Saturday 4 January 2014

The Difference Between HTTP And HTTPS [HTTPS]

The Difference Between HTTP And HTTPS [HTTPS]

HTTPS : Hyper Text Transfer Protocol Secure

HTTPS is combination of Hyper Text Transfer Protocol and Secure Socket Layer protocol(SSL) / Transport Layer Security(TLS) to provide encrypted communication between web server and client. Usually HTTPS used forinternet banking, payment transaction, login page, etc. This protocol use port 443 for communication.
Website that already use this protocol HTTPS is GMail.com, and also other websites such as PayPal, Amazon, etc.
Let’s see the connection between our computer and web server when we made connection using HTTPS usingnetstat -an.
Hyper Text Transfer Protocol netstat -an
As we can see from the picture, client computer opened random local ports and open port 443 on server side.

Are HTTPS (Hyper Text Transfer Protocol Secure) Secure??
To answer this question, let’s see experiment below.
In this experiment, there’s 2 person in one wireless network BadGuy and NiceGuy. NiceGuy trying to openhttp://gmail.com then login into it. In different place, BadGuy is in the same wireless network with NiceGuy as shown in the picture below :
Hyper Text Transfer Protocol Secure Topology
When BadGuy trying to capture all packet data to/from access point, it will be different when NiceGuy using HTTPSfor its connection. For more clear description, lets see the image below when NiceGuy Input username andpassword on GMail login page.
GMail login page HTTPS
as you can see in above picture, it’s use https:// for connection between client and web server. Then we will see what BadGuy do after NiceGuy using HTTPS for his connection. This BadGuy really like Wireshark, so he try againto capture the data and hope there’s something interesting there.
SSL Gmail HTTPS
BadGuy didn’t find plain data there, every data send to / send from server is encrypted. The picture above is the login information(maybe) data that has already captured by BadGuy, but I think BadGuy cannot break the encrypteddata only in a few days/months/year or maybe we can called “impossible” (we still didn’t know when the possible time to break into it).

HTTPS Conclusion
Packet data sent using HTTPS is encrypted, anyone cannot see the packet data inside public network. That’s why HTTPS usually used for banking or transaction on internet, and also login page or other page need to encrypt the data.
Hope it clear :-)

Share this article if you found this post was useful: