Small knowledge, big challenge! This article is participating in the creation activity of “Essential Tips for Programmers”.
preface
As the golden Three and silver Four draws to a close, and new blood flows through the Internet, I can’t help but think of the question that comes up in every interview:
What is the difference between HTTPS and HTTP or why is HTTPS more secure than HTTP?
So what are these two things?
HTTP:
Hypertext Transfer protocol, is a request and response based, stateless, application layer protocol, often based on TCP/IP protocol transfer data, the Most widely used network protocol on the Internet, all WWW files must comply with this standard. HTTP was originally designed to provide a way to publish and receive HTML pages.
HTTPS
In the illustrated HTTP book, HTTPS is HTTP in an SSL shell. HTTPS is a transport protocol for secure communication over the computer network. It uses SSL/TLS to establish full-channel communication and encrypt data packets. The primary purpose of HTTPS is to provide identity authentication to web servers and protect the privacy and integrity of the data exchanged.
PS:TLS is a transport layer encryption protocol, formerly SSL, released by Netscape in 1995
Going back to the above question, what underlying protocol could you possibly answer, TCP/IP, or packet capture, or transport security, or their connection process? So the question is: by capturing packets, can we get HTTPS data streams by disguising certificates? Say HTTPS is more secure than HTTP, how can you prove HTTPS is more secure than HTTP transport?
When I think of this question today, the answers that we are familiar with are all traceable, they are fixed, there is no shortcut. So we are passively accepting what the authority says! So I want to verify, how secure is HTTPS?
HTTPS establishes a connection over SSL, so I want to get data from the TCP/IP transport layer, which is probably not possible.
But did not give up, immediately use Wireshark capture HTTP protocol data stream, see the inside of the information is crystal clear, is naked embarrassment -!
Follow TCP Stream if you can’t get used to the information in the stream:
You can see the following information, simple and clear.
Next, let’s take a look at HTTPS data packets. Here is a review of DNS principle.
The process is as follows: When A local system accesses A domain name, it checks whether the domain name has been accessed from the cache record A. If so, the DNS server is not used. If no, you need to go through the DNS domain name server to find the correct IP address, and then send the request to the server along the IP address; That's about it;
In the Protocol column, you can hardly see any information about HTTP. You can only see a bunch of encrypted packets.
The old way, parsing the TLS stream information.
Excuse me? What the hell is this? It doesn’t make any sense, all right?
This proves that HTTPS is more secure than HTTP. But that’s it?
No, No, No, No, No, No, No.
Decrypt HTTPS using chrome:
Step 1: win+R Enter sysdm. CPL, system properties — advanced — environment variables, add SSLKEYLOGFILE environment variable, value custom output file: D:\sslkey.log
Step 2: Configure wireshark: edit-prferences… < CTRL + Shift +P> Select Protocol–SSL, (Pre) -master-secret log filename: Sslkey. log to access the key in the keylog file and decrypt HTTPS:
Access the target HTTPS address again: first, do you see the HTTP protocol?
Look at the stream and see if it’s clearer.
Verify that HTTPS packets are fully parsed? Is it exactly the same as HTTP data streams?
Analytical principle:
When the PC is configured with the “SSLKEYLOGFILE” environment variable, which tells Chrome that I want to know the record of the key that Chrome accesses during each HTTPS session, Chrome will say, Log file. Then Wireshark can access the sslkey.log file and use the key to decrypt the captured HTTPS session data flows generated by Chrome.
Conclusion:
Does it make sense that HTTPS is more secure than HTTP to transfer data, so we should suspend our disbelief when a question has a formula? No, we need to doubt every possible doubt, but this is not to be pursued by anyone! But to embrace the spirit of materialistic knowledge, the spirit of exploration to pursue truth!
Next question:
How do people get certificates?
How to forge certificate spoofing?