当前位置:网站首页>02 basic introduction - data package expansion
02 basic introduction - data package expansion
2022-07-06 20:16:00 【Richo Banno】
One 、 Website resolution corresponds to
The level of attack involved ?( Source code , Build a platform , System , Network layer, etc )
Safety issues involved ?( Catalog , Sensitive document , Weak password ,IP And domain names )
Two 、HTTP/S Data packets
Request Request packet
Response Return packet
proxy Agency service
HTTP Brief communication process
Establishing a connection (tcp)——> Send request packets ( Socket )——> Return the response packet ——> Close the connection
Empathy ,https yes HTTP Key and certificate are added on the basis of
1. Browser establishment and web Connections between servers
2. The browser packages the requested data ( Generate request packet ) And send it to web The server
3.web The server packages the processing results ( Generate response packets ) And send it to the browser
4.web The server closes the connection
3、 ... and 、Request Request packet data format
- Request line : Request type / Request resource path 、 Version and class of the Protocol
- Request header : Some key value pairs , Browser and web Servers can send , A specific meaning
- Blank line : A blank line is used to separate the request header from the request body ;
- Request body : Data to send ( commonly post Submission will use ); example :user=123&pass=123
1. Request line
The request line consists of three tags : Request method 、 request URL and HTTP edition , They share with spaces .
for example : Analyze with Baidu homepage
Request line GET
URL www.baidu.com/home/xman/data/tipspluslist?indextype=manh&_regseqid=0xcfa95b6d000d1ef1&asyn=1&
t=1629891539520&sid=31254_2635
HTTP edition HTTP1.1
HTTP The plan defines 8 Two possible request methods :
- GET: retrieval URL A simple request to identify resources in
- HEAD: And GET In the same way , The server returns only the status line and header , The requested document is not returned
- POST: The server accepts a request to write data to the client output stream
- PUT: The server saves the request data as the specified data URL Requests for new content DELETE: Server delete URL Request for resources in the command
- DELETE: Server delete URL Request for resources in the command
- OPTIONS: A request for information about the request method supported by the server
- TRACE:web Server feedback Http Request and its header
- CONNECT : Documented , But a method that is not currently implemented , Reserved for tunnel treatment
2. Request header
By keyword / Value pairs , Each row of a pair of , Keywords and values are shared with colons . The request header notifies the server of the functionality and identity of the client .
- HOST: Host or domain address
- Accept: Refers to the browser or other customers can receive love MIME File format .Servlet It can be used to determine and return the appropriate file format
- User-Agent: Is the client browser name
- Host: Corresponding website URL Medium Web Name and port number
- Accept-Langeuage: Point out the languages that browsers can accept , Such as en or en-us, Refers to English
- connection: Used to tell the server whether it can maintain a fixed HTTP Connect .http It's disconnected ,HTTP/1.1 Use Keep-Alive As the default value , such , When the browser needs multiple files ( For example, a HTML Files and related graphic files ), You don't need to establish a connection every time
- Cookie: The browser uses this property to send... To the server Cookie.Cookie It's a small data body stored in a browser , It can record user information related to the server , It can also be used to realize conversation function
- Referer: Indicates the web page that generated the request URL. This property can be used to track Web What website did the request come from
- Content-Type: Used for table name request The type of content . It can be used HttpServletRequest Of getContentType() Method acquisition
- Accept-Charset: Indicate the character encoding that the browser can accept . The default for English browsers is ISO-8859-1
- Accept-Encoding: Point out how browsers can accept encoding . The encoding method is different from the file format . The browser is receiving Web Decode the response first , Then check the file format --- gzip, deflate, br
# Request Headers
POST /adduser HTTP/1.1 # Use post delivery
Host: localhost:8030
Connection: keep-alive
Content-Length: 16
Pragma: no-cache
Cache-Control: no-cache
Origin: chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/66.0.3359.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
# Form Data
name=name&age=11
3. Blank line
A blank line is used to separate the request header from the request body ; The last request header is followed by an empty line , Send carriage return and fallback , Notify the server that there are no more headers below .
4. Request data
Use POST delivery , The most commonly used is Content-Type and Content-Length The head sign .
Four 、Response Return packet data format
Response Object is used to dynamically respond to client requests , Control the information sent to the user , And the response will be generated dynamically .Response Object provides a collection of data cookie, It's used to write... On the client side cookie value .
1. Response Request packet data format
A response consists of four parts ; Status line 、 Response header 、 Blank line 、 The response data .
1. Status line : Protocol version 、 Status code and status description in digital form , The elements are separated by spaces
2. Response header : Contains the server type 、 date 、 length 、 Content type, etc
3. Blank line : The response header and the response body are separated by a blank line
4. The response data : The browser will take out the data in the entity content , Generate the corresponding page
Response header
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3931
Content-Type: text/html; charset=utf-8
Date: Wed, 08 Jun 2022 14:16:44 GMT
Keep-Alive: timeout=4
Product: Z-BlogPHP 1.6.6 Valyria
Proxy-Connection: keep-alive
Server: Apache/2.4.46 (Win32) OpenSSL/1.1.1g mod_fcgid/2.3.9a
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.45
X-Xss-Protection: 1; mode=block
The response data
HTTP Response code
1xx: Information , Request received , To continue processing
2xx: success , Behavior is successfully accepted 、 Understanding and adoption
3xx: Redirect , In order to complete the request , Actions that must be performed further
4xx: Client error
5xx: Server error
200 There are files
403 Folder exists
30 There may be
404 No files and folders exist
500 There may be
Burp Caught analysis
# Return to success ---200
# Return failed ---404
Analyze the header and load part of the upper layer protocol
Visit the webmaster's home and modify the user information as JavaScript Code to pop-up effect
https://ip.tool.chinaz.com/
<script>alert(123)</script>
APP Data packets
operation :burp Grab the data package copy of the simulator , Then grab the data package of the browser and modify it to the sending of the simulator
error analysis
Burp Grab browser packets , Browser direct access will report an error
The reason is that the model or browser data package that restricts access is incomplete
The correct approach
When sending packets, make sure that the browser sends the simulator packets
Referer
Referer: Indicates the web page that generated the request URL. This property can be used to track Web What website did the request come from
add to referer Resend the past
Browser information forgery
User-Agent: Is the client browser name
http Movement practice
URL Too long , Transferring data to browsers should not use get Method , But use post
Tips :Post The transmitted data is at the end , Most commonly used Content-Type and Content-Length The head sign , The transmission parameter needs to be changed to the end
Defect analysis of voting system programming

