0329_接口测试-接口协议分析&代理工具使用

Python测试开发班 Python测试开发-11期
21

image
image1989×1143 305 KB

22

2020-03-29 11-23-43 的屏幕截图
2020-03-29 11-23-43 的屏幕截图1299×741 228 KB

23

image
image1165×392 28.2 KB

24

chrome无痕模式,是指浏览器不保存cookies吗?为啥老师的testerhome登录态还在?

25

image

26

关于三次握手和四次挥手还是有点不理解

27

问题

windump无法抓取到三次握手的包

运行了老师提供的命令,但是看起来好像没启动成功??

image
image825×91 5.14 KB

curl请求百度

image
image982×806 48.6 KB

最后文件内容为空

image
image867×358 12.9 KB

windump按照官网的方式装了
image

现在不知道哪一步走错了?求指点~

28

练习1:

image
image2899×1574 764 KB

29

image
image1618×476 59.4 KB

在发送get请求、post请求时,执行curl命令保存请求内容失败

30

不知道啥问题反正论坛发出来那个命令中的引号都变成中文的了
你试一下这俩命令应该就可以了

curl -s 'http://127.0.0.1:5000/request?a=1&b=2' -d 'c=3&d=4' -v &>/tmp/post
curl -s 'http://127.0.0.1:5000/request?a=1&b=2' -v &>/tmp/get
31

感谢天马兄,原来是这个原因,这不会是论坛的一个bug吧

32

雪球

curl -G --data-urlencode 'code=中国石化' 'https://xueqiu.com/stock/search.json' -H 'Conntion: keep-alive' -H 'Accept: application/json, text/plain, */*' -H 'Sec-Fetch-Dest: empty' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36' -H 'elastic-apm-traceparent: 00-28e01e261e6ac755e8c820e1bd37cc44-cdd647f5c284e99c-00' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: cors' -H 'Referer: https://xueqiu.com/k?q=%E4%B8%AD%E5%9B%BD%E7%9F%B3%E5%8C%96' -H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8' -H 'Cookie: aliyungf_tc=AQAAAPjGzClKsgcACYElOtIdwF7uoCGF; acw_tc=2760824915855496695148029e2e9cac0e6f2b36bc21b2f195905117bf938d; xq_a_token=2ee68b782d6ac072e2a24d81406dd950aacaebe3; xqat=2ee68b782d6ac072e2a24d81406dd950aacaebe3; xq_r_token=f9a2c4e43ce1340d624c8b28e3634941c48f1052; xq_id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1aWQiOi0xLCJpc3MiOiJ1YyIsImV4cCI6MTU4NzUyMjY2MSwiY3RtIjoxNTg1NTQ5NjExNjQ2LCJjaWQiOiJkOWQwbjRBWnVwIn0.Cev8dOHdDZ0gztgchnxwa_YPgQzOjg2ns5UY1pRK_v0nkJhvPJVzWzYCky82JhR1z2bLlrgaG3-isY9VS99_6MgC9azyDlicz7YexZn_Hd_etOPISDHWmJHoDa7jjELankK1FRXUEwb7j9V0kFQAAxLDJo4fV0_Kxxq84cprCRAtsctlyAW8HWsIE-NfTbAffByrUfBC_NGkX0laVXqwJ5igb3VWjn1cDib29rPlBLwRr0HTmwn74T4kJa5b1RU61h3PPyRMFcE9ePEezfj-N3-6CYesTJfwdydbkmWN4MyQ78ln5v9_Jn2NEXAo6fq3T6uUQoKAZV8qWnguGdRSdw; u=671585549669519; Hm_lvt_1db88642e346389874251b5a1eded6e3=1585549670; device_id=24700f9f1986800ab4fcc880530dd0ed; Hm_lpvt_1db88642e346389874251b5a1eded6e3=1585549737' --compressed | jq

User-Agent

curl -I -H 'User-Agent: jeremy8250' https://ceshiren.com/t/topic/1177

打开网站会发生什么?

  1. 在浏览器中输入www.example.com地址同时,弹出联想,这是因为浏览器缓存了之前已经访问过的url地址,再次输入的时候,会自动匹配出来;
  2. 输入回车后,浏览器根据输入的域名查找DNS服务器,方向:本地缓存=>ISP供应商=>根域名服务器(告知去com域名查找)=>com域名服务器(告知去example.com域名查找)=>example.com域名服务器(告知去Amazon服务器查找)=>Amazon服务器(找到IP),返回给浏览器;
  3. 浏览器使用IP访问www.example.com的服务器, 三次握手建立TCP连接,之后再发送HTTP请求,如果是HTTPS的还要建立TLS/SSL连接;
  4. 服务器收到请求后完成资源的表述(把html页面/js页面作为包体返回给浏览器);
  5. 浏览器开始解析这个响应,包括生成DOM tree,JS加载,CSS渲染、图片加载;
  6. JS在加载过程中会调用新的网址,发起新的请求;
  7. 最后呈现给用户。

Rewrite

image
image936×1678 219 KB

股票倍数增长
image
image936×1678 349 KB

33

wireshark截图:

开启windump监听: WinDump.exe -i 3 -vv -w d:/text/baidu1.txt host www.baidu.com

image
image1891×492 58.1 KB

charles mock

image
image1733×930 212 KB

34

先回复一下 tcpdump相关的内容 使用 windump -i2 -w 00000.txt -s 0 host www.baidu.com 监听

image
image1654×448 48.9 KB

curl 作业1 除了老师使用的 还可以用-A参数修改 user-agent

image
image818×224 8.11 KB

curl 作业2 和老师一致

35

curl联系——通过参数指定搜索关键字

补上curl命令练习记录,因为返回内容不方便看我存成html之后用浏览器打开看了。。

curl -G url "https://www.baidu.com/s?rsv_spt=1&rsv_iqid=0xcd3687a300401b73&issp=1&f=8&rsv_bp=1&rsv_idx=2&ie=utf-8&rqlang=&tn=baiduhome_pg&ch=&rsv_enter=1&rsv_dl=ib&inputT=8419" --data-urlencod 'wd=霍格沃兹测试学院' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' -H 'Upgrade-Insecure-Requests: 1' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36' -H 'Sec-Fetch-Dest: document' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: navigate' -H 'Sec-Fetch-User: ?1' -H 'Referer: https://www.baidu.com/' -H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8' -H 'Cookie: BIDUPSID=37479B68A194BB4C8AFC7DC95D168944; PSTM=1584200298; BAIDUID=37479B68A194BB4CCF7C0394BC703005:FG=1; BD_UPN=123353; BDUSS=U0tUnplN1YwYTd-NHBpc34wNVg0eTZnMmlmNlhBQXhsRjRWdklQMk1Pem94cFplRVFBQUFBJCQAAAAAAAAAAAEAAAD31nICbWFnaWFuMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOg5b17oOW9eY; COOKIE_SESSION=11047_0_7_0_16_14_1_0_3_6_0_4_10938_0_2_0_1585448141_0_1585448139%7C9%230_0_1585448139%7C1; BD_HOME=1; H_PS_PSSID=1436_31170_21115_30842_31186_30901_30823_31086_31195; BDRCVFR[feWj1Vr5u3D]=I67x6TjHwwYf0; delPer=0; BD_CK_SAM=1; PSINO=2; sug=3; sugstore=0; ORIGIN=0; bdime=0; H_PS_645EC=ed74M%2FLD%2Fmj99c1In7%2FMp0ciwOVq0Eo6eIcRviLciBzQs%2FE6wYoI3xktA%2BAk5xe2gqQa; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598' --compressed > ~/temp/baidu.html

image
image877×564 122 KB

curl作业1——用curl发送一个header中携带user-agent:xxx的头信息

image
image1997×1233 245 KB

curl作业2——向雪球发起一个股票搜索

curl -G 'https://xueqiu.com/stock/search.json?size=3&page=1' --data-urlencode 'code=阿里巴巴' -H 'Connection: keep-alive' -H 'Accept: application/json, text/plain, */*' -H 'Sec-Fetch-Dest: empty' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36' -H 'elastic-apm-traceparent: 00-824256c2dd8d03a864c9cb51fb3c3b2b-d3334b2e2871fdd6-00' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: cors' -H 'Referer: https://xueqiu.com/k?q=%E9%98%BF%E9%87%8C%E5%B7%B4%E5%B7%B4' -H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8' -H 'Cookie: acw_tc=2760821f15842607114008041e97d04da7859bd942cba4ead89ed27d47420d; cookiesu=311584260711959; device_id=24700f9f1986800ab4fcc880530dd0ed; aliyungf_tc=AQAAAIyAt2xSMwQAPAbBbzr+Bij99CaS; xq_a_token=2ee68b782d6ac072e2a24d81406dd950aacaebe3; xqat=2ee68b782d6ac072e2a24d81406dd950aacaebe3; xq_r_token=f9a2c4e43ce1340d624c8b28e3634941c48f1052; xq_id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1aWQiOi0xLCJpc3MiOiJ1YyIsImV4cCI6MTU4NzUyMjY2MSwiY3RtIjoxNTg1NjM1NjgyMzgzLCJjaWQiOiJkOWQwbjRBWnVwIn0.Lv12FHb92DROA00qsQB8btcrjQumgqUYqM3jGo8KknthdOEq2D9OFYGvQBVA8AHjICnek0goVBDekfa8vEBnBRw8hkT2FNGieo6vUPLNfoqA2VoLy9Xfr0PQy-s2ni0lSnwNInFrjqSnyTATJNny8nMSLNhgzx-TorWciNz26pIPjIU9gg48_RnB2gnE6vwmqUF0IDE2284aYda7kiVuVxgmNw257bmkKPW-tnnVWnQE5nYj2_7SCqdmcmXb_xs9APNynkwXOxDdOHy_Dka7iZHfW9hBVR7z5tQynt6km-0axBds06XTM_eMQ5IfMkoD0cn4r4nBXeljOG0uwo7_pQ; u=441585635713286; Hm_lvt_1db88642e346389874251b5a1eded6e3=1584260713,1585462969,1585635714; Hm_lpvt_1db88642e346389874251b5a1eded6e3=1585635719' --compressed -s | jq

image
image1847×859 189 KB

charles 练习1

image

charles 练习2

image
image1767×978 262 KB

打开一个网站发生了什么

  • 将域名解析为IP地址(通过缓存/DNS服务器)
  • 建立连接(三次握手)
  • 发送请求
  • 服务器端处理并返回
  • 接收请求
  • 结束连接(四次挥手)
  • 浏览器解析页面 (DOM-CSS-JS)
1 个赞
36

