

now

19:01

i know

19:02

the ip address

19:04

of google.com

19:07

how long was that okay that was a long

19:09

time all right all right dns done step

19:12

four done

19:18

now next tcp connection the most

19:20

interesting part tcp what do we do with

19:22

the tcb guys the tcp connection is

19:26

to establish a tcp connection

19:28

unlike the udp as there's no it's a

19:30

connectionless system i know we made a

19:32

video between tcp and udp i'm going to

19:33

reference it here but gcp is a

19:35

connection system so there's a three-way

19:37

handshake that happens and i'm not going

19:38

to go through details about this but if

19:41

i establish a tcp connection

19:43

i need to tell you the ip address where

19:45

i'm going which i know now

19:47

right it is

19:48

4.1.2.3 that's the ip address of google

19:51

okay so 4.223 which port i'm going to go

19:55

to port 443 because i want to go

19:57

securely https

19:59

what's my internal ip address it is

20:03

10.0.0.2 okay and what's my internal

20:06

round random port number that's a

20:07

different port because the 333 was

20:09

reserved for something else i'm gonna

20:12

use

20:13

two two two two okay two two two two

20:16

four twos

20:17

send it okay so

20:19

again do the same thing right is 4.1.23

20:24

is in mind subnet no it's not so i

20:28

cannot send it directly right

20:31

i cannot do an arp request on this

20:33

address resolution protocol so what do i

20:35

do

20:36

i need

20:37

to send it to who the gateway what's my

20:40

gateway mac address it's it's 10 0 0 1

20:43

which i did an r before and i found out

20:46

it's an ff so i know the mac address of

20:48

this thing and i'm going to send that

20:50

packet to my router instead my router

20:53

receives that thing and it looks at it

20:55

and says yeah you want to go to 4.1 due

20:58

to three on port 443

21:02

and you are 1002 i'm sorry i cannot send

21:05

you naked like that i need to change

21:07

your source ip address to mine which is

21:10

public i know how to talk to the

21:11

internet it's very dangerous to go out

21:14

there like that so i'm going to change

21:16

you to 44.124 which is my public ip

21:19

address

21:20

and i send

21:22

that information and then the port the

21:24

internal port is 2222 so i'm sending it

21:26

to 44123 and then

21:29

we send it over okay

21:31

now that's just the one single tcp

21:34

connection establishment

21:36

the reverse comes back again

21:38

right

21:39

and then we establish a tcp connection

21:42

so let's assume this happened right so

21:44

the three-way handshake happened now

21:47

we have a full

21:49

tcp connection between a client and

21:52

google.com which is four one two three

21:54

okay and there's a nat table in the

21:56

router telling that hey four four three

21:59

four one two three

22:02

public ipr is four four one two four

22:04

which is me on port two two two two is

22:07

actually

22:07

ten zero zero two which is that client

22:10

type address okay now we have a tcp

22:13

connection

22:14

we did rp within an rp we did a nat

22:19

which is a network address translation

22:21

there's a thing that can happen here

22:23

right let's let's throw a monkey wrench

22:25

what if my client has a proxy in it if

22:28

it if that client has a proxy

22:32

what type of proxy is it a sox proxy is

22:35

this an https proxy is this an http

22:38

proxy okay

22:40

if it's an http proxy nothing changes

22:43

because i'm using https still

22:45

communicating google directly if i'm

22:47

using https proxy then the destination

22:51

will be the ip address of the proxy and

22:55

instead the ip address of google.com

22:58

okay

22:59

i'm not gonna go through that path

23:01

because that will take me another hour

23:02

to explain okay made a lot of videos

23:04

about proxies check them out guys

23:07

let's throw another monkey wrench let's

23:09

assume we're communicating through http

23:12

1-1 which is unsecure

23:14

which which we are not by the way but

23:16

let's assume right so since we assume

23:21

since we established one tcp connection

23:23

if we already communicated with http 1 1

23:27

then we the browser might actually

23:29

establish five other tcp connections

23:32

because

23:33

this is how browsers does pipelining

23:36

again something not we're not going to

23:38

talk about this so the browser can send

23:41

multiple requests at the same time to

23:43

multiple tcp connections instead of

23:45

waiting right i talked about that in the

23:47

http videos go check them out cool

23:51

enough monkey wrenches jump to the next

23:54

step we have a tcpa connections what's

23:56

next i still didn't send a single byte

23:58

of data yet guys right i have a tcp

24:01

connection of bi-directional between my

24:04

client

24:05

and the google.com i have it it's nice

24:07

it's just swizzled between

24:09

many routers like there's like a lot of

24:12

nat tables and routers and changing

24:14

everything is a stateful thing between

24:17

me and the google.com

24:23

tls

24:25

here's the interesting part the next

24:27

step after the tcp connection is

24:30

immediately we're going to establish the

24:33

tls

24:34

connection which is the encryption which

24:36

is transport layer security and i made a

24:38

video about the ls i'm going to

24:39

reference it here if you want to know

24:40

the details of it

24:42

but here's in a nutshell i'm assuming

24:44

that my browser is the latest it's 2020

24:47

almost so

24:49

i'm using tls 1.3 it will be

24:52

embarrassing if google.com doesn't

24:54

support ts 1.3

24:56

which i'm pretty sure they do okay so

24:58

they do even my my my

25:01

my site supports ds 1.3 for god's way

25:04

okay so

25:05

i'm assuming i'm version 1. try 1.3 so

25:08

let's just say so it's

25:10

this is the latest stuff it's a single

25:12

round trip to do everything let's go

25:14

through it

25:15

okay so version is 1.3 so i'm going to

25:18

send the first thing i'm going to send

25:20

is

25:20

yo

25:22

client hello to do the client hello that

25:25

first request after the tacp established

25:30

is here's the things

25:32

i'm going to establish a public key and

25:34

a private key

25:36

right in my client and i'm going to

25:39

merge them

25:40

because i'm going to do a diffie-hellman

25:41

i'm going to merge these skills through

25:43

magic mathematics all right i'm going to

25:45

these two numbers that i just generate

25:47

the huge prime numbers when merged they

25:50

cannot be broken they can they can be

25:52

merged right but that's very difficult

25:55

to break them okay

25:56

that's the first information that we

25:58

need to send okay

26:00

the second information we need to sing

26:01

is the public key itself that we

26:03

generated okay so we send public key and

26:06

we send the merged information of the

26:08

two and we send it but before we send it

26:12

we also send some information says hey

26:14

server

26:16

we're doing this handshake so we can

26:19

agree on a symmetric key to encrypt our

26:21

stuff right in order to encrypt our

26:24

stuff right what do we do

26:26

we need to agree on a symmetric key okay

26:30

in order to agree on symmetric key we

26:32

need to agree on a symmetric key we need

26:34

to establish this symmetry key so that's

26:35

why i'm doing all that stuff i'm going

26:37

to send you this merged

26:39

keys

26:40

and i'm going to send you the public key

26:41

which even if someone sniffed the public

26:43

key it's public anyway who cares even if

26:46

someone sniffed the merch key they

26:47

cannot get anything over because it's

26:49

extremely difficult to break those two

26:51

numbers okay it's like there's a magic

26:53

mathematics that i don't understand okay

26:55

and i'm gonna also tell you what ciphers

26:57

i support for this symmetrical

26:59

information that we can agree on i

27:01

support eas i support ds hopefully not

27:04

okay it's about blowfish i don't know

27:07

what other symmetrical

27:09

ciphers are there there's a lot of fancy

27:11

stuff

27:12

okay es 256 maybe maybe more than that

27:16

okay and then i'm gonna send that before

