HTTP in Detail 详细了解 HTTP
HTTP(S)协议解析与网络请求基础 HTTP(S)是互联网通信的核心协议。HTTP由Tim Berners-Lee在1989-1991年开发,用于传输网页数据。HTTPS是加密版本,确保数据安全性和服务器真实性。URL包含协议、主机、端口等要素,指导浏览器访问资源。HTTP请求包含方法(GET/POST等)、头部信息和空行终止符;响应则包含状态码(如200成功、404未找到)、内容类型和数据主体
官方讲解
https://www.youtube.com/watch?v=XZyapIKV3Rw
Task1 What is HTTP(S)? 什么是 HTTP (S)?
What is HTTP? (HyperText Transfer Protocol)
什么是 HTTP?(超文本传输协议)
HTTP is what's used whenever you view a website, developed by Tim Berners-Lee and his team between 1989-1991. HTTP is the set of rules used for communicating with web servers for the transmitting of webpage data, whether that is HTML, Images, Videos, etc.
HTTP 是 Tim Berners-Lee 和他的团队在 1989-1991 年间开发的,每当你访问网站时都会使用。HTTP 是一组用于与 Web 服务器通信的规则,用于传输网页数据,无论是 HTML、图像、视频等。
What is HTTPS? (HyperText Transfer Protocol Secure)
什么是 HTTPS?(超文本传输安全协议)
HTTPS is the secure version of HTTPS data is encrypted so it not only stops people from seeing the data you are receiving and sending, but it also gives you assurances that you're talking to the correct web server and not something impersonating it.
.HTTPS 是HTTP.HTTPS 数据是加密的,因此它不仅可以防止人们看到你接收和发送的数据,还能让你确信你正在与正确的 Web 服务器通话,而不是某种模仿它的东西。
Task2 Requests And Responses 请求与响应
图片版
文字版
When we access a website, your browser will need to make requests to a web server for assets such as HTML, Images, and download the responses. Before that, you need to tell the browser specifically how and where to access these resources, this is where URLs will help.
当我们访问一个网站时,浏览器需要向 Web 服务器请求 HTML、图像等资源,并下载响应。在此之前,你需要特别告诉浏览器如何以及在哪里访问这些资源,这时 URL 会有所帮助。
What is a URL? (Uniform Resource Locator)
什么是 URL?(统一资源定位符)
If you’ve used the internet, you’ve used a URL before. A URL is predominantly an instruction on how to access a resource on the internet. The below image shows what a URL looks like with all of its features (it does not use all features in every request).
如果你曾经使用过互联网,那么你之前应该使用过 URL。URL 主要是关于如何访问互联网上资源的说明。下图显示了 URL 的所有功能 (它并非在每个请求中都使用所有功能)。
Scheme: This instructs on what protocol to use for accessing the resource such as HTTP, HTTPS, FTP (File Transfer Protocol).
方案:这说明了使用什么协议来访问资源,如 HTTP、HTTPS、FTP (文件传输协议)。
User: Some services require authentication to log in, you can put a username and password into the URL to log in.
用户:有些服务需要认证才能登录,你可以在 URL 中输入用户名和密码来登录。
Host: The domain name or IP address of the server you wish to access.
Host: 你想要访问的服务器的域名或 IP 地址。
Port: The Port that you are going to connect to, usually 80 for HTTP and 443 for HTTPS, but this can be hosted on any port between 1 - 65535.
端口:你要连接的端口,通常为 80 用于 HTTP,443 用于 HTTPS,但这可以在 1-65535 之间的任何端口上托管。
Path: The file name or location of the resource you are trying to access.
Path: 你试图访问的资源的文件名或位置。
Query String: Extra bits of information that can be sent to the requested path. For example, /blog?id=1 would tell the blog path that you wish to receive the blog article with the id of 1.
查询字符串:可以发送到请求路径的额外信息位。例如,/blog?id=1 将告诉博客路径您希望接收 id 为 1 的博客文章。
Fragment: This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page.
Fragment: 这是对实际请求页面上某个位置的引用。这通常用于具有长内容的页面,并且可以将页面的某个部分直接链接到该位置,因此用户一旦访问该页面就能看到它。
Making a Request 发出请求
It's possible to make a request to a web server with just one line GET / HTTP/1.1
可以只用一行 GET / HTTP/1.1 向 Web 服务器发出请求。
But for a much richer web experience, you’ll need to send other data as well. This other data is sent in what is called headers, where headers contain extra information to give to the web server you’re communicating with, but we’ll go more into this in the Header task.
