HTTP protocol
The following figure are the focus of local black Note
No connection: the image interpretation - as TCP, UDP, TCP is a connection-oriented, the first three-way handshake connection, while UDP is waiting to send data directly reply, also like micro-letters and phone calls, as the phone is the first to establish a connection and then a dialogue, while the micro-channel transmission information is not directly connected, UDP is connectionless and micro-channel
HTTP protocol is a response to a request, an HTTP session is a request and a response by the composition, corresponding to a connection, a connection completion, is disconnected, connected to a second start
eg:
Generally only debugging: HEAD: just take the head content OPTIONS: OPTIONS method to query the request for the method specified resource URI support (client can ask the server which submitted the request method) PUT: Upload file DELETE: Delete TRACE: trace the path PS : PUT, DELETE greater impact on website
In fact, the data can GET to the server, however, and the difference is POST, GET used to transmit data, the data will be reflected in the URL, the name most no larger than 2KB, POST transfer does not capture can not see the contents, size is not limit, so the forms (user names, passwords, messages) generally use the POST method
ARE, URL
HTTP request header field (website such as mobile phones, computer displays on different platforms, how do you know that using a mobile phone while visiting this site it is required to determine the client's information, request header fields that contain information about the client)
HTTP request entity (user name is passed, the password in the inside)
HTTP response
eg: in response (message) is a header containing an information server
It is a custom HTTP response code of
burpsuite basic use (this crack in my blog DVWA- violence have already explained, but here is it again)
Proxy small science: assumptions PC1 and PC2 attached to the same switch, and within the same local area network, but only through PC2 switches - routers, access to the Internet, not on the network on PC1 no account can be found at this time PC1 and PC2 communicate, so the PC2 as their proxy server, PC2 opened a port 8000 as a request to receive PC1 to help its proxy, then PC1 browser must configure a proxy: 1.1.1.2: 8000, when Pc1 access Baidu, pay request PC2 to the port 8000, the port 8000 has the ability to put the request for access PC1 sent out, and then get the results back, cache, to PC1, PC1 can open a web page, this is not the way Internet access PC1 own server, and is PC2, PC2 PC1 is a proxy server
BurpSuite is actually itself a proxy software that allows Internet access through their local browser, Ethereal
Open the software, check the box
Their browser to find the agent options, the following chart settings, browser proxy different locations where different
In the network settings in Firefox
Intercept: The intercept is our usual Forward: Release Drop: discard Intercept is on: Interception open
Caught the bag you want to see a detailed double-click
Interface is detailed below, divided Request, Response, and the corresponding front perfectly learned
Have been in this page, your site can not jump, release point forward, your website can jump
This function is also common and is decoded, decoded into what, on the right there is an option
You can also encrypt
In HTTP history, the POST method to find the login screen, select the right below
We can here what the password changes, then click go, there will be a response right frame 3
Intruder automatic blasting, this is the blog I mentioned earlier in used
brupsuite import the certificate support https access
Question: Baidu access encrypted https protocol display these certificates do not trust
Solution:
Enter 127.0.0.1, ② click in the browser
Download, click Save
After is finished click your browser's Options
①—②
①—②
Select Import just downloaded, after the import is complete, there is shown below
problem solved
Over~~~