Shulou(Shulou.com)06/01 Report--

As mentioned earlier, all HTTP communications are constructed as a pair of HTTP requests and HTTP responses, and the HTTP protocol request and response messages are made up of "first header" and "body body". The body part is the data of the request and response, and the first part defines the content format of the request and response.

1.HTTP request

For the HTTP request message, it mainly consists of three parts: the request line, the request header and the request body. There are usually two blank lines separated between the request header and the request body.

The following picture shows the request message intercepted with Burpsuite.

The first line of the HTTP request message is the request line, and the request line of this message is "GET / HTTP/1.1".

The request line consists of three parts:

The first part "GET" indicates that the request uses the GET method; the second part "/" indicates that the page requested to visit, "/" refers to the root directory of the site, that is, to visit the home page of the site. It can be combined with the Host field of the request header to form a complete request URL: "× × w.51cto.com/" the third part "HTTP1.1" indicates the HTTP protocol version used, and the HTTP1.1 version is currently used.

For this message, because the GET method is used, there is no request body. From the second line to the last line, it belongs to the request header (also known as the message header), according to which the server obtains the information of the client. We should be familiar with the contents of the request header, which will be described in more detail later.

The request body is optional, and it most often appears in the POST request method. For example, when you open a user login page, the intercepted HTTP request contains three complete components.

2.HTTP response

Generally speaking, the HTTP response message consists of three parts: the response line, the response header and the response body.

The following picture is a response message.

The first behavior response line of the HTTP response, where there is the HTTP version (HTTP/1.1), the status code (200), and the message "OK". The blank behavior response header from the second line to the end is sent by the server to the client. The response header is followed by the response body, which is the HTML data sent by the server to the client.

Both the status code and the response header in the response message are important, which will be described in more detail later.

3. Example: you must make him stop

BugKu http://123.206.87.240:8002/web12/

After opening the web page, I found that the page was constantly refreshing. Looking at the source code, you can find that the page refresh is achieved through a Javascript script.

According to the prompt "Stop at panda! u will get flag" on the page, observe that each time the page is refreshed

The source of the image specified by the src attribute in the tag also changes, so you can speculate that flag should appear when the specified picture is displayed. But flag is output through the a tag, and the a tag adds a style= "display:none" attribute, that is, so that the content of the a tag is not displayed on the page. So even if you refresh to the appropriate picture, you will not see flag on the page, but can only view it through the source code.

After understanding the principle, the next step is very simple. We can send HTTP requests repeatedly through the Repeater module in Burpsuite, and the HTTP response returned each time should be constantly changing, and you can see the source code of the response directly. Sure enough, when 10.jpg is displayed, flag comes out.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.