**课间tcpdump+wireshark **
image

37

1.修改雪球某一支股票为自定义名字,并修改价格

修改股票名字和价格
修改股票名字和价格1080×1920 79.8 KB

2.修改雪球列表页股票的列表内容翻倍

股票列表翻倍

1 个赞
38

打开一个网站发生了什么事情

1、进行DNS解析,逐层查找域名对应的IP地址:
以www.baidu.com为例
浏览器缓存–>系统缓存–>路由器缓存–>本地域名服务器缓存–>本地域名服务器–>根域名服务器缓存(.)–>根域名服务器–>顶级域名服务器缓存(.com)–>顶级域名服务器–>主域名服务器缓存(baidu.com)–>主域名服务器
最终找到www.baidu.com的IP地址
2、与服务器进行TCP链接,三次握手
3、发送http请求
4、服务器处理请求并返回HTTP报文
此时服务器会返回浏览器各种文本信息(HTML, CSS, JS, 图片等文件), 并加载到浏览器缓存中。
5、浏览器解析渲染页面
浏览器在收到HTML,CSS,JS文件后,把页面呈现到屏幕上
解析html以构建dom树–>解析css构建render树–>布局render树–>绘制render树
6、连接结束(四次挥手)

修改雪球某一支股票为自定义名字,并修改价格

image
image1125×898 151 KB

修改雪球列表页股票的列表内容,修改为上千只股票

image
image1377×1011 303 KB

1 个赞
39

1、浏览器通过输入的域名去查询对应ip地址(这个ip地址就是服务器的ip地址,不一定唯一)
2、浏览器与服务器之间建立一个连接(tcp协议,3次握手)
3、浏览器与服务器之间发送和接受各种数据(需要携带各种的cookie等身份标识)
4、浏览器与服务器断开连接(4次挥手)

40

curl作业1:
用curl发送一个header中携带user-agent:xxx的头信息
curl -I -H'User-Agent:cy' 'http://baidu.com' -v
QQ截图20200402162146

curl作业2:
向雪球发起一个股票搜索

curl -G 'https://xueqiu.com/stock/search.json?' --data-urlencode 'code=京东' --data-urlencode 'size=3' --data-urlencode 'page=1' -H 'Connection: keep-alive' -H 'Accept: application/json, text/plain, */*' -H 'Sec-Fetch-Dest: empty' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Safari/537.36' -H 'elastic-apm-traceparent: 00-d973cd500920c575063ff953fd665a55-a8f6f11886a04ebc-00' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: cors' -H 'Referer: https://xueqiu.com/k?q=%E4%BA%AC%E4%B8%9C' -H 'Accept-Language: zh-CN,zh;q=0.9' -H 'Cookie: aliyungf_tc=AQAAAF56kGSvbAYAOTqt3GjvBDhyWY83; acw_tc=2760824e15858126144317916ed77dc31d99bc0c3a5ec5078d838e840dc020; xq_a_token=2ee68b782d6ac072e2a24d81406dd950aacaebe3; xqat=2ee68b782d6ac072e2a24d81406dd950aacaebe3; xq_r_token=f9a2c4e43ce1340d624c8b28e3634941c48f1052; xq_id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1aWQiOi0xLCJpc3MiOiJ1YyIsImV4cCI6MTU4NzUyMjY2MSwiY3RtIjoxNTg1ODEyNjExNDYyLCJjaWQiOiJkOWQwbjRBWnVwIn0.YK-AkYLju3RjvsOxNki9tLVuILNIN3gP6oFFzynr-vINKz4FusfAyl5gFyN8MXNtaWW9UaReeWdWcp2mkL6pGbiIoU7BFrjz7m9AF5405wHURKz10Zpd_YrruQP-OD66kbWjE43rFYTOb187F0MDhYxNZs-ybmjM0fd-8K5gVMPEdg5ee05bC4lsgANmEAhcHMdU4u4ctdeD-Myx2yoeagz586AWD6AQAo_d9r6FqE5Eur4Z5yGAAeOkG-9_veY5NLs0d0S0aQY3sU0-z1PNb9CheE_WJwSyETUEBJeaViA9M1ojUtbxEp6s-1k2f8JMNUzLdeZgyL0cDuCC8gpnEA; u=591585812614435; Hm_lvt_1db88642e346389874251b5a1eded6e3=1585812616; Hm_lpvt_1db88642e346389874251b5a1eded6e3=1585812616; device_id=24700f9f1986800ab4fcc880530dd0ed' --compressed

QQ图片20200402162415