File upload protocol analysis
Request URL:http://localhost:9090/mgr/upload
Request Method:POST
Status Code:200 OK
Remote Address:127.0.0.1:9090
Response Headers
Content-Language:zh-CN
Content-Length:474
Content-Type:text/html;charset=UTF-8
Date:Sun, 25 Mar 2018 09:00:23 GMT
Server:Apache-Coyote/1.1
Request Headers
view source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate
Accept-Language:zh-CN,zh;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:507
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryQuauO8cjbvAJgX7q
Cookie:JSESSIONID=E6206D9665AA63E4CE390C8BA622E7B8
Host:localhost:9090
Origin:http://localhost:9090
Referer:http://localhost:9090/mgr/form
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
Request Payload
------WebKitFormBoundaryQuauO8cjbvAJgX7q
Content-Disposition: form-data; name="email"
------WebKitFormBoundaryQuauO8cjbvAJgX7q
Content-Disposition: form-data; name="file1"; filename="11.txt"
Content-Type: text/plain
------WebKitFormBoundaryQuauO8cjbvAJgX7q
Content-Disposition: form-data; name="file2"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundaryQuauO8cjbvAJgX7q--
When uploading data to the server, not every field of the protocol header has to be described. Among them, the content-type is required. It includes a flag called boundary which is similar to the flag, and it can be a random input string.
Upload protocol parsing 
result verification
