Small white diary 27:kali Penetration Testing Web Penetration-http Protocol Foundation, web

HTTP protocol Basics

Web technology development "http://www.cnblogs.com/ProgrammerGE/articles/1824657.html"

Static Web "Web page"

Dynamic Web

• belongs to an application
• Based on database
• Everyone sees something different.
• Returns different results based on user input

There are hundreds of types of web attacks

Web Attack surface

1. Network

2. OS

3. WEB Server

4. APP Server

5. Web Application

6. Database

7, Browser

HTTP protocol base "http://www.cnblogs.com/ksxs/articles/772140.html"

PlainText protocol, no secret security mechanism

No built-in confidentiality security mechanism

Sniff or proxy truncation to view all plaintext information

HTTPS can only improve transport layer security "can still do man-in-the-middle attack"

Man-in-the-middle attack (Forged certificate) "Http://www.cnblogs.com/LittleHann/p/3735602.html"

No status

Each client and server segment communication is a separate process

Web apps need to track client sessions (multi-step communication)

Applications that do not apply to cookies, clients are re-authenticated for each request "http://www.cnblogs.com/fish-li/archive/2011/07/03/2096903.html"

# #cookie等同与session ID

Session is used to track user behavior after user authentication "session will fail periodically"

• Improved user experience, but increased attack vectors

Cycle

Request/Response:

The important header

Set-cookie: Server to the client SessionID (there is a risk of theft, can impersonate someone else's identity)

Content-length: The byte length of the Response body section "for fuzzy testing"

Location: Redirect users to another page to identify which pages are allowed to access after authentication

Cookie: Information that the client sends back to the server to prove the state of the user (header: The value appears in pairs)

Referrer: Which page the user is on before initiating a new request, the server's security restrictions based on this header are easily modified to bypass

Host: Security restrictions based on host header are easily modified to bypass

Status code

The result type of the response when the status code of the server-side response is white gulls (5 large classes of more than 50 specific status codes)

View status code: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

100s: Server response information, usually indicates that the server has a follow-up process, and seldom appears

200s: Response result returned after the request was successfully accepted by the server and processed

300s: Redirect, usually redirected to a security page after authentication is successful (301/302)

400s: Indicates a client request error

1, 401: Authentication Required

2, 403: Access Denied

3, 404: Target not Found

500s: Server Internal Error (503: Service Unavailable)

Small white diary 27:kali Penetration Testing Web Penetration-http Protocol Foundation, web