What basic knowledge is required for web penetration?

Basic Knowledge of Web Penetration

Network Basics

IP protocol

IP protocol is defined in the third layer of OSI-RM————Network layer

IP protocol For connectionless, node routers in the IP network are addressed according to the IP address of the header of each IP packet, so that IP packets belonging to the same message sent by the same host may go through different path to the destination host.

The TCP/IP protocol does not fully comply with the OSI seven-layer reference model.

These7 layers from low to high:

1 physical layer, 2 data link layer, 3 network layer, 4 Transport layer, 5 session layer, 6 presentation layer, 7 application layer.

The upper layers (i.e., layers 7, 6, 5, and 4) define the functions of the application.

The lower three layers (i.e., layers 3, 2, and 1) are mainly for The end-to-end data flow of the network.

The TCP/IP communication protocol adopts a 4-layer hierarchical structure. Each layer calls the network provided by the next layer to complete its own needs.

These 4 layers are:

Application layer, transport layer, interconnection network layer, and network interface layer.

UDP protocol

UDP is the User Datagram Protocol, which is a Connectionless## in the OSI reference model #Transport Layer Protocol.

UDP has the disadvantage that

does not provide packet grouping, assembly and cannot sort packets, that is to say, when the message Once sent, there is no way of knowing whether it has arrived safely and intact.

TCP protocol

TCP is a

connection-oriented, reliable, based The Transport layer communication protocol for byte streams is defined by IETF's RFC 793.

The application layer sends a data stream represented by 8-bit bytes for inter-network transmission to the TCP layer, and then TCP partitions the data stream into segments of appropriate length (usually affected by the network to which the computer is connected). The

maximum transmission unit (MTU) limit of the data link layer).

Then TCP passes the result packet to the IP layer, which transmits the packet to the TCP layer of the receiving entity through the network. In order to ensure that packet loss does not occur, TCP gives each packet a sequence number. At the same time, the sequence number also ensures that the packets transmitted to the receiving end entity are received in order.

Then the receiving entity sends back a corresponding acknowledgment (ACK

) for the successfully received packet; if the sending entity is within a reasonable

round trip delay (RTT## If no acknowledgment is received within #), the corresponding data packet is assumed to have been lost and will be retransmitted. TCP uses a checksum function to check whether the data has errors; the checksum must be calculated when sending and receiving. Brief description of TCP three-way handshake and four-way wave

Three-way handshake

First time Handshake: To communicate with the server, the client must first inform the server, and then send a connection request signal of

SYN=1

, "Brother server, I want to give you say something". Second handshake: When the server receives the client's connection request, it must give the client a confirmation message, "I understand

(ACK

) , I'm ready, can you connect now (SYN)". The third handshake: When the client receives the confirmation connection information from the server, it must politely inform the server, "Okay, let's start the connection

(ACK

)". The entire process of establishing a connection has ended. The next step is the process of the two parties communicating and transmitting information at the same time.

Waving four times

The first wave: The two parties have almost communicated, At this time the client has also ended, the next step is Disconnect the communication connection, so tell the server "I'm done

(FIN

)". At this time, it is in a state of waiting to end the connection.

Waving for the second time: The server knows that the client has nothing to say. The server still has two things to say to the client, "I know you have finished speaking( ACK), let me tell you a few more words, &*……%￥”.

Waving for the third time: At this time, the client is all ears and continues to wait for the end, and the server has finished speaking. It is now in a state of waiting to close the connection and tells the client , "I'm done, let's break it off(FIN)".

Waving for the fourth time: The client knows that the server has finished speaking, and it also needs to tell the server (ACK), because the connection and disconnection require both parties to press the close operation. On, the client also defines a timer for itself, because it does not know whether the sentence just said can accurately reach the server (network instability or other network reasons caused by other factors),

The default time is set It is the sum of the maximum time of the two communications. Beyond this time, it is assumed that the server has received its own confirmation information. At this time, the client closes its own connection. Once the server receives the confirmation notification from the client, Immediately close the server-side connection. The entire communication process between the two parties ends at this point.

A statement should be made here:

It is not necessarily the client who disconnects the link. Anyone can initiate the disconnection command first. In addition, there is no fixed standard between the client and the server. Who initiates it first? Whoever makes the request is the client.

Why use the three-way handshake mechanism?

Assume the following abnormal situation:

The client sent the first request message to the server, but the message was not discarded in the network, but It is blocked somewhere for a long time, and the client cannot receive confirmation from the server. It thinks that the message is lost, so it resends the message. This time the message successfully reaches the server. If the three-way handshake is not used, the server only needs to The message is acknowledged and a connection is established.

After the connection is established and released, the first message sent and blocked in the network reaches the server. The server thinks that the client has resent a connection request (actually in At the client side, the connection has already expired), and another confirmation is sent to the client.

