简体繁体 English

HTTP“会话”重建如何工作？

[英]how does HTTP “session” reconstruction work?

原文 2012-11-26 21:35:45 0 2 http/ network-programming/ sniffing

I have found this tool online: http://www.unleashnetworks.com/products/unsniff.html 我在网上找到了该工具： http : //www.unleashnetworks.com/products/unsniff.html

How does this work? 这是如何运作的？ Are they assuming that all HTTP traffic for a session occurs in the same TCP session, and then just clumping all that data together? 他们是否假设某个会话的所有HTTP通信都在同一TCP会话中发生，然后将所有数据都聚集在一起？ Is that a safe assumption? 这是一个安全的假设吗？

I was under the impression that when I load a page, multiple TCP sessions could be running for that single page load (images, videos, flash, whatever). 我的印象是，当我加载一个页面时，单个页面加载可能会运行多个TCP会话（图像，视频，Flash等）。

This seems to get complicated when I think about having two browser tabs open that are loading pages at the same time..how could I differentiate one http "session" from another? 当我想到打开同时加载页面的两个浏览器选项卡时，这似乎变得很复杂。如何区分一个http“会话”与另一个？ Especially true if they are hitting the same page, right? 如果他们都点击同一页面，尤其如此，对吗？

For that matter, how does the browser know which data incoming belongs to which tab? 为此，浏览器如何知道传入的数据属于哪个选项卡？ Does it keep track of TCP sessions belonging to an individual tab? 它是否跟踪属于单个选项卡的TCP会话？

Edit: 编辑：

When HTTP session is mentioned above, I am referring to all of the related HTTP transactions that it takes to, say, load a page. 上面提到HTTP会话时，我指的是它用来加载页面的所有相关HTTP事务。

By TCP session, I am literally referring to the handshake's SYN -> FIN packet lifetime. 通过TCP会话，我实际上是指握手的SYN-> FIN数据包生存期。

2 个解决方案

Although it might not be visible, the HTTP Session tracker is being passed to the server from the client as a parameter or as e cookie (header) 尽管它可能不可见，但HTTP会话跟踪程序正在作为参数或e cookie（标头）从客户端传递到服务器。

You might need to read about HTTP session token 您可能需要阅读有关HTTP会话令牌的信息

A session token is a unique identifier that is generated and sent from a server to a client to identify the current interaction session. 会话令牌是从服务器生成并发送到客户端以标识当前交互会话的唯一标识符。 The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in GET or POST queries. 客户端通常将令牌作为HTTP cookie存储和发送，和/或作为GET或POST查询中的参数发送。 The reason to use session tokens is that the client only has to handle the identifier—all session data is stored on the server (usually in a database, to which the client does not have direct access) linked to that identifier. 使用会话令牌的原因是客户端只需处理标识符-所有会话数据都存储在链接到该标识符的服务器上（通常存储在客户端无法直接访问的数据库中）。 Examples of the names that some programming languages use when naming their HTTP cookie include JSESSIONID (JSP), PHPSESSID (PHP), and ASPSESSIONID (ASP). 某些编程语言在命名其HTTP cookie时使用的名称示例包括JSESSIONID（JSP），PHPSESSID（PHP）和ASPSESSIONID（ASP）。

I am not familiar with the "Unsniff" app you link to, but I have used a few packet sniffers before (my favorite is Wireshark ). 我不熟悉链接到的“ Unsniff”应用程序，但是我之前使用过一些数据包嗅探器（我最喜欢的是Wireshark ）。 Usually you can differentiate sessions based on what host they are connected to. 通常，您可以根据会话连接到的主机来区分会话。 So, for instance, if you have 2 tabs open and one is opened to www.google.com and the other is www.facebook.com, the packet sniffer should be able to tell you which session is pointed at which host (or at least give you an IP address, which you can then use to find the host. see: reverse lookup ). 因此，举例来说，如果您打开了2个标签，并且其中一个打开了www.google.com，另一个打开了www.facebook.com，则数据包嗅探器应该能够告诉您哪个会话指向哪个主机（或指向至少要给您一个IP地址，然后您可以使用该IP地址来查找主机。请参阅：反向查找）。

Most times, multiple HTTP sessions will be open to one host. 大多数情况下，多个HTTP会话将对一台主机开放。 This is the case when you're loading a site's various resources (CSS files, images, javascript, etc.). 当您加载网站的各种资源（CSS文件，图像，JavaScript等）时，就是这种情况。 Each of these resources will show up as a separate HTTP session (unless, of course, the connection is persistent ... but your sniffer should be able to separate them anyway). 这些资源中的每一个都将显示为一个单独的HTTP会话（当然，除非连接是持久的 ……但是您的嗅探器仍然应该能够将它们分开）。 In this case, you (or the sniffer) will need to determine what was downloaded by looking at the actual data within the HTTP packet. 在这种情况下，您（或嗅探器）将需要通过查看HTTP数据包中的实际数据来确定下载了什么。