import socket

# Change the following host and see what IP it prints!
host = "google.com"
# this allows us to translate a host name into an ip adress
ip = socket.gethostbyname(host)

print(ip)

142.250.189.14

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))
    print("Successfully connected!")

Successfully connected!

Check-In

  1. What is an IP address? IP address is used to identify and communicate with devices on a certain network suhc as a computer.
  2. What is a TCP port? TCP allows us to tell if each packet is received correctly. Allows us to abstract and reassemble certain parts of data during a transaction.
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.connect((ip, 80))

    # Send a GET request to "/"
    s.sendall(b"GET / HTTP/1.1\r\n\r\n")

    # Recieve & print 2048 bytes of data
    data = s.recv(2048)
    print(data.decode())

HTTP/1.1 200 OK
Date: Thu, 27 Apr 2023 20:00:10 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-SP2mcegfZKgAiTs1Q5oPmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2023-04-27-20; expires=Sat, 27-May-2023 20:00:10 GMT; path=/; domain=.google.com; Secure
Set-Cookie: AEC=AUEFqZcQUWVPgRRRFqHW8VG-TDYbWzat_l4oj_FRirlwKwhOJqWx0106pwM; expires=Tue, 24-Oct-2023 20:00:10 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=511=Ck8OmI53dwHeTh6a0eEjBYvdYAxf7fsVclvZW5eig5tD-xsOGK18yNjB5eURDu8d5fbnRJqCyiqQo-2Bfu6Ymbf70y1O-Rh0afS7fSmmPC7Neu54I2kH6bqzEgHJv4TkRBcNeXxc_LQ3Qbr6Kex3-HgcPGd4E0VE751HpZIRQcU; expires=Fri, 27-Oct-2023 20:00:10 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked

5966
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="SP2mcegfZKgAiTs1Q5oPmw">(function(){window.google={kEI:'StRKZPe8I8PJkPIP1_aJyA4',kEXPI:'0,1303458,55951,6059,206,2415,2389,2316,383,246,5,1129120,1197763,631,380097,16114,28684,22430,1362,284,12034,4747,12834,4998,13228,3847,38444,2872,2891,3926,4422,3406,606,30668,27618,2404,15324,432,3,1590,1,16916,2652,4,1528,2304,29062,13065,13658,2980,1457,16786,5830,2527,4094,7596,1

import requests

# Change the URL to whatever you'd like
response = requests.get("https://google.com")

print("Status code:", response.status_code)
print("Headers:", response.headers)
print("Response text:", response.text[:100])

# Add a line to print the "Content-Type" header of the response
# Try an image URL!

Status code: 200
Headers: {'Date': 'Thu, 27 Apr 2023 20:00:12 GMT', 'Expires': '-1', 'Cache-Control': 'private, max-age=0', 'Content-Type': 'text/html; charset=ISO-8859-1', 'Content-Security-Policy-Report-Only': "object-src 'none';base-uri 'self';script-src 'nonce-ZEYJ4PBue2lU75mPhf-GiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp", 'P3P': 'CP="This is not a P3P policy! See g.co/p3phelp for more info."', 'Content-Encoding': 'gzip', 'Server': 'gws', 'X-XSS-Protection': '0', 'X-Frame-Options': 'SAMEORIGIN', 'Set-Cookie': '1P_JAR=2023-04-27-20; expires=Sat, 27-May-2023 20:00:12 GMT; path=/; domain=.google.com; Secure, AEC=AUEFqZehjqCqul40lf0erll9TcMmrEVT4rtWQ08whOdt_H10OSvDGyVHXCs; expires=Tue, 24-Oct-2023 20:00:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax, NID=511=IfzhNiDYofeptFX5aeBqIWonmtW1RsndjEIhqUUI-aIFo6XlaZtGDwV3fKAQgjr6xGGqzikLB5JralgvSYw8rV2wmcZhBZ8FxKvov-P7VJ_s7Gh9Jdr9WRfI8tDp6egdeL2l2sEuqSA5nmVG0vsr-RJCmlxKOHzCXRfIhfYBjCY; expires=Fri, 27-Oct-2023 20:00:12 GMT; path=/; domain=.google.com; HttpOnly', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000', 'Transfer-Encoding': 'chunked'}
Response text: <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content

NGINX 

aws = "3.130.255.192"

response = requests.get("http://" + aws)
print(response.text)

<html><head><title>ContentKeeper</title></heQad>
<body bgcolor="#A02E5F" text="White" link="Lime" vlink="Aqua">
<center><br><h1>ContentKeeper<br>Non-Managed Site</h1>
No access is available to NON-Managed Sites.<br><br>
<table border="1" cellspacing="0">
<tr><td>URL</td><td><b>3.130.255.192</b></td></tr>
<tr><td>Username</td><td><b>1924258/pusd</b></td></tr></table>
</body></html>

Configuration 

server {
    // Listen on virtual "port 80"
    listen 80;
    listen [::]:80;
    server_name 3.130.255.192;

    location / {
        // Inform server about original client
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        // Forward all requests transparently to the server running on our computer
        proxy_pass              http://localhost:9099;
    }
}