27:19

i send that more information do i

27:21

support

27:22

uh alpn which is the application layer

27:25

protocol negotiation do i support

27:28

server name indications okay which is

27:30

things we talked about before in this

27:32

channel okay

27:33

and why do we do why do we need the

27:35

application layer progression

27:36

negotiation because we are cool because

27:39

the alpine is the best protocol out

27:42

there okay

27:43

it

27:44

negotiates it tells the client in the

27:47

server that hey by the way i'm gonna

27:49

about to communicate with you https but

27:52

i also support http 2

27:55

and i might even support http 3 right

27:58

in case of chrome i don't want to throw

28:00

another monkey wrench but chrome

28:02

communicates with google

28:04

in

28:05

quick api which is the future http 3 in

28:08

the future but i'm not gonna let's not

28:10

go there yet okay let's assume i want to

28:12

support http 2. so in the same client

28:15

hello i'm going to tell you that hey i

28:17

support http 2 these are the ciphers

28:19

here's my public keys and private keys

28:21

and all this stuff and here's the sni

28:23

the server name indication because

28:25

you

28:26

might be a public ip address serving

28:29

hundreds of domains right i need to tell

28:32

you which

28:33

domain i'm actually

28:35

communicating with okay and i'm okay

28:38

with google.com because your public

28:40

ideas which is what 4.1.23

28:44

might serve

28:46

gmail.com or might serve

28:49

mail.google.com isn't that the same

28:51

thing i think it's the same thing so i'm

28:53

telling you the same thing

28:55

put google.com that's my host name

28:57

that's the sni okay

28:59

send it over http i think that's that's

29:01

the whole thing right quick all that

29:03

jazz firefox will only communicate i

29:05

think with uh h2 right i might be wrong

29:08

but if chrome it might actually

29:10

communicate with google.com and it's

29:13

specific quick protocol which is uh i

29:16

think it stands for quick over udp

29:18

something like that i forgot what it

29:20

means

29:20

right

29:21

but that's the future http 3 which is

29:24

basically

29:25

in a nutshell

29:26

the http 2 protocol

29:28

but

29:29

in a udp

29:31

connectionless thingy right

29:34

so powerful stuff because of tcp because

29:36

what we're doing like tcp there's always

29:37

a handshake and and three-way handshake

29:40

and it's very expensive to to to to do

29:44

right so that's why they they want to

29:45

minimize these

29:47

round trip as much as possible okay

29:50

all right we sent the client hello oh my

29:52

god we're still in the client hello guys

29:54

yeah we the server

29:56

right the client hello will be packed

29:58

into an ip packet destined to four

30:02

one two three port 443 source is

30:06

what was the uh port i port two two two

30:09

two and this destination the source ip

30:11

is ten zero zero two do i ma do an arp

30:15

uh i i need to send it to the router

30:16

because four four one two is not there

30:18

i'm gonna send it to the router do an at

30:21

change it i cannot let you go out there

30:23

naked let me change your

30:25

public address to four four one two

30:26

three one two four and then change send

30:29

it over and we receive finally

30:31

google.com receives the client hello

30:33

check that generates the public no

30:36

generates the

30:37

private its private key

30:40

merges it with that merged key so we get

30:44

three keys and that three keys the

30:46

public

30:47

right and the private and the private

30:50

makes the symmetric key for the sim

30:53

for makes an input

30:55

called the hash or whatever it's called

30:57

secret right that will go

31:00

to

31:00

uh to the

31:02

decided cipher right so they said okay

31:05

let's use you support es you support

31:08

blowfish you support all the jazz

31:10

symmetric algorithm let's pick aes 256

31:13

right i might be wrong i don't know

31:15

what's the actual name i'm not a

31:16

security engineer right i'm so i'm

31:18

