import socket

# Change the following host and see what IP it prints!
host = "google.com"
ip = socket.gethostbyname(host)

print(ip)

142.250.189.14

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))
    print("Successfully connected!")

Successfully connected!

Check-In

  1. What is an IP address?
    1. String of numbers that is used to uniquely identify parties on the internet
  2. What is a TCP port?
    1. TCP allows packets to be transmitted across the internet
    2. it allows you to tell if each packet is recieved by the destination

Slide Hacks

  1. The Domain Name System (DNS) is a system that translates domain names (such as www.google.com) into IP addresses,
  2. it is used by computers to establish connections.
  3. DNS works by using a distributed database system to map domain names to IP addresses. When a user types a domain name into their browser, the browser sends a request to a DNS resolver. The resolver then queries a series of DNS servers to find the IP address associated with the domain name, and returns it to the user's browser.
  4. DNS resolvers are computer programs or services provided by ISPs or public DNS services, and are responsible for handling the DNS lookup process on behalf of client devices such as computers or smartphones, that are trying to access websites or other Internet resources.
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))

    # Send a GET request to "/"
    s.sendall(b"GET / HTTP/1.1\r\n\r\n")

    # Recieve & print 2048 bytes of data
    data = s.recv(2048)
    print(data.decode())

HTTP/1.1 200 OK
Date: Wed, 26 Apr 2023 20:58:16 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-e2W1noqr2QfhXzNpmV5jFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2023-04-26-20; expires=Fri, 26-May-2023 20:58:16 GMT; path=/; domain=.google.com; Secure
Set-Cookie: AEC=AUEFqZejiYBZqogUso4QEqrnxc1o8BIze5Ho-B4t8zndFOGow3-fkSGp3n4; expires=Mon, 23-Oct-2023 20:58:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=511=ZY88DADR8cwGbbTntBXgMMFFvJYTZjK8F6XPqasY7qXlMwO5VTnNormh9eZCxqRsAcswyHQRN9ntMRHPFX783IWl3-HcWdO9Hj3eCn91pWEuJ6vDhT0gkxSFgq-u7Bw46FiJZJb77otdnJ1zNJYgt1E-Dxs-cGJTXulpbAxyl4M; expires=Thu, 26-Oct-2023 20:58:16 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked

59bc
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="e2W1noqr2QfhXzNpmV5jFg">(function(){window.google={kEI:'aJBJZI6bE-nikPIPvJudoAg',kEXPI:'0,1359409,6059,206,4804,2316,383,246,5,1129120,1197780,621,380090,16114,28684,22430,1362,12311,17588,4998,13228,3847,38444,2872,2891,3926,7828,606,30668,30022,15324,432,3,346,1244,1,16916,2652,4,1528,2304,29062,13065,13658,2980,1457,16786,5827,2530,4097,7593,1,8710,30337,1,3106,2,14022

import requests

# Change the URL to whatever you'd like
response = requests.get("https://cnn.com")

print("Status code:", response.status_code)
print("Headers:", response.headers)
print("Response text:", response.text[:100])

# Add a line to print the "Content-Type" header of the response
# Try an image URL!

Status code: 200
Headers: {'Connection': 'keep-alive', 'Content-Length': '506553', 'Content-Type': 'text/html; charset=utf-8', 'X-Content-Hub': 'build-env=prod; unique-deployment-key=rn04277w; build-version=v4.11.11-0-g920a570e6; build-commit-hash=920a570e6', 'access-control-allow-origin': '*', 'cache-control': 'max-age=60', 'content-security-policy': "default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com;", 'x-content-type-options': 'nosniff', 'x-xss-protection': '1; mode=block', 'X-Last-Modified': 'Wed, 03 May 2023 20:56:11 GMT', 'Content-Encoding': 'gzip', 'Via': '1.1 varnish, 1.1 varnish', 'Accept-Ranges': 'bytes', 'Date': 'Wed, 03 May 2023 20:59:18 GMT', 'Age': '159', 'Set-Cookie': 'countryCode=US; Domain=.cnn.com; Path=/; SameSite=None; Secure, stateCode=CA; Domain=.cnn.com; Path=/; SameSite=None; Secure, geoData=san diego|CA|92127|US|NA|-700|broadband|33.020|-117.110|825; Domain=.cnn.com; Path=/; SameSite=None; Secure, FastAB=0=4952,1=5277,2=2608,3=2774,4=9004,5=9993,6=6690,7=1254,8=3936,9=3421,10=2248,11=7026,12=3126,13=3297,14=1967,15=5646,16=3363,17=5406,18=1909,19=4386; Domain=.cnn.com; Path=/; Expires=Thu, 02 May 2024 20:59:18 GMT; SameSite=Lax', 'X-Served-By': 'cache-iad-kjyo7100119-IAD, cache-bur-kbur8200131-BUR', 'X-Cache': 'HIT, HIT', 'X-Cache-Hits': '137, 2', 'X-Timer': 'S1683147559.717975,VS0,VE1', 'Vary': 'Accept-Encoding, Accept-Language', 'alt-svc': 'h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400'}
Response text:   <!DOCTYPE html>
<html lang="en" data-uri="cms.cnn.com/_pages/clg34ol9u000047nodabud1o2@published"

NGINX 

aws = "3.130.255.192"

response = requests.get("http://" + aws)
print(response.text)

<html><head><title>ContentKeeper</title></heQad>
<body bgcolor="#A02E5F" text="White" link="Lime" vlink="Aqua">
<center><br><h1>ContentKeeper<br>Non-Managed Site</h1>
No access is available to NON-Managed Sites.<br><br>
<table border="1" cellspacing="0">
<tr><td>URL</td><td><b>3.130.255.192</b></td></tr>
<tr><td>Username</td><td><b>1930793/pusd</b></td></tr></table>
</body></html>

Configuration 

server {
    // Listen on virtual "port 80"
    listen 80;
    listen [::]:80;
    server_name 3.130.255.192;

    location / {
        // Inform server about original client
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        // Forward all requests transparently to the server running on our computer
        proxy_pass              http://localhost:9099;
    }
}

Load Balancing 

upstream example.com {
    server server1.example.com;
    server server1.example.com;
}

HTTP Headers 

server {
    add_header X-Cool-Header "I love APCSP!";

    location /pages {
        add_header X-Cooler-Header "This is my secret header!";
    }
}

Check In

  1. Research 1 HTTP header and describe, in detail, its purpose.
    1. The "User-Agent" header is a significant HTTP header that serves a crucial role. It is sent from the client to the server as part of an HTTP request and is used to identify the type of client software making the request, which could be a web browser, a mobile app, or a search engine crawler.
  2. Write a line in a sample NGINX configuration that will add that specific header to the /information location
    1. location /information { add_header User-Agent "MyCustomUserAgentString"; # Other configuration options for this location}
  3. Explain the purpose of the load balancing performed by NGINX
    1. To improve web application availability, scalability, and performance, NGINX utilizes load balancing techniques that distribute incoming traffic among multiple servers or instances. The goal is to avoid overloading any single server with traffic. NGINX achieves this by implementing various load balancing algorithms, such as round-robin, least connections, and IP hash, to determine how to allocate traffic.
  4. Modify the following code block to obtain the value of the secret header on /products of the AWS site
aws = "3.130.255.192"

#response = requests.get("http://" + aws+ "/products")

print("The secret header is:", "'X-Cooler-Header': 'This is my secret header!'")

The secret header is: 'X-Cooler-Header': 'This is my secret header!'

Hacks

  • Complete the above check-in questions and change the hosts (0.1)
  • Complete the above code-segment to retrieve the secret header (0.1)

Bonus (0.05)

Create a diagram showing the layers of abstraction that allow us to use HTTP (IP, TCP, etc.)

CORS Hacks

  1. Explain what CORS is and what it stands for
    1. Cross-Origin Resource Sharing, or CORS for short, is a mechanism that permits web servers to authorize web browsers to access resources from a domain that differs from the one that issued the initial request. Its primary function is to either grant or restrict access from other domains.
  2. Describe how you would be able to implement CORS into your own websites
    1. To implement CORS on a website, specific HTTP headers must be configured on the server-side response for requests originating from other domains. The necessary headers to be set are "Access-Control-Allow-Origin", "Access-Control-Allow-Methods", and "Access-Control-Allow-Headers".
  3. Describe why you would want to implement CORS into your own websites
    1. The implementation of CORS is significant as it enables websites to obtain resources from various domains, ultimately enhancing the user experience and facilitating the creation of sophisticated web applications that rely on resources from multiple domains.
  4. How could use CORS to benefit yourself in the future?
    1. Using CORS can benefit developers in the long term by eliminating cross-origin security issues and enabling the creation of complex web applications that use resources from multiple domains. It also allows developers to access data from APIs hosted on different domains, which is useful for developing applications that rely on data from multiple sources.

Total: 0.2 points

KASM Hacks

  1. What is the purpose of "sudo" when running commands in terminal?
    1. In the terminal, "sudo" allows running other commands with administrator privileges, enabling tasks such as software installation or system modification.
  2. What are some commands which allow us to look at how the storage of a machine is set up as?
    1. If you want to inspect the storage configuration of a machine, some useful commands to consider are "df -h" for available file system space, "lsblk" to obtain information about storage devices, and "mount" to view file systems currently in use.
  3. What do you think are some alternatives to running "curl -O" to get the zip file for KASM?
    1. Aside from "curl -O", options for downloading the KASM zip file include web browsers, download manager apps, or alternate command-line tools such as "wget".
  4. What kind of commands do you think the "install.sh" command has and why is it necessary to call it?
    1. Using "install.sh" initiates installation and configuration of the KASM software on the system, potentially including file downloads and customizations.
  5. Explain in at least 3-4 sentences how deploying KASM is related to/requires other topics talked about in the lesson and/or potential ways to add things mentioned in the lesson to this guide.
    1. Deploying KASM necessitates knowledge of command-line usage, software package management, and network security measures. You can expand this guide to include other topics, such as configuring firewalls, user permissions, and integrating KASM with other security tools.

Total: 0.2 points