HTTP is foundation data communication for World Wide Web(WWW). Whenever we open website / webpage we will use this protocol.
Client side asks server side to open communication on port 80, server side open port 80 and in client side open random ports. Below is the picture when I’m opening http://www.kaskus.us and see open ports using netstat -an.
As we can see from the picture, client computer opened random local ports and open port 80 on server side.
Are HTTP(Hyper Text Transfer Protocol) secure??
To answer this question, let’s see experiment below.
In this experiment, there’s 2 person in one wireless network BadGuy and NiceGuy. NiceGuy trying to open http://friendster.com then login into it. In different place, BadGuy is in the same wireless network with NiceGuy as shown in the picture below :
BadGuy using Wireshark to capture all packet data transmitted to/from access point. In this case BadGuy only collecting and see the packet data sent by the others. Below is the picture when NiceGuy input username(email) and password in friendster.com
and then the data captured by BadGuy using Wireshark.
Packet data sent using HTTP is not encrypted, anyone can see the data in plain text like the BadGuy do. That’s why HTTP not use for banking or transaction on internet, and also it’s not recommended if you open website login page that use HTTP at public network such as hotspot wireless area.