David.Turing's blog

CAS協議的抓包分析

近日有朋友想了解一下CAS的協議的HTTP流程，我之前抓過包，現在貼出來，希望對那位朋友有所幫助。
CAS Server:caserver:7002
Tomcat APP應用:appserver01:8080
訪問 appserver01:8080 的 SessionExample

GET /servlets-examples/servlet/SessionExample HTTP/1.1

Accept: */*

Accept-Language: zh-cn,en;q=0.8,zh;q=0.5,zh-tw;q=0.3

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 2.0.50215)

Host: appserver01:8080

Connection: Keep-Alive

?

appserver01:8080 引導我到 casserver:7002 進行認證 , 注意 ,Service=SessionExmaple 的 URL

HTTP/1.1 302 Moved Temporarily

Set-Cookie: JSESSIONID=22311DC79C684A911EEEBC3F0FBDB136; Path=/servlets-examples

Location: https://casserver:7002/cas/login?service=http%3A%2F%2Fappserver01%3A8080%2Fservlets-examples%2Fservlet%2FSessionExample

Content-Length: 0

Date: Fri, 28 Oct 2005 06:33:54 GMT

Server: Apache-Coyote/1.1

?

緊接著，我的 IE 訪問 casserver:7002 ，走 SSL 協議

__Q_M_Ca?R??d‰.!#U?-é?11úhx_??{?e???ò?_h|íA?6

?|__“w?o___

db____c_

?

casserver:7002 出示證書給我看，并且給予我 ServiecTicket, 下面的是亂碼， SSL 協議是這樣，將就一下 J

__:_6_Ca??bê| !ì_?^? ?AB__ü5;_s+_?2òG_a????“?dJEám:_ìo____y__u_r_á0?_?0?_??_______0

_*?H?÷

____0~1_0___U____BEA1_0__U____CN1_0__U____GZ1_0__U____GD1_0___U_

__BEA.CO.LTD1_0___U____BEA1_0__*?H?÷

____CA@BEA.COM.CN0__

051017081352Z_

061017073844Z0[1_0___U____CASSERVER1_0___U____BEA1_0

__U_

__DIANLI1_0__U____GZ1_0__U____GD1_0__U____CN0??0

_*?H?÷

_____??0?‰_??‰?c????y-_?qCú6`μue??!′?·[/`sd?__?i?—n?+]??¨¨??_oa·__?C!í??)réé_?_c?€shì?>O??…^S_L!E’?_^uüó?z??SQ&· ￥ Zˉ?[???_Ya_Vo???@q ￡ ~?1_è?____ ￡

0_0__U____00

_*?H?÷

_____?__1\ aú]_é_bn??? 3? ￠ ?L?R_/?ùí_1?%B?yêH?€ükáeò%??qd 40_c??_r?ìO?9z?q"M bxj?y_aO

??ü|??i_0N?.?Z?adóú???P?)?–ê3@m?U_???3Q_ ￥ iH_*D`?B?^?_?_?A??€3€#)y?_ì?)-? ￠ áQ%èHh?_úeá??1“á×?^C. _S8?p?Xèt%-?%a·òX ￠ _B;)?? ￡ ”μío€oY???QG_L–k3??Z^?s??i??ì!????_?!2?}“W???._?Yo?}Rw_?0?_?0?_o?_______0

_*?H?÷

____0~1_0___U____BEA1_0__U____CN1_0__U____GZ1_0__U____GD1_0___U_

__BEA.CO.LTD1_0___U____BEA1_0__*?H?÷

____CA@BEA.COM.CN0__

051017073844Z_

061017073844Z0~1_0___U____BEA1_0__U____CN1_0__U____GZ1_0__U____GD1_0___U_

__BEA.CO.LTD1_0___U____BEA1_0__*?H?÷

____CA@BEA.COM.CN0?_"0

_*?H?÷

_____?__0?_

_?__?]??·‘f??_€c’6q??)?1

???_)?__?μ?_?ˉ_???u??|Q)??x??M?_> ￥ |_·à_—z? ?J_à\!_La2?Eé&7…_

?

____)__?_€qG?9ê?_r!?E?<?9W?(JfSè?·?-M??í_E ￠ ??ùM?~éy_|?′?/_ˉj?Y.|??¤#oRˉ?atàó4_????è

?_,> \í(?íà?“@u_I_?ê1c?K?8?°*?7üU*áQ?l??h?à9¨í€j]?,n______8_xR_a?4V<`×?#?d?_ù_??‰?_/aD$qqù[OW???1÷f?é_??_·×06Y?ì%ó

?

______8k?°?`¤E?_Qc ￥ ?“à??c7r_/?

MS?|?E ￠ ??]??_!°#??¨_?ò<??_\èe?[

?

____ê53M_???íV?c1?ú?4?|a?_??ò?`?w??o“?à;J3?fF°"?XL||u?|~ˉa;_?&_è`_Ca‰90‰L$2#ú

_I_?è?q?rò` ?uEHg3e%j_JC????vo.N??úa?_á?f

aad?hò_oò ￡ ?-?Ník?H1?à??i_so\?1dvQC?4??–?‰a€?Xú6?1???pDè??í^nW????_‰_à_ó…|JEG?[asv?Wt(??μ

o ￠ _h?_2_í7e???2__I _H? ￥ óêμ_L??ü÷?’1°__???o—_H !7?é-à:?G??*?a ￥ |?à???7O¨gVc???2à/?–÷ ￥ ”?????óD_§o?*Nμ’à??ù)@/2a1?|{??-??";h??_?:¤?μ_}??MC?x_R?_)×6??_?ê_¨_

_ ￥ z??u?_ ￡ _è?¨?+,.:?_1?__]??E ￠￡ ?_?9?.3uX ￥ Az??¤_??—Zù?×e?#?????__LY?_4??7"Wií?|_fOí·_?_e?_p0?_?‘?ì?L":,7?$)b__9?v?pí;±?R?l?4??Z_}V_o,_.5y@?1\_e?kk??|x??%?U-–‰?¤

?

