In our daily work, we often deal with packet capture software, and Charles is commonly used on macs. But I can only use it, but I don’t know how it works
Forward proxy and reverse proxy
&NBSP&NBsp &nbSP forward proxy and reverse proxy are commonly used proxy techniques.
-
Forward proxy:
Is a server (proxy server) that sits between a client and a target server. To get content from the target server, the client sends a request to the proxy server and specifies the target. The proxy server forwards the request to the target server and returns the content to the client. Similar to renting, sometimes we can’t find personal housing at all, so we have to check the house through the intermediary. At this time, the landlord actually doesn’t know who visited his house, but only knows that the intermediary is contacting him. In this, the tenant is the user, the intermediary is the agent server, the landlord is the target server.
-
Reverse proxy:
A proxy server receives the Internet connection request, forwards the request to the Intranet server, and returns the result to the Internet client. In this case, the proxy server acts as a reverse proxy server. In the same case of renting a house, sometimes we may contact the friend of the landlord or even the primary landlord, but we do not know that the person holding the key is not the real landlord. The primary landlord here is just like the reverse proxy server.
Nbsp   So, forward proxy, the “proxy server” proxies the “client” to interact with the “target server”; Reverse proxy, where the “proxy server” proxies the “target server” to interact with the “client”.
2. HTTP and HTTPS
    we capture the packet contains both HTTP and HTTPS. So what’s the difference?
1.http
&NBSP&NBsp&NBSP HTTP is short for HyperText Transfer Protocol. To put it simply, HTTP is basically a standard protocol used for communication between clients and servers. When we enter a URL in the browser, such as www.baidu.com, and then press Enter, until the page shows baidu’s home page, the process is an HTTP network communication. In this communication process, the computer is the client, and the computer machines that build Baidu’s services are the servers. The process is similar to a boss giving orders to an employee over the phone:
- Make a connection: The boss calls his employees on the phone
- Request, “request: The boss makes a request of his own
- Response: An employee responds to a request from the boss
- Close the connection: Hang up the phone
Nbsp   boss’s requirements are various, may be to book a plane ticket, change a copy and so on, similarly, HTTP request methods also have a lot of, such as get,post,head and so on;
 &NBsp &NBsp&NBsp, the employee responds to the boss that the plane ticket has been booked, the copy has changed to the 800th edition, it is really necessary to change the blood life, then the HTTP response usually begins with the status code, the common status code such as: 200, 302, 404, 500, etc
| Status code | describe |
|---|---|
| 1 * * | Message, the server receives the request and requires the requester to proceed with the operation |
| 2 * * | Success, the operation is received and processed successfully |
| 3 * * | Redirect, requiring further action to complete the request |
| 4 * * | Client error, request contains syntax error or request cannot be completed |
| 5 * * | Server error. The server encountered an error while processing the request |
Nbsp    But HTTP has a very scary feature. It transmits content in plain text
For example, if you like a girl and you’re too embarrassed to open your mouth, ask your brother to deliver the message.
-
You –> Brother: Help me tell her I like her
-
Brother, sister: my elder brothers say you long ugly
-
Sister, brother: let him roll
-
Dude –> you: Girl says she doesn’t like you
 &NBsp &NBsp  so angry, keep smiling.
HTTPS solves this problem by adding a security layer (SSL/TLS) on top of the HTTP transport layer
2.https
Nbsp   they all say HTTPS is secure, so let’s take a step-by-step look at why and how HTTPS is secure.
Nbsp   to ensure security, we naturally think of encryption, encryption is divided into symmetric encryption and asymmetric encryption. Let’s talk about the difference between the two
2.1 Symmetric Encryption
 &NBsp   Use the same key for encryption and decryption
2.2 Asymmetric encryption
There are two keys in  &NBsp  asymmetric encryption. Public key: public. Private key: private. Encryption with one key can be decrypted with another key
2.3 Development of encryption rigor
(1) Symmetric encryption
Maruko and Hanagata want to have a little quiet talk, and they agree to use a symmetric encryption algorithm. Use the same key for encryption and decryption
- Maruko-chan: Let’s talk
- Flower wheel: Ok, we use symmetric encryption algorithm, the key is KEY1
- Maruko: SDF65&*.. Tyet (encrypted with key1)
- Flower wheel received, decrypted with KEY1, received maruko’s session “eight o ‘clock tonight, see you at the old place!”
