当前位置:网站首页>02 basic introduction - data package expansion
02 basic introduction - data package expansion
2022-07-06 20:16:00 【Richo Banno】
One 、 Website resolution corresponds to
The level of attack involved ?( Source code , Build a platform , System , Network layer, etc )
Safety issues involved ?( Catalog , Sensitive document , Weak password ,IP And domain names )
Two 、HTTP/S Data packets
Request Request packet
Response Return packet
proxy Agency service
HTTP Brief communication process
Establishing a connection (tcp)——> Send request packets ( Socket )——> Return the response packet ——> Close the connection
Empathy ,https yes HTTP Key and certificate are added on the basis of
1. Browser establishment and web Connections between servers
2. The browser packages the requested data ( Generate request packet ) And send it to web The server
3.web The server packages the processing results ( Generate response packets ) And send it to the browser
4.web The server closes the connection
3、 ... and 、Request Request packet data format
- Request line : Request type / Request resource path 、 Version and class of the Protocol
- Request header : Some key value pairs , Browser and web Servers can send , A specific meaning
- Blank line : A blank line is used to separate the request header from the request body ;
- Request body : Data to send ( commonly post Submission will use ); example :user=123&pass=123
1. Request line
The request line consists of three tags : Request method 、 request URL and HTTP edition , They share with spaces .
for example : Analyze with Baidu homepage
Request line GET
URL www.baidu.com/home/xman/data/tipspluslist?indextype=manh&_regseqid=0xcfa95b6d000d1ef1&asyn=1&
t=1629891539520&sid=31254_2635
HTTP edition HTTP1.1
HTTP The plan defines 8 Two possible request methods :
- GET: retrieval URL A simple request to identify resources in
- HEAD: And GET In the same way , The server returns only the status line and header , The requested document is not returned
- POST: The server accepts a request to write data to the client output stream
- PUT: The server saves the request data as the specified data URL Requests for new content DELETE: Server delete URL Request for resources in the command
- DELETE: Server delete URL Request for resources in the command
- OPTIONS: A request for information about the request method supported by the server
- TRACE:web Server feedback Http Request and its header
- CONNECT : Documented , But a method that is not currently implemented , Reserved for tunnel treatment
2. Request header
By keyword / Value pairs , Each row of a pair of , Keywords and values are shared with colons . The request header notifies the server of the functionality and identity of the client .
- HOST: Host or domain address
- Accept: Refers to the browser or other customers can receive love MIME File format .Servlet It can be used to determine and return the appropriate file format
- User-Agent: Is the client browser name
- Host: Corresponding website URL Medium Web Name and port number
- Accept-Langeuage: Point out the languages that browsers can accept , Such as en or en-us, Refers to English
- connection: Used to tell the server whether it can maintain a fixed HTTP Connect .http It's disconnected ,HTTP/1.1 Use Keep-Alive As the default value , such , When the browser needs multiple files ( For example, a HTML Files and related graphic files ), You don't need to establish a connection every time
- Cookie: The browser uses this property to send... To the server Cookie.Cookie It's a small data body stored in a browser , It can record user information related to the server , It can also be used to realize conversation function
- Referer: Indicates the web page that generated the request URL. This property can be used to track Web What website did the request come from
- Content-Type: Used for table name request The type of content . It can be used HttpServletRequest Of getContentType() Method acquisition
- Accept-Charset: Indicate the character encoding that the browser can accept . The default for English browsers is ISO-8859-1
- Accept-Encoding: Point out how browsers can accept encoding . The encoding method is different from the file format . The browser is receiving Web Decode the response first , Then check the file format --- gzip, deflate, br
# Request Headers
POST /adduser HTTP/1.1 # Use post delivery
Host: localhost:8030
Connection: keep-alive
Content-Length: 16
Pragma: no-cache
Cache-Control: no-cache
Origin: chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/66.0.3359.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
# Form Data
name=name&age=11
3. Blank line
A blank line is used to separate the request header from the request body ; The last request header is followed by an empty line , Send carriage return and fallback , Notify the server that there are no more headers below .
4. Request data
Use POST delivery , The most commonly used is Content-Type and Content-Length The head sign .
Four 、Response Return packet data format
Response Object is used to dynamically respond to client requests , Control the information sent to the user , And the response will be generated dynamically .Response Object provides a collection of data cookie, It's used to write... On the client side cookie value .
1. Response Request packet data format
A response consists of four parts ; Status line 、 Response header 、 Blank line 、 The response data .
