当前位置:网站首页>02 basic introduction - data package expansion
02 basic introduction - data package expansion
2022-07-06 20:16:00 【Richo Banno】
One 、 Website resolution corresponds to
The level of attack involved ?( Source code , Build a platform , System , Network layer, etc )
Safety issues involved ?( Catalog , Sensitive document , Weak password ,IP And domain names )
Two 、HTTP/S Data packets
Request Request packet
Response Return packet
proxy Agency service
HTTP Brief communication process
Establishing a connection (tcp)——> Send request packets ( Socket )——> Return the response packet ——> Close the connection
Empathy ,https yes HTTP Key and certificate are added on the basis of
1. Browser establishment and web Connections between servers
2. The browser packages the requested data ( Generate request packet ) And send it to web The server
3.web The server packages the processing results ( Generate response packets ) And send it to the browser
4.web The server closes the connection
3、 ... and 、Request Request packet data format
- Request line : Request type / Request resource path 、 Version and class of the Protocol
- Request header : Some key value pairs , Browser and web Servers can send , A specific meaning
- Blank line : A blank line is used to separate the request header from the request body ;
- Request body : Data to send ( commonly post Submission will use ); example :user=123&pass=123
1. Request line
The request line consists of three tags : Request method 、 request URL and HTTP edition , They share with spaces .
for example : Analyze with Baidu homepage
Request line GET
URL www.baidu.com/home/xman/data/tipspluslist?indextype=manh&_regseqid=0xcfa95b6d000d1ef1&asyn=1&
t=1629891539520&sid=31254_2635
HTTP edition HTTP1.1
HTTP The plan defines 8 Two possible request methods :
- GET: retrieval URL A simple request to identify resources in
- HEAD: And GET In the same way , The server returns only the status line and header , The requested document is not returned
- POST: The server accepts a request to write data to the client output stream
- PUT: The server saves the request data as the specified data URL Requests for new content DELETE: Server delete URL Request for resources in the command
- DELETE: Server delete URL Request for resources in the command
- OPTIONS: A request for information about the request method supported by the server
- TRACE:web Server feedback Http Request and its header
- CONNECT : Documented , But a method that is not currently implemented , Reserved for tunnel treatment
2. Request header
By keyword / Value pairs , Each row of a pair of , Keywords and values are shared with colons . The request header notifies the server of the functionality and identity of the client .
- HOST: Host or domain address
- Accept: Refers to the browser or other customers can receive love MIME File format .Servlet It can be used to determine and return the appropriate file format
- User-Agent: Is the client browser name
- Host: Corresponding website URL Medium Web Name and port number
- Accept-Langeuage: Point out the languages that browsers can accept , Such as en or en-us, Refers to English
- connection: Used to tell the server whether it can maintain a fixed HTTP Connect .http It's disconnected ,HTTP/1.1 Use Keep-Alive As the default value , such , When the browser needs multiple files ( For example, a HTML Files and related graphic files ), You don't need to establish a connection every time
- Cookie: The browser uses this property to send... To the server Cookie.Cookie It's a small data body stored in a browser , It can record user information related to the server , It can also be used to realize conversation function
- Referer: Indicates the web page that generated the request URL. This property can be used to track Web What website did the request come from
- Content-Type: Used for table name request The type of content . It can be used HttpServletRequest Of getContentType() Method acquisition
- Accept-Charset: Indicate the character encoding that the browser can accept . The default for English browsers is ISO-8859-1
- Accept-Encoding: Point out how browsers can accept encoding . The encoding method is different from the file format . The browser is receiving Web Decode the response first , Then check the file format --- gzip, deflate, br
# Request Headers
POST /adduser HTTP/1.1 # Use post delivery
Host: localhost:8030
Connection: keep-alive
Content-Length: 16
Pragma: no-cache
Cache-Control: no-cache
Origin: chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/66.0.3359.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
# Form Data
name=name&age=11
3. Blank line
A blank line is used to separate the request header from the request body ; The last request header is followed by an empty line , Send carriage return and fallback , Notify the server that there are no more headers below .
4. Request data
Use POST delivery , The most commonly used is Content-Type and Content-Length The head sign .
Four 、Response Return packet data format
Response Object is used to dynamically respond to client requests , Control the information sent to the user , And the response will be generated dynamically .Response Object provides a collection of data cookie, It's used to write... On the client side cookie value .
1. Response Request packet data format
A response consists of four parts ; Status line 、 Response header 、 Blank line 、 The response data .
1. Status line : Protocol version 、 Status code and status description in digital form , The elements are separated by spaces
2. Response header : Contains the server type 、 date 、 length 、 Content type, etc
3. Blank line : The response header and the response body are separated by a blank line
4. The response data : The browser will take out the data in the entity content , Generate the corresponding page
Response header
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3931
Content-Type: text/html; charset=utf-8
Date: Wed, 08 Jun 2022 14:16:44 GMT
Keep-Alive: timeout=4
Product: Z-BlogPHP 1.6.6 Valyria
Proxy-Connection: keep-alive
Server: Apache/2.4.46 (Win32) OpenSSL/1.1.1g mod_fcgid/2.3.9a
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.45
X-Xss-Protection: 1; mode=block
The response data
HTTP Response code
1xx: Information , Request received , To continue processing
2xx: success , Behavior is successfully accepted 、 Understanding and adoption
3xx: Redirect , In order to complete the request , Actions that must be performed further
4xx: Client error
5xx: Server error
200 There are files
403 Folder exists
30 There may be
404 No files and folders exist
500 There may be
Burp Caught analysis
# Return to success ---200
# Return failed ---404
Analyze the header and load part of the upper layer protocol
Visit the webmaster's home and modify the user information as JavaScript Code to pop-up effect
https://ip.tool.chinaz.com/
<script>alert(123)</script>
APP Data packets
operation :burp Grab the data package copy of the simulator , Then grab the data package of the browser and modify it to the sending of the simulator
error analysis
Burp Grab browser packets , Browser direct access will report an error
The reason is that the model or browser data package that restricts access is incomplete
The correct approach
When sending packets, make sure that the browser sends the simulator packets
Referer
Referer: Indicates the web page that generated the request URL. This property can be used to track Web What website did the request come from
add to referer Resend the past
Browser information forgery
User-Agent: Is the client browser name
http Movement practice
URL Too long , Transferring data to browsers should not use get Method , But use post
Tips :Post The transmitted data is at the end , Most commonly used Content-Type and Content-Length The head sign , The transmission parameter needs to be changed to the end
Defect analysis of voting system programming

