# request line
# request line
The request line consists of three tags: request method, request url and HTTP version, which are shared with spaces.
Example: GET /index.html HTTP/1.1
The HTTP schema defines 8 possible request methods:
GET: A simple request to retrieve the resource identified in the URL
HEAD: The same as the GET method, the server only returns the status line and the header, and does not return the document
POST: The server receives a request for data to be written to the client's output stream
PUT: The server saves the request data as a request for the new content of the specified URL
DELETE: A request from the server to delete the resource specified in the URL
OPTIONS: A request for information about the request method supported by the server TRACE: The web server feeds back the Http request and its header
request
CONNECT: A method that has been documented but not currently implemented, reserved for tunneling
request header
Consists of keywords/values, one pair per line, keywords and values are shared with colons. Request headers inform the server of the client's capabilities and identity
HOST: host or domain name address
Accept: Refers to the MIME file format that browsers or other clients can accept. The servlet can judge and return the appropriate file format based on it.
User-Agent: is the name of the client browser
Accept-Langeuage: refers to the type of language that the browser can accept, such as en or en-us, refers to English.
X-Forwarded-For: is an HTTP extension header, mainly to allow the web server to obtain the real IP address of the visiting user
Connection: Used to tell the server whether it can maintain a fixed HTTP connection. http is connectionless. HTTP/1.1 uses keep-Alive as the default value. In this way, when the browser needs multiple files (such as an HTML file and related image files), it does not need to establish a connection every time.
Cookie: The browser uses this attribute to send a cookie to the server. A cookie is a small data body stored in the browser.
He can record user information related to the server, and can also realize the session function.
Referer: Indicates the url of the web page that generated the request. For example, click on a webpage http://jd.com/login.php from the webpage http://www.baidu.com/index.php, and send http://jd.com/login.php to the server In the request, the Referer comes from the page http://www.baidu.com/index.php. This property can be used to track what website a web request is coming from
Content-Type: Used to indicate the content type of the Request. It can be obtained by the getContentType() method of HttpServletRequesta
Accept-Charset: Point out the character encoding that the browser can accept. The default for English browsers is ISO-8869-1
Accept-Encoding: Point out the encoding method acceptable to the browser. The encoding method is different from the file format, it is to compress the file and speed up the file transfer speed. After the browser receives the web response, it first decodes and then checks the file format.
blank line
After the last request header is a blank line, send a carriage return and retreat, and notify the server that there is no longer a header
request data
Use POST to send, the most commonly used is Content-type and Content-Leng
ght header
Response returns packet data format
#Response request data packet data format
A response consists of four parts: status line, response headers, empty line, and response data.
1. Status line: protocol version, status code and status description in digital form, each element is separated by a space
2. Response header: contains server type, date, length, content type, etc.
3. Empty line: the response header and the response body are separated by spaces
4. Response data: The browser will take out the data in the entity content and generate the corresponding page
HTTP response code:
1xx: information, request received, continue processing
2xx : success, the behavior is successfully accepted, understood and adopted
3xx: Redirection, in order to complete the request, further actions must be performed
4xx: client error
5xx: Server Error
200: File exists
403: Folder exists
3xx: Both may exist
404: File and folder does not exist
500: Both may exist
#Response header
The last response header is followed by a blank line, a carriage return and a lineback are sent, indicating that there are no more headers following the server.
#Response data 29
HTML documents and images, etc., that is, HTML itself
PC terminal and app capture operation
PC side: Grab process tools: WSExplore, Wireshark
APP: You need to download an emulator, such as Xiaoyao Simulator
Long press the left button to modify the network.
Advanced Options -> Proxy
Set the ip address of your machine and set a port
bp sets the ip and port, what is the ip and port set by the emulator is set here.
Check it.
How to access the web page of the app on the web
First use burp to open a simulated application, and intercept the received data packets.
Send the data packet to the Repeater module to record it.
Combine the address of the host with the url, and construct the url on the web side to access
The request error here is because the request sent by the web browser we use is different from the request packet sent by the app side, so it fails
Use the web end to send the request again and enable the packet capture function.
Copy the previous app-side data packet in the Repeater and replace it with the previously intercepted web-side data packet
After the replacement, put the packet out
This page shows success!
Be sure to remember that if you want to use the web to access the web pages of the app, you must modify the data package to achieve unity
Case presentation:
User-Agent Demo
What is Nettype? The User-Agent string in the embedded browser of WeChat 6.0 adds the NetType field_quark~'s Blog-CSDN Blog_nettype
The other party checks what we have logged in through the User-Agent. The requirement of the other party is to log in with a mobile phone, but our user-agent information is both windows and web, which obviously does not meet the requirements, so we need to change the parameters of the user-agent
Modify it to a mobile phone, and it must be a 2G network. Then modify the parameters of USER-aget.
Replace it with iphone's request and 2G parameters -> put the package
success
Case involving Referer
Our goal is to visit the page x_search_index.php, but we are currently clicking on the page http://124.70.71.251:43251/index.html to enter _xssearch_index.php, and the source address of his request must be through google.com Visit, then we modify the Referer of our source
success
Involves: X-Forwarded-For
First set the loopback address
X-Forwarded-For:127.0.0.1
Send to the Intruder module to set the password as a dictionary to run
According to the length, the password is admin
Go back to the data packet and change the password to admin and send it out
Involves: X-Forwarded-For-User-Agent
Here it is prompted to use WeChat to open, that is, it has been judged that we are the web and what he needs is the mobile terminal.
The first step is to modify the Usert-Agent to the mobile phone first, and let the other party make a judgment.
After the modification is complete.
X-Forwarded-For is set here because the other party may use X-Forwarded to check the uniqueness of the ip, and one ip can only vote for one
The above functions are used
Set the ip as a variable, because an ip can only vote for one vote, so we have to keep changing our ip to vote
success