1. Status line : Protocol version 、 Status code and status description in digital form , The elements are separated by spaces
2. Response header : Contains the server type 、 date 、 length 、 Content type, etc
3. Blank line : The response header and the response body are separated by a blank line
4. The response data : The browser will take out the data in the entity content , Generate the corresponding page
Response header
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3931
Content-Type: text/html; charset=utf-8
Date: Wed, 08 Jun 2022 14:16:44 GMT
Keep-Alive: timeout=4
Product: Z-BlogPHP 1.6.6 Valyria
Proxy-Connection: keep-alive
Server: Apache/2.4.46 (Win32) OpenSSL/1.1.1g mod_fcgid/2.3.9a
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.45
X-Xss-Protection: 1; mode=block
The response data
HTTP Response code
1xx: Information , Request received , To continue processing
2xx: success , Behavior is successfully accepted 、 Understanding and adoption
3xx: Redirect , In order to complete the request , Actions that must be performed further
4xx: Client error
5xx: Server error
200 There are files
403 Folder exists
30 There may be
404 No files and folders exist
500 There may be
Burp Caught analysis
# Return to success ---200
# Return failed ---404
Analyze the header and load part of the upper layer protocol
Visit the webmaster's home and modify the user information as JavaScript Code to pop-up effect
https://ip.tool.chinaz.com/
<script>alert(123)</script>
APP Data packets
operation :burp Grab the data package copy of the simulator , Then grab the data package of the browser and modify it to the sending of the simulator
error analysis
Burp Grab browser packets , Browser direct access will report an error
The reason is that the model or browser data package that restricts access is incomplete
The correct approach
When sending packets, make sure that the browser sends the simulator packets
Referer
Referer: Indicates the web page that generated the request URL. This property can be used to track Web What website did the request come from
add to referer Resend the past
Browser information forgery
User-Agent: Is the client browser name
http Movement practice
URL Too long , Transferring data to browsers should not use get Method , But use post
Tips :Post The transmitted data is at the end , Most commonly used Content-Type and Content-Length The head sign , The transmission parameter needs to be changed to the end
Defect analysis of voting system programming
1、 add to X-Forwarded-For attribute , And add an arbitrary IP
2、 Send to tester and modify IP Parameter is variable
3、 Use payload , Set the maximum and starting values of variables and increment each time , Repeat twice ( Because there are two values )
Be careful : The above settings need to change the payload set to 2, Set it again
4、 Start voting
5、 Wait for the progress bar to end , The voting is complete
6、 Refresh the page , Successfully get KEY
边栏推荐
- HDU 1026 search pruning problem within the labyrinth of Ignatius and the prince I
- 22-07-05 upload of qiniu cloud storage pictures and user avatars
- Groovy basic syntax collation
- Recyclerview not call any Adapter method :onCreateViewHolder,onBindViewHolder,
- js获取浏览器系统语言
- An East SMS login resurrection installation and deployment tutorial
- Tips for web development: skillfully use ThreadLocal to avoid layer by layer value transmission
- 永磁同步电机转子位置估算专题 —— 基波模型类位置估算概要
- 深度学习分类网络 -- ZFNet
- 2022年6月语音合成(TTS)和语音识别(ASR)论文月报
猜你喜欢
腾讯T2大牛亲自讲解,跳槽薪资翻倍
New generation garbage collector ZGC
腾讯字节阿里小米京东大厂Offer拿到手软,老师讲的真棒
永磁同步电机转子位置估算专题 —— 基波模型与转子位置角
爬虫(14) - Scrapy-Redis分布式爬虫(1) | 详解
Notes on beagleboneblack
Special topic of rotor position estimation of permanent magnet synchronous motor -- fundamental wave model and rotor position angle
Example of applying fonts to flutter
【GET-4】
PowerPivot - DAX (first time)
随机推荐
How to handle the timeout of golang
An East SMS login resurrection installation and deployment tutorial
leetcode先刷_Maximum Subarray
Redisson bug analysis
Tencent T3 teaches you hand in hand. It's really delicious
Period compression filter
POJ 3207 Ikki&#39;s Story IV – Panda&#39;s Trick (2-SAT)
PowerPivot——DAX(初识)
【计网】第三章 数据链路层(4)局域网、以太网、无线局域网、VLAN
腾讯云数据库公有云市场稳居TOP 2!
JVM_常见【面试题】
js实现力扣71题简化路径
B-杰哥的树(状压树形dp)
(3) Web security | penetration testing | basic knowledge of network security construction, IIS website construction, EXE backdoor generation tool quasar, basic use of
RT-Thread 组件 FinSH 使用时遇到的问题
Introduction to enterprise lean management system
Unity makes AB package
Tencent T2 Daniel explained in person and doubled his job hopping salary
枚举根据参数获取值
颜色(color)转换为三刺激值(r/g/b)(干股)