sigv linux 信号,用kalinux 下面的mitmproxy 工具查看请求的时候会发现请求一个symcd.com...

古的白

于 2021-05-14 03:09:17 发布

阅读量314

点赞数

文章标签： sigv linux 信号

文章探讨了在使用Mozilla Firefox时发现的对gv.symcd.com的请求，了解到这与在线证书状态协议(OCSP)有关，用于检查数字证书的撤销状态。该请求由Symantec Corporation拥有，创建于2013年，涉及多个子域名，所有这些都指向同一个IP地址。博客还列出了多个symcd.com的子域名，强调了它们可能在证书验证过程中的角色。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一、用kalinux 下面的mitmproxy 工具查看请求的时候发现一个问题

请求下面会有一个请求ss.symcd.com 这个到底是干什么用的呢？？？

Morning! Hope you are having a great weekend. I’ve been experimenting with some network monitoring of HTTP requests and responses in Mozilla Firefox. While playing around with one of the tools I’m evaluating I noticed a request to gv.symcd.com:

I had not heard of the symcd.com domain before so I got curious. The request is a “application/ocsp-request“. OCSP is a abbreviation for Online Certificate Status Protocol and it is an Internet protocol used for retrieve the revocation status of a digital certificate.

That’s what the symcd.com connection is about: Checking the revocation state for some certificate. The tool I used to track the network traffic does not have any advanced features to decode the OSCP communication so I don’t know exactly what information Firefox requests from symcd.com.

So, who owns symcd.com? The WHOIS database answer is Symantec Corporation:

Registrant Organization: Symantec Corporation

Registrant Street: 350 Ellis Street

Registrant City: Mountain View

Registrant State/Province: CA

Registrant Postal Code: 94043

Registrant Country: US

Symcd.com was created on 2013-12-12.

I did not find much information about gv.symdc.com, and the reason for that is probably because there’s a large number of subdomains used. I found this list over at VirusTotal:

sm.symcd.com

gz.symcd.com

gp.symcd.com

tl.symcd.com

sn.symcd.com

tm.symcd.com

gq.symcd.com

sk.symcd.com

gw.symcd.com

si.symcd.com

gx.symcd.com

gk.symcd.com