当前位置：网站首页>02 basic introduction - data package expansion

02 basic introduction - data package expansion

2022-07-06 20:16:00 【Richo Banno】

One 、 Website resolution corresponds to

The level of attack involved ？（ Source code , Build a platform , System , Network layer, etc ）

Safety issues involved ？（ Catalog , Sensitive document , Weak password ,IP And domain names ）

Two 、HTTP/S Data packets

Request Request packet
Response Return packet
proxy Agency service

HTTP Brief communication process

Establishing a connection （tcp）——> Send request packets （ Socket ）——> Return the response packet ——> Close the connection
Empathy ,https yes HTTP Key and certificate are added on the basis of
1. Browser establishment and web Connections between servers
2. The browser packages the requested data （ Generate request packet ） And send it to web The server
3.web The server packages the processing results （ Generate response packets ） And send it to the browser
4.web The server closes the connection

3、 ... and 、Request Request packet data format

Request line ： Request type / Request resource path 、 Version and class of the Protocol
Request header ： Some key value pairs , Browser and web Servers can send , A specific meaning
Blank line ： A blank line is used to separate the request header from the request body ;
Request body ： Data to send ( commonly post Submission will use ); example ：user=123&pass=123

1. Request line

The request line consists of three tags ： Request method 、 request URL and HTTP edition , They share with spaces .

for example ： Analyze with Baidu homepage

Request line GET
URL www.baidu.com/home/xman/data/tipspluslist?indextype=manh&_regseqid=0xcfa95b6d000d1ef1&asyn=1&
t=1629891539520&sid=31254_2635
HTTP edition HTTP1.1
HTTP The plan defines 8 Two possible request methods ：
GET： retrieval URL A simple request to identify resources in
HEAD： And GET In the same way , The server returns only the status line and header , The requested document is not returned
POST： The server accepts a request to write data to the client output stream
PUT： The server saves the request data as the specified data URL Requests for new content DELETE： Server delete URL Request for resources in the command
DELETE： Server delete URL Request for resources in the command
OPTIONS： A request for information about the request method supported by the server
TRACE：web Server feedback Http Request and its header
CONNECT ： Documented , But a method that is not currently implemented , Reserved for tunnel treatment

2. Request header

By keyword / Value pairs , Each row of a pair of , Keywords and values are shared with colons . The request header notifies the server of the functionality and identity of the client .

HOST: Host or domain address
Accept： Refers to the browser or other customers can receive love MIME File format .Servlet It can be used to determine and return the appropriate file format
User-Agent： Is the client browser name
Host： Corresponding website URL Medium Web Name and port number
Accept-Langeuage： Point out the languages that browsers can accept , Such as en or en-us, Refers to English
connection： Used to tell the server whether it can maintain a fixed HTTP Connect .http It's disconnected ,HTTP/1.1 Use Keep-Alive As the default value , such , When the browser needs multiple files ( For example, a HTML Files and related graphic files ), You don't need to establish a connection every time
Cookie： The browser uses this property to send... To the server Cookie.Cookie It's a small data body stored in a browser , It can record user information related to the server , It can also be used to realize conversation function
Referer： Indicates the web page that generated the request URL. This property can be used to track Web What website did the request come from
Content-Type： Used for table name request The type of content . It can be used HttpServletRequest Of getContentType() Method acquisition
Accept-Charset： Indicate the character encoding that the browser can accept . The default for English browsers is ISO-8859-1
Accept-Encoding： Point out how browsers can accept encoding . The encoding method is different from the file format . The browser is receiving Web Decode the response first , Then check the file format --- gzip, deflate, br


# Request Headers
POST /adduser HTTP/1.1   # Use post delivery 
Host: localhost:8030
Connection: keep-alive
Content-Length: 16
Pragma: no-cache
Cache-Control: no-cache
Origin: chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/66.0.3359.181 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
# Form Data
name=name&age=11

3. Blank line

A blank line is used to separate the request header from the request body ; The last request header is followed by an empty line , Send carriage return and fallback , Notify the server that there are no more headers below .

4. Request data

Use POST delivery , The most commonly used is Content-Type and Content-Length The head sign .

Four 、Response Return packet data format

Response Object is used to dynamically respond to client requests , Control the information sent to the user , And the response will be generated dynamically .Response Object provides a collection of data cookie, It's used to write... On the client side cookie value .

1. Response Request packet data format
A response consists of four parts ; Status line 、 Response header 、 Blank line 、 The response data .
1. Status line ： Protocol version 、 Status code and status description in digital form , The elements are separated by spaces
2. Response header ： Contains the server type 、 date 、 length 、 Content type, etc
3. Blank line ： The response header and the response body are separated by a blank line
4. The response data ： The browser will take out the data in the entity content , Generate the corresponding page

Response header

Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3931
Content-Type: text/html; charset=utf-8
Date: Wed, 08 Jun 2022 14:16:44 GMT
Keep-Alive: timeout=4
Product: Z-BlogPHP 1.6.6 Valyria
Proxy-Connection: keep-alive
Server: Apache/2.4.46 (Win32) OpenSSL/1.1.1g mod_fcgid/2.3.9a
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.45
X-Xss-Protection: 1; mode=block

The response data

HTTP Response code

1xx： Information , Request received , To continue processing

2xx： success , Behavior is successfully accepted 、 Understanding and adoption

3xx： Redirect , In order to complete the request , Actions that must be performed further

4xx： Client error

5xx： Server error

200 There are files

403 Folder exists

30 There may be

404 No files and folders exist

500 There may be

Burp Caught analysis

# Return to success ---200

# Return failed ---404

Analyze the header and load part of the upper layer protocol

Visit the webmaster's home and modify the user information as JavaScript Code to pop-up effect
https://ip.tool.chinaz.com/
<script>alert(123)</script>

APP Data packets

operation ：burp Grab the data package copy of the simulator , Then grab the data package of the browser and modify it to the sending of the simulator
error analysis
Burp Grab browser packets , Browser direct access will report an error
The reason is that the model or browser data package that restricts access is incomplete

The correct approach

When sending packets, make sure that the browser sends the simulator packets

Referer

Referer： Indicates the web page that generated the request URL. This property can be used to track Web What website did the request come from
add to referer Resend the past

Browser information forgery

User-Agent： Is the client browser name

http Movement practice

URL Too long , Transferring data to browsers should not use get Method , But use post
Tips ：Post The transmitted data is at the end , Most commonly used Content-Type and Content-Length The head sign , The transmission parameter needs to be changed to the end