Hello, Stranger!

This site is designed to serve as an introduction to the basics of web hacking.

Stumbled here on accident?

Here's the main site.

Still here? Great!

We are about to go on an amazing journey together.

There's a bunch of hidden gems on this site for you to discover.

But your journey starts here: understanding what the web is.

What is the Web, Anyway?

To understand how the web works, let me tell you a tale of two builders.

A Tale of Two Builders

Web Browsers: The Builders

Once upon a time, in the early days of the web, there were two builders called Netscape and Internet Explorer.

Web Developers: The Architects

Both builders were very good at building websites, but required skilled architects to design blueprints, called HTML documents, before they are able to build anything. Every major organization wanted a presence on the World Wide Web, so they hired architects to build blueprints that best represented their interests.

Web Users: The Clients

At the same time, everyone with a computer wanted to see the latest architectural projects, so they hired either one of the two builders to build the blueprints for them.

Netscape Navigator
Netscape Navigator, a dominant web browser in the 1990s

The Browser Wars

Soon, the two builders started competing.

Netscape wanted to differentiate his services, so he said: “I’ve learnt how to make things blink! If you use <blink> in your blueprints, I’ll build it!” People loved that idea, so they flocked to Netscape.

Architects loved the extra business, so they designed their blueprints specifically for Netscape. The same blueprint would not be understood by Internet Explorer.

But some people loved Internet Explorer too, and were furious that they couldn’t build their favorite designs on it.

This became a huge problem — architects had to learn how to design blueprints for two builders that eventually spoke completely different languages.

First Browser War
The First Browser War

Web Standards, and a Truce

Eventually, the World Wide Web Consortium managed to convince both builders to stick to the same design language, and the best builders since then — Google Chrome, Firefox, Opera, etc. — have stuck to this honour code.

Now, architects only have to design one blueprint, and when you type in www.google.com, you can trust that whichever builder you use will give you the “correct” version of that website.

An agreement
An agreement was made, and the builders lived happily ever after

Let's Recap

Between the time you type www.google.com and Google's homepage is rendered...

  1. Your builder, Google Chrome, will send a request to Google’s server.
  2. Google’ server will find the blueprint, a HTML document, designed by their architect, and send it to your builder.
  3. Your builder — who knows how to read HTML just like you know how to read English — reads the HTML document, and starts building the website.

What you see on this screen right now is your builder's interpretation of the blueprint. While there may be small differences between how builders intepret blueprints, particularly when recognizing and fixing new security vulnerabilities, their honour code ensures that what you see is most likely what the architect intended you to see.

The Challenge

Sometimes, viewing the original HTML document received by the browser can give us some interesting information.

Try it yourself! View the original HTML (this feature is commonly called viewing the page source) and see if you can find any interesting information.

How to do this varies between browsers and operating systems. As with most things in ethical hacking, Google can be your best friend.