    at this time, Mihuan appears. Mihuan has a crush on Hanakun for a long time, and hijacks the key key1 of hanakun and sends another key key2 to Maruko. Maruko mistakenly thought key2 was sent by the flower wheel, and encrypted the whispers back with KEY2. Meihuan decrypts with KEY2 to get the plaintext message, and encrypts the tampered message to the flower wheel with KEY1. Flower wheel decrypts after receiving “maruko” conversation “do not want to be friends with you”, a face confused circle. The United States reap the benefits of the ring. Obviously, this is dangerous behavior
(2) asymmetric encryption
 &NBsp &NBsp  after being hijacked by the United States, the two thought, can’t be disturbed like this. So we try to use asymmetric encryption, which is a set of key pairs that contain a public key and a private key. Plaintext can be encrypted with public key and decrypted with private key. It can also be encrypted with a private key and decrypted with a public key. For example, a public key-private key pair is generated for the maruko-maruko-private key, and a flower wheel also generates a pair, which is called “flower wheel public-private key”. The information encrypted with the private key can be decrypted only by the corresponding public key. Information encrypted using a public key can be decrypted only by the private key corresponding to the public key
- Maruko-chan: Let’s talk
- Flower wheel: Ok, we use asymmetric encryption algorithm, here is my public key KEY1
- Maruko-chan encrypts her information with KEY1 and sends it back to hanagun
- Flower wheel decrypts with its own private key to view specific information data
- Even if Meihuan hijacks the public key KEY1, it is useless because he does not have the corresponding private key
&NBSP&NBsp&NBsp however, although THE US ring does not know the private key of the flower wheel, after intercepting the public key key1 of the flower wheel, it can generate another pair of “US ring public-US ring private key”. Meihuan sends her public key KEY3 to Maruko. Maruko does not know that the public key has been changed and thinks that KEY3 belongs to The flower wheel. So he encrypted his key2 to flower wheel with key3, the message was intercepted again by the United States, she used the private key to unlock the encryption of KEY3, get KEY2. As a result, subsequent communications between the two would not be able to be symmetrically encrypted with KEY2
In order to solve this problem, the teacher… Issue a certificate!
So let’s talk about the certificate. Certificates are issued by an authoritative certificate Authority (CA). The information contained in the certificate is shown in the figure above. It has been simplified and only some key information of the certificate is listed for ease of illustration
First, after receiving the public key of the server, it is encrypted by the private key of the organization. Again, the certificate signature is encrypted with the same institutional private key that contains the server’s URL
Also, the public keys of the authorities do not need to be transferred, because the authorities will work with the dominant browsers or operating systems to build their public keys into the browser or operating system environment
Then, when maruko receives the certificate of The flower wheel, first find the information of the authority in the certificate, and find the public key of the authority in the local environment, then the public key of the flower wheel (server public key) can be decrypted correctly.
In addition, by calculating the certificate signature method to calculate their own signature, with the certificate of the signature contrast, consistent, through the verification!!
Just imagine, if Meihuan hijacked the certificate, the public key of the authority is not a secret, meihuan successfully unlocks the public key of hua Lun through the public key of the authority, and obtains the signature
Then, she wanted to change the url of flower Wheel to her own, and then she needed to encrypt the changed signature with an institutional private key, which she obviously didn’t have to tamper with
Even if they were forced to tamper with the signature and encrypt it with their own private key, maruko would not be able to decrypt it through the institution’s public key.
In another way, Meihuan can also apply for a certificate from the authority. After hijacking the certificate of the flower wheel, she can send her own certificate to the authority. After receiving the certificate, Maruko-chan can decrypt it with the public key of the authority
Bart, once you decrypt it, Maruko-chan will find that the server url in the signature is not the one she appeals to. Ah, Meihuan can’t monitor it.
Charles agency principle
After understanding the principle of proxy and encryption, it is not difficult to find that Charles is actually equivalent to the role of meihuan in the middle. However, the reason why Meihuan fails and Charles works is that the client (Maruko) has installed and trusted Charles’ own certificate in advance
So remember to remember!! Do not install certificates from unknown sources !!!!!!
Four. Some words at the end
1. Hijacking is the essence of Charles. However, the hijacking is possible not because HTTPS is not secure, but because the operator voluntarily installed a trusted Charles certificate
2. In asymmetric encryption, sometimes the public key encrypts and the private key decrypts, and sometimes the reverse is messy.
Just think: when you encrypt, you don’t want anyone else to know the message, so only I can decrypt it, so public key encrypt, private key decrypt
When signing, certainly do not want someone to impersonate, only I can release the signature, so private key encryption, public key decryption
3. When learning private key and public key, I thought about it for a long time. Later, I thought it was similar to mailbox. But only the postman can open the mailbox (private key)
To use asymmetric encryption algorithms, you first have a pair of keys, one called a private key and one called a public key. You can then send your public key to “the user who wants to send you the ciphertext”, and then the ciphertext encrypted with the public key can only be decrypted using your private key. In other words, as long as you keep your private key, you can make sure that the ciphertext that someone wants to send to you can’t be decrypted. Because this encryption is one-way, it is called an asymmetric encryption algorithm