https packet capture principle
In one section, we analyzed the secure communication process of HTTPS and learned that HTTPS can effectively prevent man-in-the-middle attacks. But anyone who has used packet capture tools knows that Charles and Fiddler, for example, can capture HTTPS requests and decrypt them. How do they do this?
First, let’s look at the description of HTTPS proxy on Charles’ official website: (recommended learning: web front-end video tutorial)
Charles acts as an intermediary agent. When the browser communicates with the server, Charles receives the server's certificate, but dynamically generates a certificate and sends it to the browser. That is to say, Charles acts as an intermediary agent in the browser. Communicates with the server, so the communication data can be intercepted and decrypted by Charles. Since Charles has changed the certificate, the browser will give a security warning if the verification does not pass. You must install Charles' certificate before normal access can be performed.
What Charles needs to do is to disguise the server to the client and the client to the server:Intercept the HTTPS request of the real client and disguise the client The client sends an HTTPS request to the real server
Accepts the real server response, and uses Charles' own certificate to disguise the server to send the data content to the real client
Let's look at the specific process:The client initiates an HTTPS request to the server
Charles intercepts the client's request and pretends to be a client to make a request to the server
The server sends a request to the "client" (actual The above is Charles) Returning the server's CA certificate
Charles intercepts the server's response, obtains the server certificate public key, then makes a certificate himself, replaces the server certificate and sends it to the client. (In this step, Charles gets the public key of the server certificate)
After the client receives the certificate of the "server" (actually Charles), it generates a symmetric key, encrypts it with Charles' public key, and sends it Give the "server" (Charles)
Charles intercepts the client's response, decrypts the symmetric key with his own private key, then encrypts it with the server certificate public key and sends it to the server. (In this step, Charles gets the symmetric key)
The server decrypts the symmetric key with its own private key and sends a response to the "client" (Charles)
Charles intercepts the server's response, Replace it with your own certificate and send it to the client
At this point, the connection is established. Charles has obtained the public key of the server certificate and the symmetric key negotiated between the client and the server. Afterwards, he can decrypt or modify the encrypted message. .
The principle of HTTPS packet capture is quite simple. To put it simply, Charles, as a "middleman agent", gets the public key of the server certificate and the symmetric key of the HTTPS connection. The premise is that the client chooses Trust and install Charles' CA certificate, otherwise the client will "alarm" and terminate the connection. From this point of view, HTTPS is still very safeThe above is the detailed content of https packet capture principle. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to use Nginx Proxy Manager to implement automatic jump from HTTP to HTTPS
Sep 26, 2023 am 11:19 AM
How to use NginxProxyManager to implement automatic jump from HTTP to HTTPS. With the development of the Internet, more and more websites are beginning to use the HTTPS protocol to encrypt data transmission to improve data security and user privacy protection. Since the HTTPS protocol requires the support of an SSL certificate, certain technical support is required when deploying the HTTPS protocol. Nginx is a powerful and commonly used HTTP server and reverse proxy server, and NginxProxy
How to use Nginx Proxy Manager to implement reverse proxy under HTTPS protocol
Sep 26, 2023 am 08:40 AM
How to use NginxProxyManager to implement reverse proxy under HTTPS protocol. In recent years, with the popularity of the Internet and the diversification of application scenarios, the access methods of websites and applications have become more and more complex. In order to improve website access efficiency and security, many websites have begun to use reverse proxies to handle user requests. The reverse proxy for the HTTPS protocol plays an important role in protecting user privacy and ensuring communication security. This article will introduce how to use NginxProxy
Nginx with SSL: Configure HTTPS to protect your web server
Jun 09, 2023 pm 09:24 PM
Nginx is a high-performance web server software and a powerful reverse proxy server and load balancer. With the rapid development of the Internet, more and more websites are beginning to use the SSL protocol to protect sensitive user data, and Nginx also provides powerful SSL support, making the security performance of the web server even further. This article will introduce how to configure Nginx to support the SSL protocol and protect the security performance of the web server. What is SSL protocol? SSL (SecureSocket
What does the https workflow look like?
Apr 07, 2024 am 09:27 AM
The https workflow includes steps such as client-initiated request, server response, SSL/TLS handshake, data transmission, and client-side rendering. Through these steps, the security and integrity of data during transmission can be ensured.
How Nginx firewall ensures HTTPS secure communication
Jun 10, 2023 am 10:16 AM
In today's Internet era, secure communication has become an indispensable part. Especially in HTTPS communication, how to ensure its security is particularly important. As a popular web server and reverse proxy server, Nginx's firewall can also play an important role in ensuring HTTPS secure communication. This article will discuss the Nginx firewall from the following aspects. TLS/SSL encryption The security of HTTPS communication is mainly based on TLS/SSL encryption technology, which can prevent data from being transmitted during transmission.
How to configure https in tomcat
Jan 05, 2024 pm 05:15 PM
Configuration steps: 1. Obtain the SSL certificate; 2. Configure the SSL certificate; 3. Edit the Tomcat configuration file; 4. Restart Tomcat. Detailed introduction: 1. You need to obtain an SSL certificate, either a self-signed certificate or a valid SSL certificate from a certification agency (such as Let's Encrypt); 2. Place the obtained SSL certificate and private key files on the server and ensure that these files Located in a safe location, only users with sufficient permissions can access; 3. Edit Tomcat configuration files, etc.
How to use Nginx to implement HTTPS two-way authentication
Jun 03, 2023 pm 08:38 PM
The difference between one-way verification and two-way verification: One-way verification: refers to the client verifying the server-side certificate, and the server does not need to verify the client certificate. Two-way verification: refers to the client verifying the server-side certificate, and the server also needs to verify the client certificate through the CA's public key certificate. Detailed handshake process: One-way authentication The browser sends a connection request to the security server. 1. The server sends its own certificate and certificate-related information to the client browser. 2. The client browser checks whether the certificate sent by the server is issued by the CA center it trusts. If it is, continue to execute the agreement; if not, the client's browser will give the client a warning message: warning the client that this certificate is not trustworthy and asking the client if it needs to continue. 3. Pick up customers
How to upgrade https under Nginx
May 14, 2023 pm 04:49 PM
Download the certificate Download the nginx version certificate in the certificate console. The compressed file package downloaded to the local area contains after decompression: .pem file: certificate file. key file: private key file of the certificate (if you do not choose to automatically create a csr when applying for a certificate, there will be no such file) Configure nginx1, in the installation directory of nginx Create the cert directory under and copy all the downloaded files to the cert directory. If you created the csr file yourself when applying for the certificate, please place the corresponding private key file in the cert directory. 2. Open the nginx.conf file in the conf directory under the nginx installation directory #usernobody;worker_processes1;#error