Load Balancing 

upstream example.com {
    server server1.example.com;
    server server1.example.com;
}

HTTP Headers 

server {
    add_header X-Cool-Header "I love APCSP!";

    location /pages {
        add_header X-Cooler-Header "This is my secret header!";
    }
}

Check In

  1. Research 1 HTTP header and describe, in detail, its purpose.
  • Another HTTP header that is commonly used is the "Authorization" header. The purpose of the Authorization header is to provide credentials to access a protected resource. The header typically contains some type of authentication information that is used to authenticate the user making the request.
  1. Write a line in a sample NGINX configuration that will add that specific header to the /information location
  • location /information { add_header Authorization "Bearer my_access_token"; ... }
  1. Explain the purpose of the load balancing performed by NGINX
  • The purpose of load balancing performed by NGINX is to distribute incoming network traffic across multiple servers to improve performance, increase availability, and reduce the risk of downtime due to server failures.
  1. Modify the following code block to obtain the value of the secret header on /products of the AWS site
  • Check below
aws = "3.130.255.192"

response = requests.get("http://" + aws + "/products")

print("The secret header is: " + response.headers['X-Cooler-Header'])

The secret header is: This is my secret header!

Hacks

  • Complete the above check-in questions and change the hosts (0.1)
  • Complete the above code-segment to retrieve the secret header (0.1)

Bonus (0.05)

Create a diagram showing the layers of abstraction that allow us to use HTTP (IP, TCP, etc.)

DNS Hacks

  1. What does DNS stand for?
  • DNS stands for Domain Name System.
  1. What is the purpose of DNS?
  • The purpose of DNS is turn domain names into IP addresses.
  1. How does DNS work?
  • When a user types a domain name into their web browser, the browser sends a request to a DNS resolver, which is a server that is configured to look up the IP address associated with that domain name.
  1. What is a DNS resolver?
  • A DNS resolver is a server that is responsible for finding domain names to IP addresses. When a user types a domain name into their browser, the browser sends a request to a DNS resolver, which then looks up the IP address associated with that domain name.
  1. Make a canva image on the process of DNS (you can base it off of the previous slide)

CORS Hacks

  1. Explain what CORS is and what it stands for
  • CORS stands for Cross-Origin Resource Sharing. It is a mechanism that allows web servers to specify which domains are allowed to access the resources on the server. By default, web browsers restrict cross-origin HTTP requests initiated from scripts, so CORS is used to lessen these restrictions and allow web applications to access resources from different domains.
  1. Describe how you would be able to implement CORS into your own websites
  • To implement CORS in a website, the server-side application needs to set the Access-Control-Allow-Origin header to indicate which origins are allowed to access the server's resources. Then the server can set other headers to control the types of HTTP methods and headers that are allowed to be used in cross-origin requests.
  1. Describe why you would want to implement CORS into your own websites
  • To allow access to resources hosted on a different domain, such as third-party API.
  1. How could use CORS to benefit yourself in the future?
  • It can demonstrate my skills in web security, which are highly valued skills in the industry.

Total: 0.2 points

KASM Hacks

  1. What is the purpose of "sudo" when running commands in terminal?
  • The "sudo" command is used to run commands with extra privileges in a terminal. It allows a user to execute commands as the root user, which has unrestricted access to the system and can perform administrative tasks that regular users cannot. Using "sudo" is necessary when performing tasks that require administrative privileges, such as installing software.
  1. What are some commands which allow us to look at how the storage of a machine is set up as?
  • "df" - displays the amount of disk space used and available on mounted file systems.
  1. What do you think are some alternatives to running "curl -O" to get the zip file for KASM?
  • Downloading the zip file manually from the website and saving it to a local directory.
  1. What kind of commands do you think the "install.sh" command has and why is it necessary to call it?
  • The "install.sh" command is likely to have commands that install the software that it is associated with. It is necessary to call "install.sh" because it helps the installation process and ensures that all necessary dependencies are installed correctly.
  1. Explain in at least 3-4 sentences how deploying KASM is related to/requires other topics talked about in the lesson and/or potential ways to add things mentioned in the lesson to this guide.
  • Setting up microservices to manage and secure application services across many environments is part of the KASM deployment process. Understanding HTTP is necessary for this because it is the protocol used for microservice communication. In order for the process to function, CORS must be set up to allow cross-domain requests between microservices. Total: 0.2 points

AWS/RDS Hacks ()

See the setup post

  • Create your own database in the EC2 I have created (ec2-database-connect)
    • name it with your first and last name (example: aditya-nawandhar) (0.1)
    • Create a table using the commands on the link provided. (0.1)
    • using commands from the link provided make columns and rows with test data (can be anything) (example: “name” and “class” are the columns with rows being something like “Aditya” and “Junior”). At least 4 test rows (0.1)
    • additional points if the data matches CPT (Bonus: 0.05)

Total: 0.3