https://linzeyan.github.io/zh-tw/categories/http/Recent content in HTTP on RickyHugo -- gohugo.iozh-twThu, 12 Jun 2025 09:04:00 +0800https://linzeyan.github.io/zh-tw/posts/2025/20250612-bash-timeout/Thu, 12 Jun 2025 09:04:00 +0800https://linzeyan.github.io/zh-tw/posts/2025/20250612-bash-timeout/<ul> <li> <p><a href="https://heitorpb.github.io/bla/timeout/" target="_blank" rel="noopener">TIL：Bash 腳本的 timeout</a></p> </li> <li> <p><code>timeout 1m ./until.sh</code></p> </li> <li> <p>包一層</p> </li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>timeout 1m bash -c <span style="color:#e6db74">&#34;until curl --silent --fail-with-body 10.0.0.1:8080/health; do </span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> sleep 1 </span></span></span><span style="display:flex;"><span><span style="color:#e6db74">done&#34;</span> </span></span></code></pre></div>https://linzeyan.github.io/zh-tw/posts/2025/20250503-zipbomb-protection/Sat, 03 May 2025 11:24:00 +0800https://linzeyan.github.io/zh-tw/posts/2025/20250503-zipbomb-protection/<ul> <li> <p><a href="https://idiallo.com/blog/zipbomb-protection" target="_blank" rel="noopener">我用 Zip Bomb 來保護我的伺服器</a></p> </li> <li> <p>發生的情況是：對方收到檔案後，讀取標頭得知這是壓縮檔，因此嘗試解壓那個 1MB 的檔案來找他們要的內容。但檔案會不斷膨脹，直到耗盡記憶體、伺服器崩潰。1MB 的檔案會解壓成 1GB，這已足以讓多數機器人失敗。不過對於那些死纏爛打的腳本，我就給它 10MB 的檔案，解壓後會變成 10GB，立刻把腳本搞掛。</p> </li> <li> <p><code>dd if=/dev/zero bs=1G count=10 | gzip -c &gt; 10GB.gz</code></p> <ul> <li><code>dd</code>：用於複製或轉換資料的指令。</li> <li><code>if</code>：輸入檔案，這裡指定 <code>/dev/zero</code>，它會產生無限的零位元組串流。</li> <li><code>bs</code>：區塊大小，設為 1GB（1G），代表 dd 會以 1GB 為單位讀寫。</li> <li><code>count=10</code>：代表處理 10 個區塊、每個 1GB，因此會產生 10GB 的零資料。</li> </ul> </li> <li> <p>middleware</p> </li> </ul> <pre tabindex="0"><code>if (ipIsBlackListed() || isMalicious()) { header(&#34;Content-Encoding: gzip&#34;); header(&#34;Content-Length: &#34;. filesize(ZIP_BOMB_FILE_10G)); // 10 MB readfile(ZIP_BOMB_FILE_10G); exit; } </code></pre>https://linzeyan.github.io/zh-tw/posts/2025/20250425-everyone-need-a-http-proxy-to-debug/Fri, 25 Apr 2025 16:58:00 +0800https://linzeyan.github.io/zh-tw/posts/2025/20250425-everyone-need-a-http-proxy-to-debug/<ul> <li><a href="https://blog.huli.tw/2025/04/23/everyone-need-a-http-proxy-to-debug/" target="_blank" rel="noopener">人人都需要一個 HTTP proxy 來 debug</a></li> </ul> <ol> <li><a href="https://www.charlesproxy.com/" target="_blank" rel="noopener">Charles</a></li> <li><a href="https://portswigger.net/burp/communitydownload" target="_blank" rel="noopener">Burp Suite</a></li> <li><a href="https://mitmproxy.org/" target="_blank" rel="noopener">mitmproxy</a></li> </ol>https://linzeyan.github.io/zh-tw/posts/2022/20220623-monitoring-http-requests-network-interfaces/Thu, 23 Jun 2022 16:48:42 +0800https://linzeyan.github.io/zh-tw/posts/2022/20220623-monitoring-http-requests-network-interfaces/<ul> <li><a href="https://www.baeldung.com/linux/monitoring-http-requests-network-interfaces" target="_blank" rel="noopener">即時監控網路介面上的 HTTP 請求</a></li> </ul> <h3 id="tcpflow">tcpflow</h3> <blockquote> <p><code>apt/dnf install tcpflow</code></p></blockquote> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ sudo tcpflow -p -c -i wlp0s20f3 port <span style="color:#ae81ff">80</span> | grep -oE <span style="color:#e6db74">&#39;(GET|POST) .