Getting started with basics - packet expansion
Website resolution correspondence
-
briefly Website construction process
-
Attack level involved
Source code, build platform, system, network layer, etc
-
Safety issues involved
Directory, sensitive file, weak password, IP and domain name, etc
HTTP/S packet
Browser direct access to server
Request packet
• request line: request type / request resource path, protocol version and type
• request header: some key value pairs can be sent between the browser and the web server, with a specific meaning
• blank line: the request header is separated from the request body by a blank line
• request body: the data to be sent (usually used for post submission), for example, user = 123 & pass = 123
The following is a Request packet
GET / HTTP/1.1 Host: www.baidu.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: BAIDUID=DF85C12211175FD67D599BC8A06EB4B2:FG=1; BIDUPSID=DF85C12211175FD6D8AC7AF7356EF11F; PSTM=1571798152; BD_UPN=13314752; COOKIE_SESSION=251208_1_7_5_8_6_0_0_5_5_0_0_251207_0_1_0_1580795676_1580539587_1580795675%7C9%235096250_55_1580539585%7C9; BDRCVFR[Fc9oatPmwxn]=mk3SLVN4HKm; delPer=0; BD_CK_SAM=1; PSINO=1; H_PS_PSSID=1465_21124_26350_30496; H_PS_645EC=d0f32cF5kQJ3ZcmKhkebQhVlmvrVbJe34vcNJntPlQBU7X%2BEF0T1MJCfpt5UZln7q4OU; BDORZ=FFFB88E999055A3F8A630C64834BD6D0; BD_HOME=0 Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0
Request line
The request line consists of three Tags: the request method, the request URL, and the HTTP version, which are separated by spaces
For example: GET /index.html HTTP/1.1
The HTTP plan defines nine possible request methods:
GET: Request the specified page information and return the entity body HEAD: And GET The method is the same. The server only returns the status line and header, and does not return the request document POST: Submit data to the specified resource for processing requests (such as submitting forms or uploading files). The data is contained in the request body. POST Requests may result in the creation and of new resources/Or modification of existing resources PUT: The data transmitted from the client to the server replaces the contents of the specified document. DELETE: Requests the server to delete the specified page OPTIONS: Allows clients to view the performance of the server TRACE: Echo the request received by the server, which is mainly used for testing or diagnosis CONNECT: HTTP/1.1 The protocol is reserved for proxy servers that can change the connection to pipeline mode PATCH: Yes PUT Method is used to locally update known resources
Request header
By keyword/It is composed of value pairs, one pair per line, and keywords and values are shared with colons. The request header notifies the server of the functionality and identity of the client HOST: Host or domain name address Accept: It refers to the browser or other acceptable to customers MIME File format. Servlet It can be used to determine and return the appropriate file format User-Agent: Is the client browser name Host: Corresponding website URL Medium web Name and port number Accept-Langeuage: Indicate the language types that the browser can accept, such as en or en-us,Refer to English connection: Used to tell the server whether it can maintain a fixed HTTP connect. http No connection Cookie: The browser uses this property to send to the server Cookie. Cookie It is a small data body registered in the browser. It can record user information related to the server and can also be used to realize the session function Referer: Indicates the web page that generated the request URL. Such as from web page/icconcept/index.jsp Click a link to the web page/icwork/search,When sending to the server GET/icwork/search In the request in, Referer yes http://hostname:8080/icconcept/index.jsp. This property can be used to track which website the web request comes from Content-Type: Used to indicate request The content type of the. Can use HttpServletRequest of getContentType()Method acquisition Accept-Charset: Indicates the character encoding acceptable to the browser. The default value for English browsers is ISO-8859-1 Accept-Encoding: Indicates the encoding method acceptable to the browser. The encoding method is different from the file format. It is to compress the file and speed up the file transfer speed. Browser received web The response is decoded before checking the file format
Blank line
The last request header is followed by an empty line. Send a carriage return and a return line to notify the server that there is no header below
Request data
Using POST delivery, the content type and content length headers are most commonly used
Reponse return packet
• a response consists of four parts: status line, response header, blank line and response data
Status line: protocol version, status and status description in digital form. Each element is separated by a space Response header: including server type, date, length, content type, etc Blank line: the response header and the response body are separated by blank lines Response data: the browser will take out the data in the entity content and generate the corresponding page
• HTTP response code:
1xx: message, request received, continue processing
2xx: success, behavior is successfully accepted, understood and adopted
3xx: redirection, an action that must be performed further in order to complete the request
4xx: client error
5xx: server error
200 existing files
403 existing folder
3xx may exist
404 no files and folders exist
500 may exist
• response header
Like request headers, they indicate the functionality of the server and identify the details of the response data
• blank line
The last response header is followed by an empty line. Send a carriage return and a return line, indicating that there is no header below the server
• response data
HTML documents and images, that is, HTML itself
The browser accesses the server through a proxy
(1) Request packet
(2) Proxy proxy server
(3) Reponse return packet
About HTTP and HTTPS
The difference between HTTP and HTTPS
- For HTTP plaintext transmission, the data is unencrypted and has poor security. The HTTPS (SSL+HTTP) data transmission process is encrypted and has good security.
- To use HTTPS protocol, you need to apply for a certificate from CA (Certificate Authority). Generally, there are few free certificates, so you need to pay a certain fee. Certification authorities such as Symantec, Comodo, GoDaddy and GlobalSign.
- The response speed of HTTP page is faster than that of HTTPS, mainly because HTTP uses TCP three-time handshake to establish a connection, and the client and server need to exchange three packets. In addition to the three packets of TCP, HTTPS also needs nine packets for ssl handshake, so there are 12 packets in total.
- http and https use completely different connection modes and different ports. The former is 80 and the latter is 443.
- HTTPS is actually an HTTP protocol built on SSL/TLS. Therefore, HTTPS consumes more server resources than http.
Brief communication process of HTTP and HTTPS
(1) HTTP communication process
- The browser establishes a connection with the web server
- The browser sends the request packet (generates the request packet) to the web server
- The web server packages the processing results (generates response packets) and sends them to the browser
- The web server closes the connection
(2)HTTPS communication process