1、 add to X-Forwarded-For attribute , And add an arbitrary IP

2、 Send to tester and modify IP Parameter is variable


3、 Use payload , Set the maximum and starting values of variables and increment each time , Repeat twice ( Because there are two values )

Be careful : The above settings need to change the payload set to 2, Set it again
4、 Start voting

5、 Wait for the progress bar to end , The voting is complete

6、 Refresh the page , Successfully get KEY

边栏推荐
- Crawler (14) - scrape redis distributed crawler (1) | detailed explanation
- 句号压缩过滤器
- rt-thread i2c 使用教程
- [cloud lesson] EI lesson 47 Mrs offline data analysis - processing OBS data through Flink
- AddressSanitizer 技术初体验
- Recyclerview not call any Adapter method :onCreateViewHolder,onBindViewHolder,
- js获取浏览器系统语言
- Enumeration gets values based on parameters
- beegfs高可用模式探讨
- Unity load AB package
猜你喜欢
02 基础入门-数据包拓展
Anaconda安装后Jupyter launch 没反应&网页打开运行没执行
OceanBase社区版之OBD方式部署方式单机安装
Tencent Android interview must ask, 10 years of Android development experience
Enumeration gets values based on parameters
HMS core machine learning service creates a new "sound" state of simultaneous interpreting translation, and AI makes international exchanges smoother
语音识别(ASR)论文优选:全球最大的中英混合开源数据TALCS: An Open-Source Mandarin-English Code-Switching Corpus and a Speech
Tencent byte and other big companies interview real questions summary, Netease architects in-depth explanation of Android Development
Tencent T2 Daniel explained in person and doubled his job hopping salary
腾讯安卓开发面试,android开发的基础知识
随机推荐
腾讯T4架构师,android面试基础
[network planning] Chapter 3 data link layer (3) channel division medium access control
Unity load AB package
Recyclerview not call any Adapter method :onCreateViewHolder,onBindViewHolder,
Anaconda安裝後Jupyter launch 沒反應&網頁打開運行沒執行
Tencent T3 teaches you hand in hand. It's really delicious
Appx代码签名指南
JVM_ Common [interview questions]
5. 无线体内纳米网:十大“可行吗?”问题
范式的数据库具体解释
01 基础入门-概念名词
Groovy basic syntax collation
Introduction of Xia Zhigang
beegfs高可用模式探讨
技术分享 | 抓包分析 TCP 协议
Pay attention to the partners on the recruitment website of fishing! The monitoring system may have set you as "high risk of leaving"
POJ3617 Best Cow Line 馋
Special topic of rotor position estimation of permanent magnet synchronous motor -- fundamental wave model and rotor position angle
Database specific interpretation of paradigm
8086指令码汇总表(表格)