Shulou(Shulou.com)06/03 Report--

Today, I will talk to you about the basic knowledge needed for web infiltration, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Web permeates basic knowledge

Network foundation

IP protocol

IP protocol is defined in the third layer of OSI-RM-Network layer.

The IP protocol is connectionless, and the node routers in the IP network address according to the header IP address of each IP packet, so that IP packets belonging to the same packet sent by the same host may reach the destination host through different paths.

The TCP/IP protocol does not fully conform to the seven-layer reference model of OSI.

These seven floors range from low-level to high-level:

1 physical layer, 2 data link layer, 3 network layer, 4 transport layer, 5 session layer, 6 presentation layer, 7 application layer.

The high level (that is, layers 7, 6, 5, 4) defines the functions of the application.

The lower three layers (that is, layers 3, 2, and 1) are mainly oriented to the end-to-end data flow through the network.

On the other hand, the TCP/IP communication protocol adopts a four-layer hierarchical structure, and each layer calls the network provided by its next layer to complete its own requirements.

The four layers are:

Application layer, transport layer, interconnection network layer, network interface layer.

UDP protocol

UDP is a user Datagram protocol and a connectionless transport layer protocol in the OSI reference model.

UDP does not provide packet grouping, assembly and sorting of packets, that is to say, when a message is sent, it is impossible to know whether it arrives safely and completely.

TCP protocol

TCP is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by RFC 793of IETF.

The application layer sends an 8-bit byte data stream to the TCP layer for internetwork transmission, and the TCP then divides the data flow into message segments of appropriate length (usually limited by the maximum transmission unit (MTU) of the data link layer of the network to which the computer is connected). The TCP then passes the resulting packet to the IP layer, which transmits the packet over the network to the TCP layer of the receiving entity. In order to ensure that packet loss does not occur, TCP gives each packet a sequence number, which also ensures the sequential reception of packets transmitted to the receiving entity. Then the receiver entity sends back a corresponding acknowledgment (ACK) to the packet that has been successfully received; if the sender entity does not receive the acknowledgement within a reasonable round-trip delay (RTT), then the corresponding packet is assumed to have been lost and will be retransmitted. TCP uses a checksum function to check for errors in the data; a checksum is calculated both when sending and receiving.

Brief introduction of TCP three-way handshake and four-time waving

Three-way handshake

The first handshake: if the client wants to communicate with the server, it first informs the server, and then sends out a SYN=1 connection request signal, "Brother, I want to talk to you."

Second handshake: when the server receives a connection request from the client, it gives the client a confirmation message, "I know (ACK), my side is ready, can you connect now (SYN)?"

The third handshake: when the client receives the confirmation message from the server, politely inform the server, "OK, let's start ACK".

At this point, the whole process of establishing a connection is over, and then there is the process of communicating and transmitting information between you and me, and even at the same time.

Waving four times

Wave for the first time: the communication between the two sides is almost done, and the client has already ended, and the next step is to disconnect the communication connection, so tell the server "I'm done (FIN)", and then form a state waiting for the connection to end.

The second wave: the server knows that the client has nothing to say, and the server still has two words to say to the client, "I know you are done (ACK), I will give you two more words, & * …% ¥".

The third wave: at this time, the client is still waiting for the end, the server is finished, and the client is waiting for the connection to be closed, and tells the client, "I'm done, let's FIN."

The fourth wave: the client knows that the server has finished, and it should also tell the server (ACK), because the connection and disconnection can only be disconnected by pressing the shutdown operation. At the same time, the client defines a timer for itself, because it does not know whether the sentence just said can accurately reach the server (network instability or other network reasons).

The default time is the sum of the maximum time of the two communications. Beyond this time, the server has received its own confirmation message by default, and the client closes its own connection. As soon as the server receives the confirmation notification from the client, it immediately closes the server-side connection. This is the end of the whole communication process between the two sides.

Let me make it clear here:

Breaking the link is not necessarily the client, anyone can initiate the disconnect instruction first, and there is no fixed standard between the client and the server, and the one who initiates the request first is the client.

Why use the three-way handshake?

Suppose the following exception:

The client sent the first request message to the server, but the message was not discarded in the network, but was blocked somewhere for a long time, and the client could not receive confirmation from the server, thinking that the message was lost, so it re-sent the message. This time the message successfully arrived at the server. If the three-way handshake is not used, the server only needs to confirm the message and establish a connection. After this connection is established and released, the message that is blocked in the network for the first time reaches the server, and the server thinks that the client has sent another connection request (in fact, the connection has already expired at the client). It sends another confirmation to the client, but the client thinks that he did not send the request message, so it ignores the acknowledgment sent by the server. The server thinks that a new connection has been established, so it has been waiting for A to send data, resulting in a waste of server resources and security risks. Therefore, if you use the three-way handshake mechanism, the server sends the confirmation and does not receive the confirmation from the client, so it knows that the connection is not established, so resources will not be wasted on this meaningless wait.

