David.Turing's blog

 

CAS协议的抓包分析

近日有朋友想了解一下CAS的协议的HTTP流程,我之前抓过包,现在贴出来,希望对那位朋友有所帮助。
CAS Server:caserver:7002
Tomcat APP应用:appserver01:8080
访问
appserver01:8080 SessionExample

GET /servlets-examples/servlet/SessionExample HTTP/1.1

Accept: */*

Accept-Language: zh-cn,en;q=0.8,zh;q=0.5,zh-tw;q=0.3

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 2.0.50215)

Host: appserver01:8080

Connection: Keep-Alive

 

appserver01:8080 引导我到 casserver:7002 进行认证 , 注意 ,Service=SessionExmaple URL

HTTP/1.1 302 Moved Temporarily

Set-Cookie: JSESSIONID=22311DC79C684A911EEEBC3F0FBDB136; Path=/servlets-examples

Location: https://casserver:7002/cas/login?service=http%3A%2F%2Fappserver01%3A8080%2Fservlets-examples%2Fservlet%2FSessionExample

Content-Length: 0

Date: Fri, 28 Oct 2005 06:33:54 GMT

Server: Apache-Coyote/1.1

 

紧接着,我的 IE 访问 casserver:7002 ,走 SSL 协议

__Q_M_Ca?R??d‰.!#U?-é?11úhx_??{?e???ò?_h|íA?6

?|__“w?o___

db____c_

 

casserver:7002 出示证书给我看,并且给予我 ServiecTicket, 下面的是乱码, SSL 协议是这样,将就一下 J

__:_6_Ca??bê| !ì_?^? ?AB__ü5;_s+_?2òG_a????“?dJEám:_ìo____y__u_r_á0?_?0?_??_______0

_*?H?÷

____0~1_0___U____BEA1_0__U____CN1_0__U____GZ1_0__U____GD1_0___U_

__BEA.CO.LTD1_0___U____BEA1_0__*?H?÷

____CA@BEA.COM.CN0__

051017081352Z_

061017073844Z0[1_0___U____CASSERVER1_0___U____BEA1_0

__U_

__DIANLI1_0__U____GZ1_0__U____GD1_0__U____CN0??0

_*?H?÷

_____??0?‰_??‰?c????y-_?qCú6`μue??!′?·[/`sd?__?i?—n?+]??¨¨??_oa·__?C!í??)réé_?_c?€shì?>O??…^S_L!E’?_^uüó?z??SQ&· Zˉ?[???_Ya_Vo???@q ~?1_è?____

0_0__U____00

_*?H?÷

_____?__1\ aú]_é_bn??  3? ?L?R_/?ùí_1?%B?yêH?€ükáeò%??qd 40_c??_r?ìO?9z?q"M bxj?y_aO

??ü|??i_0N?.?Z?adóú???P?)?–ê3@m?U_???3Q_ iH_*D`?B?^?_?_?A??€3€#)y?_ì?)-? áQ%èHh?_úeá??1“á×?^C. _S8?p?Xèt%-?%a·òX _B;)?? ”μío€oY???QG_L–k3??Z^?s??i??ì!????_?!2?}“W???._?Yo?}Rw_?0?_?0?_o?_______0

_*?H?÷

____0~1_0___U____BEA1_0__U____CN1_0__U____GZ1_0__U____GD1_0___U_

__BEA.CO.LTD1_0___U____BEA1_0__*?H?÷

____CA@BEA.COM.CN0__

051017073844Z_

061017073844Z0~1_0___U____BEA1_0__U____CN1_0__U____GZ1_0__U____GD1_0___U_

__BEA.CO.LTD1_0___U____BEA1_0__*?H?÷

____CA@BEA.COM.CN0?_"0

_*?H?÷

_____?__0?_

_?__?]??·‘f??_€c’6q??)?1

???_)?__?μ?_?ˉ_???u??|Q)??x??M?_> |_·à_—z? ?J_à\!_La2?Eé&7…_

 

____)__?_€qG?9ê?_r!?E?<?9W?(JfSè?·?-M??í_E ??ùM?~éy_|?′?/_ˉj?Y.|??¤#oRˉ?atàó4_????è

?_,> \í(?íà?“@u_I_?ê1c?K?8?°*?7üU*áQ?l??h?à9¨í€j]?,n______8_xR_a?4V<`×?#?d?_ù_??‰?_/aD$qqù[OW???1÷f?é_??_·×06Y?ì%ó

 

______8k?°?`¤E?_Qc ?“à??c7r_/?

MS?|?E ??]??_!°#??¨_?ò<??_\èe?[

 

____ê53M_???íV?c1?ú?4?|a?_??ò?`?w??o“?à;J3?fF°"?XL||u?|~ˉa;_?&_è`_Ca‰90‰L$2#ú

_I_?è?q?rò` ?uEHg3e%j_JC????vo.N??úa?_á?f

aad?hò_oò ?-?Ník?H1?à??i_so\?1dvQC?4??–?‰a€?Xú6?1???pDè??í^nW????_‰_à_ó…|JEG?[asv?Wt(??μ

o _h?_2_í7e???2__I _H? óêμ_L??ü÷?’1°__???o—_H !7?é-à:?G??*?a |?à???7O¨gVc???2à/?–÷ ”?????óD_§o?*Nμ’à??ù)@/2a1?|{??-??";h??_?:¤?μ_}??MC?x_R?_)×6??_?ê_¨_

_ z??u?_ _è?¨?+,.:?_1?__]??E ¢£ ?_?9?.3uX Az??¤_??—Zù?×e?#?????__LY?_4??7"Wií?|_fOí·_?_e?_p0?_?‘?ì?L":,7?$)b__9?v?pí;±?R?l?4??Z_}V_o,_.5y@?1\_e?kk??|x??%?U-–‰?¤

