Yes, you have to specify a destination IP and port when using local forwarding. From man ssh:
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be
forwarded to the given host and port on the remote side.
Clearly, only the bind address is optional.
No, you can't specify a destination host or port when using dynamic forwarding. In dynamic forwarding, SSH acts as a SOCKS proxy. Again from the manpage (emphasis mine):
-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding.
This works by allocating a socket to listen to port on the local
side, optionally bound to the specified bind_address. Whenever a
connection is made to this port, the connection is forwarded over
the secure channel, and the application protocol is then used to
determine where to connect to from the remote machine. Currently
the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
as a SOCKS server.
With -L, SSH makes no attempt to understand the traffic. It just sends everything it receives on the local port to the target port - you determine the target port at the time the connection is made. With -D, SSH acts as a proxy server, and therefore can handle connections from multiple ports (for example, a browser configured to use it as a SOCKS proxy can then access HTTP, HTTPS, FTP, etc. over the same connection). And like with other proxy servers, it will use the traffic to determine the destination.
Best Answer
It doesn't. It creates a SOCKS proxy and the client talks the SOCKS protocol to say what it needs to do. There are no "http" requests at this layer.
The web browser speaks "SOCKS" language to say 'connect me to XYZ' and once the connection is made then it speaks HTTP (or HTTPS) to the remote server.
Similarly, a SOCKS aware SMTP client could talk SOCKS and say 'connect me to ABC' and then speaks SMTP.