__éYì?T?_’w?ù?yxóˉL’ì??5_???}ìì?????_Cce<]8?JoB??1?_.—?$_?P2??pê_0?$è?òú—?–8[?‰i???_??O7Cb???××R/??o_?S_?G$}??_)*U$ó!$5ê__(ê?¨?yò_2_RìzGGLó??1N:”"7?¨2__?7?_$?“ ￥ _a_

/xD‰

'Qò?“—?tv?BM ￡ ·_sùò__?ú_§_\??iòk? ￠ ___#oE?$ ￡ [sIêv?fU…r ￠ _?x.k_^_?plü’????^?9!_7Ja_}·# ￥ ?U&>?'§v_KX_–@4

üWí

§?f-,_?_±??_?9l?_r¨è?D_ppíK?=D&?/0u3\?]?h’?&X?_·?g_)?…;è_7d·?

téa?”??_q?úal??_1waE€é_?$p?_—[?p°__`ù·…_p??R??zW_*‘ ü_?P]7Z_?

J‘9?¤??ˉ?\qפ_?c ￥ __?Q_?_??\_?_%?5_??FL??8μH ￠ ?N_ò??a"_5/'?…__Cl:1?rqs_ú?-#??_–_?_?′ ￥ ?;C ￥ í6?_x_y_?RPhì??b??_{F_?¨êùi€W+9??__·?L ￡ ?&_ú?k__é?>ú]ˉ?g?=?????>è?~Q?×s}??_3,?5_?ˉ_?—?D?ù?_1rtF_?.—_>ú} ￥ ?K?_??k_???ó?A?!???__S&?e_/??_??B_V??è_5Q8%??3?ú-??_Vao?a×???_ ￡ ?-U?__u_;??4H=d1é§'?ˉ?|ò_|_??R dRè5?g9Y…±6?è??m?\_Nˉ|á3y3_’y`4?1êa-?ú?V?_f¨3_?d_?_?*_????bü^?o§r?_

?

?

認證完畢，我得到ServiceTicket，我便用 casserver:7002 提供的 ServiceTicket 訪問 appserver01:8080 的 SessionExample應用

GET /servlets-examples/servlet/SessionExample?ticket=ST-1-9xVu1SfonRNKcjdyKbG9 HTTP/1.1

Accept: */*

Accept-Language: zh-cn,en;q=0.8,zh;q=0.5,zh-tw;q=0.3

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 2.0.50215)

Host: appserver01:8080

Connection: Keep-Alive

Cookie: JSESSIONID=22311DC79C684A911EEEBC3F0FBDB136

?

?

appserver01:8080 認為我的 Ticket 是正確的，因此正確返回網頁給我。

HTTP/1.1 200 OK

Content-Type: text/html;charset=ISO-8859-1

Content-Length: 1188

Date: Fri, 28 Oct 2005 06:33:54 GMT

Server: Apache-Coyote/1.1

?

?

?

?

IE會接著 獲取網頁上的圖片，見 GET 后面那一串字符，什么 code.gif,return.gif..... ，獲取的根據都是

靠那個 ticket=ST-1-9xVu1SfonRNKcjdyKbG9 ，如果這個 ST 不對，圖片是獲取不了的！

?

?

GET /servlets-examples/images/code.gif HTTP/1.1

Accept: */*

Referer: http://appserver01:8080/servlets-examples/servlet/SessionExample?ticket=ST-1-9xVu1SfonRNKcjdyKbG9

Accept-Language: zh-cn,en;q=0.8,zh;q=0.5,zh-tw;q=0.3

Accept-Encoding: gzip, deflate

If-Modified-Since: Sun, 29 Aug 2004 00:02:34 GMT

If-None-Match: W/"292-1093737754000"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 2.0.50215)

Host: appserver01:8080

Connection: Keep-Alive

Cookie: JSESSIONID=22311DC79C684A911EEEBC3F0FBDB136

?

HTTP/1.1 304 Not Modified

Date: Fri, 28 Oct 2005 06:33:54 GMT

Server: Apache-Coyote/1.1

?

?

GET /servlets-examples/images/return.gif HTTP/1.1

Accept: */*

Referer: http://appserver01:8080/servlets-examples/servlet/SessionExample?ticket=ST-1-9xVu1SfonRNKcjdyKbG9

Accept-Language: zh-cn,en;q=0.8,zh;q=0.5,zh-tw;q=0.3

Accept-Encoding: gzip, deflate

If-Modified-Since: Sun, 29 Aug 2004 00:02:26 GMT

If-None-Match: W/"1231-1093737746000"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 2.0.50215)

Host: appserver01:8080

Connection: Keep-Alive

Cookie: JSESSIONID=22311DC79C684A911EEEBC3F0FBDB136

?

HTTP/1.1 304 Not Modified

Date: Fri, 28 Oct 2005 06:33:54 GMT

Server: Apache-Coyote/1.1

posted on 2006-05-26 11:27 david.turing 閱讀(4317) 評論(0)  編輯  收藏 所屬分類: Security領域