但是,为了获得更丰富的网络体验,你还需要发送其他数据。这些其他数据被发送到所谓的 header 中,其中 header 包含额外的信息,可以提供给你正在与之通信的 Web 服务器,但我们将在 Header 任务中更深入地讨论这一点。
Example Request:示例请求:
GET / HTTP/1.1
Host: tryhackme.com
User-Agent: Mozilla/5.0 Firefox/87.0
Referer: https://tryhackme.com/To breakdown each line of this request:
要分解这个请求的每一行,请执行以下操作:
Line 1: This request is sending the GET method ( more on this in the HTTP Methods task ), request the home page with / and telling the web server we are using HTTP protocol version 1.1.
第 1 行:此请求发送 GET 方法 (更多内容请参阅 HTTP Methods 任务), 请求包含 / 的主页,并告知 Web 服务器我们正在使用 HTTP 协议版本 1.1。
Line 2: We tell the web server we want the website tryhackme.com
第 2 行:我们告诉 Web 服务器我们想要 tryhackme.com 网站
Line 3: We tell the web server we are using the Firefox version 87 Browser
第 3 行:我们告诉 Web 服务器我们正在使用 Firefox 87 浏览器版本
Line 4: We are telling the web server that the web page that referred us to this one is https://tryhackme.com
第 4 行:我们告诉 Web 服务器,引用我们的 Web 页面是 https://tryhackme.com
Line 5: HTTP requests always end with a blank line to inform the web server that the request has finished.
第 5 行:HTTP 请求总是以空行结束,以通知 Web 服务器请求已完成。
Example Response:示例响应:
HTTP/1.1 200 OK
Server: nginx/1.15.8
Date: Fri, 09 Apr 2021 13:34:03 GMT
Content-Type: text/html
Content-Length: 98
<html>
<head>
<title>TryHackMe</title>
</head>
<body>
Welcome To TryHackMe.com
</body>
</html>To breakdown each line of the response:
要分解响应的每一行:
Line 1: HTTP 1.1 is the version of the HTTP protocol the server is using and then followed by the HTTP Status Code in this case "200 OK" which tells us the request has completed successfully.
第 1 行:HTTP 1.1 是服务器正在使用的 HTTP 协议版本,后面紧跟 HTTP 状态码,在本例中为 “200 OK”,表示请求已成功完成。
Line 2: This tells us the web server software and version number.
第 2 行:这告诉我们 Web 服务器软件和版本号。
Line 3: The current date, time and timezone of the web server.
第 3 行:Web 服务器的当前日期、时间和时区。
Line 4: The Content-Type header tells the client what sort of information is going to be sent, such as HTML, images, videos, pdf, XML.
第 4 行:Content-Type 标头告诉客户端将要发送的信息类型,例如 HTML、图像、视频、PDF、XML。
Line 5: Content-Length tells the client how long the response is, this way we can confirm no data is missing.
第 5 行:Content-Length 告诉客户端响应的持续时间,这样我们就可以确认没有数据丢失。
Line 6: HTTP response contains a blank line to confirm the end of the HTTP response.
第 6 行:HTTP 响应包含一个空行,用于确认 HTTP 响应的结束。
Lines 7-14: The information that has been requested, in this instance the homepage.
第 7-14 行:请求的信息,在本例中为主页。
问题
答案
Task3 HTTP Methods HTTP 方法
图片版
文字版
HTTP methods are a way for the client to show their intended action when making an HTTP request. There are a lot of HTTP methods but we'll cover the most common ones, although mostly you'll deal with the GET and POST method.
HTTP 方法是客户端在发出 HTTP 请求时展示其预期操作的一种方式。HTTP 方法有很多,但我们将介绍最常见的方法,尽管大多数情况下你将处理 GET 和 POST 方法。
GET Request
GET 请求
This is used for getting information from a web server.
这用于从 Web 服务器获取信息。
POST Request
POST 请求
This is used for submitting data to the web server and potentially creating new records
这用于向 Web 服务器提交数据并可能创建新记录。
PUT Request
PUT 请求
This is used for submitting data to a web server to update information
这用于向 Web 服务器提交数据以更新信息
DELETE Request
DELETE 请求
This is used for deleting information/records from a web server.
