WebÉø͸Óë·ÀÓù(µÚ¶þ°æ)

ÏîÄ¿Ò» Web°²È«³õ̽ 1 1.1 Web°²È«ÏÖ×´Óë·¢Õ¹Ç÷ÊÆ 1 1.1.1 Web°²È«ÏÖ×´ 1 1.1.2 Web°²È«·¢Õ¹Ç÷ÊÆ 6 1.2 Webϵͳ½éÉÜ 7 1.2.1 WebµÄ·¢Õ¹Àú³Ì 7 1.2.2 WebϵͳµÄ¹¹³É 8 1.2.3 WebϵͳµÄÓ¦Óüܹ¹ 9 1.2.4 WebµÄ·ÃÎÊ·½·¨ 10 1.2.5 Web±à³ÌÓïÑÔ 11 1.2.6 WebÊý¾Ý¿â·ÃÎʼ¼Êõ 12 1.2.7 Web·þÎñÆ÷ 13 ʵÀý1 Ê®´óWeb°²È«Â©¶´±È½Ï·ÖÎö 15 ÏîÄ¿¶þ WebЭÒéÓë·ÖÎö 16 2.1 HTTP 16 2.1.1 HTTPµÄͨÐŹý³Ì 17 2.1.2 ͳһ×ÊÔ´¶¨Î»·û 17 2.1.3 HTTPµÄÁ¬½Ó·½Ê½ºÍÎÞ״̬ÐÔ 18 2.1.4 HTTPµÄÇëÇó±¨ÎÄ 18 2.1.5 HTTPµÄÏìÓ¦±¨ÎÄ 22 2.1.6 HTTPµÄ±¨Îı¨Í·ÀàÐÍ»ã×Ü 24 2.1.7 HTTPµÄ»á»°¹ÜÀí 24 2.2 HTTPS 26 2.2.1 HTTPSºÍHTTPµÄÖ÷ÒªÇø±ð 26 2.2.2 HTTPSÓëWeb·þÎñÆ÷µÄͨÐŹý³Ì 27 2.2.3 HTTPSµÄÓŵã 27 2.2.4 HTTPSµÄȱµã 28 2.3 ÍøÂçÐá̽¹¤¾ß 28 2.3.1 Wireshark¼ò½é 28 2.3.2 WiresharkµÄ½çÃæ 29 ʵÀý1 WiresharkµÄÓ¦ÓÃʵÀý 38 ʵÀý1.1 ²¶×½Êý¾Ý°ü 38 ʵÀý1.2 ´¦Àí²¶×½ºóµÄÊý¾Ý°ü 42 ÏîÄ¿Èý Web©¶´¼ì²â¹¤¾ß 48 3.1 Web©¶´¼ì²â¹¤¾ßAppScan 48 3.1.1 AppScan¼ò½é 48 3.1.2 AppScanµÄ°²×° 49 3.1.3 AppScanµÄ»ù±¾¹¤×÷Á÷³Ì 53 3.1.4 AppScanµÄ½çÃæ 56 3.2 HTTP·ÖÎö¹¤¾ßWebScarab 59 3.3 ÍøÂ究´¼ì²â¹¤¾ßNmap 62 3.3.1 Nmap¼ò½é 62 3.3.2 NmapµÄ°²×° 63 3.4 ¼¯³É»¯µÄ©¶´É¨Ã蹤¾ßNessus 66 3.4.1 Nessus¼ò½é 66 3.4.2 NessusµÄ°²×° 66 ʵÀý1 AppScanɨÃèʵÀý 69 ʵÀý2 WebScarabµÄÔËÐÐ 83 ʵÀý3 NmapÓ¦ÓÃʵÀý 90 ʵÀý3.1 ÀûÓÃNmapµÄͼÐνçÃæ½øÐÐɨÃè 90 ʵÀý3.2 ÀûÓÃNmapÃüÁîÐнçÃæ½øÐÐɨÃè̽²â 103 ʵÀý4 ÀûÓÃNessusɨÃèWebÓ¦