When developping a website, you could need to send custom requests to your server so you can analyze its behavior and its responses.
If you’re not using secured protocol, that’s easy, you just need to connect to port 80 (usually) on your server and send your request as:
telnet www.python.org 80 GET /index.html HTTP/1.1 Host: www.python.org
You will immediately get the server response with the headers:
HTTP/1.1 301 Moved Permanently Server: Varnish Retry-After: 0 Location: https://www.python.org/index.html Content-Length: 0 Accept-Ranges: bytes Date: Fri, 06 Jun 2014 22:14:49 GMT Via: 1.1 varnish Connection: close X-Served-By: cache-fra1229-FRA X-Cache: MISS X-Cache-Hits: 0 Strict-Transport-Security: max-age=63072000; includeSubDomains
But now, if you want to send the same request to a server running on secured protocol (as HTTPS on port 443), you can’t use this method given that the request will be sent in plain text and the server won’t be able to understand it.
You will need to use the tool s_client provided with openssl. Once the tool is started, you wil immediately receive the certificate informations and will be able to send your request:
openssl s_client -connect www.python.org:443 [CERTIFICATE INFORMATION] --- GET /index.html HTTP/1.1 Host: www.python.org
You will immediately get the server response with the headers as previously (in my example, a 404 error is sent back due to a non-existing page requested):
HTTP/1.1 404 NOT FOUND Date: Fri, 06 Jun 2014 22:23:47 GMT Server: nginx Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Length: 28918 Accept-Ranges: bytes Via: 1.1 varnish Age: 0 X-Served-By: cache-lcy1128-LCY X-Cache: MISS X-Cache-Hits: 0 Vary: Cookie Strict-Transport-Security: max-age=63072000; includeSubDomains
That’s all folk 😉 !