Sunday, June 17, 2007

Understanding Protocols

Sockspy (a Tcl application) helps me to understand web protocols such as HTTP, IMAP4, POP3, ...

For HTTP, setup sockspy as http proxy:

set up browser to use the localhost port 8080 as the proxy. The below screen dump captured all the http traffic when I visited Singapore Infomap.

For POP3, setup your local host file to point your POP3 domainname to be 127.0.0.1 (localhost) and have sockspy point point to the IP address.

Captured POP3 traffic is shown and you can see that the username and password are sent in plain text.

Captured IMAP4 traffic is shown below

By understanding the protocols, one should be able to simulate the relevant protocol traffic using a simple telnet client.
Eg. To simulate a HTTP GET

$ telnet www.sg 80
Trying 160.96.178.46...
Connected to www.sg.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.sg

HTTP/1.1 200 OK
Cache-Control: max-age=1800
Expires: Sun, 17 Jun 2007 15:30:09 GMT
Content-Location: http://www.sg/index.html
Date: Sun, 17 Jun 2007 15:00:09 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Fri, 09 Feb 2007 08:33:24 GMT
ETag: "52feb8f6244cc71:15d2"
Content-Length: 204

<html>
<head>
<title>Singapore Infomap</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META HTTP-EQUIV=Refresh CONTENT="0; URL=http://app.www.sg">
</head>
</html>

The reply from the telnet simulation is the same as what we captured using sockspy.

Labels: , , ,

0 Comments:

Post a Comment

<< Home