Class Notes
shentou: infiltration, through simulation is black, off attack, attack to find loopholes in the program business.
Category:
White Hat: Find companies submit vulnerability fix
Black Hat: These people may have the background or other stakeholders will look for loopholes and in-depth access to information
Conventional infiltration, through:
a confidentiality agreement
specific target test
specified range test.
Unconventional infiltration, through:
APT ***, red and blue against
*** process:
Figure:
HTTP request basis
Reference "http illustration of"
hypertext transfer protocol
http 0.9 get 1991 released in version 0.9
HTTP 1.0 GET POST head in May 1996 release
http 1.1 adds options, put, delete, trace, connect six. Characteristics of persistent connections, established tcp. January 1997 release version
curl, telnet can send all the requested
scanner head scans primarily request
iis6, have put loopholes, you can directly upload ***
2015, HTTP / 2 release
http: request methods
the HEAD
GET
POST
the OPTIONS
PUT
DELETE
the CONNECT
the TRACE
http status codes:
1xx
2xx
3xx
4xx
5xx
http message:![[Security] operation and maintenance - infiltration - Through Process / HTTP request 02](https://s1.51cto.com/images/blog/201907/16/e0227bdf7622affdd7bd33ee0f88e7f8.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)