这用于从 Web 服务器删除信息 / 记录。
问题
答案
Task4 HTTP Status Codes HTTP 状态码
图片版
文字版
HTTP Status Codes:HTTP 状态码:
In the previous task, you learnt that when a HTTP server responds, the first line always contains a status code informing the client of the outcome of their request and also potentially how to handle it. These status codes can be broken down into 5 different ranges:
在上一个任务中,你了解到当 HTTP 服务器响应时,第一行总是包含一个状态码,通知客户端他们请求的结果以及潜在的处理方法。这些状态码可以分为 5 个不同的范围:
|
状态码范围 |
类别 |
英文描述 |
中文描述 |
|
1xx |
信息响应 |
Provisional response requiring client action |
需客户端后续操作的临时响应 |
|
2xx |
成功 |
Request successfully processed |
请求已成功处理 |
|
3xx |
重定向 |
Further action needed to complete request |
完成请求需进一步操作 |
|
4xx |
客户端错误 |
Error caused by invalid client request |
客户端请求错误导致 |
|
5xx |
服务器错误 |
Server failed to fulfill valid request |
服务器未能处理合法请求 |
Common HTTP Status Codes:常见的 HTTP 状态码:
There are a lot of different HTTP status codes and that's not including the fact that applications can even define their own, we'll go over the most common HTTP responses you are likely to come across:
HTTP 状态码有很多种,这还不包括应用程序甚至可以定义自己的状态码这一事实。我们将介绍你可能遇到的最常见的 HTTP 响应:
|
状态码 |
英文描述 |
中文描述 |
扩展知识 |
|
200 OK |
Request completed successfully |
请求成功完成 |
• RESTful API标准成功响应 |
|
201 Created |
New resource created successfully |
新资源创建成功 |
• 响应头需包含Location字段(新资源URI) |
|
301 Moved Permanently |
Resource permanently relocated |
资源永久迁移 |
• SEO权重转移 |
|
302 Found |
Temporary redirection |
临时重定向 |
• 不传递SEO权重 |
|
400 Bad Request |
Malformed request syntax |
请求语法错误 |
• 常见原因:JSON格式错误/参数类型错误 |
|
401 Unauthorized |
Authentication required |
需要身份验证 |
• 必须包含WWW-Authenticate响应头 |
|
403 Forbidden |
Client lacks access permissions |
客户端无访问权限 |
• 即使认证成功也会拒绝 |
|
404 Not Found |
Resource not found |
资源不存在 |
• 安全建议:避免暴露资源存在性(统一返回404) |
|
405 Method Not Allowed |
HTTP method not supported |
请求方法不被支持 |
• 必须返回Allow头列出支持方法(如GET, POST) |
|
500 Internal Server Error |
Unexpected server condition |
服务器内部错误 |
• 应记录详细错误日志 |
|
503 Service Unavailable |
Server temporarily overloaded |
服务暂时不可用 |
• 必须包含Retry-After响应头 |
If you are a visual learner, also check out a great http.cat resource to study status codes. Now, click the "View Site" button on the right to see what some of these HTTP status messages look like in a browser.
如果你是一个视觉学习者,也可以查看一个很棒的 http.cat 资源来学习状态码。现在,点击右侧的 “View Site” 按钮,看看这些 HTTP 状态消息在浏览器中是什么样子的。
View Site
这个http.cat网站有说法的
问题
答案
这个查看网站是展示一些常见的错误码的界面
Task5 Headers 头部
图片版
文字版
Headers are additional bits of data you can send to the web server when making requests.
报头是你在发出请求时可以发送到 Web 服务器的额外数据位。
Although no headers are strictly required when making a HTTP request, you’ll find it difficult to view a website properly.
尽管在发出 HTTP 请求时并不严格要求使用标头,但你会发现很难正确查看一个网站。
Common Request Headers常见请求标头
These are headers that are sent from the client (usually your browser) to the server.
这些是从客户端 (通常是你的浏览器) 发送到服务器的请求头。
Host: Some web servers host multiple websites so by providing the host headers you can tell it which one you require, otherwise you'll just receive the default website for the server.
主机:一些 Web 服务器托管多个网站,因此通过提供主机头,你可以告诉它你需要哪个网站,否则你只会收到服务器的默认网站。
User-Agent: This is your browser software and version number, telling the web server your browser software helps it format the website properly for your browser and also some elements of HTML, JavaScript and CSS are only available in certain browsers.
用户代理:这是你的浏览器软件和版本号,告诉 Web 服务器你的浏览器软件可以帮助它为你的浏览器正确格式化网站,还有一些 HTML、JavaScript 和 CSS 元素只在某些浏览器中可用。
Content-Length: When sending data to a web server such as in a form, the content length tells the web server how much data to expect in the web request. This way the server can ensure it isn't missing any data.
