A, HTTP protocol basis
HTTP: HyperText Transfer Protocol, Hypertext Transfer Protocol
1. Protocol features:
- Simple, fast way to get post head like the request described above requests 8
- No connection (a request to disconnect) No (No memory function, no information is recorded)
2. Support modes: B / S, C / S (WebSocket communication)
Two, HTTP request packet
1. Request packet format: Request = Request line (request URL manner Protocol / version) + request header (situation are ket: value) + + empty line request data (requested mode if here is empty, the request packet to get, data stored in the URL, if the data, it indicates that the request for the mode post)
2. Request by:
- http1.0 version: GET POST the HEAD
- http1.1版本: GET POST HEAD OPTIONS DELETE TRACE CONNECT PUT PATCH
| method | description |
| GET | Request page information specified, and returns the entity body |
| POST | Submitting data to the processing request specified resource (e.g., file submission form or upload). Data contained in the request body. POST requests may result in the modification and establishment of new resources or existing resources |
| HEAD | Similar to the GET request, returns a response but not the specific content, for obtaining the header |
| OPTIONS | It allows the client to view server performance |
| DELETE | Requests the server to delete the specified page |
| TRACE | Echo request received by the server, mainly for testing or diagnosis |
| CONNECT | HTTP / 1.1 protocol can be reserved for connection to the pipeline mode proxy server |
| PUT | Replace specific content of the document data transmitted to the client from the server |
| PATCH | PUT method complement, known to update local resources |
(Table Source: https://www.runoob.com/http/http-methods.html , thanks!)
- GET and POST request method of comparison:
Same point:
-
- Array can create an array, the array comprising key data (key = value), where the key is the name of the form controls, is input by the user
- Individually as $ _GET and $ _POST, is superglobals
difference:
-
- GET-type manner: splicing data transmitted by the user to the URL, and the amount of transmitted data is small, unsafe
- POST type manner: parameter in the Request packet, the tool must be used to view the view, the amount of data transmitted is large, high security
Three, HTTP response packet
Response packet: the user sends a request packet reaches the server, go to process the request after the process sends the result to the user's browser, we referred to the result response packet, represented by response
1. The packet format response: Response = status line (Protocol / version status code) + message header + blank lines + response body (also called the response content, a response text HTML + CSS + JS composition)
2. Status Code
- The three-digit status code, the first digit indicates the type of response, a total of five types:
1xx: indicates that the server has received the request and the need to continue to deal with
2xx: indicates that the server has successfully received the request, and the request is processed
3xx: Redirection representation, URL to jump to another page to request
4xx: indicates that the user requested by problems
5xx: internal server error
3. Common status codes:
- 200 OK
It indicates that the request is normally processed server
- 302 Found
