Status Codes

Each HTTP response message must contain a status code in its first line, indicating the result of the request. The status codes fall into five groups, according to the first digit of the code:

■ 1xx — Informational.
■ 2xx — The request was successful.
■ 3xx — The client is redirected to a different resource.
■ 4xx — The request contains an error of some kind.
■ 5xx — The server encountered an error fulfilling the request.

There are numerous specific status codes, many of which are used only in specialized circumstances. The status codes you are most likely to encounter when attacking a web application are listed here, together with the usual reason phrase associated with them:

100 Continue — This response is sent in some circumstances when a client submits a request containing a body. The response indicates that the request headers were received and that the client should continue sending the body. The server will then return a second response when the request has been completed.

200 Ok — This indicates that the request was successful and the response body contains the result of the request.

201 Created — This is returned in response to a PUT request to indicate that the request was successful.

301 Moved Permanently — This redirects the browser permanently to a different URL, which is specified in the Location header. The client should use the new URL in the future rather than the original.

■ 302 Found — This redirects the browser temporarily to a different URL, which is specified in the Location header. The client should revert to the original URL in subsequent requests.

■ 304 Not Modified — This instructs the browser to use its cached copy of the requested resource. The server uses the If-Modified-Since and If-None-Match request headers to determine whether the client has the latest version of the resource.

400 Bad Request — This indicates that the client submitted an invalid HTTP request. You will probably encounter this when you have modified a request in certain invalid ways, for example by placing a space character into the URL.

■ 401 Unauthorized — The server requires HTTP authentication before the request will be granted. The WWW-Authenticate header contains details of the type(s) of authentication supported.

■ 403 Forbidden — This indicates that no one is allowed to access the requested resource, regardless of authentication.

■ 404 Not Found — This indicates that the requested resource does not exist.

■ 405 Method Not Allowed — This indicates that the method used in the request is not supported for the specified URL. For example, you may receive this status code if you attempt to use the PUT method where it is not supported.

■ 413 Request Entity Too Large — If you are probing for buffer overflow vulnerabilities in native code, and so submitting long strings of data, this indicates that the body of your request is too large for the server to handle.

■ 414 Request URI Too Long — Similar to the previous response, this indicates that the URL used in the request is too large for the server to handle.

■ 500 Internal Server Error — This indicates that the server encountered an error fulfilling the request. This normally occurs when you have submitted unexpected input that caused an unhandled error somewhere within the application’s processing. You should review the full contents of the server’s response closely for any details indicating the nature of the error.

■ 503 Service Unavailable — This normally indicates that, although the web server itself is functioning and able to respond to requests, the application accessed via the server is not responding. You should verify whether this is the result of any action that you have performed.

NEXT is ..HTTPS……,