https communication principle and man-in-the-middle attack principle and common http server response codes

Others 2020-09-25 19:30:09 views: null

Man in the middle attack MITM

a wants to send a message to c. At this time, b hijacks a certain router, and then performs a man-in-the-middle attack to claim that he is c and sends his public key to a. At this time, a thinks it is the public key sent by c, and uses this The public key encrypts and transmits the content that he should have transmitted to c. At this time, b hijacks the content, decrypts it with his own private key, modifies the content, and then tells c that he wants to communicate with him and get c’s public key. Use c's public key to encrypt the content, and send this data packet to c to complete the man-in-the-middle attack.

https communication principle

https is http+ssl and uses asymmetric key encryption to achieve data transmission security. In order to ensure the security and availability of the communication process at the same time, HTTPS chose a compromise solution, that is, using an asymmetric encryption algorithm to encrypt the key of the symmetric encryption algorithm, which is a bit confusing. The following steps are the authentication steps of https. https mainly solves the problem of identity authentication and plaintext transmission.

The browser requests the HTTPS website and carries the encryption algorithm type supported by the browser. The
server receives the request and determines the encryption algorithm; the
server sends the digital certificate back to the browser; the
browser authenticates the digital certificate and generates the session key R (symmetric encryption), Use the server public key to encrypt the session key ; the
browser sends the cipher text to the server; the
server uses the private key to decrypt the session key R; the
server uses the session key R to feed back the web content to the browser; the
browser uses the session key Decrypt with key R to obtain web content

HTTP server response status code

100 usually means that there are follow-up things to be processed during the service period, generally does not appear
200 usually means that the access is normal
300 redirection
400 means that the client request error
401 requires authentication
402 access denied
403 no permission to access
404 there is no such resource
500 server internal error
503 service unavailable

Guess you like

Origin blog.csdn.net/qq_41874930/article/details/108189282
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com