This is the 7th day of my participation in Gwen Challenge
The way HTTP works is not that complicated: the client makes a request to the server, and the server replies with a response. According to different requirements, the client sends requests using different methods, such as GET, POST, PUT, and HEAD. For example, you might use the POST method when you log in to an account on a website.
Since THE HTTP protocol is based on TCP, this is a three-way handshake. As you can see from the picture, the port number of the server is 80
The get argument is followed by the content to get, and the server sends the specified content to the client
The following is a get request packet sent by the client
The following is the response package of the server
HTTP is not a complex protocol, and you can see error messages on your browser when something goes wrong.
This can be seen more intuitively by tracing the HTTP stream, but if you don’t see Chinese, you can change the encoding in the lower right corner to UTC-8
We type “test” into the search box on the site, and by capturing the packet we can see clearly that HTTP does not provide encryption for data
So how do you protect your information? HTTPS is a good choice.
The HTTPS server port is 443, and the keywords are Encrypted into “Encrypted Application Data.”
To decrypt the RSA key, go to Wireshark-> Edit -> Preferences ->RSA Key
Since HTTPS packets can be decoded, does that mean they are not secure? This is not the case because the key used for decoding can only be exported on the server side. The operation procedure varies according to the server.