1.tcpdump+wireshark的结合使用
2.charles
3.chromedevtools
谷歌chrome浏览器的代理插件:switchyOmega
从上到下分析协议
-
chrome的 networks
-
curl http协议的发送工具
curl "https://me.youkuaiyun.com/api/user/getCodeidList?parentId=130000^&parenType=city" -H "Accept: application/json, text/plain, */*" -H "Referer: https://i.youkuaiyun.com/" -H "Origin: https://i.youkuaiyun.com" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36" -H "Sec-Fetch-Mode: cors" --compressed -vv
-vv表示查看详细信息
图示中 * 表示整个过程
trying:尝试连接请求的ip地址
TCP: 表示标志位
连接443端口 相关使用的http协议 加密设置包括使用的什么证书 加解密证书
curl命令是TCP协议层握手整个过程的打印(星号整个过程) -
http协议的组成
1 target
url: protocol host port
2 request
request method: get post put head…
resource path :资源路径 请求内容
protocol version
header:host cookie user-agent
get query :
https://www.baidu.com/s?wd=mp3
问号后面是query的内容 get的内容
post body:json xml form
带参数的get请求
> GET /s?wd=mp3 HTTP/1.1
> Host: www.baidu.com
> User-Agent: curl/7.54.0
> Accept: */*
>
get请求
* Connected to 47.95.238.18 (47.95.238.18) port 9080 (#0)
> GET /login.php HTTP/1.1
> Host: 47.95.238.18:9080
> Connection: keep-alive
> Pragma: no-cache
> Cache-Control: no-cache
> Upgrade-Insecure-Requests: 1
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
> Referer: http://47.95.238.18:9080/login.php
> Accept-Encoding: gzip, deflate
> Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
> Cookie: sidebar_collapsed=false; PHPSESSID=2t919h4har1hc2mkd73j4hotq3; security=low
post请求
* Connected to 47.95.238.18 (47.95.238.18) port 9080 (#0)
> POST /login.php HTTP/1.1
> Host: 47.95.238.18:9080
> Connection: keep-alive
> Pragma: no-cache
> Cache-Control: no-cache
> Origin: http://47.95.238.18:9080
> Upgrade-Insecure-Requests: 1
> Content-Type: application/x-www-form-urlencoded
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
> Referer: http://47.95.238.18:9080/login.php
> Accept-Encoding: gzip, deflate
> Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
username=admin&password=123&Login=Login&user_token=19bc8471020e7261d1ba5d8beac416c7
sudo tcpdump host www.baidu.com -w /tmp/baidu.pcap