HTTP Client Test Suite Data Sheet
Test Suite:
HTTP Client Test Suite
Direction:
Client

Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This test suite can be used to test HTTP Client implementations for security flaws and robustness problems.

Used specifications

Specification
Title
Notes
RFC850
Standard for Interchange of USENET Messages
RFC1123
Requirements for Internet Hosts - Application and Support
RFC1808
Relative Uniform Resource Locators
RFC1945
Hypertext Transfer Protocol -- HTTP/1.0
RFC2068
Hypertext Transfer Protocol -- HTTP/1.1
RFC2109
HTTP State Management Mechanism
RFC2396
Uniform Resource Identifiers (URI): Generic Syntax
RFC2616
Hypertext Transfer Protocol -- HTTP/1.1
RFC2617
HTTP Authentication: Basic and Digest Access Authentication
RFC2743
Generic Security Service Application Program Interface Version 2, Update 1
RFC2965
HTTP State Management Mechanism
RFC3986
Uniform Resource Identifier (URI): Generic Syntax
RFC4178
The Simple and Protected Generic Security Service Application Program Interface (GSS-API) Negotiation Mechanism
RFC5322
Internet Message Format
Date format only
RFC5861
HTTP Cache-Control Extensions for Stale Content
RFC5987
Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters
RFC5988
Web Linking
RFC6266
Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)
RFC7230
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
RFC7231
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
RFC7232
Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests
RFC7233
Hypertext Transfer Protocol (HTTP/1.1): Caching
RFC7234
Hypertext Transfer Protocol (HTTP/1.1): Range Requests
RFC7235
Hypertext Transfer Protocol (HTTP/1.1): Authentication
RFC7615
HTTP Authentication-Info and Proxy-Authentication-Info Response Header Fields
RFC7616
HTTP Digest Access Authentication
RFC7617
The 'Basic' HTTP Authentication Scheme
draft-hixie-thewebsocketprotocol-35
The Web Socket protocol
MS-NLMP
NT LAN Manager (NTLM) Authentication Protocol Specification
MS-SPNG
Simple and Protected Generic Security Service Application Program Interface Negotiation Mechanism (SPNEGO) Protocol Extensions

Tool-specific information

Supported features
Specifications
Notes
HTTP over TCP
RFC7230
HTTP over TCP (HTTP).
HTTP over TLS
RFC7230, RFC2818
HTTP over TLS (HTTPS).
Basic Authentication
RFC2617
HTTP Basic Authentication mechanism.
Digest Access Authentication
RFC2617
HTTP Digest Access Authentication mechanism.
Deflate content encoding
RFC1951
DEFLATE compressed data format for HTTP content.
GZIP content encoding
RFC1952
GZIP file format compression method for HTTP content.

Unsupported features
Notes
Specifications
WebSocket frames
draft-hixie-thewebsocketprotocol-35
Suite doesn't support WebSocket connection initiation or frames during test run.
Web applications over HTTP
N/A
Suite doesn't support fuzzing web application specific logic over HTTP.

Tested messages
Notes
Specifications
101 - Switching Protocols
RFC2616
200 - OK
RFC2616
301 - Moved Permanently
RFC2616
401 - Unauthorized
RFC2616
407 - Proxy Authentication Required
RFC2616
503 - Service Unavailable
RFC2616
The Web Socket Handshake
draft-hixie-thewebsocketprotocol-35
Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis
Contact Us