内容长度:当以表单形式向 Web 服务器发送数据时,内容长度会告诉 Web 服务器需要在 Web 请求中获取多少数据。这样,服务器就可以确保不会丢失任何数据。
Accept-Encoding: Tells the web server what types of compression methods the browser supports so the data can be made smaller for transmitting over the internet.
Accept-Encoding: 告诉 Web 服务器浏览器支持哪些类型的压缩方法,以便通过互联网传输时可以减少数据量。
Cookie: Data sent to the server to help remember your information (see cookies task for more information).
Cookie: 发送给服务器的数据,用于帮助记住您的信息 (更多信息请参见 cookie 任务)。
Common Response Headers常见响应标头
These are the headers that are returned to the client from the server after a request.
这些是请求后从服务器返回给客户端的响应头。
Set-Cookie: Information to store which gets sent back to the web server on each request (see cookies task for more information).
设置 Cookie: 存储每个请求发送回 Web 服务器的信息 (有关更多信息,请参阅 Cookie 任务)。
Cache-Control: How long to store the content of the response in the browser's cache before it requests it again.
Cache-Control: 在浏览器再次请求响应之前,将响应内容存储在其缓存中的时间。
Content-Type: This tells the client what type of data is being returned, i.e., HTML, CSS, JavaScript, Images, PDF, Video, etc. Using the content-type header the browser then knows how to process the data.
Content-Type: 这告诉客户端正在返回的数据类型,即 HTML、CSS、JavaScript、Images、PDF、Video 等。使用 content-Type 标头,浏览器就知道如何处理数据了。
Content-Encoding: What method has been used to compress the data to make it smaller when sending it over the internet.
Content-Encoding: 在互联网上发送数据时,使用了哪种方法来压缩数据以使其更小。
问题
答案
Task6 Cookies
图片版
文字版
You've probably heard of cookies before, they're just a small piece of data that is stored on your computer. Cookies are saved when you receive a "Set-Cookie" header from a web server. Then every further request you make, you'll send the cookie data back to the web server. Because HTTP is stateless (doesn't keep track of your previous requests), cookies can be used to remind the web server who you are, some personal settings for the website or whether you've been to the website before. Let's take a look at this as an example HTTP request:
你可能以前听说过 cookie, 它们只是存储在你计算机上的一小段数据。当你从 Web 服务器收到 “Set-Cookie” 标头时,就会保存 cookie。然后,每次你进一步发出请求,都会将 cookie 数据发送回 Web 服务器。由于 HTTP 是无状态的 (不跟踪你之前的请求),cookie 可以用来提醒 Web 服务器你是谁、网站的一些个人设置,或者你之前是否访问过该网站。让我们看一个 HTTP 请求的示例:
Cookies can be used for many purposes but are most commonly used for website authentication. The cookie value won't usually be a clear-text string where you can see the password, but a token (unique secret code that isn't easily humanly guessable).
Cookie 可用于多种用途,但最常用于网站身份验证。Cookie 的值通常不是可以看到密码的明文字符串,而是一个令牌 (唯一的秘密代码,人类很难轻易猜出)。
Viewing Your Cookies
查看你的 Cookie
You can easily view what cookies your browser is sending to a website by using the developer tools, in your browser. If you're not sure how to get to the developer tools in your browser, click on the "View Site" button at the top of this task for a how-to guide.
您可以使用浏览器中的开发者工具轻松查看浏览器正在向网站发送的 Cookie。如果您不确定如何在浏览器中访问开发者工具,请点击此任务顶部的 “查看网站” 按钮以获取指导。
Once you have developer tools open, click on the "Network" tab. This tab will show you a list of all the resources your browser has requested. You can click on each one to receive a detailed breakdown of the request and response. If your browser sent a cookie, you will see these on the "Cookies" tab of the request.
打开开发者工具后,单击 “Network” 选项卡。这个选项卡将显示浏览器请求的所有资源的列表。您可以单击每个资源以获取请求和响应的详细分析。如果浏览器发送了 Cookie, 您将在请求的 “Cookies” 选项卡中看到这些信息。
View Site 教如何通过浏览器打开开发者工具
火狐
谷歌
Safari
edge
Internet Explorer
问题
答案
Task7 Making Requests 提出请求(实战)
解法
第一题
给http的最后面加一个/room 点go执行
第二题
第三题
最后点一下go执行
第四题
先改成这个put 和 /user/2
第五题
所有的THM开头的便是各题的答案
有“AI”的1024 = 2048,欢迎大家加入2048 AI社区
更多推荐
35
0- 0
已为社区贡献2条内容
所有评论(0)