 

__éYì?T?_’w?ù?yxóˉL’ì??5_???}ìì?????_Cce<]8?JoB??1?_.—?$_?P2??pê_0?$è?òú—?–8[?‰i???_??O7Cb???××R/??o_?S_?G$}??_)*U$ó!$5ê__(ê?¨?yò_2_RìzGGLó??1N:”"7?¨2__?7?_$?“ _a_

/xD‰

'Qò?“—?tv?BM ·_sùò__?ú_§_\??iòk? ___#oE?$ [sIêv?fU…r _?x.k_^_?plü’????^?9!_7Ja_}·# ?U&>?'§v_KX_–@4

üWí

§?f-,_?_±??_?9l?_r¨è?D_ppíK?=D&?/0u3\?]?h’?&X?_·?g_)?…;è_7d·?

téa?”??_q?úal??_1waE€é_?$p?_—[?p°__`ù·…_p??R??zW_*‘ ü_?P]7Z_?

J‘9?¤??ˉ?\qפ_?c __?Q_?_??\_?_%?5_??FL??8μH ?N_ò??a"_5/'?…__Cl:1?rqs_ú?-#??_–_?_?′ ?;C í6?_x_y_?RPhì??b??_{F_?¨êùi€W+9??__·?L ?&_ú?k__é?>ú]ˉ?g?=?????>è?~Q?×s}??_3,?5_?ˉ_?—?D?ù?_1rtF_?.—_>ú} ?K?_??k_???ó?A?!???__S&?e_/??_??B_V??è_5Q8%??3?ú-??_Vao?a×???_ ?-U?__u_;??4H=d1é§'?ˉ?|ò_|_??R dRè5?g9Y…±6?è??m?\_Nˉ|á3y3_’y`4?1êa-?ú?V?_f¨3_?d_?_?*_????bü^?o§r?_

 

 

认证完毕,我得到ServiceTicket,我便用 casserver:7002 提供的 ServiceTicket 访问 appserver01:8080 SessionExample应用

GET /servlets-examples/servlet/SessionExample?ticket=ST-1-9xVu1SfonRNKcjdyKbG9 HTTP/1.1

Accept: */*

Accept-Language: zh-cn,en;q=0.8,zh;q=0.5,zh-tw;q=0.3

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 2.0.50215)

Host: appserver01:8080

Connection: Keep-Alive

Cookie: JSESSIONID=22311DC79C684A911EEEBC3F0FBDB136

 

 

appserver01:8080 认为我的 Ticket 是正确的,因此正确返回网页给我。

HTTP/1.1 200 OK

Content-Type: text/html;charset=ISO-8859-1

Content-Length: 1188

Date: Fri, 28 Oct 2005 06:33:54 GMT

Server: Apache-Coyote/1.1

 

 

Sessions Example

Session ID: 22311DC79C684A911EEEBC3F0FBDB136

Created: Fri Oct 28 14:33:54 CST 2005

Last Accessed: Fri Oct 28 14:33:54 CST 2005

 

The following data is in your session:

edu.yale.its.tp.cas.client.filter.user = cas

 

Name of Session Attribute:

Value of Session Attribute:

 

GET based form:

Name of Session Attribute:

Value of Session Attribute:

 

URL encoded

 

 

IE会接着 获取网页上的图片,见 GET 后面那一串字符,什么 code.gif,return.gif..... ,获取的根据都是

靠那个 ticket=ST-1-9xVu1SfonRNKcjdyKbG9 ,如果这个 ST 不对,图片是获取不了的!

 

 

GET /servlets-examples/images/code.gif HTTP/1.1

Accept: */*

Referer: http://appserver01:8080/servlets-examples/servlet/SessionExample?ticket=ST-1-9xVu1SfonRNKcjdyKbG9

Accept-Language: zh-cn,en;q=0.8,zh;q=0.5,zh-tw;q=0.3

Accept-Encoding: gzip, deflate

If-Modified-Since: Sun, 29 Aug 2004 00:02:34 GMT

If-None-Match: W/"292-1093737754000"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 2.0.50215)

Host: appserver01:8080

Connection: Keep-Alive

Cookie: JSESSIONID=22311DC79C684A911EEEBC3F0FBDB136

 

HTTP/1.1 304 Not Modified

Date: Fri, 28 Oct 2005 06:33:54 GMT

Server: Apache-Coyote/1.1

 

 

GET /servlets-examples/images/return.gif HTTP/1.1

Accept: */*

Referer: http://appserver01:8080/servlets-examples/servlet/SessionExample?ticket=ST-1-9xVu1SfonRNKcjdyKbG9

Accept-Language: zh-cn,en;q=0.8,zh;q=0.5,zh-tw;q=0.3

Accept-Encoding: gzip, deflate

If-Modified-Since: Sun, 29 Aug 2004 00:02:26 GMT

If-None-Match: W/"1231-1093737746000"

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 2.0.50215)

Host: appserver01:8080

Connection: Keep-Alive

Cookie: JSESSIONID=22311DC79C684A911EEEBC3F0FBDB136

 

HTTP/1.1 304 Not Modified

Date: Fri, 28 Oct 2005 06:33:54 GMT

Server: Apache-Coyote/1.1

posted on 2006-05-26 11:27 david.turing 阅读(3963) 评论(0)  编辑  收藏 所属分类: Security领域


只有注册用户登录后才能发表评论。


网站导航:
 

导航

统计

常用链接

留言簿(107)

我参与的团队

随笔分类(126)

随笔档案(155)

文章分类(9)

文章档案(19)

相册

搜索

积分与排名

最新随笔

最新评论

阅读排行榜

评论排行榜