HTTP自定义请求头

HTTP自定义请求头

使用IP地址请求一个未解析的域名

真正的URL地址: https://app.liuhaoDemo.im/index/geetcaptcha
但是还没有解析所以不能直接请求,所以利用HTTP协议自定义URL和服务器解析的HOST的请求头.

我们请求的URL地址: https://IP地址/index/geetcaptcha

Host:app.liuhaoDemo.im
Referer:https://app.liuhaoDemo.im/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cache-Control: max-age=0
Connection: keep-alive
Cookie: BIDUPSID=6B696B1903190541059D7A57CB209D46; PSTM=1510799361; BAIDUID=0A7DD340EBAE471954CCDB4552BEECE3:FG=1;

用Charles抓到的我们开发中用到的GET请求头

GET /app/finance/list HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; Custom Phone Build/NMF26Q; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.100 Mobile Safari/537.36 liuhaoDemo_trade_Android_V1.3.1
Accept-Language: zh_CN
X-App-Channel: liuhaoDemo_trade_Android_liuhaoDemo_CHANNEL
Cookie: USER_PW=eff5f8d81f35c4b1058caa118fa4cc4e; PHPSESSID=fee2c8beea0948781891ded103b213c9; USER=1; appToken=a0389cd8e49caf73ad62886ce4e18e93;lang=zh_CN
Host: otc.cetest.com
Accept-Encoding: gzip
Connection: keep-alive

用Charles抓到的我们开发中用到的POST请求头

可以看到 POST参数和请求头通过一个\n换行来做区分.

post数据通过k=v&k=v的格式

POST /app/finance/transfer/ HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 7.1.1; Custom Phone Build/NMF26Q; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.100 Mobile Safari/537.36 liuhaoDemo_trade_Android_V1.3.1
Accept-Language: zh_CN
X-App-Channel: liuhaoDemo_trade_Android_liuhaoDemo_CHANNEL
Cookie: USER_PW=eff5f8d81f35c4b1058caa118fa4cc4e; PHPSESSID=fee2c8beea0948781891ded103b213c9; USER=1; appToken=046d1a3524c624c38c9fd1a2360b8f20;lang=zh_CN
Content-Type: application/x-www-form-urlencoded
Content-Length: 106
Host: otc.cetest.com
Accept-Encoding: gzip
Connection: keep-alive

coin=usdt&from=trade&to=otc&amount=1&sign=6d434886630ad311cebbab5ba9c63d9aab4c448154482bdc15ca404bcbd15f88

用Charles抓到的我们开发中用到的POST上传文件的请求头

POST /app/security/userauth HTTP/1.1
User-Agent: Mozilla/5.0 (Linux; Android 5.0; Custom Phone_1 Build/LRX21M) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36 liuhaoDemo_trade_Android_V1.3.2
Accept-Language: zh_CN
X-App-Channel: liuhaoDemo_trade_Android_liuhaoDemo_CHANNEL
Cookie: USER_PW=da011a60beea20cd255d71d74d02a5b9; PHPSESSID=31bf1693b2dcfe23bd44908826af87db; USER=1; appToken=e610dd98aa5dd394568448f1d4e27cd5; lang=zh_CN
Content-Type: multipart/form-data; boundary=5689cb4c-bca8-42fa-8081-cbeb510ae731
Content-Length: 18548
Host: www.cetest.com
Accept-Encoding: gzip
Connection: keep-alive

--5689cb4c-bca8-42fa-8081-cbeb510ae731
Content-Disposition: form-data; name="id_type"
Content-Length: 1

3
--5689cb4c-bca8-42fa-8081-cbeb510ae731
Content-Disposition: form-data; name="id_number"
Content-Length: 17

12389897192341234
--5689cb4c-bca8-42fa-8081-cbeb510ae731
Content-Disposition: form-data; name="name"
Content-Length: 6

liuhao
--5689cb4c-bca8-42fa-8081-cbeb510ae731
Content-Disposition: form-data; name="intl"
Content-Length: 2

86
--5689cb4c-bca8-42fa-8081-cbeb510ae731
Content-Disposition: form-data; name="sign"
Content-Length: 64

ce65235a7bff5be0d3c24f3483bae0276326c34f4648496b763592e2eb03c47d
--5689cb4c-bca8-42fa-8081-cbeb510ae731
Content-Disposition: form-data; name="photo[]"; filename="111"
Content-Type: image/*
Content-Length: 5811

����

转载于:https://my.oschina.net/chinaliuhan/blog/3064200