Temporary redirect resources represents a request for a temporary move to another location
- 304 Not Modified
When the client sends a request expressed conditional, conditions are not met
- 400 Bad Request
It indicates that the request message syntax error or parameter error, server did not understand
- 403 Forbidden
Represents access to a resource request is rejected by the server
- 404 Not Found
It indicates that the server could not find the resource you requested
- 500 Internal Server Error
It means that the server performs the requested time wrong
Four, URL
The URL of: Uniform Resource Locator, uniform resource locator system, the network resources used to represent somewhere
- URL format:
- parameter = deal & id = 35 two parameters
- Parameters from? Start later, by a parameter between the first and second connection parameters &
Five, JDK
The JDK: Java Software Development Kit to help us run locally Java development tools
To copy the path to install the JDK 1. Download JDK
2. Configure Environment Variables
- win7 configuration environment variable:
Right click Computer -> Properties -> Advanced System Settings -> Advanced -> Environment Variables -> System Variables -> path, double-click into, and finally added to the variable value; with the installation path of JDK - > OK
- win10 configuration environment variable:
Right-click Computer -> Properties -> Advanced System Settings -> Advanced -> Environment Variables -> System Variables -> path, double-click the entry, enter the JDK installation path directly in the last blank line
Verify: input doc java -version in the command window, FIG echo information indicating successful configuration environment variable
Six, BurpSuite
BurpSuite:多功能渗透测试工具,渗透测试神器,使用JAVA开发,功能齐全,方便渗透测试人员去测试WEB站点
- 功能:爬虫、扫描、拦包、重发、爆破、解码和编码、比较等等
七、使用BP(BurpSuite的简称)拦截数据包
1.下载JDK,配置环境变量(上面有详细步骤)
2.下载一个火狐浏览器,并打开,找到foxyproxy,右击,设置代理服务器,设置过程如下图所示
- 代理服务器:代理网络用户去取得网络信息。形象地说,它是网络信息的中转站,是个人网络和Internet服务商之间的中间代理机构,负责转发合法的网络信息,对转发进行控制和登记
- 过程如图所示:
3.打开BP,点击Proxy --> Options配置,进入一下界面,可以看到BP默认监听8080端口
- Proxy是BurpSuite最核心的部分,通过拦截,查看和修改所有的请求和响应您的浏览器与目标Web服务器之间传递
4.点击Intercept截断 --> 关闭拦截状态Intercept is off(默认开启拦截状态)
- 这里若开启拦截,浏览网页时将请求包拦截,就无法得到服务器的响应,从而浏览不到界面
5.打开phpStudy,启动Apache2、FTP、MySQL
6.在phpstudy_pro/www/中,删掉文件info.php,新建index.html
7.打开火狐浏览器,右键foxyproxy开启代理服务器(或点击foxyproxy,在选择工作模式中修改),狐狸头变蓝,在地址栏中输入127.0.0.1
8.打开BP,开启拦截状态Intercept is on,等待或者刷新火狐浏览器界面,可以看到如图所示界面
- 这里可以看到,请求方式为GET
9.打开BP,关闭拦截状态,打开火狐浏览器,浏览任意网站
- 关闭BP,抓取其他请求包,但是在浏览网站时会出现以下界面
- 点击高级,发现下面没有添加例外,换个网站
- 添加例外后,就能访问了
10.抓取POST包,就要向指定资源提交表单或者上传文件,在发起请求之前,打开BP,开启拦截状态后,发起请求,BP就可以拦截到POST包
11.拦截响应包时,要将截断服务器响应的选项勾选,如下图所示
12.在拦截到POST请求包时,点击Forward发送,就可以查看到响应包
六、数据头中每个参数的含义
1.请求头中每个参数的含义:
| 参数 | 含义 |
| Host |
表示请求服务器的IP |
| User_Agent |
表示用户本地环境(工具环境) |
| Accept |
浏览器可解析的应用环境 |
| Accept-Language |
浏览器可解析的语言类型 |
| Accept-Encoding | 浏览器可解析的编码方式 |
| Referer | 表示请求页面是从哪里来的(当前所处位置) |
| Cookie | 表示服务器和浏览器之间的会话状态, 该会话状态可以表示用户是否登陆过, 一般都是服务器给配置的,具有时效性。 cookie失效,就需要用户重新登录, 只有登录成功之后,浏览器就会保存cookie, 每次去服务器去请求都会带上cookie, 并且该cookie是需要在服务器中验证的 |
| X-Forwarded-For | 表示用户真实的IP |
| Content-Type | 内容类型,表示该请求数据的类型 |
2.响应头中每个参数的含义:
| 参数 | 含义 |
| Data |
服务器发出响应的时间 |
| Server |
服务器的环境(如:fcgid表示Apache版本) |
| Content-Length |
返回来数据包的长度 |
| Connection | 连接状态 |
| Content-Type | 返回响应数据的类型,告诉浏览器该使用哪种 方式去解析或打开该响应数据的内容 |
| Location |
表示要跳转到哪个页面中 |
| Set-Cookie |
表示服务器给浏览器设置cookie的值 |