* HTTP/1.[01]|Host: .*&#39;</span> </span></span><span style="display:flex;"><span>reportfilename: ./report.xml </span></span><span style="display:flex;"><span>tcpflow: listening on wlp0s20f3 </span></span><span style="display:flex;"><span>GET /alexlarsson/flatpak/ubuntu/dists/focal/InRelease HTTP/1.1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>GET /mirrors.txt HTTP/1.1 </span></span></code></pre></div><ul> <li><code>-p</code> 停用混雜模式</li> <li><code>-c</code> 只輸出到主控台，不建立檔案</li> <li><code>-i</code> 指定網路介面 grep 會接收 tcpflow 的輸出</li> <li><code>-o</code> 只顯示符合樣式的那一段</li> <li><code>-E</code> 表示樣式是延伸正則表示式（ERE）</li> </ul> <h3 id="httpry">httpry</h3> <blockquote> <p><code>https://github.com/jbittel/httpry.git</code></p></blockquote> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo httpry -i wlp0s20f3 </span></span><span style="display:flex;"><span>httpry version 0.1.8 -- HTTP logging and information retrieval tool </span></span><span style="display:flex;"><span>Copyright <span style="color:#f92672">(</span>c<span style="color:#f92672">)</span> 2005-2014 Jason Bittel &lt;jason.bittel@gmail.com&gt; </span></span><span style="display:flex;"><span>Starting capture on wlp0s20f3 interface </span></span><span style="display:flex;"><span>2022-06-22 16:38:12.166 192.168.1.24 172.217.17.238 &gt; GET google.com / HTTP/1.1 - - </span></span><span style="display:flex;"><span>2022-06-22 16:38:12.199 172.217.17.238 192.168.1.24 &lt; - - - HTTP/1.0 400 Bad Request </span></span><span style="display:flex;"><span>2022-06-22 16:38:23.090 192.168.1.24 172.217.17.238 &gt; POST google.com / HTTP/1.1 - - </span></span><span style="display:flex;"><span>2022-06-22 16:38:23.163 172.217.17.238 192.168.1.24 &lt; - - - HTTP/1.1 405 Method Not Allowed </span></span></code></pre></div>https://linzeyan.github.io/zh-tw/posts/2021/20210718-what-happens-when-you-type-an-url-in-the-browser-and-press-enter/Sun, 18 Jul 2021 23:45:45 +0800https://linzeyan.github.io/zh-tw/posts/2021/20210718-what-happens-when-you-type-an-url-in-the-browser-and-press-enter/<ul> <li><a href="https://www.cythilya.tw/2018/11/26/what-happens-when-you-type-an-url-in-the-browser-and-press-enter/" target="_blank" rel="noopener">在瀏覽器輸入網址並送出後，到底發生了什麼事？</a></li> </ul>https://linzeyan.github.io/zh-tw/posts/2017/20171215-6844903519447678990/Fri, 15 Dec 2017 15:33:14 +0800https://linzeyan.github.io/zh-tw/posts/2017/20171215-6844903519447678990/<ul> <li><a href="https://juejin.cn/post/6844903519447678990" target="_blank" rel="noopener">具有代表性的 HTTP 状态码</a></li> </ul>