The Request Journey & Where Attacks Live

When you type https://saarathiacademy.com and press Enter, four questions get answered: how does my computer find the site, connect to it, verify it is legitimate, and draw it on screen? Each answer is a step, and each step is where a different family of attacks lives.

Step 1, Browser

Before touching the network, the browser checks its cache, cookies, existing connections, and DNS cache.

Attacks here: malicious browser extensions, cookie theft, and XSS (malicious script running in your page).

Step 2, DNS (the phonebook)

Your computer only knows IP addresses, so it asks DNS to convert a name into a number:

google.com   →   142.250.x.x

Attacks here: DNS cache poisoning and malicious DNS servers that lie and send you to the wrong IP.

Step 3, TCP connection

With an IP in hand, the browser opens a TCP connection using the three-way handshake (SYN, SYN-ACK, ACK) before any real data flows.

Attacks here: SYN floods (exhaust the server with half-open connections) and port scanning (mapping which services are open).

Step 4, TLS

Once the TCP pipe exists, TLS turns it private: the two sides agree on keys and encrypt everything after. This is also where the site proves its identity with a certificate.

Attacks here: downgrade tricks, certificate problems, and users clicking past warnings.

Step 5, HTTP request

Inside the encrypted pipe the browser sends a request:

GET / HTTP/1.1
Host: example.com
User-Agent: Chrome

Attacks here: SQL injection, XSS, CSRF, and header manipulation, all the classic web-app bugs.

Step 6, Server response

The server replies with headers and a body (HTML, JSON, an image). The browser renders it, and the loop can repeat for the next resource.

Attacks here: leaked data in responses, insecure headers, and content that smuggles in step-5 attacks.

The big idea

Browser → DNS → TCP → TLS → HTTP request → response
   1       2     3      4        5            6

Almost every attack you will ever study attaches to one of these six slots. When something looks wrong, your first move is to ask: which step is this?

Try it

Run dig example.com in the terminal, that is Step 2 in isolation. Then ping example.com touches the lower network layers. You are walking the journey by hand.

The Request Journey & Where Attacks Live

Step 1, Browser

Before touching the network, the browser checks its cache, cookies, existing connections, and DNS cache.

Attacks here: malicious browser extensions, cookie theft, and XSS (malicious script running in your page).

Step 2, DNS (the phonebook)

Your computer only knows IP addresses, so it asks DNS to convert a name into a number:

google.com   →   142.250.x.x

Attacks here: DNS cache poisoning and malicious DNS servers that lie and send you to the wrong IP.

Step 3, TCP connection

With an IP in hand, the browser opens a TCP connection using the three-way handshake (SYN, SYN-ACK, ACK) before any real data flows.

Attacks here: SYN floods (exhaust the server with half-open connections) and port scanning (mapping which services are open).

Step 4, TLS

Once the TCP pipe exists, TLS turns it private: the two sides agree on keys and encrypt everything after. This is also where the site proves its identity with a certificate.

Attacks here: downgrade tricks, certificate problems, and users clicking past warnings.

Step 5, HTTP request

Inside the encrypted pipe the browser sends a request:

GET / HTTP/1.1
Host: example.com
User-Agent: Chrome

Attacks here: SQL injection, XSS, CSRF, and header manipulation, all the classic web-app bugs.

Step 6, Server response

The server replies with headers and a body (HTML, JSON, an image). The browser renders it, and the loop can repeat for the next resource.

Attacks here: leaked data in responses, insecure headers, and content that smuggles in step-5 attacks.

The big idea

Browser → DNS → TCP → TLS → HTTP request → response
   1       2     3      4        5            6

Almost every attack you will ever study attaches to one of these six slots. When something looks wrong, your first move is to ask: which step is this?

Try it

Run dig example.com in the terminal, that is Step 2 in isolation. Then ping example.com touches the lower network layers. You are walking the journey by hand.

The Request Journey & Where Attacks Live

What you'll learn

The Request Journey & Where Attacks Live

Step 1, Browser

Step 2, DNS (the phonebook)

Step 3, TCP connection

Step 4, TLS

Step 5, HTTP request

Step 6, Server response

The big idea

Try it

Check your understanding

What you'll learn

The Request Journey & Where Attacks Live

Step 1, Browser

Step 2, DNS (the phonebook)

Step 3, TCP connection

Step 4, TLS

Step 5, HTTP request

Step 6, Server response

The big idea

Try it

Check your understanding