The Importance of HTTP Versus HTTPS

In this video we’re talking about the importance of HTTP versus HTTPS. So what is the difference? Normally when you browse the internet, you type in HTTP, colon, forward slash, forward slash, WWW, and whatever the URL is, such as Google.com. There is another protocol that you can use. There’s HTTPS. So HTTP stands for Hypertext Transfer Protocol, which is the older form of communication for browsing the web. There’s also HTTPS, which stands for Hypertext Transfer Protocol Secure, meaning that transmission is actually encrypted. So the problem with HTTP traffic is, since it’s unencrypted you’re transferring information in plain text. So let’s take a look at what that actually means. So here I have a programme called DVWA.

And this is a programme designed to be vulnerable. So what I’m going to do is I’m going to start up a Wireshark transmission here. And let me X out of that. And here is Wireshark. So Wireshark is a packet sniffing programme. It’s designed to analyse network traffic. So I’m just going to select my connection here. I’m going to start up my Wireshark. OK, and we’re going to go back to the browser. So here’s DVWA again. This is a vulnerable system designed to be exploited. So right now I’m sniffing traffic going to this web page here. So I’m going to type in “admin”. And then I’m going to type in the password for this.

OK, and I’m going to be logged in. So here I’m logged in. And again, this is over HTTP traffic. So I’m going to stop this capture here. I’m going to type in HTTP. And we’re going to take a look at the HTTP traffic. OK, let me Zoom in a little bit here. And if I scroll down in here, we could see in here all the traffic here. It’s actually started analysing all the traffic. And we can see username equals admin, and password equals password, which is correct. It is admin and password. So I could be on any website over HTTP. And potentially, if someone’s running a packet sniffer, such as Wireshark, they could see my password and login information.

If I ran this over HTTPS, however, that transmission would be encrypted. I wouldn’t be able to just look at it over a packet sniffer like this. So that’s the main importance of using a HTTPS. So let’s continue here.

So final remarks: HTTPS should always be used whenever possible. HTTP traffic should be avoided if you can avoid it. And remember, log in through HTTP. Transmit your login and password in plain text. So anyone running a packet sniffer, such as we saw in Wireshark, can intercept that information and get your login credentials and password. So you do need be very careful about that. So in the next video, we’ll be taking a look at download precautions and hash checking in download best practises. Thank you for watching. I’ll see you in the next video.