wireshark分析post请求

linux · 发表于 2017-4-28 11:29:58

138 70.501843606 127.0.0.1 127.0.0.1 HTTP 114 POST /Testapi/info/getPortinfo HTTP/1.1  (text/plain) (text/plain) (text/plain) (text/plain)

Frame 138: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 43854 (43854), Dst Port: 9199 (9199), Seq: 1112, Ack: 1, Len: 48
Source Port: 43854
Destination Port: 9199
[Stream index: 8]
[TCP Segment Len: 48]
Sequence number: 1112 (relative sequence number)
[Next sequence number: 1160 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 32 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 342
[Calculated window size: 43776]
[Window size scaling factor: 128]
Checksum: 0xfe58 [validation disabled]
Urgent pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[SEQ/ACK analysis]
TCP segment data (48 bytes)
[5 Reassembled TCP Segments (1159 bytes): #130(482), #132(207), #134(242), #136(180), #138(48)]
Hypertext Transfer Protocol
POST /Testapi/info/getPortinfo HTTP/1.1\r\n
      [Expert Info (Chat/Sequence): POST /Testapi/info/getPortinfo HTTP/1.1\r\n]
      Request Method: POST
      Request URI: /Testapi/info/getPortinfo
      Request Version: HTTP/1.1
Content-Length: 867\r\n
Content-Type: multipart/form-data; boundary=vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg\r\n
Host: localhost:9199\r\n
Connection: Keep-Alive\r\n
User-Agent: Apache-HttpClient/4.5.1 (Java/1.8.0_121)\r\n
Accept-Encoding: gzip,deflate\r\n
\r\n
[Full request URI: http://localhost:9199/Testapi/info/getPortinfo]
[HTTP request 1/1]
[Response in frame: 144]
MIME Multipart Media Encapsulation, Type: multipart/form-data, Boundary: "vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg"
[Type: multipart/form-data]
First boundary: --vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg\r\n
Encapsulated multipart part:  (text/plain)
Boundary: \r\n--vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg\r\n
Encapsulated multipart part:  (text/plain)
Boundary: \r\n--vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg\r\n
Encapsulated multipart part:  (text/plain)
      Content-Disposition: form-data; name="jsonBody"\r\n
      Content-Type: text/plain; charset=UTF-8\r\n
      Content-Transfer-Encoding: 8bit\r\n\r\n
      Line-based text data: text/plain
          {"reqDatas":[{"reqData": "\345\207\244\345\207\260","city": "\344\270\211\344\272\232"}],"type": "airport"}
Boundary: \r\n--vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg\r\n
Encapsulated multipart part:  (text/plain)
Last boundary: \r\n--vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg--\r\n

linux · 发表于 2017-4-28 11:52:00

multipart/form-data详细介绍

1.什么是Multipart/form-data？
Multipart/form-data是上传文件的一种方式。

Multipart/form-data其实就是浏览器用表单上传文件的方式。最常见的情境是：在写邮件时，向邮件后添加附件，附件通常使用表单添加，也就是用multipart/form-data格式上传到服务器。

2.上传具体的步骤：

首先，客户端和服务器建立连接（TCP协议）。

第二，客户端可以向服务器端发送数据。因为上传文件实质上也是向服务器端发送请求。

第三，客户端按照符合“multipart/form-data”的格式向服务器端发送数据。（这一点非常重要）。

3.关于Multipart/form-data的格式
1）概述
   其实关于Multipart/form-data的格式有多重不同的表示方法，但是我认为最权威的一种说法如下：

First, there are some basics you need to understand about multipart/formdata posts. Each part consists of at least a NAME and a CONTENTS part. If the part is made for file upload, there are also a stored CONTENT-TYPE and a FILENAME. Below, we'll discuss what options you use to set these properties in the parts you want to add to your post.
首先，你需要理解一些关于multipart/formdata post的一些基础知识。每一个part包含至少一个NAME和一个CONTENT部分。如果这个part用来上传文件，那么也可以有CONTENT-TYPE和FILENAME这些信息。（from http://curl.haxx.se/libcurl/c/curl_formadd.html）

wireshark来抓包Name  Content

MIME Multipart Media Encapsulation, Type: multipart/form-data, Boundary: "vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg"
[Type: multipart/form-data]
First boundary: --vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg\r\n
Encapsulated multipart part:  (text/plain)
      Content-Disposition: form-data; name="auth"\r\n
      Content-Type: text/plain; charset=UTF-8\r\n
      Content-Transfer-Encoding: 8bit\r\n\r\n
      Line-based text data: text/plain
         f7abcfdf12361389
Boundary: \r\n--vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg\r\n
Encapsulated multipart part:  (text/plain)
      Content-Disposition: form-data; name="sig"\r\n
      Content-Type: text/plain; charset=UTF-8\r\n
      Content-Transfer-Encoding: 8bit\r\n\r\n
      Line-based text data: text/plain
         dc1234a401cfdad847a40123c050b3efffa6bf47
Boundary: \r\n--vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg\r\n
Encapsulated multipart part:  (text/plain)
      Content-Disposition: form-data; name="jsonBody"\r\n
      Content-Type: text/plain; charset=UTF-8\r\n
      Content-Transfer-Encoding: 8bit\r\n\r\n
      Line-based text data: text/plain
          {"reqDatas":[{"reqData": "\345\207\244\345\207\260","city": "\344\270\211\344\272\232"}],"type": "aport"}
Boundary: \r\n--vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg\r\n
Encapsulated multipart part:  (text/plain)
      Content-Disposition: form-data; name="time"\r\n
      Content-Type: text/plain; charset=UTF-8\r\n
      Content-Transfer-Encoding: 8bit\r\n\r\n
      Line-based text data: text/plain
         1493349038027
Last boundary: \r\n--vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg--\r\n

详细介绍：
   首先：介绍wireshark中字段与Multipart/form-data的对应关系：
      MIME Multipart Media Encapsulation：代表整个Multipart/form-data上传文件中的数据。
      Encapsulated multipart part：代表表单中不同部分的数据。
      Boundary：用来隔开表单中不同部分的数据。
   其次，详细介绍：
   1) MIME Multipart Media Encapsulation ，Type：multipart/form-data，Boundary：“----------vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg”
      这行指出这个请求是multipart/form-data格式的，且boundary是“----------vdY2kQHa9tkdRw5pGP6IlyxkLEpKkwwwiFf0p_hg”这个字符串。
   2）关于Boundary：  Boundary：用来隔开表单中不同部分的数据。实际上，每部分数据的开头都是由“--”+boundary开始的（这是MIME标准中讲述的标准内容）。
   3）  Encapsulated multipart part：紧跟着boundary的是该部分数据的描述：
      Content-Dispostion:form-data;name="Filename"\r\n
         每一个part至少一个name和一个content部分。

		自动登录	找回密码
密码			立即注册