Home>Article> What basic knowledge is required for web penetration?

What basic knowledge is required for web penetration?

青灯夜游
青灯夜游 Original
2020-07-24 13:18:58 5546browse

What basic knowledge is required for web penetration?

Basic Knowledge of Web Penetration

Network Basics

IP protocol

IP protocol is defined in the third layer of OSI-RM————Network layer

IP protocolFor connectionless, node routers in the IP network are addressed according to the IP address of the header of each IP packet, so that IP packets belonging to the same message sent by the same host may go through different path to the destination host.

The TCP/IP protocol does not fully comply with the OSI seven-layer reference model.

These7layers from low to high:

1 physical layer, 2 data link layer, 3 network layer, 4 Transport layer, 5 session layer, 6 presentation layer, 7 application layer.

The upper layers (i.e., layers 7, 6, 5, and 4) define the functions of the application.

The lower three layers (i.e., layers 3, 2, and 1) are mainly for The end-to-end data flow of the network.

The TCP/IP communication protocol adopts a 4-layer hierarchical structure. Each layer calls the network provided by the next layer to complete its own needs.

These4layers are:

Application layer, transport layer, interconnection network layer, and network interface layer.

UDP protocol

UDP is the User Datagram Protocol, which is aConnectionless## in the OSI reference model#Transport Layer Protocol.

UDP has the disadvantage that

does not provide packet grouping,assemblyandcannot sort packets, that is to say, when the message Once sent, there is no way of knowing whether it has arrived safely and intact.

TCP protocol

TCP is a

connection-oriented,reliable, based TheTransport layercommunication protocol for byte streams is defined by IETF's RFC 793.

The application layer sends a data stream represented by 8-bit bytes for inter-network transmission to the TCP layer, and then TCP partitions the data stream into segments of appropriate length (usually affected by the network to which the computer is connected). The

maximum transmission unit (MTU) limit of the data link layer).

Then TCP passes the result packet to the IP layer, which transmits the packet to the TCP layer of the receiving entity through the network. In order to ensure that packet loss does not occur, TCP gives each packet a sequence number. At the same time, the sequence number also ensures that the packets transmitted to the receiving end entity are received in order.

Then the receiving entity sends back a correspondingacknowledgment (ACK

) for the successfully received packet; if the sending entity is within a reasonable

round trip delay (RTT## If no acknowledgment is received within #), the corresponding data packet is assumed to have been lost and will beretransmitted. TCP uses achecksum functionto check whether the data has errors;the checksummust be calculated when sending and receiving.Brief description of TCP three-way handshake and four-way wave

Three-way handshake

First time Handshake:To communicate with the server, the client must first inform the server, and then send a connection request signal of

SYN=1

, "Brother server, I want to give you say something".Second handshake:When the server receives the client's connection request, it must give the client a confirmation message, "I understand

(ACK

) , I'm ready, can you connect now(SYN)".The third handshake:When the client receives the confirmation connection information from the server, it must politely inform the server, "Okay, let's start the connection

(ACK

)".The entire process of establishing a connection has ended. The next step is the process of the two parties communicating and transmitting information at the same time.

Waving four times

The first wave: The two parties have almost communicated,At this time the client has also ended, the next step is Disconnect the communication connection, so tell the server "I'm done

(FIN

)". At this time, it is in a state of waiting to end the connection.

Waving for the second time: The server knows that the client has nothing to say.The server still has two things to say to the client, "I know you have finished speaking( ACK), let me tell you a few more words, &*……%¥”.

Waving for the third time:At this time, the client is all ears and continues to wait for the end, and the server has finished speaking.It is now in a state of waiting to close the connection and tells the client , "I'm done, let's break it off(FIN)".

Waving for the fourth time:The client knows that the server has finished speaking, and it also needs to tell the server (ACK), because the connection and disconnection require both parties to press the close operation. On, the client also defines a timer for itself, because it does not know whether the sentence just said can accurately reach the server (network instability or other network reasons caused by other factors),

The default time is set It is the sum of the maximum time of the two communications. Beyond this time, it is assumed that the server has received its own confirmation information.At this time, the client closes its own connection. Once the server receives the confirmation notification from the client, Immediately close the server-side connection.The entire communication process between the two parties ends at this point.

A statement should be made here:

It is not necessarily the client who disconnects the link. Anyone can initiate the disconnection command first. In addition, there is no fixed standard between the client and the server. Who initiates it first? Whoever makes the request is the client.

Why use the three-way handshake mechanism?

Assume the following abnormal situation:

The client sent the first request message to the server, but the message was not discarded in the network, but It is blocked somewhere for a long time, and the client cannot receive confirmation from the server. It thinks that the message is lost, so it resends the message. This time the message successfully reaches the server. If the three-way handshake is not used, the server only needs to The message is acknowledged and a connection is established.

After the connection is established and released, the first message sent and blocked in the network reaches the server. The server thinks that the client has resent a connection request (actually in At the client side, the connection has already expired), and another confirmation is sent to the client.

