I've been playing around with Wireshark, and I've noticed that certain websites behave differently when initializing an https connection. The first website I was testing with was Bank of America, and it behaved exactly as I expected when I entered "bankofamerica.com" into my address bar.
The control flow was as follows:
- Send DNS request
- Set up TCP connection over port 80 (TCP Handshake)
- Send a GET / HTTP/1.1
- Receive 301 Moved Permanently to https://www.bankofamerica.com
- Set up TCP connection over 443
- Set up TLS and send data
That's exactly what I'd expect to happen. However, when I entered "facebook.com" into my address bar, the following occured:
- Send DNS request
- Set up TCP connection over port 443
- Set up TLS and send data
How is it possible that the connection was able to skip over the HTTP request, even though I didn't specify HTTPS in my address bar? I've tried clearing my browser cache, resetting my router, and even looking in the DNS RFC to see if there was some "https only" flag (as I expected, there wasn't).
I was able to generate a 301 Moved Permanently (however it was to http://www. NOT https://www.) when I used netcat:
nc facebook.com 80\n
GET / HTTP/1.0\n\n
But I have no idea how (even after deleting my cache) it's skipping over the http part in a browser connection. I'm worried that I don't understand a fundamental part in how http/https works. Any help would be appreciated.
Thanks