Does TCP/IP refer to these two agreements?

TCP/IP (Transmission Control Protocol / Internetwork Protocol) is a network communication protocol, which standardizes all communication devices on the network, especially the data exchange format and transmission mode between one host and another host.

Sliding window protocol

Sliding window protocol, an application of TCP protocol, is used to control the flow of network data transmission to avoid congestion.

The protocol allows the sender to send multiple data packets before stopping and waiting for acknowledgment. Because the sender does not have to stop and wait for confirmation every time a packet is sent, the protocol can accelerate data transmission and improve network throughput.

HTTP

HTTP is a hypertext transfer protocol, which is the most widely used network protocol on the Internet. All WWW files must comply with this standard.

Typically, the HTTP client initiates a request to establish an TCP connection to the server's designated port (the default is port 80). The HTTP server listens for requests sent by the client on that port. Once a request is received, the server sends back a status line, such as "HTTP/1.1 200 OK", and (responding) a message, which may be the requested file, error message, or other information.

The reason HTTP uses TCP instead of UDP is that a web page must transmit a lot of data, while the TCP protocol provides transmission control, sequential organization of data, and error correction.

Resources requested through the HTTP or HTTPS protocol are identified by a uniform resource identifier (or, more accurately, URLs).

HTTPS

HTTPS is a secure socket layer hypertext transfer protocol, a HTTP channel aimed at security, which is simply the secure version of HTTP.

The Hypertext transfer Protocol (HTTP) is used to pass information between Web browsers and web servers. HTTP protocol sends content in clear text and does not provide data encryption in any way. if an attacker intercepts the transmission message between Web browser and website server, he can read the message directly, so HTTP protocol is not suitable to transmit some sensitive information, such as credit card number, password and so on.

In order to solve this defect of HTTP protocol, we need to use another protocol: secure socket layer hypertext transfer protocol HTTPS. For the security of data transmission, HTTPS adds SSL protocol on the basis of HTTP. SSL relies on certificates to verify the identity of the server and encrypt the communication between the browser and the server.

HTTP hijacking

Https only encrypts in transmission, Https public key encryption, private key decryption, public key private key generated by asymmetric encryption algorithm.

Https hijacking:

The client sends a request to the server, and the server returns a public key CA certificate from the client. After getting the public key certificate, the client randomly generates a symmetric key at the client. The symmetric key is used to encrypt all subsequent data traffic, and then the symmetric key is encrypted and sent to the server. If the server has a private key corresponding to the public key, it is decrypted.

The main differences between HTTPS and HTTP are as follows:

1. For https protocol, you need to apply for a certificate from ca. Generally, there are few free certificates, and you need to pay a fee.

2. Http is a hypertext transmission protocol, information is plaintext transmission, and https is a secure ssl encryption transmission protocol.

3. Http and https use completely different connection methods and different ports. The former is 80 and the latter is 443.

4. The connection of http is very simple and stateless; HTTPS protocol is a network protocol built by SSL+HTTP protocol for encrypted transmission and identity authentication, which is more secure than http protocol.

Note:

Stateless (the protocol has no memory for transactions, life is just the beginning): each communication between the client and the server is an independent process, Web applications need to track client sessions (multi-step communication), applications that do not use Cookies, the client has to re-authenticate every request (unrealistic), Session is used to track user behavior after user authentication (improve user experience, but increase attack traffic)

DNS domain name resolution

The client issues a DNS request to translate the IP address or hostname. After the DNS server receives the request from the client:

1. Check the cache of the DNS server. If you find the address or name of the request, send a reply message to the client.

2. if it is not found, look it up in the database. If you find the address or name of the request, you will send a reply message to the client.

3. If it is not found, the request is sent to the root domain DNS server, and the top-level domain is searched from the root domain in order. The top-level domain looks for the second-level domain, and the second-level domain looks for the third level until the address or name to be resolved is found, that is, the reply message is sent to the DNS server of the client's network. After receiving the reply, the DNS server now stores it in the cache, and then sends the parsing result to the client.

4. If it is not found, an error message is returned.

After reading the above, do you have any further understanding of the basic knowledge needed for web penetration? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.