Past the post ：
i spring and autumn Web Penetration test engineer （ primary ） Learning notes （ Chapter one ）
i spring and autumn Web Penetration test engineer （ primary ） Learning notes （ Chapter two ）

3.1 HTTP Basic concepts of

HTTP agreement ( Hypertext transfer protocol HyperText Transfer Protocol), It is based on TCP Application layer transport protocol , In short, it is a rule for data transmission between client and server . It's a stateless protocol , There is no memory for transaction processing , Support customers / Server mode （C/S） End .

Format :http://host[":"port][abs_path]

3.2 TCP/IP Position in

It's an application layer protocol , It is in the protocol stack TCP Above , It is in TCP、TLS、SSL Above （PS: If in TLS、SSL Above is HTTPS,HTTP and HTTPS It's completely different ,HTTP The port of is 80, and HTTPS The port of is 443） The following figure HTTP Blocks cover Two layers of .

3.3 HTTP Request and response

3.3.1 request

Reference the packet capturing pictures in the original video ：

Message analysis ：
（1）HTTP Request status line ： The status line consists of three parts , Include Method character POST, Resource path （URI）,HTTP Version number

GET /newRelease/issue HTTP/1.1

（2） Access location ：

 Host:www.xxxxxx.com

（3） length ：

Content-Length:15

（4） Request header sent by browser , Used to indicate the type of resource you want ：

objectivecAccept:*/*

（5） Represents the entry section , Which website you first visited from will be listed later ：

Origin：http://www.xxxxxx.com

（6） Customer's own information , Contains the system version 、 name , Browser version 、 name , There can be no ：

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X10_10_ 4) 
AppleWebkit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36

（7） The URL to accept the request , And I will give you the website of the package ：

Referer:http://www.xxxxxx.com/main

（8） Specifies the encoding format accepted by the server ：

Accep-E ncoding: gzip, deflate

（9） Using language , font size ：

Accept- Language: zh-CN,zh;q=0.8

Request method ：
GET： Request for URI Identified resources
POST： stay URI New data is appended to the identified resource
HEAD： Request to get by URI The response header of the identified resource
PUT： Request the server to store or modify a resource , And use URI As its logo
DELETE： Request server delete URI Identified resources
TRACE： The request server sends back the received request information , Mainly used for testing or diagnosis
CONNECT： Keep it for future use
OPTIONS： Request query server performance , Or Query options and requirements related to resources

3.3.2 Respond to

Reference the packet capturing pictures in the original video ：
（1）HTTP Response status line ： The status line consists of three parts , Include HTTP Version of protocol , Status code , Text description of status code .

HTTP/1.1 200 OK

（2） Time ：

Date: Sun, 17 Jan 2016 18:57:24 GMT

（3）Content-Type And the one in front objectivecAccept similar ,charset Is the code

Content-Type: text/html ;charset=UTF-8

（4） length ：

Content- Length: 71059

（5） Keep connected ：

Connection: keep-alive

HTTP Response status code The status code consists of three digits ：
1 start ： instructions - Indicates that the request has been received , Continuing processing
2 start ： success - Indicates that the request was received successfully 、 understand 、 Handle
3 start ： Redirect - Further action must be taken to complete the request
4 start ： Client error - There is a syntax error when the user requests or the request cannot be implemented
5 start ： Server-side error - The server failed to implement legal request

Common status codes are as follows ：
200：OK - Client request successful
400： Client request has syntax error , Not understood by the server
401： Request not authorized , The status code must be equal to Authenticate Header fields are used together
403： The server receives the request , But refused to provide service , For example, authority issues
404：Not Found - The requested resource does not exist , For example, the wrong URL
500： An unexpected error occurred on the server
503： The server is currently unable to process the client's request , After a while , May return to normal

3.4 HTTP The head of the newspaper

HTTP The header is divided into 4 class ：
Ordinary headlines 、 Ask the head of the newspaper 、 Respond to the headlines 、 Physical header

3.5 Caught tools

Yes chrome、firefox、wireshark、 Kelai etc.