Table of contents
1. The difference between http and https
3. What is the difference between penetration testing and WEB security vulnerabilities?
4. The core of network connection - IP address and port
Five, HTTP hypertext transfer protocol
1. The difference between http and https
1. The HTTPS protocol needs to apply for a certificate from a CA (Certificate Authority, certificate authority). Generally, there are few free certificates, so a certain fee is required.
2. HTTP is a hypertext transfer protocol, and information is transmitted in plain text, while HTTPS is a secure SSL encrypted transfer protocol.
3. HTTP and HTTPS use completely different connection methods and different ports. The former is 80 and the latter is 443.
4. The HTTP connection is very simple and stateless. The HTTPS protocol is a network protocol constructed by the SSL+HTTP protocol that can perform encrypted transmission and identity authentication, and is safer than the HTTP protocol.
Note: Although https will encrypt the content of the transmitted data, it cannot guarantee the absolute security of the data. This is because the public key in the ssl certificate will be used when establishing communication. If the digital certificate mechanism of the ssl certificate is not trusted, it will be more likely to lead to data theft.
2. HTTP response code
The HTTP status code is used to indicate whether the HTTP request has been completed. The HTTP status type is divided into five categories: "message response, successful response, redirection response, client error". The first number of all status codes represents the five statuses of the response one.
| 1xx | Represents a message response |
| 2xx | Successful response; 200: The request was successful |
| 3xx | Redirect; 301: The requested page has been transferred to the new url 302: The requested page has been temporarily moved to a new url |
| 4xx | Client error; 400: Syntax error, the server did not understand the request 401: A legitimate request, but access to the requested page is forbidden 403: A legitimate request, but access to the requested page is forbidden 404: The server cannot find the requested page 405: The request method is not allowed |
| 5xx | Server Error; 500: Internal server error, request not completed. |
3. What is the difference between penetration testing and WEB security vulnerabilities?
Penetration testing includes WEB security vulnerabilities. A web site is only a single website service. In the process of penetration testing, it may not attack the website, but look for other service vulnerabilities, such as databases, FTP, etc. Penetration testing covers a wider range, and it is necessary to consider how to exploit vulnerabilities to maximize the attack effect, such as: privilege escalation, intranet attacks, domain environment attacks, making anti-virus backdoors, etc.
4. The core of network connection - IP address and port
1. The ip address is the unique identifier of an electronic device on the Internet.
| Intranet IP: The network within the route can connect to the Internet, but the Internet cannot be directly connected to the intranet (port mapping is required) | Public IP: Internet IP | |
| advantage | Safe, solves the problem of IPV4 address exhaustion | Can directly communicate with Internet resources, daily applications such as remote monitoring of cameras, remote computer power on and off, etc. |
| shortcoming |
The Internet cannot be directly connected to the intranet. For example, if you build a website on your own computer, only people who use the same router network as you can access it. | Low security, exhaustion of IPV4 address resources |
An IP address is like a home address. The public network IP is the address of a community, and there are many users in the community, while the private network IP is the specific house number of your home.
How to check whether the IP address of my computer is public network or internal network?
①If a router is used, it must be an intranet. Generally, a company or community shares a public IP address
②Enter ipconfig on the computer command line to view the Ethernet IP address
③Open Baidu and enter the IP to check the IP address. If it is not the same, you are using the intranet IP
2. What is a TCP logical port?
The port is the unique identification of the application program in the computer, and it can be considered as the exit for the device to communicate with the outside world. Ports can be divided into virtual ports and physical ports, where virtual ports refer to ports inside the computer or in the switch router, which are invisible.
Five, HTTP hypertext transfer protocol
①Request message-request: including request line, request header, request blank line, and request body.
1. There are eight common request methods in HTTP, and get and post requests are commonly used.
get request: the request parameter is in the url address, the url has a length limit, and the get request can only transmit character data.
post request: The request parameters are in the request body, with no size limit. POST requests can transfer character or byte data.
The detailed difference between get request and post request:
1. The get request is not safe, because during the transmission process, the data is placed in the requested url; all operations of the post request are invisible to the user. But this statement is not absolute. You can also add a request body to the get request and a url parameter to the post request.
2. The data in the url submitted by the get request can only be up to 2048 bytes. This limit is added by the browser or server. The http protocol does not limit the length of the url. The purpose is to ensure that the server and browser can run normally , to prevent malicious requests from being sent. There is no size limit for post requests.
3. Get requests limit the value of the data set of the form form to ASCII characters; while post requests support the entire ISO10646 character set.
4. The execution efficiency of get request is better than that of post request. A get request is the default method for form form submissions.
5. A get request generates one TCP packet; a post request generates two TCP packets. For get requests, the browser will send the http header and data together, and the server will respond with 200 (return data); for post requests, the browser will send the header first, the server will respond with 100 continue, and then the browser will send data, and the server will Then respond with 200 (return data).
2. Request header
②Response message-response: including response line, response header, response blank line, response body
If it is helpful to you, please like and follow for free!