重定向报文
转发报文
iframe报文
修改window报文
cookie(打开浏览器访问)
set-cookie
刷新后看cookie
window.location.href或http://127.0.0.1/web看cookie
cookie【iframe/window.location.href】
演示文件
setprivi.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<%
String userid=request.getParameter("userid");
if("zj".equals(userid)
|| "czh".equals(userid)
|| "100".equals(userid)
){
session.setAttribute("user", userid);
out.print("模拟学生/普通用户登录成功");
}else
{
session.setAttribute("user", null);
out.print("模拟学生/普通用户登录失败");
}
Cookie cookies[]= request.getCookies() ;
for(Cookie c:cookies)
out.print(c.getName()+":"+c.getValue()+":"+c.getDomain());
%>
</body>
</html>
testprivi.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
<script type="text/javascript">
var user = "${sessionScope.user}";
var admin = "${sessionScope.admin}";
function del(userid) {
if (admin.length != 0 || user.length != 0) {
if (admin.length != 0) {
return confirm("确定要删除吗?");
}
if (user.length != 0) {
if (user != userid) {
alert("普通用户不能删除非本人信息");
return false;
}
return confirm("确定要删除吗?");
}
} else {
alert("请先登录");
return false;
}
}
</script>
</head>
<body>
<a href="javascript:alert('执行删除操作。。。。')"
onclick="return del(100)">删除学生或老师信息</a>
</body>
</html>
演示效果
抓包wireshark
请求操作
请求报文
TCP层信息
双方端口共4个字节
回应信息
追踪http流