# request line

# request line

The request line consists of three tags: request method, request url and HTTP version, which are shared with spaces.

Example: GET /index.html HTTP/1.1

The HTTP schema defines 8 possible request methods:

GET: A simple request to retrieve the resource identified in the URL

HEAD: The same as the GET method, the server only returns the status line and the header, and does not return the document

POST: The server receives a request for data to be written to the client's output stream

PUT: The server saves the request data as a request for the new content of the specified URL

DELETE: A request from the server to delete the resource specified in the URL

OPTIONS: A request for information about the request method supported by the server TRACE: The web server feeds back the Http request and its header

request

CONNECT: A method that has been documented but not currently implemented, reserved for tunneling

request header

Consists of keywords/values, one pair per line, keywords and values are shared with colons. Request headers inform the server of the client's capabilities and identity

HOST: host or domain name address

Accept: Refers to the MIME file format that browsers or other clients can accept. The servlet can judge and return the appropriate file format based on it.

User-Agent: is the name of the client browser

Accept-Langeuage: refers to the type of language that the browser can accept, such as en or en-us, refers to English.

X-Forwarded-For: is an HTTP extension header, mainly to allow the web server to obtain the real IP address of the visiting user

Connection: Used to tell the server whether it can maintain a fixed HTTP connection. http is connectionless. HTTP/1.1 uses keep-Alive as the default value. In this way, when the browser needs multiple files (such as an HTML file and related image files), it does not need to establish a connection every time.

Cookie: The browser uses this attribute to send a cookie to the server. A cookie is a small data body stored in the browser.

He can record user information related to the server, and can also realize the session function.

Referer: Indicates the url of the web page that generated the request. For example, click on a webpage http://jd.com/login.php from the webpage http://www.baidu.com/index.php, and send http://jd.com/login.php to the server In the request, the Referer comes from the page http://www.baidu.com/index.php. This property can be used to track what website a web request is coming from

Content-Type: Used to indicate the content type of the Request. It can be obtained by the getContentType() method of HttpServletRequesta

Accept-Charset: Point out the character encoding that the browser can accept. The default for English browsers is ISO-8869-1

Accept-Encoding: Point out the encoding method acceptable to the browser. The encoding method is different from the file format, it is to compress the file and speed up the file transfer speed. After the browser receives the web response, it first decodes and then checks the file format.

blank line

After the last request header is a blank line, send a carriage return and retreat, and notify the server that there is no longer a header

request data

Use POST to send, the most commonly used is Content-type and Content-Leng

ght header

Response returns packet data format

#Response request data packet data format

A response consists of four parts: status line, response headers, empty line, and response data.

1. Status line: protocol version, status code and status description in digital form, each element is separated by a space

2. Response header: contains server type, date, length, content type, etc.

3. Empty line: the response header and the response body are separated by spaces

4. Response data: The browser will take out the data in the entity content and generate the corresponding page

HTTP response code:

1xx: information, request received, continue processing

2xx : success, the behavior is successfully accepted, understood and adopted

3xx: Redirection, in order to complete the request, further actions must be performed

4xx: client error

5xx: Server Error

200: File exists

403: Folder exists

3xx: Both may exist

404: File and folder does not exist

500: Both may exist

#Response header

The last response header is followed by a blank line, a carriage return and a lineback are sent, indicating that there are no more headers following the server.

#Response data 29
HTML documents and images, etc., that is, HTML itself

PC terminal and app capture operation

PC side: Grab process tools: WSExplore, Wireshark

APP: You need to download an emulator, such as Xiaoyao Simulator

Long press the left button to modify the network.

Advanced Options -> Proxy

Set the ip address of your machine and set a port

bp sets the ip and port, what is the ip and port set by the emulator is set here.

Check it.

How to access the web page of the app on the web

First use burp to open a simulated application, and intercept the received data packets.

Send the data packet to the Repeater module to record it.

Combine the address of the host with the url, and construct the url on the web side to access

The request error here is because the request sent by the web browser we use is different from the request packet sent by the app side, so it fails

Use the web end to send the request again and enable the packet capture function.

Copy the previous app-side data packet in the Repeater and replace it with the previously intercepted web-side data packet

After the replacement, put the packet out

This page shows success!

Be sure to remember that if you want to use the web to access the web pages of the app, you must modify the data package to achieve unity

Case presentation:

User-Agent Demo

What is Nettype? The User-Agent string in the embedded browser of WeChat 6.0 adds the NetType field_quark~'s Blog-CSDN Blog_nettype

The other party checks what we have logged in through the User-Agent. The requirement of the other party is to log in with a mobile phone, but our user-agent information is both windows and web, which obviously does not meet the requirements, so we need to change the parameters of the user-agent

Modify it to a mobile phone, and it must be a 2G network. Then modify the parameters of USER-aget.

Replace it with iphone's request and 2G parameters -> put the package

success

Case involving Referer

Our goal is to visit the page x_search_index.php, but we are currently clicking on the page http://124.70.71.251:43251/index.html to enter _xssearch_index.php, and the source address of his request must be through google.com Visit, then we modify the Referer of our source