Behind the Browser: What Happens When You Type a URL

A URL (Uniform Resource Locator) is a structured address that identifies the location of a specific resource on the web. Think of it as the digital equivalent of a physical street address.

A typical URL contains:

DNS Resolution - Finding the Address

When you enter a URL such as www.reinventsecurity.org/blog/llm03, the Domain Name System (DNS) translates that human-readable domain into a machine-readable IP address (e.g., 207.10.0.3).

DNS as the Internet's Phonebook:

Just like saving contact names instead of phone numbers, DNS maps domain names to IP addresses.

DNS Lookup Process:

• Local Cache Check: Your browser, operating system, router, and ISP caches are checked for a stored IP.
• Recursive Resolver Engagement: If not cached, the resolver queries a hierarchy of DNS servers:
  • Root DNS Server
  • Top-Level Domain (TLD) Server
  • Authoritative DNS Server

Once resolved, the IP is returned to the browser, enabling it to locate the destination server.

Source: Atakan Serbes via Medium

TCP Handshake & Secure Connection

Before any data is exchanged, the browser and web server perform a TCP handshake to establish a reliable connection:

• SYN: Client sends synchronisation packet.
• SYN-ACK: Server acknowledges and responds.
• ACK: Client confirms readiness.

Source: Atakan Serbes via Medium

HTTPS and TLS/SSL:

If the URL uses HTTPS, the connection is further secured using TLS/SSL protocols. This ensures that the data exchanged is encrypted via public key cryptography, making it unreadable to unauthorised actors.

HTTP Request/Response Cycle

With the connection established, the browser sends an HTTP request to the server. A typical request includes:

HTTP Response:

Once processed, the server returns an HTTP response:

This includes a status code (200 OK), content type, and the HTML content.

Webpage Rendering

The browser receives the HTML response and initiates web rendering, which involves:

• Constructing the DOM (Document Object Model)
• Applying CSS (styling)
• Executing JavaScript
• Loading additional assets like images, fonts, and videos

The output is a fully functional, user-friendly webpage.

Source: Atakan Serbes via Medium

Why This Matters: Security Implications at Every Layer

Understanding this process is crucial for strengthening application security.

Key Threats and Mitigations:

• DNS Spoofing: Malicious redirection of DNS queries. A 2020 DNS hijacking campaign linked to state-backed actors targeted major telecoms and government agencies by redirecting traffic from legitimate domains to malicious proxies.

  Mitigation: Secure your DNS infrastructure.

• Man-in-the-Middle (MitM) Attacks: Interception of unencrypted traffic.

  Mitigation: Enforce TLS/SSL (HTTPS).

• Injection Attacks and XSS: Malicious data inputs.

  Mitigation: Robust input validation and Content Security Policies.

• DDoS Attacks: Overwhelming traffic to disrupt service.

  Mitigation: Implement rate-limiting and scalable DDoS protection.

The next time you type a URL into your browser, remember: you're triggering a sophisticated chain of operations designed to connect, retrieve, secure, and display information seamlessly.