We are most familiar with HTTP when learning network programming. Well, let's start with HTTP. First of all, we must understand the basic principles and actions of HTTP. Mastering the working principle of HTTP to a certain extent is very helpful for our following learning.
1: Working mode
① : establish a reliable TCP connection between client and server.
② : then, the client sends an http request to the server through the Socket.
③ : the server side processes the request and returns the processing data.
④ : in HTTP 1.0, the tcp connection between the client and the server was immediately disconnected.
However, in HTTP 1.1, because "tcp long connection" is supported by default, the server adopts the policy of disconnecting tcp connection after timeout.
2: Characteristics
① : Http is stateless. As everyone knows, I won't say more.
② : the client adds some information to the Header in the Http request to tell the Server about the transmitted subject, such as what type and code the subject is.
3: Http request and response exploration
I believe everyone knows the common request methods, namely "Get" and "Post", so let's explore what fun places Get and Post have. Let's talk about the above figure first
I enter www.baidu.com and will find the following request and response information.
1: "Request Header":
First line: Get / Http/1.1
There are three messages: ① "Get", indicating the request mode. ② "/", request the root directory of the web site. ③ "http/1.1", this is the version of http.
Line 2: Host
The website requesting the target, together with "/", is "www.baidu.com /".
Line 3: Connection
The default is "keep alive". Here is the default support for long connections mentioned at the beginning of the article.
Line 4: cache control
This is related to caching, where Max age represents the cache time (s).
Line 5: user agent
Tell serve that the identity of my client is generally determined by the browser, such as browser type, version, etc.
Line 6: Accept
And the following Accept indicates the type and type that the client can receive.
Last line: Cookie
If we don't have the cookie information column when we first request from baidu, because we can't find the cookie related to baidu under the browser,
When we refresh the page for the second time, the get request will find the local cookie and attach it to the server.
2: "Response Header":
Line 1: Http/1.1 200 OK
As we all know, 200 indicates the returned status code, and OK is a descriptive status code.
Line 2: Date
Indicates the response time of the server.
Line 3: Server
The server that responded to the client.
Line 4: content length
Represents the length of the byte stream returned by the server to the client body.
Line 5: content type
Represents the type of body.
Line 7: Expires
Tell the client the absolute expiration time, such as 2012.1.10. During this time, the client can directly get it from the client's cache without sending a request,
It is very good for caching js, css and image, so making good use of this attribute is very helpful to our http performance.
Line 8: content encoding
For the encoding method of document type, the server side compresses the document in the form of gzip. At this time, the document is reduced and easy to download, but it must be supported by the client side
gzip decoding operation.
The post method is the same. I won't mention it here. I hope you can master the details of Http to a certain extent.
4: Application scenario
Our network programming on http generally does two things.
① : climb data, simulate login, and automatically fill in forms.
② : file upload and download.
However. net encapsulates Http very well and provides HttpWebRequest and HttpWebResponse to provide us with common operations. If you have a clear understanding of the Http protocol, I think the attributes and methods in the class library are god horse and floating cloud.
5: Case
Step 1: first, we write two action s, a login (login page) and an index (user background home page).
1 namespace Test.Controllers 2 { 3 [HandleError] 4 public class HomeController : Controller 5 { 6 public ActionResult Login() 7 { 8 return View(); 9 } 10 11 [HttpPost] 12 public ActionResult Index(Model model) 13 { 14 if (model.UserName == "11" && model.Password == "11") 15 return View(model); 16 else 17 return RedirectToAction("Login"); 18 } 19 20 public ActionResult About() 21 { 22 return View(); 23 } 24 } 25 26 public class Model 27 { 28 public string UserName { get; set; } 29 30 public string Password { get; set; } 31 } 32 }
OK, let's open fiddler, enter admin, admin, and click submit to see what has been post ed to the server. It's convenient for us to simulate login later. I'm sure you can understand the head information here.
Step 2: we create a winform program.
1 namespace Http 2 { 3 public partial class Form1 : Form 4 { 5 public Form1() 6 { 7 InitializeComponent(); 8 } 9 10 private void Form1_Load(object sender, EventArgs e) 11 { 12 //Web page content populates the webbrowser1 control 13 string url = "http://localhost:59773/"; 14 15 //Create http link 16 var request = (HttpWebRequest)WebRequest.Create(url); 17 18 var response = (HttpWebResponse)request.GetResponse(); 19 20 Stream stream = response.GetResponseStream(); 21 22 StreamReader sr = new StreamReader(stream); 23 24 string content = sr.ReadToEnd(); 25 26 webBrowser1.DocumentText = content; 27 } 28 29 /// <summary> 30 ///Brute force cracking 31 /// </summary> 32 /// <param name="sender"></param> 33 /// <param name="e"></param> 34 private void button1_Click(object sender, EventArgs e) 35 { 36 var url = "http://localhost:59773/Home/Index"; 37 38 //Last returned result 39 string prev = string.Empty; 40 41 for (int i = 0; i < 100; i++) 42 { 43 var username = new Random(DateTime.Now.Millisecond).Next(8, 19).ToString(); 44 45 Thread.Sleep(2); 46 47 var password = new Random(DateTime.Now.Millisecond).Next(8, 19).ToString(); 48 49 //Content submitted by post 50 var content = "username=" + username + "&password=" + password; 51 52 //Change content to byte form 53 var bytes = Encoding.UTF8.GetBytes(content); 54 55 var request = (HttpWebRequest)WebRequest.Create(url); 56 57 //According to the submission information viewed in fiddler, we also try to simulate adding such information and then submitting 58 request.Method = WebRequestMethods.Http.Post; 59 request.Timeout = 1000 * 60; 60 request.AllowAutoRedirect = true; 61 request.ContentLength = bytes.Length; 62 request.ContentType = "application/x-www-form-urlencoded"; 63 64 65 //Write content into post request 66 var stream = request.GetRequestStream(); 67 stream.Write(bytes, 0, bytes.Length); 68 stream.Close(); 69 70 //Write succeeded, get request stream 71 var response = (HttpWebResponse)request.GetResponse(); 72 73 var sr = new StreamReader(response.GetResponseStream()); 74 75 var next = sr.ReadToEnd(); 76 77 if (string.IsNullOrEmpty(prev)) 78 { 79 prev = next; 80 } 81 else 82 { 83 if (prev != next) 84 { 85 webBrowser2.DocumentText = next; 86 MessageBox.Show("Congratulations, the password has been cracked! Total cost:" + (i + 1) + "The user name is:" + username + ",Password is:" + password); 87 return; 88 } 89 } 90 91 } 92 webBrowser2.DocumentText = "Sorry, failed to crack"; 93 } 94 } 95 }
Step 3: all we have to do now is click "brute force cracking" to see if we can enumerate the user name and password of "broiler website" for me.
In reality, it's much more than that. I mainly want you to have an understanding of HttpWebReqeust and HttpWebResponse.