software engineer right so we picked

31:20

that best algorithm ever hopefully we

31:23

didn't get down a downgrade attack in

31:26

the middle right so we give that i'm

31:28

just i'm securing that i'm gonna use

31:31

that input from the three keys to

31:33

generate the symmetric key for this es

31:36

encryption algorithm and then

31:39

i'm gonna tell my server hello

31:41

send it's a certificate because now i

31:44

know

31:44

which host do you want to connect to

31:46

from the sni right the server name and

31:49

indication so now i know that you want

31:52

that certificate for gmail.com or that

31:55

certificate for google.com or that

31:57

certificate for

31:59

i don't know lively.com

32:01

lively was a

32:02

was it was a site for google back in

32:05

early 2000 i remember

32:07

okay

32:08

i don't know if you guys remember or

32:10

google plus right so now i know i'm

32:12

gonna serve you the exact certificate

32:14

that you actually asked for

32:16

server back right here's the

32:19

here's my private key merged with the

32:21

public key because nobody can break it

32:23

send it over

32:24

here is my

32:26

certificate here is other stuff as well

32:28

okay

32:29

send it back

32:31

to the router because that's the public

32:33

ip address that people see which is four

32:36

four one two four send it back router

32:38

does an at change it back to tinder 0

32:41

002 send it back the server hello

32:43

receives it and they the client now has

32:47

the two private keys one from the server

32:50

and one the public there and it has its

32:53

own obviously emerge the three together

32:55

and then generates the input which now

32:58

it knows this agreed about cipher was

33:00

eas take the ies and then

33:04

what it does is it takes that generates

33:06

the symmetric key now both guys have the

33:08

symmetric key they can now encrypt right

33:12

and they can have live happily ever

33:14

after

33:16

whoa okay

33:18

we have finally

33:20

the encryption mechanism everyone

33:22

can now start sending data because both

33:25

have the symmetric key they can encrypt

33:28

and decrypt with the same key because

33:29

that's the fastest thing ever guys okay

33:33

all right

33:38

next step is

33:41

almost done

33:42

we're going to send this first

33:44

http request which is a get request

33:46

we're going to send a get request

33:48

because now

33:49

the enter we're still hitting enter guys

33:52

all of this happened while this

33:54

single

33:55

key hit right we're still not done yet

33:57

so we're sending a get request

34:00

get slash

34:02

take that right

34:03

add some headers because we've we're

34:05

building an http header right it says

34:07

hey i'm visiting git slash the host

34:10

header is google.com still we need that

34:12

information okay

34:14

um

34:15

and then uh

34:17

we might compress these headers content

34:19

type if google.com ever had cookies

34:22

before it's gonna start

34:25

sending those cookies building those

34:27

cookies in the browser and sending them

34:29

over with the request right

34:32

because assuming we're building the

34:33

browser that might change

34:35

right if you're actually clicking a link

34:38

versus visiting a browser that's a

34:39

completely different things right okay

34:42

so now

34:43

made that get request poof

34:47

we have the data we have the headers we

34:49

have the body the body is just literally

34:50

there's nobody for get requests anyway

34:52

so we're not sending anybody we're

34:54

sending header we're sending those stuff

34:56

and keys perhaps and then oof before we

34:59

send

35:00

it we agreed by the way on http 2. but i

35:04

forgot to mention that in the during the

35:07

tls handshake server says yo

35:10

you cool you want to

35:11

because we did a lpn right and the same

35:15

client hello server agreed to http 2.

35:17

okay let's assume i'm using firefox not

35:19

not chrome okay

35:21

and then i agree to http 2 pure http 2.

35:24

so now the client says oh oh this guy

35:27

wants to communicate http i know http 2.

