一、 非常详细的http描述文档:https://blog.csdn.net/kebi007/article/details/103059900
看完该博客,你应该清楚http的传输报文格式,错误码、状态码表示的信息,只有这样才能对http出现的问题抽丝剥茧的分析。
二、本人从两个方面对http的报文进行分析,分别通过wireshark抓包、和浏览器上按F12(选择networking->headers):
1. wireshark抓包分析
1.1 对应的cap抓包文件:
详见:https://download.csdn.net/download/chenliang0224/11985050
1.2 抓包流程分析:
a. 客户端解析url("http://dev-oss-download.egtest.cn:8880/oss/ota_app_download/2019%2F09%2F16%2F20190829ARM-M4-1107.M4B"),获取"http://dev-oss-download.egtest.cn"的DNS域名主机地址(120.76.199.208),对应端口8880,和文件路径"/oss/ota_app_download/2019%2F09%2F16%2F20190829ARM-M4-1107.M4B";
b.客户端(地址:10.8.190.190)与主机服务器端(120.76.199.208:8880)3次握手建立连接(socket()->connect());
c.客户端发送http GET请求信息
GET http://dev-oss-download.egtest.cn:8880/oss/ota_app_download/2019%2F09%2F16%2F20190829ARM-M4-1107.M4B HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537(KHTML, like Gecko) Chrome/47.0.2526Safari/537.36
Host: dev-oss-download.egtest.cn
Connection: keep-alive
d.客户端收到http response应答信息,应答信息状态码未302,表示临时跳转
HTTP/1.1 302 Found
Server: nginx/1.10.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.4
Cache-Control: no-cache, private
Date: Tue, 19 Nov 2019 03:25:21 GMT
Location: http://iot-upgrade-zhoutian.oss-cn-shenzhen.aliyuncs.com/2019/09/16/20190829ARM-M4-1107.M4B?security-token=CAIS9QF1q6Ft5B2yfSjIr5GMfvjhmKlshayGanT5omNsOutGmYn4qTz2IH9EfXZqBesYt%2FU0lWpY6PoalqFhS5hYWU3Na5PHRgmycUbzDbDasumZsJYm6vT8a0XxZjf%2F2MjNGZabKPrWZvaqbX3diyZ32sGUXD6%2BXlujQ%2Fbr4NwdGbZxZASjaidcD9p7PxZrrNRgVUHcLvGwKBXn8AGyZQhKwlMn2TwntPrvkp3AskKE1wfAp7VL99irEP%2BNdNJxOZpzadCx0dFte7DJuCwqsEcarfgs0PcaoGac74vNXQUJ%2BXOMPufS%2F8EqJgJlb%2B0gBL7EVmdcKCWr0BqAAU6L5LPJLAJ%2FLxXwt%2Bpgpgcadc956ajfS6z4zsI7zIQhkQQCAEsbqumlY%2FGc9gJiHkmT1qtUWTMh4S%2BYKiepaX4emqRRxUh9N3Ib18KGdhkjVKcbe%2F7uQWK1cwJ04yNypbBbz2bmjDliYRwnQd0uFSk%2FOyiS7qrEneONdi1Wtj2S&OSSAccessKeyId=STS.NR95BUuvM2nmhRHFc96djvLSK&Expires=1574133981&Signature=qdToKtX0pZ0R8F%2BE%2FZuIBz80kWg%3D
e. 客户端获取d步骤中的Location字段属性值
我们对其分析分为主机名、file、security-token、签名Signature:
主机名:
http://iot-upgrade-zhoutian.oss-cn-shenzhen.aliyuncs.com
file:
/2019/09/16/20190829ARM-M4-1107.M4B
security-token:
