HTTP data packets & request methods & status code judgment & brute force encryption password & exploiting data packets

Preface

I am a beginner in network security who has been studying for two years. Thinking that I haven't studied systematically in the past two years, so I thought I would take a look at Xiao Di's course and combine my own understanding with Xiao Di's course, presenting it to everyone in the form of text + pictures. After watching Xiao Di's course, I really think that Xiao Di's course is the best! -- I watched the video from 2024

Learning Content

【Basic Entry】Day 10: HTTP Data Packets & Postman Construction & Request Methods & Request Header Modification & Status Code Judgment

Learning Address:【Xiao Di Security】Full Stack Network Security | Penetration Testing | Advanced Red-Blue Antagonism V2024 Latest Version (Complete) _ Bilibili

Learning Outline

Let's get started formally

Knowledge Point 1: HTTP Data Packets

The so-called man-in-the-middle attack we often talk about is actually a very simple thing. For example, the packet capture software we learned in our previous course, we can modify the data packet we captured, and thus complete an attack. For example: browser clicks on a feature point -> BP tool intercepts this data packet -> BP tool modifies this data packet -> sends it to our computer (server) -> our computer (server) sends it to BP tool -> BP tool sends it to the browser. This completes a man-in-the-middle attack~

Then the most common data packets we have are: GET data packets, POST data packets. What is the difference between these two data packets? The simplest difference is their location. GET data packets occur when we access the page, such as clicking on a feature point, clicking on different pages, etc., while POST data packets occur when we submit data, such as avatar upload, password modification, login, etc.

How to capture these data packets? 1. Use the built-in traffic capture of the browser 2. Use traffic interception tools for capture

The built-in traffic capture of the browser can be opened by clicking F12 in the browser.

If you want to set the console at the bottom, you can do so.

When we search for python, we can see that there are various data packets here, which are the various data packets generated by this search function.

As we can see, we are using the GET request for our search.

The second feature of the GET request also appeared, as we can see from our URL, there are many parameters: q=, qs=, etc., which is the second feature of the GET request, the parameters of the request are on the URL, that is, what specific parameters are used.

Some masters are puzzled, isn't it said on the internet that GET requests cannot pass parameters? This is a wrong statement, the most accurate statement should be that GET requests cannot pass large data parameters, that is, a large number of parameters, which means that it can pass parameters~

Of course, there may be newbies who ask how to know which data packet is GET and which is what. Don't worry, we will talk about it later. For now, just understand what a GET request is.

Here we use the BP tool for demonstration, if you don't understand how to use the BP tool, you can checkSixth day course

Example:

As you can see, simply accessing the domain name is a GET request without parameters

If we add parameters, they will also be reflected in the tool.

POST request

Can you see the difference? The difference is very simple, you can tell whether it is a POST request by whether there are parameters in the body.

This is a summary of POST and GET requests, and other requests can be ignored for the time being

What are the request header information? We can get to know the common ones

Summary:

This knowledge point allows us to understand the basic structure of data packets, request header + body part. It also allows us to distinguish the most common GET requests and POST requests in our penetration testing. In terms of security, POST requests are relatively safer. Of course, through the study of this lesson, we can actually capture and modify the parameter part of the POST request with tools, so there is no difference in security. The difference between GET and POST requests is that the size of the transmitted data is different, and whether the parameters are in the URL is different. It is worth noting that POST requests and GET requests can coexist (of course, this is not very rigorous, but this understanding will be simpler), that is, there are parameters in the URL and parameters in the body, which is what we call the coexistence of POST requests and GET requests.

Knowledge point two: The difference between mobile data packets and computer data packets

We will not capture the emulator data packets and PC terminal data packets, please refer to the sixth dayArticle

The mobile Baidu page is obviously different from the PC page, so how do they judge? Answer: User-Agent header

Mobile data packet, Android

Computer data packet, Windows

You can see that the User-Agent header is the main difference

Can you see the mobile interface with the browser? Answer: Yes

Just change it to:

The requested address is the same, we will replace the entire request packet with a mobile phone