1、 add to X-Forwarded-For attribute , And add an arbitrary IP

2、 Send to tester and modify IP Parameter is variable


3、 Use payload , Set the maximum and starting values of variables and increment each time , Repeat twice ( Because there are two values )

Be careful : The above settings need to change the payload set to 2, Set it again
4、 Start voting

5、 Wait for the progress bar to end , The voting is complete

6、 Refresh the page , Successfully get KEY

边栏推荐
- Tencent Android interview must ask, 10 years of Android development experience
- 8086 instruction code summary (table)
- Tencent byte and other big companies interview real questions summary, Netease architects in-depth explanation of Android Development
- Digital triangle model acwing 1018 Minimum toll
- Tips for web development: skillfully use ThreadLocal to avoid layer by layer value transmission
- Anaconda安裝後Jupyter launch 沒反應&網頁打開運行沒執行
- Synchronization of data create trigger synchronization table for each site
- AddressSanitizer 技术初体验
- logstash高速入口
- Case ① | host security construction: best practice of 3 levels and 11 capabilities
猜你喜欢
Redisson bug analysis
腾讯字节阿里小米京东大厂Offer拿到手软,老师讲的真棒
【云原生与5G】微服务加持5G核心网
Introduction to enterprise lean management system
Anaconda安装后Jupyter launch 没反应&网页打开运行没执行
02 基础入门-数据包拓展
语音识别(ASR)论文优选:全球最大的中英混合开源数据TALCS: An Open-Source Mandarin-English Code-Switching Corpus and a Speech
OceanBase社区版之OBD方式部署方式单机安装
腾讯T3大牛手把手教你,大厂内部资料
数字三角形模型 AcWing 1018. 最低通行费
随机推荐
HMS Core 机器学习服务打造同传翻译新“声”态,AI让国际交流更顺畅
RT thread I2C tutorial
深度学习分类网络 -- ZFNet
Example of applying fonts to flutter
Unity making plug-ins
A5000 vGPU显示模式切换
Vscode debug run fluent message: there is no extension for debugging yaml. Should we find yaml extensions in the market?
01 基础入门-概念名词
棋盘左上角到右下角方案数(2)
范式的数据库具体解释
腾讯T3手把手教你,真的太香了
Anaconda安装后Jupyter launch 没反应&网页打开运行没执行
Unity makes AB package
Web开发小妙招:巧用ThreadLocal规避层层传值
SSH connection denied
8086指令码汇总表(表格)
Groovy basic syntax collation
Linear distance between two points of cesium
Node.js: express + MySQL实现注册登录,身份认证
5. Wireless in vivo nano network: top ten "feasible?" problem