35:29

and if you use using chrome you might

35:31

agree you have agreed to using http 2

35:34

over quick all right or maybe http 3 if

35:38

you're watching this three years from

35:39

now okay

35:40

so now i got this now i have the http 3

35:43

i got all that stuff right

35:45

and now

35:48

i'm going to commute to hdbc so i i

35:50

build this get this get request and then

35:54

i

35:55

have one tcp connection and i need to

35:57

convince http 2. http 2 uses streams so

36:00

i'm going to build one stream of data

36:03

i'm going to put my headers along and

36:05

put my buddy along i don't have anybody

36:06

because i'm sending a good request so

36:08

it's just just a stream with the headers

36:11

i'm going to compress it because hdb2 is

36:13

awesome like that that i can present i'm

36:15

going to make it into a binary format i

36:17

have the piece of data i want to send

36:19

next i take my symmetric key encryption

36:21

which i did from the tls and i encrypt

36:24

that piece of data and i send it across

36:26

the binary protocol the beautiful http

36:29

across the tcp connection which is what

36:32

put the destination ip address at four

36:34

one two three but the destination port

36:37

is four four three and do that i'll jazz

36:39

the exact same thing exact same thing

36:41

we're not accepting a new tcp connection

36:42

it's the same thing we're just going

36:44

through the same route maybe the routes

36:46

might change in the in the future but we

36:48

don't care

36:49

okay so it goes and

36:50

goes through that stuff right establish

36:52

tcp connections

36:54

sweet all right

36:56

the

36:57

whole packet the stream receives at the

37:00

server the server says yo this is this

37:03

is get request and now it's up to the

37:06

google google might receive that request

37:08

and it's a load balancer so it might

37:10

switch establish a connection on the

37:12

back end if it's a layer 4

37:14

if it's a layer 4 load balancer then it

37:16

doesn't really establish a tcp

37:17

connection it just streams it back to

37:19

the destination final back end if it's a

37:22

layer seven actually terms tls

37:25

i'm not gonna go through that there's so

37:26

much work there i'm gonna take me

37:28

another two hours to explain that stuff

37:29

so i'm gonna terminate that stuff i'm

37:31

gonna receive it it says get slash what

37:33

do you want for this slash right are

37:35

there any rules are there any

37:37

index.html pages let's assume there's a

37:39

simple index of html pages which has the

37:42

google search i don't know how google

37:44

works on the backend i've never seen

37:46

that

37:46

so i'm going to assume there's an

37:48

index.html probably not but

37:51

yeah let's assume there is something

37:52

like that and then we're gonna

37:55

start building my headers because the

37:56

server now to send the response for that

37:59

request right so it's gonna build the

38:01

headers and says hey the content type is

38:03

actually html uh uh

38:05

yeah i want you to set these cookies

38:07

because i want i wanna know you i'm

38:09

gonna track you

38:10

sorry that's how google works we're

38:12

gonna track everybody so yeah i know you

38:14

i wanna this is the this is how i track

38:16

you this is the cookies please set these

38:19

cookies on your on your machine please

38:21

and then do all that jazz and then

38:24

here's the thing this is the html page i

38:26

want to uh this is a streaming page

38:27

maybe it has a css link javascript some

38:31

what else has other

38:33

goofy stuff maybe esi who cares right

38:36

and then

38:38

take the html that's a body right

38:41

and then create a stream for the body

38:43

create a stream for headers send it over

38:45

the same tcp connection destined to my

38:48

public ip address of the router four

38:50

four one two four

38:51

uh i forgot the port was two two two two

38:53

yeah two two two two and then send it

38:54

back data

38:56

before we send it we compress it because

38:58

http is cool like that because we know

39:00

how to compress thing in http 2.

