HTTP is Hyper Text Transport Protocol and transmitted over the wire via PORT 80 (TCP). You normally use HTTP when browsing, it is not safe, so anyone can listen in on the conversation between your computer and your web server. HTTP can support the customer asks for a particular file to be sent only if it has been updated after a certain date and time. It would be used if the customer has already downloaded a copy of a file with that name from that server, but want to check whether it has been updated since then. The server is either the updated file with a message saying the file is not changed or with a message that the file n
o longer exists.
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages returned by the web server. HTTPS is really just using Netscape's Secure Socket Layer (SSL) as a sub-layer under its regular HTTP application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interaction with the lower layer, TCP / IP.) SSL uses a 40-bit key size for the RC4 stream encryption algorithm, new-age browsers use 128-bit key size, which is more secure than the former, it is considered an adequate degree of encryption for commercial exchange. HTTPS is normally used in the login pages, shopping / commercial sites.
How it Work
Https is not a separate protocol, but refers to a combination of a normal HTTP interaction over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport mechanism. This ensures reasonable protection against eavesdropping and (provided it is implemented properly and the top level certification authorities do their job properly) man-in-the-middle attack.
The default TCP port of an https: URL is 443 (for unsecured HTTP, the default is 80). To prepare a web server to accept https connections the administrator must create a public key certificate to the Web server. These certificates can be created for Linux-based servers with tools such as Open SSL or SuSE's gensslcert. This certificate must be signed by a certificate authority in one form or another, attesting to the certificate holder is who they say they are. Web browsers are generally distributed with the signing certificates for major certificate authorities, so they can verify certificates signed by them.
Key Features
Dedicated to HTTP protocol, show a broad range of HTTP-related information request and response header sent content, and received cookies, stream, search queries, post form values ...
Request builder, users can craft an HTTP request using the HTTP Request Builder, or they can use a drag and drop operation to move an existing request from the session grid to the Request Builder to execute it again.
Hex Viewer allows users to view and edit binary files in hexadecimal and textual format. New
Displays Winsock traffic originating from Java applets and JavaScript embedded in a Web page that displays Winsock traffic originating from ActiveX controls and COM objects have resulted in an application (Stand-alone Edition Only)
"Before request and after response" browser cache comparisons
Support HTTPS, show you the unencrypted data sent over HTTPS / SSL connections, HTTPS is available if the program uses Microsoft WININET API (ex. i.e. Outlook) or Mozilla NSS API. (Ex Firefox, Thunderbird)
Selective clear caches and cookies associated with HTTP / HTTPS sessions
