3

This is what I am trying to do:

  1. Open a browser and start to browse any https website like Gmail or Google.com

  2. I can see through Wireshark that the name resolution is being done by the DNS server.

  3. But after that, the connection is directly established to port 443 (starting from TCP handshake)

  4. One thing I am not able to understand is, how does the browser knows that it needs to connect to port 443, I tried exploring the DNS packet, but it contains only the destination address, and there is no info which tells that it needs to connect to port 443.

  5. Even if say, the browser has a priority in querying for the first time, it sees that if the port 443 is open then connect to it or connect to port 80, but I am not able to see any such behavior if I connect to a normal HTTP website, in the sense that, if I go to a normal HTTP website, there is no traffic flow from the browser indicating that it had searched first the port 443 and then went to port 80.

I am sure that I am missing something here, but not sure what it is.

informatik01
  • 16,038
  • 10
  • 74
  • 104
hsengiv86
  • 69
  • 2
  • 6

3 Answers3

4

The presence of https: in the URL tells it that.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • 1
    No, my question, was how the browser knows it needs to send the data to port 443(https) – hsengiv86 Mar 29 '15 at 00:17
  • 1
    You told it to browse to an HTTPS URL. You said so. When it sees `https:` it knows that the default port number is 443. Or else you browsed to `http:google.com` and it got an HTTP redirect, but you didn't say you'd seen that in the packet sniff. – user207421 Mar 29 '15 at 00:58
  • 2
    I am sorry, I think I did not explain properly, what I was trying to do is, in the chrome browser, I just typed dropbox.com and it took me directly to "https version of dropbox", and when I am sniffing the packets, I am not seeing any redirects, so I am not sure, how the browser knows that it needs to take me to "https version of dropbox" instead of "http version of dropbox" – hsengiv86 Mar 29 '15 at 01:33
  • hmm, when googling I found out http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security, but wonder where they keep tab of the https website, I am pretty sure that is not stored some where locally, so to retrieve the list, some packet flow should happen, but is not happening – hsengiv86 Mar 29 '15 at 01:38
  • HSTS allows a server to specify a timeframe during which the policy must be applied. If your browser had visited Dropbox before and received a `Strict-Transport-Security` header specifying such a timeframe, and you are still within that timeframe, any subsequent HTTP request your browser makes to Dropbox is automatically upgraded to HTTPS. This is clearly explained in the [link](http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) you provided. – Remy Lebeau Mar 29 '15 at 08:09
  • Thanks Remy, my mistake, I did not read it completely,let me clear my cache and try it out – hsengiv86 Mar 29 '15 at 21:52
  • 1
    @RemyLebeau But how the browser at beginning know whether it should connect to port 80 or 443? – Ravi Raj Nov 19 '20 at 12:28
  • 1
    @RaviRaj if a browser has never visited a given site before, or is not tracking any HSTS info for it, then it simply *does not know* whether that site uses HTTP or HTTPS. So, if a URL is entered without `http:` or `https:` or an explicit port specified, then the browser has no choice but to just try both schemes and see which one works. HTTPS is very common nowadays, so a browser is likely to try that one first, and then fallback to HTTP if needed. – Remy Lebeau Nov 19 '20 at 15:19
1

The browser (client) uses the HTTP or HTTPS in the address to determine which port to use... However the server can be configured to require HTTPS, and to switch/redirect an HTTP port 80 connection to HTTPS port 443 with encryption & certificate. So if the browser connects to a server via HTTP port 80, the server can then immediately switch/redirect the connection to HTTPS port 443. The server may even be configured the other way around to switch/redirect a connection from HTTPS port 443 to HTTP port 80.

DVOPS
  • 36
  • 4
0

I think this is sort of like asking why does a FTP client use the FTP port

Unless you specify a port with "http://...:port" the browser uses 80 for http and 443 for https as thats what the protocol defines but....

A server may respond with a "Strict-Transport-Security: max-age=..." and the browser is then required to retry on https and remember this

In addition Chrome , see HSTS, ships with a large preseeded HSTS list so even if you type http for a site in the HSTS list - the browser will look at its HSTS configuration see that the site is specified and instead change to HTTPS on port 443 without trying http on port 80 first

Ross
  • 186
  • 1
  • 8