* This blog only as a personal note and study reference
Packet analysis of the Get method
Hypertext Transfer Protocol
get/http/1.1\r\n #请求行信息 #
[Expert Info (chat/sequence): get/http/1.1\r\n] #专家信息 #
Request Method:get #请求的方法 #
Request URI:/#请求的URI #
Request version:http/1.1 #请求的版本 #
host:www.boomgg.cn\r\n #请求主机 #
connection:keep-alive\r\n #使用持久链接 #
upgrade-insecure-requests:1\r\n #升级不安全请求 #
user-agent:mozilla/5.0 (Windows NT 6.1; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/55.0.2883.87 safari/537.36\r\n #浏览器类型 #
ACCEPT:TEXT/HTML,APPLICATION/XHTML+XML,APPLICATION/XML;Q=0.9,IMAGE/WEBP,/; q=0.8\r\n #请求的类型 #
Accept-encoding:gzip, deflate, sdch\r\n #请求的编码格式 #
accept-language:zh-cn,zh;q=0.8\r\n #请求语言 #
cookie:cnzzdata155540=cnzz_eid%3d2093723420-1483596271-%26ntime%3d1483596271\r\n #Cookie信息 #
Cookie pair:cnzzdata155540=cnzz_eid%3d2093723420-1483596271-%26ntime%3d1483596271\r\n #Cookie对 #
[Full Request uri:http://www.boomgg.cn/] #请求的URI全称 #
[HTTP request 1/3] #HTTP请求进度 #
[Response in Frame:12] #响应帧 #
[Next request in frame:15] #下一个请求帧 #
Hypertext Transfer Protocol
http/1.1 ok\r\n #响应行信息 #
[Expert Info (chat/sequence): http/1.1-ok\r\n] #专家信息 #
Request version:http/1.1 #请求版本 #
Status code:200 #状态码 #
Response phrase:ok #响应短语 #
Date:tue, 2017 07 : 34:36 gmt\r\n #响应时间 #
server:apache/2.4.6 (CentOS) php/5.4.16\r\n #服务器信息 #
Last-modified:tue, June 2014 16:00:47 gmt\r\n #上一次修改 #
ETag: "4b8d-4fc0a3f32a9c0" \ r \ n #上一次修改标识 #
accept-ranges:bytes\r\n #接收范围 #
Content-length: 19341\r\n #内容长度 #
Keep-alive:timeout=5, max=99\r\n #保持响应时间, and maximum value #
connection:keep-alive\r\n #使用持久链接 #
content-type:text/css\r\n #响应的内容类型 #
[HTTP Response 2/3] #HTTP响应 #
[time since request:0.423110000 seconds] # Response usage Length #
[Prev request in Frame:5] #上一个请求的帧 #
[Prev response in Frame:12] #上一个响应的帧 #
[request in frame:15] #请求的帧 #
[Next request in frame:47] #下一个请求的帧 #
[Next response in frame:59] #下一个响应的帧 #
File data:19341 bytes #文件数据大小 #
line-based text Data:text/css #数据 #
Packet analysis of the POST method
Basic Ibid.
Hypertext Transfer Protocol
Post/login.aspx http/1.1\r\n
[Expert Info (chat/sequence): post/login.aspx http/1.1\r\n]
[Post/login.aspx http/1.1\r\n]
[Severity Level:chat]
[Group:sequence]
Request Method:post
Request URI:/login.aspx
Request version:http/1.1
host:192.168.1.113\r\n
connection:keep-alive\r\n
content-length:232\r\n
[Content length:232]
cache-control:max-age=0\r\n
origin:http://192.168.1.113\r\n
upgrade-insecure-requests:1\r\n
user-agent:mozilla/5.0 (Windows NT 6.1; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/55.0.2883.87 safari/537.36\r\n
content-type:application/x-www-form-urlencoded\r\n
ACCEPT:TEXT/HTML,APPLICATION/XHTML+XML,APPLICATION/XML;Q=0.9,IMAGE/WEBP,/; q=0.8\r\n
referer:http://192.168.1.113/login.aspx\r\n
Accept-encoding:gzip, deflate\r\n
accept-language:zh-cn,zh;q=0.8\r\n
cookie:cnzzdata155540=cnzz_eid%3d1111972901-1485847397-%26ntime%3d1485847397\r\n
Cookie pair:cnzzdata155540=cnzz_eid%3d1111972901-1485847397-%26ntime%3d1485847397
\ r \ n
[Full request uri:http://192.168.1.113/login.aspx]
[HTTP Request 3/5]
[Prev request in frame:103]
[Response in frame:116]
[Next request in frame:117]
File data:232 bytes
HTML Form URL encoded:application/x-www-form-urlencoded
Form Item: "VIEWSTATE "="/wepdwullte2ndixodkzmtdkzj7mzhenuufxodvtoykvaxvn0yfdfhjukeo48w8qcgna "
Form Item: "Eventvalidation "="/wewbakgrjh+cqlr/4hfaglpyszgdqkr1yrvcg3y+w/qsnhr3jldwqbq34u2wh/m2l3/ijydfw7qhppt "
Form item: "UserID" = "Kemin" #这里可以看到发送的用户名
Form item: "Userpass" = "Fang" #这里可以看到发送的密码
Form item: "Log" = "Login"
Basic Ibid.
Hypertext Transfer Protocol
http/1.1 + ok\r\n
[Expert Info (chat/sequence): http/1.1 Ok\r\n]
[http/1.1 ok\r\n]
[Severity level:chat]
[group:sequence]
Request version:http/1.1
Status code:200
Response phrase:ok
cache-control:private\r\n
content-type:text/html; charset=utf-8\r\n
content-encoding:gzip\r\n
vary:accept-encoding\r\n
server:microsoft-iis/7.5\r\n
X-AspNet-Version: 4.0.30319\r\n
x-powered-by:asp.net\r\n
Date:tue, 07:43:17 gmt\r\n
content-length:1434\r\n
[ Content length:1434]
\ r \ n
[HTTP response 4/5]
[time since request:0.102894000 seconds]
[Prev request in FRA ME:114]
[Prev response in frame:116]
[request in frame:117]
[next Request in frame:133]
[Next response in FRAME:176]
content-encoded entity Body (gzip): 1434 bytes, 2563 bytes
File data:2563 bytes
line-based text data:text/html
Interpretation of HTTP protocol packets for Wireshark packet analysis