Http is the hypertext transfer protocol, which is the communication protocol of Web programs. Generally, the browser sends an http request, and the server sends an http request. There are two common methods for http requests: get and post. The get method is used to obtain resources. It can send parameters to the locked resources in the form of strings. Generally, the get method is not used to transmit sensitive data. The post method is used to perform operations. It can also send parameters in the form of strings, but the url tag does not contain any parameters sent by the message body.
Http message headers can be used in requests and responses. The following lists the message headers that may be encountered during penetration testing:
1 Connection the message header tells the other end of the communication whether the tcp Connection is closed or maintained after the http message transmission is completed.
2 Content-Encoding: the message header is used to specify the Encoding format of the message body Content, generally gzip.
3 Content-Length this message is used to specify the Length of the message body.
4. the Content-Type User specifies the Content Type of the message body. For example, the html document type is text/html.
5 Transfer-Encoding specifies the Encoding used for the message topic to facilitate http transmission.
6. Accept tells the server that the client needs to request the data, slice, and audio.
7. Accept-Encoding tells the Server Client to Accept the content Encoding.
8 Authorization is used to send a certificate to the server for a built-in http authentication.
9. The Cookie is used to submit to the server the cookie previously set for the browser.
10 Host is used to specify the Host name that appears in the requested complete URL.
11 Origin is used in cross-Origin Ajax requests, and the user instructs the requested domain.
12 Referer indicates the original URL of the current request.
13 The User-Agent User provides information about the User's browser or local client.
14 Access-Control-Allow-Origin indicates whether resources can be obtained through cross-Origin Ajax requests.
15 Expires indicates the validity period of the message body. During the validity period, the browser determines that the message body is the latest.
16 Location is used to specify the redirection target in the redirect response.
17. Server indicates the Server information.
18 Set-Cookie
This article by youthflies posted on the easy to trace online http://www.yeetrack.com /? P = 158