ARP protocol

The communication between IP addresses depends on MAC addresses. ARP is used to detect MAC addresses based on the IP addresses of the communication parties.

TCP/IP

Hierarchical management of protocols

TCP/IP four layer model: application layer, transport layer, network layer, data link layer.

  • The application layer determines the activities of communication when providing application services to users. Such as HTTP (Hypertext Transfer Protocol), FTP (file Transfer Protocol), DNS (Domain name System).
  • The transport layer provides data transfer between two computers in a network connection, such as TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
  • The network layer is used to handle packets that flow over the network. This layer specifies the transport route through which the packets are sent to the other computer. (IP)
  • The data link layer handles the hardware part of the network that connects to it.

During communication, the sending end goes down from the application layer, and the receiving end goes up from the data link layer.

TCP three-way handshake

The three-way handshake is to ensure that the sender and receiver are capable of sending and receiving messages.

The sender sends a packet with the SYN flag to the receiver. After receiving the packet, the receiver sends a packet with the SYN/ACK flag to confirm the packet. Then the sender sends another packet with the ACK flag.

HTTP

The composition of the request message

  • Request line (request method, request URI, protocol version)
  • Optional request header field
  • Content of the entity

Composition of a response packet

  • Status line (status code, status code reason phrase, protocol version)
  • Optional response header field
  • Content of the entity

HTTP 1.0 vs. 1.1

In the original version of HTTP, each communication must connect to TCP and break TCP. To solve this problem, HTTP1.1 provides a persistent connection method, which means that the TCP connection is kept as long as either end explicitly requests that the connection be disconnected. The benefits of persistent connections are that they reduce the overhead of repeated connections disconnecting TCP, reduce server load, and improve page response times. Persistent connections give rise to the technique of pipelining: sending multiple requests in parallel without waiting for one response after another.

Status code

  • 200 success
  • 204 Succeeded, but the response packet does not contain entity information. The OPTIONS request returns 204.
  • 301 is permanently redirected, with the header field Location indicating a new URI
  • 302 Temporary redirection. Location indicates a new URI in the header field
  • 304 Can use client cache (actually has nothing to do with redirection)
  • 400 Syntax errors exist in the request packet
  • 403 Request denied by the server. No permission
  • 404 Resource not found
  • 500 Server error
  • 503 The server is overloaded or stopped for maintenance

The first field

HTTP shortcomings

  1. Communication in plain text may be eavesdropped. Solution: Communication encryption (HTTPS), content encryption
  2. Do not verify the identity of the communicator, may encounter camouflage, solution: use a certificate to identify the communicator
  3. Solution: SSL provides authentication, encryption, and summarization functions.

HTTPS

HTTP with encryption and authentication is called HTTPS. HTTPS replaces THE HTTP communication interface with SSL and TLS protocols.

HTTP hybrid encryption

  1. The server logs its public key into a third-party digital certificate authority
  2. A digital certificate authority deploys a digital signature to the public key of a server using its own private key and issues a public key certificate.
  3. The public key of the CA has been implanted in the browser. After obtaining the public key certificate of the server, the client uses the public key of the CA to verify the digital signature and verify the authenticity of the public key.
  4. Use the public key of the server to encrypt the packet and send it.
  5. The server decrypts the packet using its private key.

The disadvantage of the SSL

When SSL is used, the communication is slow (SSL communication is increased compared with HTTP), and the processing speed is slow (both the server and the client perform encryption and decryption operations, consuming more hardware resources and increasing the load).

Why not use HTTPS all the time?

Because encrypted communication consumes more CPU and memory resources than plain text communication, if each communication is encrypted, it will consume a considerable amount of resources and each server will be able to handle fewer requests. Therefore, web sites with a large number of visits will encrypt only when information needs to be hidden to save resources.

Web attack

There are active aggression and passive aggression.

Active attack refers to the attack mode in which attackers directly access web applications and pass in attack codes. Represents: SQL injection attacks, OS command injection attacks.

Passive attack refers to the attack mode that uses a full set of policies to execute attack code. The attacker does not directly attack Web application access. Represents: XSS cross-site scripting attack, CSRF cross-site request forgery.

XSS cross-site scripting attacks

An attack that runs illegal HTML tags or JavaScript through the browser of a user of a Web site with a security vulnerability. May result in:

  1. Use false input forms to defraud users of personal information.
  2. Using scripts to steal Cookie values, the victim unknowingly helps the attacker to send malicious requests.
  3. Display a fake article or image.

SQL injection attack

Pointer Attacks against databases that are secure for Web applications and run illegal SQL. May result in:

  1. Illegally viewing or tampering with data in a database.
  2. Avoid authentication.
  3. Execute programs associated with the database server business, etc.

HTTP header injection attack

An attack in which an attacker inserts a newline into the response head field, adding any response head or body. May result in:

  1. Set any Cookie information.
  2. Redirect to any URL.
  3. Display arbitrary body.

CSRF cross-site request forgery

An attacker forces an authentication user to update his/her personal information or setting information unexpectedly by setting a trap. May result in:

  1. Update configuration information with authenticated user permissions
  2. Purchase goods with authenticated user rights
  3. Using authenticated user rights to speak on message boards, etc

For example, website B visits site A when users have logged in to site A, and operates site A without users’ knowledge.

Solution:

  1. After the user logs in, the server sends the token to the browser in the response header. The browser carries the token in the request header and sends the token to the server each time.
  2. Verify the HTTP Referer field: It records the address of the HTTP request, indicating the page from which the HTTP request was made. If an attacker were to conduct a CSRF attack, he would have to construct the request on his own site, in which case the Referer value would point to the hacker’s own site. However, it can be tampered with on some low-level browsers, so tokens are generally used.