2021-06-08_C1见习工程师能力认证--计算机通识_2_TCP/IP协议簇

TCP/IP协议簇

1. 任务1：网络数据抓包

1.1 Charles

官方网站

Overview

• About Charles

About Charles

Charles is a web proxy (HTTP Proxy / HTTP Monitor) that runs on
your own computer. Your web browser (or any other Internet
application) is then configured to access the Internet through
Charles, and Charles is then able to record and display for you all of
the data that is sent and received.

In Web and Internet development you are unable to see what is being
sent and received between your web browser / client and the server.
Without this visibility it is difficult and time-consuming to
determine exactly where the fault is. Charles makes it easy to see
what is happening, so you can quickly diagnose and fix problems.

Charles makes debugging quick, reliable and advanced; saving you
time and frustration!

Key Features

SSL Proxying – view SSL requests and responses in plain text :
Bandwidth Throttling to simulate slower Internet connections including
latency : AJAX debugging – view XML and JSON requests and responses
as a tree or as text : AMF – view the contents of Flash Remoting /
Flex Remoting messages as a tree : Repeat requests to test back-end
changes : Edit requests to test different inputs : Breakpoints to
intercept and edit requests or responses : Validate recorded HTML,
CSS and RSS/atom responses using the W3C validator

关于Charles

Charles是一个web代理(HTTP代理/ HTTP监视器)，运行在您自己的计算机上。然后，您的web浏览器(或任何其他互联网应用程序)被配置为通过Charles访问互联网，Charles随后能够为您记录和显示所有发送和接收的数据。

在Web和Internet开发中，你无法看到Web浏览器/客户端和服务器之间正在发送和接收什么。如果没有这种可见性，则很难确定故障的确切位置，而且需要大量时间。Charles可以很容易地看到正在发生的事情，因此您可以快速诊断和修复问题。

Charles调试快速、可靠、先进;节省您的时间和挫折!

关键特性

SSL代理-以纯文本形式查看SSL请求和响应

带宽节流，以模拟较慢的Internet连接，包括延迟

AJAX调试——将XML和JSON请求和响应视为树或文本

AMF -查看Flash Remoting / Flex Remoting消息的内容作为一个树

重复请求以测试后端更改

编辑请求以测试不同的输入

用于拦截和编辑请求或响应的断点

使用W3C验证器验证已记录的HTML、CSS和RSS/atom响应

• Features

Charles Features

The following features are what I believe to be the key features of Charles. The best way to explore these features
and to discover others is to download the free trial.

SSLProxying

Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to debug the content of your HTTPS sessions.

Bandwidth Throttling

Charles simulates modem speeds by effectively throttling your bandwidth and introducing
latency, so that you can experience an entire website as a modem user might (bandwidth simulator).

AJAX

Charles is useful for XML development in web browsers, such as AJAX (Asynchronous Javascript and
XML) and XMLHTTP, as it enables you to see the actual XML that is flowing between the client and the server. Charles natively supports JSON, JSON-RPC and SOAP; displaying each in a simplified tree format for easy viewing and debugging.

Flash

Charles is great for Adobe Flash developers as you can view the contents of LoadVariables, LoadMovie and XML loads. Charles also has native support for Flash Remoting (AMF0 and AMF3).

Autoconfigure Browser & System Proxy Settings

Charles will autoconfigure your browser’s proxy settings on the following browsers:

• Windows system proxy settings (includes Internet Explorer and most
  other applications)

• Mac OS X system proxy settings (includes Safari and most other applications)

• Mozilla Firefox (on all platforms)

Charles的特性

以下是我认为Charles的主要特征。探索这些特性并发现其他特性的最好方法是下载免费试用版。

SSL代理
Charles可以充当HTTP/SSL通信的中间人，使您能够调试HTTPS会话的内容。

带宽限制
Charles通过有效地调节带宽并引入延迟来模拟调制解调器的速度，这样您就可以作为调制解调器用户体验整个网站(带宽模拟器)。

AJAX
Charles对于web浏览器中的XML开发非常有用，比如AJAX(异步Javascript和XML)和XMLHTTP，因为它使您能够看到在客户机和服务器之间流动的实际XML。Charles原生支持JSON, JSON- rpc和SOAP;以简化的树格式显示每一个，便于查看和调试。

Flash
Charles是伟大的Adobe Flash开发人员，你可以查看内容的LoadVariables, LoadMovie和XML加载。Charles还支持Flash Remoting (AMF0和AMF3)。

自动配置浏览器和系统代理设置
Charles将自动配置您的浏览器的代理设置在以下浏览器:

• Windows系统代理设置(包括Internet Explorer和大多数其他应用程序)
• Mac OS X系统代理设置(包括Safari和大多数其他应用程序)
• Mozilla Firefox(适用于所有平台)

Download

点击这里可以在页面下载Charles对应不同系统（Windows，MacOS和Linux）的最新版本

至2021年6月9日，Charles最新版本为v4.6.1。

Documentation

https://www.charlesproxy.com/documentation/

通过阅读官方文档，可以学会Charles的安装和配置方法，并了解Charles的各项功能和用法。

1.2 任务

1. HTTPS报文交互过程
2. HTTPS相关算法：RSA/DH

网络数据抓包

1. 访问网址：http://temp.blog8090.com/，提交手机号和姓名，在浏览器返回的信息中，找到进行下一步的“暗号”
   
   
   通过charles抓取的数据可以看出，我们向host：obs.exam.blog8090.com发送了一个POST请求，请求信息内容为phone=13645897524&username=258，而后host：obs.exam.blog8090.com响应请求成功的信息HTTP/1.1 200 OK,响应信息内容为time":1623257695,"code":400,"status":"fail","ResultData":"\u8bf7\u63d0\u4ea4\u6b63\u786e\u7684\u53e3\u4ee4\uff1a\u4eca\u665a\u6253\u8001\u864e。
   
   查看响应体信息对应的JSON格式，得到正确的口令为：今晚打老虎

2. 运用Charles的Compose功能重新构造一个POST请求，查看服务器返回的结果
   
   运用Charles的Compose功能重新向服务器发起POST请求，这次在请求体中添加kouling：今晚打老虎，查看服务器返回结果
   
   查看服务器给我们返回的信息，此时，结果变成了我们想要的信息："Wow, nice!"

2. 任务2：模拟器收发信息

3. 任务3：自测