?security-token=CAIS9QF1q6Ft5B2yfSjIr5GMfvjhmKlshayGanT5omNsOutGmYn4qTz2IH9EfXZqBesYt%2FU0lWpY6PoalqFhS5hYWU3Na5PHRgmycUbzDbDasumZsJYm6vT8a0XxZjf%2F2MjNGZabKPrWZvaqbX3diyZ32sGUXD6%2BXlujQ%2Fbr4NwdGbZxZASjaidcD9p7PxZrrNRgVUHcLvGwKBXn8AGyZQhKwlMn2TwntPrvkp3AskKE1wfAp7VL99irEP%2BNdNJxOZpzadCx0dFte7DJuCwqsEcarfgs0PcaoGac74vNXQUJ%2BXOMPufS%2F8EqJgJlb%2B0gBL7EVmdcKCWr0BqAAU6L5LPJLAJ%2FLxXwt%2Bpgpgcadc956ajfS6z4zsI7zIQhkQQCAEsbqumlY%2FGc9gJiHkmT1qtUWTMh4S%2BYKiepaX4emqRRxUh9N3Ib18KGdhkjVKcbe%2F7uQWK1cwJ04yNypbBbz2bmjDliYRwnQd0uFSk%2FOyiS7qrEneONdi1Wtj2S&OSSAccessKeyId=STS.NR95BUuvM2nmhRHFc96djvLSK&Expires=1574133981
Signature:
&Signature=qdToKtX0pZ0R8F%2BE%2FZuIBz80kWg%3D
f.由于d中响应的信息执行了地址重定向跳转(状态码:302),所以重新解析步骤e中的Location的url信息;
g.客户端解析Localtion的url,获取"http://iot-upgrade-zhoutian.oss-cn-shenzhen.aliyuncs.com"的DNS域名主机地址(113.96.63.231)、对应端口80(http标准端口),和文件路径+security-token+Signature(详见e中的描述);
h.客户端(地址:10.8.190.190)第二次与主机服务器端(113.96.63.231:80)3次握手建立连接(socket()->connect());
i.客户端第二次发起http GET请求信息
GET /2019/09/16/20190829ARM-M4-1107.M4B?security-token=CAIS9QF1q6Ft5B2yfSjIr5GMfvjhmKlshayGanT5omNsOutGmYn4qTz2IH9EfXZqBesYt%2FU0lWpY6PoalqFhS5hYWU3Na5PHRgmycUbzDbDasumZsJYm6vT8a0XxZjf%2F2MjNGZabKPrWZvaqbX3diyZ32sGUXD6%2BXlujQ%2Fbr4NwdGbZxZASjaidcD9p7PxZrrNRgVUHcLvGwKBXn8AGyZQhKwlMn2TwntPrvkp3AskKE1wfAp7VL99irEP%2BNdNJxOZpzadCx0dFte7DJuCwqsEcarfgs0PcaoGac74vNXQUJ%2BXOMPufS%2F8EqJgJlb%2B0gBL7EVmdcKCWr0BqAAU6L5LPJLAJ%2FLxXwt%2Bpgpgcadc956ajfS6z4zsI7zIQhkQQCAEsbqumlY%2FGc9gJiHkmT1qtUWTMh4S%2BYKiepaX4emqRRxUh9N3Ib18KGdhkjVKcbe%2F7uQWK1cwJ04yNypbBbz2bmjDliYRwnQd0uFSk%2FOyiS7qrEneONdi1Wtj2S&OSSAccessKeyId=STS.NR95BUuvM2nmhRHFc96djvLSK&Expires=1574133981&Signature=qdToKtX0pZ0R8F%2BE%2FZuIBz80kWg%3D HTTP/1.1
Host: iot-upgrade-zhoutian.oss-cn-shenzhen.aliyuncs.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
j.客户端收到http response应答信息,应答信息状态码未200,表示ok
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Tue, 19 Nov 2019 03:25:21 GMT
Content-Type: application/octet-stream
Content-Length: 306864
Connection: keep-alive
x-oss-request-id: 5DD360A1B79FD632336A845A
Accept-Ranges: bytes
ETag: "19FFC6ED89A6DACC8A6DA921E926C97C"
Last-Modified: Mon, 16 Sep 2019 06:29:18 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13832429984862213917
x-oss-storage-class: Standard
Content-MD5: Gf/G7Ymm2syKbakh6SbJfA==
x-oss-server-time: 99
k.至此,通过第二次建立的socket句柄下载对应的文件。
2. 进入网页,按F12键分析http交互流程
在浏览器上按F12(选择networking->headers),输入“http://dev-oss-download.egtest.cn:8880/oss/baomi.M4B”回车,具体信息如下
2.1 第一次请求http GET
第一次请求http response
第二次请求http GET
第二次请求http response
第二次请求security-token