39:03

okay and take that thing

39:05

and

39:06

we

39:08

encrypt it because i have the symmetric

39:10

key i forgot the step that was actually

39:12

we need we had to decrypt the data

39:14

before actually we look at it right and

39:16

we can declare it because we have a

39:17

symmetric key right i keep forgetting

39:20

stuff but you're hopefully you're still

39:22

with me guys so i encrypt that stuff

39:24

encrypted send it over the network and

39:28

once we send it over the network

39:29

encrypted nobody can look at it right

39:32

and then

39:33

it goes to the router router does not

39:35

reverse that

39:36

send it back to the same machine

39:39

my client receives this encrypted

39:41

garbage and uses its symmetric key

39:44

lock it

39:45

unencrypt and unlock it look at the data

39:48

a content type is html and here's the

39:51

thing okay if it's html the browser

40:00

will automatically start parsing it if

40:02

the content type is image

40:05

then the browser will start to render

40:06

this image if the content type is

40:09

something else the css that is

40:11

javascript the browser will start to

40:13

execute that javascript okay that's how

40:16

that's how browsers work right there are

40:18

some attacks like called mime sniffing

40:20

where some servers didn't add this

40:22

content type before right so they will

40:25

just miss adding it because

40:27

uh web administrator back in the 90s or

40:29

early 2000s they were very lazy because

40:32

you have to go manually and tell okay

40:33

this this is actually a picture oh this

40:35

is actually an

40:36

html oh

40:37

we can go only on by the index by the

40:41

you're going to go by the extension

40:43

because that's not enough right then

40:45

extension because you can you can

40:46

actually send the responses without

40:48

extensions does not really have to be

40:49

files on disk for god's sake right

40:52

you're sending data back you have to

40:54

tell me what kind of data is this

40:57

so there was this attack called my

40:58

sniffing and we made a video about it

40:59

i'm gonna reference it here go check it

41:01

out but

41:02

browsers

41:04

if they don't see the content type they

41:06

try browsers try to be

41:09

too clever by half and what they do is

41:11

actually oh there is no content type

41:14

well let me look at the body because

41:16

from the body i can actually infer

41:19

what's the type so to start parsing the

41:21

body and we'll say hey this is html let

41:23

me execute it this is a jpeg let me show

41:25

it and this caused a lot of attacks back

41:28

in the back in the days okay now there's

41:30

another header called the ss nef don't

41:33

sniff please or whatever of a goal is

41:35

this there's a header that tells this

41:37

browser do not sniff

41:40

it's weird okay anyway let's back back

41:43

back back

41:44

let's continue all right so we received

41:46

that decrypted look at that content type

41:48

html yeah let me parse it

41:51

before we

41:53

reach here

41:54

let's add

41:56

let's add

41:57

let's continue let's continue okay so

41:59

html receive it parse it look at it oh

42:02

this is html okay let me parse it uh

42:04

well there is a javascript file that we

42:06

need to download there's a css file

42:08

there's a couple of images let's go and

42:10

load those so what do we do right so we

42:13

turn around and make

42:15

additional git requests for those

42:18

resources and we're lucky because we're

42:20

using http 2

42:22

one tcp connection can do the whole

42:25

thing for us because the whole thing

42:27

will get its own stream stream id4 image

42:30

once another stream for image two

42:31

another stream for image three another

42:33

stream for css another stream for

42:35

javascript and send it in parallel

42:37

because we are cool like that okay we're

42:39

sending everything in parallel server

42:41

receives it and then

42:43

start sending back the data and you you

42:46

get idea there's an encryption

42:47

decryption going around and then we get

42:49

every file and then the page gets

42:52

rendered for us let's throw some

42:55

monkey wrenches guys

42:56

let's throw the monkey wrenches

42:59

let's assume the first get request that

43:01

we sent the server

43:03

my server supports http 2 push okay

43:07

if the server support http 2 push which

43:09

i'm not sure google supports it i'm

43:11

pretty sure it does but i'm not sure if

43:13

it's activated or not because it has its

43:15

own problem

43:16

right if it does support it before the

43:19

html actually gets sent

43:21

right back to the client

43:23

the brow the server will determine that

43:26

hey by the way

43:28

you're gonna need

43:29

you you're i'm gonna send you index.html

43:32

but you're gonna need this file and this

43:34

file and this file in this file anyway

43:36

so i'm gonna send you

43:38

multiple streams back watch out that's

43:40

called http 2 push

43:43

http h2 push is essentially like

43:46

responses for requests that the client

43:48

never made okay so

43:50

that could be another path that things

43:52

can go through okay and essentially

43:55

that's that's how how it's done right

43:58

final thing

43:59

if

44:00

we're using http1 the same thing will be

44:02

exactly the same there will be no

44:04

encryption because http1 doesn't support

44:06

encryption wait a second that's wrong

44:08

okay yeah

44:09

http 1 if it's on https yes it does

44:12

support uh it does support encryption

44:14

efficiently even what if we're using

44:16

http one then that browser will

44:18

establish six connections and we'll

44:20

start piping those requests into six

44:23

connections instead of one so you will

44:25

have different internal ports

44:27

essentially in your router all right

44:28

guys

44:29

whoo that was a long video okay and

44:32

that's how essentially what happens when

44:34

you type google.com and hit enter hope

44:36

you enjoyed this video guys right it was

44:38

very short i know i know i guys yeah

44:41

okay i'm pretty sure i missed a lot of

44:43

things i'd love for all of you to type

44:46

in the comment section below to let me

44:49

know what i missed or and what did i say

44:51

wrong if i said anything wrong because i

44:54

want to become a better software

44:54

engineer that's my goal right and i want

44:57

to become better and uh appreciate

44:59

everything you guys stay awesome see you

45:01

on the next one

Browse More Related Video

Redes de computadores - Protocolo TCP IP - Informática para concursos - Professor Danilo Vilanova

SMT 2-3 Well known Network Services

Common Ports - CompTIA Network+ N10-009 - 1.4

read these 5 books to break into quant trading as a software engineer

Types Of Network Protocol | TCP | IP | UDP | POP | SMTP | FTP | HTTPS |Computer Networks|Simplilearn

3.2.4.6 Packet Tracer - Investigating the TCP IP and OSI Models in Action

Rate This

★

★

★

★

★

5.0 / 5 (0 votes)

Related Tags

NetworkingSoftware EngineeringInternet ProtocolsWeb BrowsingDNSTCP/IPHTTPSWeb SecurityGoogleBrowser MechanicsHTTP2TLS Handshake