Shulou(Shulou.com)06/01 Report--

Background: Google announced on February 9, 2018 that from July this year, Chrome browsers will mark all HTTP URLs as unsafe sites in the address bar.

Chrome 56, released by Google in January 2017, began to mark HTTP pages that require users to enter passwords or credit card information as "unsafe"; Chrome62, released in October 2017, began to mark HTTP pages that need to enter data and HTTP sites browsed in Incognito mode as "unsafe".

Two weeks ago, I had a phone interview with a company, and I encountered a question about http and https. The answer was not good at that time, so I consulted many materials and asked the great god around me. I summarized and sorted it out today, hoping to help you.

1. First of all, we need to understand what http and https are.

Http: hypertext transfer protocol, is a client-side and server-side request and response standard, used to transfer hypertext from the WWW server to the local browser transfer protocol, it can make browsers more efficient and reduce network transmission.

To put it simply, it is such a process:

Xiaoming told his browser father that I wanted to go to a store in Zhongguancun to pick up something (initiate a request)

The browser father wrote down what Xiaoming wanted on a list (generating HTTP protocol)

Then the browser father sent a threaded brother to the shop in Zhongguancun and handed the list to the shopkeeper, saying that Xiaoming wanted these things (for transmission).

The shopkeeper asked Thread to wait for a moment, and then went to the house to pick up Xiaoming's things (the server received a request)

After the shopkeeper took the things out, he also printed a list and asked the thread boy to take it back with the list and things (the server finished processing the request)

Then the thread boy goes back to the browser father and gives the list and items given by the server to the browser father, and the browser father checks the items according to the list (the browser processes the response)

Then pack the items to Xiaoming (browser render and render the interface)

Https:

Https protocol has one more s than http protocol, which literally means s=secure. Like http protocol, it is an application layer protocol and works on top of TCP protocol.

It's just that the data of https protocol is encrypted in the process of transmission. In essence, the HTTPS protocol adds a layer of SSL protocol to the TCP protocol to achieve the encryption operation (not exactly HTTPS is the HTTP protocol under the guise of SSL)

2. The difference between HTTPS and HTTP

The HTTP protocol works on port 80, and the HTTPS protocol works on port 443.

HTTPS needs to apply for a certificate (used to verify server identity)

HTTP can start to transmit data after the TCP three-way handshake establishes the connection; HTTPS protocol requires that the client and the server encrypt the SSL after the establishment of the TCP connection, determine the conversation key, and then begin to transmit data after the encryption is completed.

HTTPS protocol transmission is ciphertext, HTTP protocol transmission is plaintext

The general difference is on the above four points. In fact, the most important thing is the process of generating the conversation key by encrypting the conversation with the SSL protocol.

3. Http, https and other common default port numbers:

1. HTTP protocol proxy server commonly used port number: 808080Universe 3128According to 8081Universe 9080

two。 Common port number of SOCKS proxy protocol server: 1080

3. FTP (File transfer) Protocol proxy server commonly used port number: 21

4. Telnet (remote login) protocol proxy server common port: 23

HTTP server, default port number is 80/tcp (Trojan Executor opens this port)

HTTPS (securely transferring web pages) server, default port number is 443/tcp 443/udp

Telnet (unsecured text transfer). The default port number is 23/tcp (the port opened by Trojan Tiny Telnet Server).

FTP, the default port number is 21/tcp (ports opened by Trojans Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash and Blade Runner)

FTP (Trivial File Transfer Protocol), the default port number is 69/udp

SSH (secure login), SCP (file transfer), port redirection. The default port number is 22/tcp.

SMTP Simple Mail Transfer Protocol (E-mail), the default port number is 25/tcp (Trojan Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, WinSpy all open this port

POP3 Post Office Protocol (E-mail), the default port number is 110/tcp

WebLogic, the default port number is 7001

Webshpere application, the default port number is 9080

Webshpere management tool, the default port number is 9090

JBOSS, the default port number is 8080

TOMCAT, the default port number is 8080

WIN2003 remote login. The default port number is 3389.

Symantec AV/Filter for MSE, default port number is 8081

Oracle database, default port number is 1521

ORACLE EMCTL, the default port number is 1158

Oracle XDB (XML database), the default port number is 8080

Oracle XDB FTP service, default port number is 2100

MS SQL*SERVER database server, default port number is 1433/tcp 1433/udp

MS SQL*SERVER database monitor, default port number is 1434/tcp 1434/udp

Summary:

Http is the HTTP protocol that runs on TCP. All the transmitted content is in clear text, and neither the client nor the server can verify the identity of each other. Https is that HTTP runs on SSL/TLS and SSL/TLS runs on TCP. All the transmitted content is encrypted, and the encryption is symmetrically encrypted, but the symmetric encryption key is asymmetrically encrypted with the server's certificate. In addition, the client can verify the identity of the server, and if client authentication is configured, the server can also verify the identity of the client. To put it simply, it is the difference between encryption and non-encryption. For example, when you use a service in a public place, you use https when you have https. While http is transmitted in clear text, if someone catches the data packet, you can see the data in a http request.

Welcome to join the 51 software testing family, where you will get [latest industry information], [free test tool installation package], [software testing technology], [job interview skills]. 51 learn and grow with you! Looking forward to your joining: QQ Group: 755431660

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.