determining HTTP version using raw sockets in C

Question

I am trying to create raw sockets in C/C++, then create a request message and then send that message to a target server. If the port I specify happens to be 80 I want to send a HTTP request to determine the HTTP version that the target server is using. For e.g I send GET HTTP/1.0 to www.google.com.

For some servers it returns HTTP/1.1 400 bad request. While in some cases it responds with an XML message. I know the GET command is wrong since I am not specifying any object to actually GET. So is there a generic way to do this?

Answer 1

GET / HTTP/1.0\r\n
Host: www.google.com\r\n
\r\n

This is a basic HTTP request. Alternatively, you can use HEAD instead of GET, sinse you only want the headers, but some basic servers don't recognize HEAD as a valid method.

Not every server will support HTTP/1.0, they will most likely ignore this and answer as HTTP/1.1, others will just ape the version in your request and not really mean it.

It can be frustrating to try to determine the HTTP version in a random server. Perhaps you should instead use 1.1 in the request and see if the server answers with 1.0, I believe it may be the safest way to know if the server is at least giving a damn.

Answer 2

You will have to progressively try each version of HTTP. For example, if I query google.com with HTTP 1.0, it will respond with HTTP 1.0:

$ printf "HEAD / HTTP/1.0\nHost: google.com\n\n" | nc google.com 80
HTTP/1.0 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Nov 2013 19:44:42 GMT
Expires: Thu, 26 Dec 2013 19:44:42 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic

If I query it with HTTP 1.1, it will respond with HTTP 1.1:

$ printf "HEAD / HTTP/1.1\nHost: google.com\n\n" | nc google.com 80
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Tue, 26 Nov 2013 19:44:47 GMT
Expires: Thu, 26 Dec 2013 19:44:47 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic

Answer 3

Try:

HEAD / HTTP/1.0\r\n
\r\n

Or:

GET / HTTP/1.0\r\n
\r\n

The first line of the servers response should contain the HTTP version. Note that some servers will return 400 Bad Request if the Host: <hostname> is omitted from the header (which is not required in 1.0, but in 1.1). I would do:

Try:

HEAD / HTTP/1.0\r\n
Host: <hostname>\r\n
\r\n

Or:

GET / HTTP/1.0\r\n
Host: <hostname>\r\n
\r\n

If you don't require the message body, you should use HEAD as it will require less data to receive.