But the client thought that he did not send the request message, so it ignored the confirmation sent by the server, and the server thought that a new connection was established, so it kept waiting for A to send data, caused It is a waste of server resources and may cause security risks.

Therefore, if the three-way handshake mechanism is used, after the server sends the confirmation and does not receive the confirmation from the client, it knows that the connection has not been established, so resources will not be wasted on this meaningless waiting on.

Does TCP/IP refer to these two protocols?

TCP/IP (Transmission Control Protocol/Internet Protocol) is a network communication protocol that regulates all Communication equipment, especially the format and transmission method of data exchange between one host and another host.

Sliding Window Protocol

The sliding window protocol is an application of the TCP protocol and is used for Flow control during network data transmission to avoid congestion.

This protocol allows the sender to send multiple data packets before stopping and waiting for acknowledgment. Because the sender does not have to stop and wait for confirmation every time a packet is sent, this protocol can speed up the transmission of data and improve network throughput.

HTTP

##HTTP is

Hypertext Transfer Protocol It is the most widely used network protocol on the Internet. All WWW documents must comply with this standard.

Usually,

the HTTP client initiates a request to establish a TCP## to the specified port of the server (default is 80 port) #connect. HTTPThe server listens on that port for requests sent by the client. Once receives the request, the server sends back (to the client) a status line, such as "HTTP/1.1 200 OK", and a (response) message, whose message body may Is the requested file, error message, or some other information.

HTTPThe reason for using TCP instead of UDP is that (opening) a web page must transmit a lot of data, and the TCP protocol provides transmission control, organization of data in order, and error correction.

Resources requested via the HTTP or HTTPS protocols are identified by Uniform Resource Identifiers (or, more accurately, URLs).

HTTPS

HTTPS is Secure Sockets Layer Hypertext Transfer Protocol, a security-focused HTTP channel , simply speaking, it is the secure version of HTTP.

Hypertext Transfer Protocol The HTTP protocol is used to transfer information between web browsers and website servers. The HTTP protocol sends content in plaintext, and does not provide any form of data encryption. If an attacker intercepts the transmission message between the web browser and the website server, he can read it directly. Understand the information, so the HTTP protocol is not suitable for transmitting some sensitive information, such as credit card numbers, passwords, etc.

In order to solve this shortcoming of the HTTP protocol, another protocol needs to be used: Secure Sockets Layer Hypertext Transfer Protocol HTTPS. For the security of data transmission, HTTPS adds the SSL protocol on the basis of HTTP. SSL relies on certificates to verify the identity of the server and provide communication between the browser and the server. Communication encryption.

HTTP Hijacking

HttpsEncryption in transit only, HttpsPublic key encryption, Private key decryption , public key and private key are generated by asymmetric encryption algorithm.

Https hijacking:

The client sends a request to the server, The server returns a public key CA certificate to the client, and after the client gets the public key certificate Randomly generate a symmetric key on the client. This symmetric key will be used to encrypt all subsequent data traffic , and then the symmetric key will use the public key Encrypt and send it to the server. The server has the private key corresponding to the public key, and then decrypts it.

The main differences between HTTPS and HTTP are the following four points:

1. The https protocol requires caApply for Certificate, generally there are few free certificates and you need to pay a fee.

2. http is a hypertext transfer protocol, and information is clear text transmission, while https is a secure sslencrypted transmission protocol.

3. http and https use completely different connection methods, and the ports used are also different. The former is 80, the latter is 443.

4. The http connection is very simple and is stateless; the HTTPS protocol is constructed from the SSL HTTPprotocol and can be #Encrypted transmission, identity authentication network protocol is more secure than the http protocol.

Note:

Stateless (the protocol has no memory for transaction processing, life is only like the first meeting): Every communication between the client and the server is an independent process, Web applications need to track client sessions (multi-step communication), applications that do not use Cookies, the client must re-authenticate for each request (unrealistic), Session is used to track user behavior traces after user authentication (improved User experience, but increases attack traffic)

DNS domain name resolution

The client issues a DNS request to translate the IP address or host name.DNS server After receiving the client's request:

1, Check the cache of the DNS server. If the requested address or name is found, a response message is sent to the client

2. If not found, search in the database. If the requested address or name is found, a response message is sent to the client

3. If not found, then Send the request to the root domain DNS server, and sequentially search for the top-level domain from the root domain, then search for the second-level domain from the top-level, and then search for the third-level domain from the second-level domain until the domain to be resolved is found. Address or name, that is, a response message is sent to the DNS server of the network where the client is located. After receiving the response, the DNS server now stores it in the cache, and then sends the parsing result to the client

4. If not found, then Return error message

For more related knowledge, please visit: PHP Chinese website!

The above is the detailed content of What basic knowledge is required for web penetration?. For more information, please follow other related articles on the PHP Chinese website!