But the client thought that he did not send the request message, so it ignored the confirmation sent by the server, and the server thought that a new connection was established, so it kept waiting for A to send data,caused It is a waste of server resources and may cause security risks.

Therefore, if the three-way handshake mechanism is used, after the server sends the confirmation and does not receive the confirmation from the client, it knows that the connection has not been established, so resources will not be wasted on this meaningless waiting on.

Does TCP/IP refer to these two protocols?

TCP/IP(Transmission Control Protocol/Internet Protocol) is a network communication protocol that regulates all Communication equipment, especially the format and transmission method of data exchange between one host and another host.

Sliding Window Protocol

The sliding window protocol is an application of the TCPprotocol and is used forFlow control during network data transmissionto avoid congestion.

This protocol allows the sender to send multiple data packets before stopping and waiting for acknowledgment.Because the sender does not have to stop and wait for confirmation every time a packet is sent, this protocol can speed up the transmission of data andimprove network throughput.

HTTP

##HTTP is

Hypertext Transfer ProtocolIt is the most widely used network protocol on the Internet.All WWWdocuments must comply with this standard.

Usually,

the HTTPclient initiates a request to establish aTCP## to the specified port of the server (default is 80port) #connect.HTTPThe server listens on that port for requests sent by the client. Oncereceives the request, the server sends back (to the client) astatus line, such as "HTTP/1.1 200 OK", and a (response) message, whose message body may Is the requested file, error message, or some other information.

HTTPThe reason for using TCPinstead of UDP is that (opening) a web page must transmit a lot of data, and the TCP protocol provides transmission control, organization of data in order, and error correction.

Resources requested via the HTTP or HTTPS protocols are identified byUniform Resource Identifiers(or, more accurately, URLs).

HTTPS

HTTPS isSecure Sockets Layer Hypertext Transfer Protocol,a security-focused HTTP channel , simply speaking, it is the secure versionofHTTP.

Hypertext Transfer Protocol The HTTP protocol is used to transfer information between web browsers and website servers. The HTTP protocol sends content inplaintext, anddoes not provide any form of data encryption. If an attacker intercepts the transmission message between the web browser and the website server, he can read it directly. Understand the information, so the HTTP protocol is not suitable for transmitting some sensitive information, such as credit card numbers, passwords, etc.

In order to solve this shortcoming of the HTTP protocol, another protocol needs to be used:Secure Sockets Layer Hypertext Transfer Protocol HTTPS. For the security of data transmission, HTTPSadds the SSLprotocol on the basis of HTTP.SSLrelies on certificates to verify the identity of the server and provide communication between the browser and the server. Communication encryption.

HTTP Hijacking

HttpsEncryption in transit only, HttpsPublic key encryption, Private key decryption,public key and private key are generatedby asymmetric encryption algorithm.

Https hijacking:

The client sends a request to the server,The server returns a public key CAcertificate to the client, and after the client gets the public key certificateRandomly generate a symmetric keyon the client. Thissymmetric keywillbe used to encrypt all subsequent data traffic, and then thesymmetric key will use the public key Encryptand send it to the server.The server has the private keycorresponding to the public key, and then decrypts it.

The main differences between HTTPS and HTTP are the following four points:

1. The https protocol requirescaApply for Certificate, generally there are few free certificates and you need to pay a fee.

2. http is a hypertext transfer protocol, and information isclear text transmission, while https is a securesslencrypted transmissionprotocol.

3. http and https use completely different connection methods, and the ports used are also different.The former is 80,the latter is 443.

4. The http connection is very simple and isstateless; the HTTPS protocol is constructed from theSSL HTTPprotocoland can be#Encrypted transmission, identity authenticationnetwork protocol is more secure than the http protocol.

Note:

Stateless (the protocol has no memory for transaction processing, life is only like the first meeting):Every communication between the client and the server is an independent process, Web applications need to track client sessions (multi-step communication), applications that do not use Cookies, the client must re-authenticate for each request (unrealistic), Session is used to track user behavior traces after user authentication (improved User experience, but increases attack traffic)

DNS domain name resolution

The client issues a DNS request to translate the IP address or host name.DNS server After receiving the client's request:

1,Check the cache of the DNSserver. If the requested address or name is found, a response message is sent to the client

2. If not found, searchin thedatabase. If the requested address or name is found, a response message is sent to the client

3. If not found, thenSend the request to the root domain DNSserver, and sequentiallysearch for the top-level domain from the root domain, then search for the second-level domain from the top-level, and then search for the third-level domain from the second-level domain until the domain to be resolved is found. Address or name, that is, a response message is sent to the DNS server of the network where the client is located. After receiving the response, the DNS server now stores it in the cache, and then sends the parsing result to the client

4. If not found, thenReturn error message

For more related knowledge, please visit:PHP Chinese website!

The above is the detailed content of What basic knowledge is required for web penetration?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn