HTTP & HTTPS WEBSITE ATTACKS :
Types of Website Format:
When we browse anything on the internet, there we can see ‘HTTP (HyperText Transfer Protocol) or HTTPS (Hypertext Transfer Protocol Secure) on the website. No one observes the format of the website like in which format the website is. The website format is of two types HTTP and HTTPS format. No one knows the difference between HTTP and HTTPS.
HTTP FORMAT WEBSITE :
Look at the above image, you can see HTTP and HTTPS websites right. If you observe, on the HTTP website you can find the alert mark (marked as red) but not on the HTTPS website.
It means that the HTTP format is not a secure one. It doesn't have end-to-end encryption. When you open any website which has HTTP format, then you can see on the top left written as ‘NOT SECURE’.
HTTP formatted websites will be created or generated by hackers to steal the information of your account details whatever you enter in that website like logins/sign-in into your other account. The hackers will have access to your password and Id's and have access to your entire account. Whenever they want they sell your account details in the DARK WEB.
HTTP does not have any encryption. Remember this, whenever you open any link through Whatsapp, Instagram, Gmail, SMS, etc…
Once have a look at the website whether the link is in HTTP format or HTTPS format. If that link is in HTTP format then don't open it. But still, if you wish to open it, have a glance at the top left of the page. If it is a secure one or not. If it is NOT SECURE then it is advised not to open that website and not to put your login and sign in through that link.
You can check any link which you get through your Gmail, WhatsApp, etc… VirusTotal, it shows if any link is secure or not. Also, this website cat shows if there is any virus. Because hackers use the anti- vulnerable tools which can’t detect the virus in those links.
Hackers send links to our device, when we open these links there are chances that the entire device may be hacked or else it may get access to selfies, camera, or maybe it takes all our data from the device.
Beware of these links. Whenever you get these links don't open it and just delete the message.
Sometimes, we see that the link is in HTTP format but when we open it changes to HTTPS format. If It happens then the link is a secure one. If it doesn't change into HTTPS then just close it. Because if you open then the hackers use that website to attack your computer and will take all your information which you are uploading on that website.
If any website doesn't have SSL (secure sockets layer) certificate then that website is known as HTTP. Example for HTTP format website: http://tinyurl.com/y3bbm4ch
Have a look at the image, you can see 2 types of HTTP link right!
INSECURE DIRECT OBJECT REFERENCE (IDOR):
HTTPS Website Format:
HTTPS (Hypertext Transfer Protocol Secure) format is the secured one and it has end-to-end encryption and it also has the SSL (secure sockets layer) certificate. HTTPS has full encryption. If we enter the password on the HTTPS website then it shows in the encrypted format.
i.e. if you enter your password in HTTPS like ABCD@123 then it shows as *RYOE987. It protects our password when we are in HTTPS format websites. HTTPS websites are secured websites. And we can trust these websites.
Sometimes we see that some websites look like HTTPS format but they are not safe. For example, http://tinyurl.com/y3bbmh If the website is in this format then it is not a secured one.
As we see in IDOR by using the same, HTTPS gets compromised. They create a fake link similar to the original one and when we click on that HTTPS link, the attackers get access to our information.
Have a look at this tool, to see how hackers steal the information from the device by sending the HTTP and HTTPS links.
As said earlier, hackers send the HTTP links to people and steal the information. and also every HTTPS link is not safe. In this image, you can find HTTP and HTTPS links in the tool. When I open the HTTPS link which is present in that tool.
As I said that some HTTPS links can be compromised or else it will be created by some tools. See in this image here. I opened the HTTPS link which is present in the tool then it is asking for the access of location. When I give access to the location then the device name and the location will be accessible to the hackers.
When we use a VPN in our device then it shows different IP addresses and different locations. Here I used a VPN not to show my location. When I opened the HTTPS link, it showed the location and the entire device information. When we give permission only then it gets access to our location. If we don't give permission then it doesn't have access to our location.
so please check the website URL before you are visiting. If anyone visit HTTP website we can find his IP address and we can find what he is doing in that HTTP website by using Wireshark tool. If any person enter his credentials at HTTP website then we can get his credentials too.
While you are opening any website 1st see the URL of the website and then only open that. if you get any alert this site is NOT SECURE better don't go through that site.
Published by :
Shaik Sulthan, Blog writer at ACCS ( Anti Cyber Crime Society )