Preface
Some of my friends, like me, want to find out what HTTP requests are initiated to those sites when a browser is used to access a site; the site's HTTP response; whether the domain names of these sites correspond to the Socket socket IP addresses output by the Shell terminal; the domain names, IP addresses, physical addresses, the contact between the domain name owner and the IP address owner; whether the system has malicious or illegal network connections... And so on.
This blog post is an open-source tool that is readily available and can be used as a practical and standardized process to achieve the above analysis tasks.
This tool set, process, and train of thought are applicable to any object you want to analyze (the site here), and the method proposed here is only used as a reference, the ultimate goal is to inspire everyone to think about related technologies, to find better debugging and analysis methods, so as to thoroughly understand what happened when accessing the site.
Prepare tools
Built-in Web Developer Tools in Firefox or other browsers
(Firefox developer tools are used here. The reason for not using the firebug plug-in is that its "network" analysis module is "powerful" without Firefox built-in Developer Tools ")
We mainly use its "network" module to view the URL-related HTTP request content sent by the browser and the site's HTTP Response content when accessing a website, in its "Viewer" module, locate the corresponding HTML Tag that triggers the browser request for other URLs.
Firefox NoScript plug-in
Additional installation is required. For more information, see the following section;
Scripts used to prohibit or allow sites and cross-origin scripts, which can block, intercept, and purify various types of cross-site scripts for malicious sites; we use it to analyze the list of Socket socket IP addresses before and after loading a website script, and compare the differences
Shell command line tool dig
Centos6.5 is installed by default, and can be updated to the latest version through Yum or RPM or the official website;
As a local client for DNS resolution, it sends resolution requests to the DNS server on the Internet;
We use this tool to map the domain names listed in the "network" module of the developer tool to the IP address of the socket Socket socket output by netstat on the shell terminal. Of course, you can also use NSlookup, even NSLookup on Windows platform, but it is not as powerful as dig
Apnic whois database query page
Http://www.apnic.net/
WHOIS database query page of CNNIC
Http://www.cnnic.net.cn/
Other websites that provide whois query and site-related information query services
Http://www.wmtips.com/tools/info/
Http://hosts-file.net/
These sites are used to query the object's domain name registration information, IP address registration information, network range, network block size, physical address, as autonomous domain number (if any), and so on, it is critical to have a deep understanding of the background information of the site and even the network topology.
Next, we will use my personal blog homepage URL as the test case to introduce the standardized analysis process. Before that, we need to download and install the Firefox NoScript plug-in. Official Website:
Http://noscript.net/
Refer to the following:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/A2/wKioL1QXh8OhPzhPABJn4HDhwho335.jpg "Title =" screenshot.jpg "alt =" wkiol1qxh8ohpzhpabjn4hdhwho335.jpg "/>
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/49/A2/wKioL1QXinaReRffAA0D7OXBFNw847.jpg "Title =" screenshot.jpg "alt =" wkiol1qxinarerffaa0d7oxbfnw847.jpg "/>
Confirm that NoScript has been installed and enabled for Firefox access
Http://shayi1983.blog.51cto.com/
Note the NoScript status bar at the bottom. The left side is the number of scripts allowed or prohibited on the current page and the total number of HTML tags used to introduce scripts; click the option on the right to allow or disable a script of the same domain or cross-domain introduced on the current page,
For test convenience, we intercept all the scripts introduced by all sites including the site shayi1983.blog.51cto.com, refresh the page, open a shell terminal, and execute
Run the netstat-antupeo command to view the opened network connection:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/49/A2/wKiom1QXndOQ_cA_ABCACxFS7D8471.jpg "Title =" screenshot.jpg "alt =" wkiom1qxndoq_ca_abcacxfs7d8471.jpg "/>
This article from the "freedom, equality, sharing, mutual assistance" blog, please be sure to keep this source http://shayi1983.blog.51cto.com/4681835/1553095
Use the browser's developer tool and dig command line tool to analyze the network connection and HTTP request and response during site access