http小记

一、 非常详细的http描述文档:https://blog.csdn.net/kebi007/article/details/103059900

看完该博客,你应该清楚http的传输报文格式,错误码、状态码表示的信息,只有这样才能对http出现的问题抽丝剥茧的分析。

 

二、本人从两个方面对http的报文进行分析,分别通过wireshark抓包、和浏览器上按F12(选择networking->headers):

1. wireshark抓包分析

1.1 对应的cap抓包文件:

详见:https://download.csdn.net/download/chenliang0224/11985050

1.2 抓包流程分析:

a. 客户端解析url("http://dev-oss-download.egtest.cn:8880/oss/ota_app_download/2019%2F09%2F16%2F20190829ARM-M4-1107.M4B"),获取"http://dev-oss-download.egtest.cn"的DNS域名主机地址(120.76.199.208),对应端口8880,和文件路径"/oss/ota_app_download/2019%2F09%2F16%2F20190829ARM-M4-1107.M4B";

b.客户端(地址:10.8.190.190)与主机服务器端(120.76.199.208:8880)3次握手建立连接(socket()->connect());

c.客户端发送http GET请求信息

GET http://dev-oss-download.egtest.cn:8880/oss/ota_app_download/2019%2F09%2F16%2F20190829ARM-M4-1107.M4B HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537(KHTML, like Gecko) Chrome/47.0.2526Safari/537.36
Host: dev-oss-download.egtest.cn
Connection: keep-alive

d.客户端收到http response应答信息,应答信息状态码未302,表示临时跳转

HTTP/1.1 302 Found
Server: nginx/1.10.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.4
Cache-Control: no-cache, private
Date: Tue, 19 Nov 2019 03:25:21 GMT
Location: http://iot-upgrade-zhoutian.oss-cn-shenzhen.aliyuncs.com/2019/09/16/20190829ARM-M4-1107.M4B?security-token=CAIS9QF1q6Ft5B2yfSjIr5GMfvjhmKlshayGanT5omNsOutGmYn4qTz2IH9EfXZqBesYt%2FU0lWpY6PoalqFhS5hYWU3Na5PHRgmycUbzDbDasumZsJYm6vT8a0XxZjf%2F2MjNGZabKPrWZvaqbX3diyZ32sGUXD6%2BXlujQ%2Fbr4NwdGbZxZASjaidcD9p7PxZrrNRgVUHcLvGwKBXn8AGyZQhKwlMn2TwntPrvkp3AskKE1wfAp7VL99irEP%2BNdNJxOZpzadCx0dFte7DJuCwqsEcarfgs0PcaoGac74vNXQUJ%2BXOMPufS%2F8EqJgJlb%2B0gBL7EVmdcKCWr0BqAAU6L5LPJLAJ%2FLxXwt%2Bpgpgcadc956ajfS6z4zsI7zIQhkQQCAEsbqumlY%2FGc9gJiHkmT1qtUWTMh4S%2BYKiepaX4emqRRxUh9N3Ib18KGdhkjVKcbe%2F7uQWK1cwJ04yNypbBbz2bmjDliYRwnQd0uFSk%2FOyiS7qrEneONdi1Wtj2S&OSSAccessKeyId=STS.NR95BUuvM2nmhRHFc96djvLSK&Expires=1574133981&Signature=qdToKtX0pZ0R8F%2BE%2FZuIBz80kWg%3D

 

e. 客户端获取d步骤中的Location字段属性值
我们对其分析分为主机名、file、security-token、签名Signature:
主机名:

 http://iot-upgrade-zhoutian.oss-cn-shenzhen.aliyuncs.com

file:

 /2019/09/16/20190829ARM-M4-1107.M4B


security-token:

?security-token=CAIS9QF1q6Ft5B2yfSjIr5GMfvjhmKlshayGanT5omNsOutGmYn4qTz2IH9EfXZqBesYt%2FU0lWpY6PoalqFhS5hYWU3Na5PHRgmycUbzDbDasumZsJYm6vT8a0XxZjf%2F2MjNGZabKPrWZvaqbX3diyZ32sGUXD6%2BXlujQ%2Fbr4NwdGbZxZASjaidcD9p7PxZrrNRgVUHcLvGwKBXn8AGyZQhKwlMn2TwntPrvkp3AskKE1wfAp7VL99irEP%2BNdNJxOZpzadCx0dFte7DJuCwqsEcarfgs0PcaoGac74vNXQUJ%2BXOMPufS%2F8EqJgJlb%2B0gBL7EVmdcKCWr0BqAAU6L5LPJLAJ%2FLxXwt%2Bpgpgcadc956ajfS6z4zsI7zIQhkQQCAEsbqumlY%2FGc9gJiHkmT1qtUWTMh4S%2BYKiepaX4emqRRxUh9N3Ib18KGdhkjVKcbe%2F7uQWK1cwJ04yNypbBbz2bmjDliYRwnQd0uFSk%2FOyiS7qrEneONdi1Wtj2S&OSSAccessKeyId=STS.NR95BUuvM2nmhRHFc96djvLSK&Expires=1574133981

Signature:

&Signature=qdToKtX0pZ0R8F%2BE%2FZuIBz80kWg%3D

f.由于d中响应的信息执行了地址重定向跳转(状态码:302),所以重新解析步骤e中的Location的url信息;

 

g.客户端解析Localtion的url,获取"http://iot-upgrade-zhoutian.oss-cn-shenzhen.aliyuncs.com"的DNS域名主机地址(113.96.63.231)、对应端口80(http标准端口),和文件路径+security-token+Signature(详见e中的描述);

 

h.客户端(地址:10.8.190.190)第二次与主机服务器端(113.96.63.231:80)3次握手建立连接(socket()->connect());

 

i.客户端第二次发起http GET请求信息

GET /2019/09/16/20190829ARM-M4-1107.M4B?security-token=CAIS9QF1q6Ft5B2yfSjIr5GMfvjhmKlshayGanT5omNsOutGmYn4qTz2IH9EfXZqBesYt%2FU0lWpY6PoalqFhS5hYWU3Na5PHRgmycUbzDbDasumZsJYm6vT8a0XxZjf%2F2MjNGZabKPrWZvaqbX3diyZ32sGUXD6%2BXlujQ%2Fbr4NwdGbZxZASjaidcD9p7PxZrrNRgVUHcLvGwKBXn8AGyZQhKwlMn2TwntPrvkp3AskKE1wfAp7VL99irEP%2BNdNJxOZpzadCx0dFte7DJuCwqsEcarfgs0PcaoGac74vNXQUJ%2BXOMPufS%2F8EqJgJlb%2B0gBL7EVmdcKCWr0BqAAU6L5LPJLAJ%2FLxXwt%2Bpgpgcadc956ajfS6z4zsI7zIQhkQQCAEsbqumlY%2FGc9gJiHkmT1qtUWTMh4S%2BYKiepaX4emqRRxUh9N3Ib18KGdhkjVKcbe%2F7uQWK1cwJ04yNypbBbz2bmjDliYRwnQd0uFSk%2FOyiS7qrEneONdi1Wtj2S&OSSAccessKeyId=STS.NR95BUuvM2nmhRHFc96djvLSK&Expires=1574133981&Signature=qdToKtX0pZ0R8F%2BE%2FZuIBz80kWg%3D HTTP/1.1
Host: iot-upgrade-zhoutian.oss-cn-shenzhen.aliyuncs.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9

 

j.客户端收到http response应答信息,应答信息状态码未200,表示ok

HTTP/1.1 200 OK
Server: AliyunOSS
Date: Tue, 19 Nov 2019 03:25:21 GMT
Content-Type: application/octet-stream
Content-Length: 306864
Connection: keep-alive
x-oss-request-id: 5DD360A1B79FD632336A845A
Accept-Ranges: bytes
ETag: "19FFC6ED89A6DACC8A6DA921E926C97C"
Last-Modified: Mon, 16 Sep 2019 06:29:18 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13832429984862213917
x-oss-storage-class: Standard
Content-MD5: Gf/G7Ymm2syKbakh6SbJfA==
x-oss-server-time: 99

k.至此,通过第二次建立的socket句柄下载对应的文件。

 

2. 进入网页,按F12键分析http交互流程

       在浏览器上按F12(选择networking->headers),输入“http://dev-oss-download.egtest.cn:8880/oss/baomi.M4B”回车,具体信息如下

2.1 第一次请求http GET

第一次请求http response

第二次请求http GET

第二次请求http response

第二次请求security-token

 

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值