Analysis of web request process and http method
(Because the previous typesetting is too bad, and the rich text editor used, the finishing effect is not good, took the time to reorganize it, this information header is too difficult to remember haha, recently to reduce the intake of new knowledge, put the summary I have to review them all, but I still have to learn a solid point. Recently, I have read some interview questions. This is the basis, such as the meaning of the status codes in this article.)
http request and response
HTTP Hypertext Transfer Protocol
是今天所有WEB应用程序使用的通信协议
使用一种用于消息的模型:客户端发出一条请求,服务端返回一条相应消息,该协议基本不需要连接,虽然HTTP使用有状态的TCP协议作为他的传输机制,但是每次请求与响应都会自动完成,并且有可能使用不同的TCP连接
Request message header
GET + page request this page content
or POST means submit
The version
1.1 of the HTTP / 1.1 protocol must use the Host request header
HOST + domain name or IP address
Conection close or keep close is better
. After the data is obtained, the server is disconnected from the client to close
keep the number of users. There is a problem.
Cache-control
for transmitting commands to the browser cache
if there is no no-cache was
another to have
Upgrade -Insecure-Requests: 1 is
used to automatically upgrade requests from HTTP to HTTPS, which plays a transitional role and solves security problems.
Content account passwords are encrypted, and packet captures are encrypted data packets
Use-Agent
indicates that the local operating system kernel version, browser and other information
may have Mozilla, because of historical browser leftovers
Accept
expressed browser supports the MIME type
if * / * expressed support for any kind
of priority order from left to right
if the server is not the type of client needs, 406 error
0.8 is not followed by any type can be
MIME type classification
Text: Used to standardize text information, text messages can be multiple character sets or format
text / html: indicates html document
approval: indicates transmission of application data or binary data
application / xhtml + xml
indicates xhtml document
application / xml
Xml document
Refer
to the starting page before the target page.
Anti-download, stealing
link can determine illegal links
ACCEPT-Encoding
compression field, which means that the requested page is compressed,
showing good results, and
server pressure
ACCEPT-Language
priority language
zh-cn simplified Chinese
zh Chinese
from 0 to 1 priority from small to large, 0 is not accepted
Used
when logging in cookies , user information content may exist in local cookies
x_FORWARDED_FOR
is a request header field used to identify the most original IP address of the client connected to the web server through HTTP proxy or load balancing. Breaking through Alibaba
Cloud WARF
plus 127.0.0.1, pretending to be local access, will not be intercepted
Authorization
is a built-in HTTP authentication to submit a certificate to the server
Origin
indicates the requested domain
Response header
http / 1.1 200 ok
can be accessed
Server
model
Data
date is
related to cache and not synchronized
Connect-type
request and return type, and encoding format
Expires
controls the cache expiration time, indicating that the response content has expired
Pragmar is
used to send cache instructions to the browser, instructing the browser not to save the response in the cache,
such as no-cache
Cache-control
cache control
X—Powered By
framework
Vary: Accept-Encoding
indicates that the website has GZip compression enabled
Content_Length
HTML size
The ETag
browser verifies that the requested resource has
not changed according to the ETag of the HTTP request. The
304 Not Modified response is returned and read in the cache of the purple onion browser, so that there is no need to download the request again.
Location
indicates the target of redirected access
WWW-Authenticate is
used in response with 401 status code to provide information
related to the identity verification held by the server
X-Fram-Options
indicates whether and how the browser framework loads the current response
http method, URL, cookie, status code
HTTP method (can be used for security testing)
get
请求获取某一资源
post
提交表单
opptions
返回服务器各种信息
put
生成上传文件数据包
move
改名数据包
copy
复制数据包
delete
删除数据
propfind
生成返回有浏览目录权限的内容目录的数据包,最后点提交数据包把生成的数据包提交到服务器
URL
web资源唯一标识符,可通过它获取其标识的资源
默认80端口,写在域名后
?id=1 取出数据库id为1的数据返回
在WWW上,每一信息资源都有统一的且在网上唯一的地址,该地址就叫URL(Uniform Resource Locator,统一资源定位符),它是WWW的统一资源定位标志,就是指网络地址。
URL由三部分组成:资源类型、存放资源的主机域名、资源文件名。
也可认为由4部分组成:协议、主机、端口、路径
cookie
概念
HTTP是无状态协议,客户端和服务器交换数据完毕就会断开连接,再请求,再连接,这就造成服务器单从网络连接上无法知道用户身份
为了解决,每次有新用户来的时候,就给它发一个身份证,下次访问就知道如何处理了
本质是一个很小的文本文件,储存在用户机器上
会话cookie
临时
持久cookie
可以设置有效时间
属性
域domain
可以控制哪些站点可以使用
路径PATH
可以为服务器特定文档指定cookie
secure
只能在HTTPS协议加密情况下才会发送
第三方cookie
cookie的域域地址栏中的域不匹配
通常用在第三方广告网站,为了追踪记录收集浏览习惯
status code
1XX
提供信息
2XX
请求被成功提交
3XX
客户端被重定到其他资源
4XX
请求包含某种错误
5XX
服务器执行请求遇到错误
Special status code
100Continue
表示已经收到请求消息头
200OK
成功提交请求
201Created
put请求已经成功提交
301Moved Permanently
将浏览器永久重定向另外一个在Location消息头中制定的URL ,之后的客户端使用新的URL替换原有的
302found
恢复原始URL
304NOT Modifide
使用缓存中保存的所请求的资源的副本
400 Bad Request
提交了一个无效的HTTP请求
401 Unauthorized
HTTP身份验证
403 Forbidden
不管是否通过身份验证,禁止任何人访问被请求资源,主页没有配置
404 Not Found
资源已经被删除
405 Method Not Allowed
指定URL不接受请求中使用的方法
413 Request Entity Too Large
请求主体过长
414 Request URI Too long
请求中URL过长
500 Internal Server Error
服务器执行请求时遇到错误
仔细检查响应内容
503Service Unavaiable
web服务器正常,应用程序无法响应
检查网关,服务器,中间件
HTTPS
使用普通非加密TCP作为传输机制,安全传输机制是安全套接层SSL
http authentication
Basic
请求消息头中随每条信息以Base64编码字符串形式发送用户证书
NTLM
NTLMV2 与Kerberos验证体系
Digest
响应式机制
Web application coding
URL encoding (many tools can convert)
%3d
=
%25
%
%20和+
空格
%0a
换行
%00
空字节
Unicode encoding
HTML encoding
跨站脚本漏洞时发挥作用
Base64
Hexadecimal encoding
远程和序列化框架
Knowledge point
静态 动态语言区别
动态语言:服务端和客户端代码不一致(如 html)
静态语言:服务端和客户端代码一致(如: asp,php,aspx,jsp)
3.3.1 常见的脚本语言有那些
asp 、php、 aspx、 jsp、 cgi、 war、 do、 py、 pl
3.3.1 常见的数据库有那些
access mysql mssql(sqlserver) oracle postsql db2
3.3.1 常见的数据库与脚本语言搭配
asp+access,asp+mssql,php+mysql,aspx+mssql aspx+oracle,jsp+oracle, jsp+mssql 等
3.3.1 系统、脚本语言、中间件如何组合
Windows2003/2008/2012+asp、aspx、php+iis6.0/7.0+7.5
Apache+Windows/Linux+PHP Windows/Linux+Tomcat+JSP
3.3.1 渗透测试过程中如何查看对方网站平台
1、工具(RASS、天镜、NMAP、X-SCAN) 2、第三方平台(seo.chinaz.com) 3、通过 ping 观看 TTL 值