Table of contents
Fiddler (packet capture) usage:
The basic format of the HTTP protocol
Typical differences between GET and POST:
Recognize the request "header" (header)
Classification of status codes:
Know the response "header" (header)
Fiddler (packet capture) usage:
The http request has a certain format, and you can view some relevant information by using fiddler to capture packets.
For example, we open a Sogou page:
After opening, fiddler will automatically capture the package, and then we click to fiddler to view:
This is the request of the page just now. After double-clicking, select the relevant information to view. Generally, we choose to click ROW and view it in Notepad:
This is our packet capture result:
We observe the packet capture results, and we can see that the current HTTP request is data in line text format.
We can then view the response using Notepad:
This is the http response of the packet capture:
After clicking to decompress, the original information appears:
The following text data is the content of the Sogou home page html page.
The basic format of the HTTP protocol
The following is an interpretation of the packet capture information:
HTTP request:
first line
Contains 3 parts, separated by spaces
First the GET: method in HTTP
https://www.sogou.com/ is a URL (what we commonly call a URL) and a URL is a unique resource identifier (every resource on the Internet is different, and the URL can identify and distinguish identities)
The detailed picture is as follows:
The four most critical parts of a URL:
1. Server address/domain name/ip
2. Port number
3. Hierarchical paths
4. Query string
Some parts of the URL can be omitted, such as port (omit http port 80, https port 443), protocol name: can be omitted, and default to http:// after omission, ip address/domain name: can be omitted in HTML (such as img , link, script, a tag's src or href attribute). If omitted, it means that the server's ip/domain name is consistent with the current HTML's ip/domain name. Hierarchical file path: can be omitted. When omitted, it is equivalent to / . Some servers will Automatically access /index.html when the / path is found, query string: can be omitted, fragment ID: can be omitted.
The content in the query string is a key-value pair structure. The value and number of the key and value are completely agreed by the programmer.
We can customize and transmit the information we need to the server in this way.
Know the HTTP method
The most commonly used methods are GET and POST.
GET request:
These types will generate GET requests:
1. Enter the url directly in the browser
2. Links, scripts, imgs, a....etc in html
3. Construct GET through js
POST request
1. Login interface, login jump
2. Upload pictures and other files
An HTTP request can be considered to be divided into 4 parts:
1. The first line
2. Request header (header)
3. Empty lines
4. Body
The content in the body of the post is the content customized by the programmer. Where uuid is the unique identifier.
Typical differences between GET and POST:
(In fact, there is no essential difference, they can be replaced with each other)
1. GET can also use the server to transmit some information. The information transmitted by GET is generally placed in the querystring, and the information transmitted by POST is passed through the body.
2. Semantic difference: GET requests are generally used to obtain data from the server, and POST is generally used to submit data to the server
3. GET is usually designed to be idempotent, and POST does not require idempotence. (The simple understanding of idempotence is that the result is stable. What is the input, the output is the corresponding fixed result, which cannot be changed, similar to the determinism of the algorithm)
4. GET can be cached, and POST generally cannot be cached (the premise of being able to cache is idempotence)
Other methods:
PUT is similar to POST, but it has idempotent characteristics. It is generally used to update
DELETE to delete the specified resource of the server.
OPTIONS returns the request method supported by the server.
HEAD is similar to GET, except that the response body is not returned, only the response header
TRACE is echoed. Received request, this
CONNECT reservation will be used during testing, not used yet
Recognize the request "header" (header)
There are several commonly used types in the request header:
Host: Indicates the address and port of the server host.
Content-Length indicates the length of data in the body.
Content-Type indicates the data format in the body of the request.
User-Agent (UA for short) represents the properties of the browser/operating system
Referer indicates which page the page was redirected from
This indicates that the search originates from www.sogou.com.
This is related to what we know about operator hijacking. Operators can modify the connection by modifying the Referer, thereby achieving hijacking. That is, because of incidents such as operator hijacking, our HTTPS was born later.
A string is stored in the cookie. This data may be written by the client (web page) through JS, or it may come from the server (the server returns data to the browser through the Set-Cookie field in the header of the HTTP response). It is often possible to realize the function of "identity identification" through this field
Cookies are essentially a mechanism for local storage data provided by browsers to web pages.
By default, the web page is not allowed to access the local hard disk (for security)
But it has to access the local hard disk, so the cookie allows the web page to access the local hard disk in a small amount (restricted). At the same time, the content in the cookie is also implemented by the programmer.
The data in the cookie comes from the server and is obtained through the HTTP response.
Cookies exist in the browser and on the local hard drive. Some can exist for a long time, some are short-term, some are limited to login, and will expire after logout, etc.
Where do cookies go? Cookies are sent back to the server.
The client side will use cookies to record the relevant information of the current browser and save its intermediate state. When the customer service side sends a request to the server, it will send the cookie to the server, so that the server will receive the cookie. In this way, the server knows what the client is doing now.
When the browser saves the cookie, it will automatically bring the cookie when it sends a request to the server in the future.
HTTP response
Four parts:
1. Header:
2、header
3. A space indicates the end flag of the header
4. body (text)
HTTP status code:
The status code indicates the result of accessing a page. (Is the access successful, or failed, or some other situation...)
200 OK This is the most common status code, indicating that the access is successful
404 Not Found No resource found
For example, we try to visit Sogou's abc.html
403 Forbidden means that access is denied. Some pages usually require users to have certain permissions to access (only after logging in). If the user does not log in and access directly, it is easy to see 403
302 Move temporarily redirected temporarily (this is equivalent to call forwarding in mobile phones)
For example, if your website applies for a new domain name, and then the domain name becomes a new domain name, but many users do not know that you have changed the domain name, you can temporarily transfer it by configuring redirection. When users access the old domain name, they will Just jump to the new domain name for access.
301 Moved Permanently Permanent redirect
500 Internal Server Error An internal server error occurred. Generally, this status code is generated when the server encounters some special circumstances during code execution (the server crashes abnormally).
504 Gateway Timeout (response timeout) When the server load is relatively heavy, the server will take a long time to process a single request, which may lead to a timeout
Classification of status codes:
Know the response "header" (header)
The basic format of the response header is basically the same as that of the request header.
Content-Type
Common values of Content-Type in the response are as follows:
text/html: body data format is HTML
text/css: body data format is CSS
application/javascript : body data format is JavaScript
application/json : body data format is JSON
HTTP protocol message style:
