{"id":310,"date":"2025-11-19T20:08:57","date_gmt":"2025-11-19T12:08:57","guid":{"rendered":"https:\/\/index.cmiteam.cn\/?p=310"},"modified":"2025-11-20T09:00:40","modified_gmt":"2025-11-20T01:00:40","slug":"ctf%e4%b8%ad%e7%9a%84%e7%bd%91%e7%bb%9c%e5%8d%8f%e8%ae%ae%e4%b8%8ehttp%e6%94%bb%e9%98%b2%e6%8a%80%e6%9c%af%e8%af%a6%e8%a7%a3","status":"publish","type":"post","link":"https:\/\/index.cmiteam.cn\/index.php\/2025\/11\/19\/ctf%e4%b8%ad%e7%9a%84%e7%bd%91%e7%bb%9c%e5%8d%8f%e8%ae%ae%e4%b8%8ehttp%e6%94%bb%e9%98%b2%e6%8a%80%e6%9c%af%e8%af%a6%e8%a7%a3\/","title":{"rendered":"CTF\u4e2d\u7684\u7f51\u7edc\u534f\u8bae\u4e0eHTTP\u653b\u9632\u6280\u672f\u8be6\u89e3"},"content":{"rendered":"
\n
\n
\n CTF\u4e2d\u7684\u7f51\u7edc\u534f\u8bae\u4e0eHTTP\u653b\u9632\u6280\u672f\u8be6\u89e3<\/title><br \/>\n <script src=\"https:\/\/cdn.tailwindcss.com\"><\/script>\n <link href=\"https:\/\/fonts.googleapis.com\/css2?family=Playfair+Display:ital,wght@0,400;0,600;0,700;1,400;1,600&family=Inter:wght@300;400;500;600;700&display=swap\" rel=\"stylesheet\"\/>\n <link rel=\"stylesheet\" href=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/font-awesome\/6.4.0\/css\/all.min.css\"\/>\n <script src=\"https:\/\/cdn.jsdelivr.net\/npm\/mermaid@10.6.1\/dist\/mermaid.min.js\"><\/script><\/p>\n<style>\n :root {\n --primary: #1a2e40;\n --secondary: #2d5a87;\n --accent: #4a90e2;\n --neutral: #f8fafc;\n --base-100: #ffffff;\n --muted: #64748b;\n --border: #e2e8f0;\n }<\/p>\n<p> .font-serif { font-family: 'Playfair Display', serif; }\n .font-sans { font-family: 'Inter', sans-serif; }<\/p>\n<p> body {\n overflow-x: hidden;\n }<\/p>\n<p> .hero-grid {\n display: grid;\n grid-template-columns: 1fr 1fr;\n grid-template-rows: auto auto;\n gap: 2rem;\n height: 60vh;\n min-height: 500px;\n }<\/p>\n<p> .hero-title {\n grid-column: 1 \/ -1;\n z-index: 10;\n }<\/p>\n<p> .hero-visual {\n position: relative;\n overflow: hidden;\n border-radius: 1rem;\n background: linear-gradient(135deg, var(--primary) 0%, var(--secondary) 100%);\n }<\/p>\n<p> .hero-visual::before {\n content: '';\n position: absolute;\n top: 0;\n left: 0;\n right: 0;\n bottom: 0;\n background: url('data:image\/svg+xml,<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 100 100\"><defs><pattern id=\"grid\" width=\"10\" height=\"10\" patternUnits=\"userSpaceOnUse\"><path d=\"M 10 0 L 0 0 0 10\" fill=\"none\" stroke=\"rgba(255,255,255,0.1)\" stroke-width=\"0.5\"\/><\/pattern><\/defs><rect width=\"100\" height=\"100\" fill=\"url(%23grid)\"\/><\/svg>');\n opacity: 0.3;\n }<\/p>\n<p> .toc-fixed {\n position: fixed;\n top: 0;\n left: 0;\n width: 280px;\n height: 100vh;\n background: var(--base-100);\n border-right: 1px solid var(--border);\n z-index: 50;\n overflow-y: auto;\n padding: 1.5rem;\n box-shadow: 2px 0 10px rgba(0,0,0,0.1);\n }<\/p>\n<p> .main-content {\n margin-left: 280px;\n padding: 2rem;\n max-width: calc(100vw - 320px);\n }<\/p>\n<p> .toc-link {\n display: block;\n padding: 0.5rem 0;\n color: var(--muted);\n text-decoration: none;\n border-left: 2px solid transparent;\n padding-left: 1rem;\n transition: all 0.2s ease;\n }<\/p>\n<p> .toc-link:hover, .toc-link.active {\n color: var(--primary);\n border-left-color: var(--accent);\n background: rgba(74, 144, 226, 0.05);\n }<\/p>\n<p> .toc-link.sub {\n font-size: 0.875rem;\n padding-left: 2rem;\n opacity: 0.8;\n }<\/p>\n<p> .section-number {\n display: inline-block;\n width: 2rem;\n height: 2rem;\n background: var(--accent);\n color: white;\n border-radius: 50%;\n text-align: center;\n line-height: 2rem;\n font-weight: 600;\n margin-right: 1rem;\n }<\/p>\n<p> .highlight-box {\n background: linear-gradient(135deg, rgba(74, 144, 226, 0.05) 0%, rgba(45, 90, 135, 0.05) 100%);\n border-left: 4px solid var(--accent);\n padding: 1.5rem;\n margin: 2rem 0;\n border-radius: 0 0.5rem 0.5rem 0;\n }<\/p>\n<p> .protocol-card {\n background: var(--base-100);\n border: 1px solid var(--border);\n border-radius: 0.75rem;\n padding: 1.5rem;\n margin: 1rem 0;\n box-shadow: 0 2px 8px rgba(0,0,0,0.05);\n transition: transform 0.2s ease, box-shadow 0.2s ease;\n }<\/p>\n<p> .protocol-card:hover {\n transform: translateY(-2px);\n box-shadow: 0 4px 16px rgba(0,0,0,0.1);\n }<\/p>\n<p> .http-header {\n background: #f1f5f9;\n border: 1px solid #e2e8f0;\n border-radius: 0.375rem;\n padding: 0.75rem;\n font-family: 'Courier New', monospace;\n font-size: 0.875rem;\n margin: 0.5rem 0;\n }<\/p>\n<p> .citation {\n display: inline-block;\n background: var(--accent);\n color: white;\n padding: 0.125rem 0.375rem;\n border-radius: 0.25rem;\n text-decoration: none;\n font-size: 0.75rem;\n font-weight: 500;\n margin: 0 0.125rem;\n transition: background 0.2s ease;\n }<\/p>\n<p> .citation:hover {\n background: var(--secondary);\n }<\/p>\n<p> @media (max-width: 1024px) {\n .toc-fixed {\n display: none;\n }\n .main-content {\n margin-left: 0;\n max-width: 100%;\n padding: 1rem;\n }\n .hero-grid {\n grid-template-columns: 1fr;\n height: auto;\n }<\/p>\n<p> .mermaid-control-btn:not(.reset-zoom) {\n display: none;\n }\n .mermaid-controls {\n top: auto;\n bottom: 15px;\n right: 15px;\n }\n }<\/p>\n<p> .mermaid-container {\n display: flex;\n justify-content: center;\n min-height: 300px;\n max-height: 800px;\n background: #ffffff;\n border: 2px solid #e5e7eb;\n border-radius: 12px;\n padding: 30px;\n margin: 30px 0;\n box-shadow: 0 8px 25px rgba(0, 0, 0, 0.08);\n position: relative;\n overflow: hidden;\n }<\/p>\n<p> .mermaid-container .mermaid {\n width: 100%;\n max-width: 100%;\n height: 100%;\n cursor: grab;\n transition: transform 0.3s ease;\n transform-origin: center center;\n display: flex;\n justify-content: center;\n align-items: center;\n touch-action: none;\n -webkit-user-select: none;\n -moz-user-select: none;\n -ms-user-select: none;\n user-select: none;\n }<\/p>\n<p> .mermaid-container .mermaid svg {\n max-width: 100%;\n height: 100%;\n display: block;\n margin: 0 auto;\n }<\/p>\n<p> .mermaid-container .mermaid:active {\n cursor: grabbing;\n }<\/p>\n<p> .mermaid-container.zoomed .mermaid {\n height: 100%;\n width: 100%;\n cursor: grab;\n }<\/p>\n<p> .mermaid-controls {\n position: absolute;\n top: 15px;\n right: 15px;\n display: flex;\n gap: 10px;\n z-index: 20;\n background: rgba(255, 255, 255, 0.95);\n padding: 8px;\n border-radius: 8px;\n box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1);\n }<\/p>\n<p> .mermaid-control-btn {\n background: #ffffff;\n border: 1px solid #d1d5db;\n border-radius: 6px;\n padding: 10px;\n cursor: pointer;\n transition: all 0.2s ease;\n color: #374151;\n font-size: 14px;\n min-width: 36px;\n height: 36px;\n text-align: center;\n display: flex;\n align-items: center;\n justify-content: center;\n }<\/p>\n<p> .mermaid-control-btn:hover {\n background: #f8fafc;\n border-color: #3b82f6;\n color: #3b82f6;\n transform: translateY(-1px);\n }<\/p>\n<p> .mermaid-control-btn:active {\n transform: scale(0.95);\n }<\/p>\n<p> \/* Improve mermaid text readability and contrast *\/\n .mermaid .node rect,\n .mermaid .node circle,\n .mermaid .node ellipse,\n .mermaid .node polygon {\n stroke: var(--primary) !important;\n stroke-width: 2px !important;\n }<\/p>\n<p> .mermaid .node .label {\n color: var(--primary) !important;\n font-weight: 600 !important;\n font-size: 14px !important;\n font-family: 'Inter', sans-serif !important;\n }<\/p>\n<p> .mermaid .edgeLabel {\n background-color: white !important;\n color: var(--primary) !important;\n font-weight: 600 !important;\n padding: 4px 8px !important;\n border-radius: 4px !important;\n border: 1px solid var(--border) !important;\n }<\/p>\n<p> .mermaid .edge-pattern-solid {\n stroke: var(--secondary) !important;\n stroke-width: 2px !important;\n }<\/p>\n<p> \/* Ensure good contrast for different node colors *\/\n .mermaid .node[style*=\"fill:#e3f2fd\"] .label,\n .mermaid .node[style*=\"fill:#fff3e0\"] .label,\n .mermaid .node[style*=\"fill:#f3e5f5\"] .label,\n .mermaid .node[style*=\"fill:#e8f5e8\"] .label,\n .mermaid .node[style*=\"fill:#fff8e1\"] .label,\n .mermaid .node[style*=\"fill:#fce4ec\"] .label {\n color: var(--primary) !important;\n font-weight: 700 !important;\n }\n <\/style>\n<p> <base target=\"_blank\"><br \/>\n<\/head><\/p>\n<p> <body class=\"bg-neutral font-sans text-gray-900 leading-relaxed max-w-[100vw]\"><br \/>\n <!-- Fixed Table of Contents --><\/p>\n<nav class=\"toc-fixed\">\n<h3 class=\"font-serif font-bold text-lg text-primary mb-4\">\u76ee\u5f55<\/h3>\n<div class=\"space-y-1\">\n <a href=\"#introduction\" class=\"toc-link\" target=\"_blank\" rel=\"nofollow\" >\u5f15\u8a00<\/a><br \/>\n <a href=\"#dns-resolution\" class=\"toc-link\" target=\"_blank\" rel=\"nofollow\" >1. DNS\u57df\u540d\u89e3\u6790<\/a><br \/>\n <a href=\"#dns-local-cache\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >1.1 \u672c\u5730\u7f13\u5b58\u67e5\u8be2<\/a><br \/>\n <a href=\"#dns-recursive\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >1.2 \u9012\u5f52\u67e5\u8be2\u4e0e\u8fed\u4ee3\u67e5\u8be2<\/a><br \/>\n <a href=\"#dns-return\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >1.3 \u7ed3\u679c\u8fd4\u56de\u4e0e\u7f13\u5b58<\/a><br \/>\n <a href=\"#http-headers\" class=\"toc-link\" target=\"_blank\" rel=\"nofollow\" >2. HTTP\u8bf7\u6c42\u5934\u5206\u6790<\/a><br \/>\n <a href=\"#referer-header\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >2.1 Referer\u5934<\/a><br \/>\n <a href=\"#user-agent-header\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >2.2 User-Agent\u5934<\/a><br \/>\n <a href=\"#host-header\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >2.3 Host\u5934<\/a><br \/>\n <a href=\"#content-type-header\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >2.4 Content-Type\u5934<\/a><br \/>\n <a href=\"#xff-header\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >2.5 X-Forwarded-For\u5934<\/a><br \/>\n <a href=\"#cookie-header\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >2.6 Cookie\u5934<\/a><br \/>\n <a href=\"#http-status\" class=\"toc-link\" target=\"_blank\" rel=\"nofollow\" >3. HTTP\u72b6\u6001\u7801<\/a><br \/>\n <a href=\"#status-3xx\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >3.1 3xx\u91cd\u5b9a\u5411\u72b6\u6001\u7801<\/a><br \/>\n <a href=\"#status-4xx\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >3.2 4xx\u5ba2\u6237\u7aef\u9519\u8bef\u72b6\u6001\u7801<\/a><br \/>\n <a href=\"#status-5xx\" class=\"toc-link sub\" target=\"_blank\" rel=\"nofollow\" >3.3 5xx\u670d\u52a1\u5668\u9519\u8bef\u72b6\u6001\u7801<\/a><br \/>\n <a href=\"#complete-flow\" class=\"toc-link\" target=\"_blank\" rel=\"nofollow\" >4. \u5b8c\u6574\u6d41\u7a0b\u6574\u5408<\/a>\n <\/div>\n<\/nav>\n<p> <!-- Main Content --><br \/>\n <main class=\"main-content\"><br \/>\n <!-- Hero Section --><\/p>\n<section class=\"mb-12\">\n<div class=\"hero-grid\">\n<div class=\"hero-title\">\n<h1 class=\"font-serif text-3xl sm:text-4xl md:text-5xl font-bold text-primary leading-tight mb-4\">\n <em class=\"italic\">CTF\u4e2d\u7684\u7f51\u7edc\u534f\u8bae<\/em><br \/>\n <br \/>\n <span class=\"text-secondary\">\u4e0eHTTP\u653b\u9632\u6280\u672f<\/span><br \/>\n <\/h1>\n<p class=\"text-lg text-muted max-w-2xl\">\n \u6df1\u5165\u89e3\u6790\u4eceURL\u8f93\u5165\u5230\u9875\u9762\u5c55\u793a\u7684\u5b8c\u6574\u7f51\u7edc\u901a\u4fe1\u6d41\u7a0b\uff0c\u638c\u63e1DNS\u89e3\u6790\u3001HTTP\u8bf7\u6c42\u5934\u5229\u7528\u53ca\u72b6\u6001\u7801\u5206\u6790\u7684\u653b\u9632\u7cbe\u9ad3\n <\/p>\n<\/p><\/div>\n<div class=\"hero-visual flex items-center justify-center\">\n <img decoding=\"async\" src=\"https:\/\/kimi-web-img.moonshot.cn\/img\/developer.qcloudimg.com\/d24e8718f4525a2452a6ece18ea4ea70f3c50b5e.png\" alt=\"\u84dd\u8272\u62bd\u8c61\u7f51\u7edc\u534f\u8bae\u7ed3\u6784\u793a\u610f\u56fe\" class=\"w-full h-full object-cover opacity-80\" size=\"large\" aspect=\"wide\" color=\"blue\" query=\"\u62bd\u8c61\u7f51\u7edc\u534f\u8bae\u7ed3\u6784\" referrerpolicy=\"no-referrer\" data-modified=\"1\" data-score=\"0.00\"\/>\n <\/div>\n<div class=\"hero-visual flex items-center justify-center\">\n <img decoding=\"async\" src=\"https:\/\/kimi-web-img.moonshot.cn\/img\/360.net\/a3a3f90b6831f19b9446a07438be30fa3196ea2c.png\" alt=\"\u7f51\u7edc\u5b89\u5168\u653b\u9632\u6280\u672f\u62bd\u8c61\u6982\u5ff5\u56fe\" class=\"w-full h-full object-cover opacity-60\" size=\"large\" aspect=\"wide\" query=\"\u7f51\u7edc\u5b89\u5168\u653b\u9632\u6280\u672f\u62bd\u8c61\" referrerpolicy=\"no-referrer\" data-modified=\"1\" data-score=\"0.00\"\/>\n <\/div>\n<\/p><\/div>\n<\/section>\n<p> <!-- Introduction --><\/p>\n<section id=\"introduction\" class=\"mb-16\">\n<div class=\"highlight-box\">\n<h2 class=\"font-serif text-2xl font-bold text-primary mb-4\">\n <i class=\"fas fa-shield-alt text-accent mr-3\"><\/i>\u6838\u5fc3\u6982\u8ff0<br \/>\n <\/h2>\n<p class=\"text-lg leading-relaxed\">\n \u5728CTF\uff08Capture The Flag\uff09\u7ade\u8d5b\u4e2d\uff0c\u638c\u63e1\u7f51\u7edc\u534f\u8bae\u548cHTTP\u653b\u9632\u6280\u672f\u662f\u89e3\u51b3Web\u5b89\u5168\u6311\u6218\u7684\u6838\u5fc3\u3002\u5f53\u60a8\u5728\u6d4f\u89c8\u5668\u4e2d\u8f93\u5165\u4e00\u4e2aURL\u65f6\uff0c\u80cc\u540e\u4f1a\u53d1\u751f\u4e00\u7cfb\u5217\u590d\u6742\u7684\u7f51\u7edc\u4ea4\u4e92\uff1a<br \/>\n <strong>\u9996\u5148\uff0c\u6d4f\u89c8\u5668\u901a\u8fc7DNS\u534f\u8bae\u5c06\u57df\u540d\u89e3\u6790\u4e3a\u670d\u52a1\u5668\u7684IP\u5730\u5740<\/strong>\uff1b<br \/>\n <strong>\u63a5\u7740\uff0c\u5ba2\u6237\u7aef\u4e0e\u670d\u52a1\u5668\u901a\u8fc7TCP\u4e09\u6b21\u63e1\u624b\u5efa\u7acb\u53ef\u9760\u7684\u8fde\u63a5<\/strong>\uff1b<br \/>\n <strong>\u7136\u540e\uff0c\u6d4f\u89c8\u5668\u6784\u5efa\u5e76\u53d1\u9001HTTP\u8bf7\u6c42\u62a5\u6587\uff0c\u5176\u4e2d\u5305\u542b\u5404\u79cd\u53ef\u88ab\u5229\u7528\u7684\u8bf7\u6c42\u5934<\/strong>\uff1b<br \/>\n <strong>\u670d\u52a1\u5668\u5904\u7406\u8bf7\u6c42\u540e\u8fd4\u56deHTTP\u54cd\u5e94\uff0c\u5176\u72b6\u6001\u7801\u548c\u54cd\u5e94\u5934\u4e2d\u53ef\u80fd\u9690\u85cf\u7740\u5173\u952e\u7ebf\u7d22\u6216\u6f0f\u6d1e<\/strong>\u3002<br \/>\n <a href=\"https:\/\/zhuanlan.zhihu.com\/p\/629094462\" class=\"citation\" target=\"_blank\" rel=\"nofollow\" >[446]<\/a>\n <\/p>\n<\/p><\/div>\n<\/section>\n<p> <!-- DNS Resolution --><\/p>\n<section id=\"dns-resolution\" class=\"mb-16\">\n<div class=\"flex items-center mb-8\">\n <span class=\"section-number\">1<\/span><\/p>\n<h2 class=\"font-serif text-3xl font-bold text-primary\">\u4e3b\u673aIP\u5730\u5740\u83b7\u53d6\uff1aDNS\u57df\u540d\u89e3\u6790\u8fc7\u7a0b<\/h2>\n<\/p><\/div>\n<p class=\"text-lg mb-6\">\n \u5728Web\u8bbf\u95ee\u7684\u521d\u59cb\u9636\u6bb5\uff0c\u6d4f\u89c8\u5668\u9700\u8981\u5c06\u7528\u6237\u8f93\u5165\u7684\u57df\u540d\uff08\u5982<br \/>\n <code class=\"bg-gray-100 px-2 py-1 rounded\">www.example.com<\/code>\uff09\u89e3\u6790\u4e3a\u673a\u5668\u53ef\u8bfb\u7684IP\u5730\u5740\uff08\u5982<br \/>\n <code class=\"bg-gray-100 px-2 py-1 rounded\">93.184.216.34<\/code>\uff09\u3002\u8fd9\u4e2a\u8fc7\u7a0b\u7531\u57df\u540d\u7cfb\u7edf\uff08DNS\uff09\u5b8c\u6210\u3002<br \/>\n <a href=\"https:\/\/ctf.support\/forensics\/network-forensics\/\" class=\"citation\" target=\"_blank\" rel=\"nofollow\" >[270]<\/a>\n <\/p>\n<div class=\"protocol-card\">\n<h3 class=\"font-serif text-xl font-semibold text-secondary mb-4\">DNS\u89e3\u6790\u6d41\u7a0b\u56fe<\/h3>\n<div class=\"mermaid-container\">\n<div class=\"mermaid-controls\">\n <button class=\"mermaid-control-btn zoom-in\" title=\"\u653e\u5927\"><br \/>\n <i class=\"fas fa-search-plus\"><\/i><br \/>\n <\/button><br \/>\n <button class=\"mermaid-control-btn zoom-out\" title=\"\u7f29\u5c0f\"><br \/>\n <i class=\"fas fa-search-minus\"><\/i><br \/>\n <\/button><br \/>\n <button class=\"mermaid-control-btn reset-zoom\" title=\"\u91cd\u7f6e\"><br \/>\n <i class=\"fas fa-expand-arrows-alt\"><\/i><br \/>\n <\/button><br \/>\n <button class=\"mermaid-control-btn fullscreen\" title=\"\u5168\u5c4f\u67e5\u770b\"><br \/>\n <i class=\"fas fa-expand\"><\/i><br \/>\n <\/button>\n <\/div>\n<div class=\"mermaid\">\n graph TD<br \/>\n A["\u6d4f\u89c8\u5668\u8f93\u5165URL"] --> B{"\u6d4f\u89c8\u5668DNS\u7f13\u5b58"}<br \/>\n B -->|"\u547d\u4e2d"| C["\u8fd4\u56deIP\u5730\u5740"]<br \/>\n B -->|"\u672a\u547d\u4e2d"| D["\u64cd\u4f5c\u7cfb\u7edfDNS\u7f13\u5b58"]<br \/>\n D -->|"\u547d\u4e2d"| C<br \/>\n D -->|"\u672a\u547d\u4e2d"| E["Hosts\u6587\u4ef6\u67e5\u8be2"]<br \/>\n E -->|"\u547d\u4e2d"| C<br \/>\n E -->|"\u672a\u547d\u4e2d"| F["\u672c\u5730DNS\u670d\u52a1\u5668\u67e5\u8be2"]<br \/>\n F --> G{"LDNS\u7f13\u5b58"}<br \/>\n G -->|"\u547d\u4e2d"| C<br \/>\n G -->|"\u672a\u547d\u4e2d"| H["\u6839\u57df\u540d\u670d\u52a1\u5668\u67e5\u8be2"]<br \/>\n H --> I["\u9876\u7ea7\u57df\u540d\u670d\u52a1\u5668\u67e5\u8be2"]<br \/>\n I --> J["\u6743\u5a01\u57df\u540d\u670d\u52a1\u5668\u67e5\u8be2"]<br \/>\n J --> K["\u8fd4\u56deIP\u5730\u5740"]<br \/>\n K --> L["LDNS\u7f13\u5b58\u66f4\u65b0"]<br \/>\n L --> M["\u64cd\u4f5c\u7cfb\u7edf\u7f13\u5b58\u66f4\u65b0"]<br \/>\n M --> N["\u6d4f\u89c8\u5668\u7f13\u5b58\u66f4\u65b0"]<br \/>\n N --> C\n <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div id=\"dns-local-cache\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">1.1 \u672c\u5730DNS\u7f13\u5b58\u67e5\u8be2<\/h3>\n<div class=\"grid md:grid-cols-2 gap-6 mb-6\">\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-browser text-accent mr-2\"><\/i>\u6d4f\u89c8\u5668\u7f13\u5b58\u68c0\u67e5<\/h4>\n<p>\u73b0\u4ee3\u6d4f\u89c8\u5668\u90fd\u5185\u7f6e\u4e86\u81ea\u5df1\u7684DNS\u7f13\u5b58\uff0c\u751f\u547d\u5468\u671f\u901a\u5e38\u8f83\u77ed\uff08\u7ea61\u5206\u949f\uff09\uff0c\u7531\u6d4f\u89c8\u5668\u72ec\u7acb\u7ba1\u7406\u3002\u5982\u679c\u7f13\u5b58\u547d\u4e2d\uff0c\u89e3\u6790\u8fc7\u7a0b\u7acb\u5373\u7ed3\u675f\u3002<\/p>\n<\/p><\/div>\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-desktop text-accent mr-2\"><\/i>\u64cd\u4f5c\u7cfb\u7edf\u7f13\u5b58\u68c0\u67e5<\/h4>\n<p>\u64cd\u4f5c\u7cfb\u7edf\u7ef4\u62a4\u7740DNS\u89e3\u6790\u5668\u7f13\u5b58\uff0c\u751f\u547d\u5468\u671f\u8f83\u957f\u3002\u53ef\u901a\u8fc7\u547d\u4ee4\u884c\u5de5\u5177\u7ba1\u7406\uff0c\u5982Windows\u7684<br \/>\n <code>ipconfig \/flushdns<\/code>\u3002\n <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"highlight-box\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-file-alt text-accent mr-2\"><\/i>Hosts\u6587\u4ef6\u67e5\u8be2<\/h4>\n<p>\u5982\u679c\u64cd\u4f5c\u7cfb\u7edf\u7f13\u5b58\u672a\u547d\u4e2d\uff0c\u7cfb\u7edf\u4f1a\u68c0\u67e5Hosts\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u662f\u672c\u5730\u9759\u6001\u6620\u5c04\uff0c\u5177\u6709\u6700\u9ad8\u4f18\u5148\u7ea7\uff0c\u4f1a\u8986\u76d6DNS\u670d\u52a1\u5668\u7ed3\u679c\u3002<\/p>\n<div class=\"http-header mt-3\">\n<div class=\"text-sm text-muted mb-2\">Windows\u8def\u5f84\uff1a<\/div>\n<p> <code>C:\\Windows\\System32\\drivers\\etc\\hosts<\/code><\/p>\n<div class=\"text-sm text-muted mt-2 mb-2\">Linux\/macOS\u8def\u5f84\uff1a<\/div>\n<p> <code>\/etc\/hosts<\/code>\n <\/div>\n<p class=\"mt-3\">\u5728CTF\u4e2d\uff0cHosts\u6587\u4ef6\u662f\u5e38\u89c1\u7684\u653b\u51fb\u6216\u914d\u7f6e\u70b9\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4fee\u6539\u8be5\u6587\u4ef6\u5b9e\u73b0DNS\u52ab\u6301\u3002<br \/>\n <a href=\"https:\/\/blog.xpnsec.com\/bsidessf-dnscap\/\" class=\"citation\" target=\"_blank\" rel=\"nofollow\" >[269]<\/a>\n <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div id=\"dns-recursive\" class=\"mt-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">1.2 \u9012\u5f52\u67e5\u8be2\u4e0e\u8fed\u4ee3\u67e5\u8be2<\/h3>\n<div class=\"protocol-card mb-6\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-server text-accent mr-2\"><\/i>\u672c\u5730DNS\u670d\u52a1\u5668\uff08LDNS\uff09\u7684\u89d2\u8272<\/h4>\n<p>LDNS\u901a\u5e38\u7531ISP\u63d0\u4f9b\u6216\u624b\u52a8\u914d\u7f6e\uff08\u5982Google\u76848.8.8.8\uff09\u3002\u5f53OS\u5411LDNS\u53d1\u8d77\u67e5\u8be2\u65f6\uff0cLDNS\u4f1a\u4ee3\u8868\u5ba2\u6237\u7aef\u5b8c\u6210\u6574\u4e2a\u89e3\u6790\u8fc7\u7a0b\u3002<\/p>\n<\/p><\/div>\n<div class=\"grid md:grid-cols-3 gap-4 mb-6\">\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold mb-2\">\u6839\u57df\u540d\u670d\u52a1\u5668<\/h4>\n<p class=\"text-sm\">\u5168\u740313\u7ec4\u6839\u670d\u52a1\u5668\uff0c\u7ba1\u7406\u6240\u6709\u9876\u7ea7\u57df\u670d\u52a1\u5668\u4fe1\u606f\uff0c\u8fd4\u56deTLD\u670d\u52a1\u5668\u5730\u5740\u3002<\/p>\n<\/p><\/div>\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold mb-2\">\u9876\u7ea7\u57df\u540d\u670d\u52a1\u5668<\/h4>\n<p class=\"text-sm\">\u7ba1\u7406\u4e8c\u7ea7\u57df\u540d\u7684\u6743\u5a01\u670d\u52a1\u5668\u4fe1\u606f\uff0c\u5982.com\u670d\u52a1\u5668\u77e5\u9053example.com\u7684NS\u8bb0\u5f55\u3002<\/p>\n<\/p><\/div>\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold mb-2\">\u6743\u5a01\u57df\u540d\u670d\u52a1\u5668<\/h4>\n<p class=\"text-sm\">\u5b58\u50a8\u7279\u5b9a\u57df\u540d\u7684\u6240\u6709DNS\u8bb0\u5f55\uff0c\u6700\u7ec8\u8fd4\u56deIP\u5730\u5740\u7ed9LDNS\u3002<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div id=\"dns-return\" class=\"mt-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">1.3 DNS\u89e3\u6790\u7ed3\u679c\u7684\u8fd4\u56de\u4e0e\u7f13\u5b58<\/h3>\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-clock text-accent mr-2\"><\/i>TTL\u4e0e\u7f13\u5b58\u66f4\u65b0<\/h4>\n<p class=\"mb-4\">DNS\u8bb0\u5f55\u4e2d\u7684TTL\uff08Time To Live\uff09\u5b9a\u4e49\u4e86\u8bb0\u5f55\u5728\u7f13\u5b58\u4e2d\u7684\u6709\u6548\u65f6\u95f4\u3002LDNS\u548cOS\u6839\u636eTTL\u51b3\u5b9a\u7f13\u5b58\u8bb0\u5f55\u7684\u4fdd\u7559\u65f6\u95f4\u3002<\/p>\n<div class=\"grid md:grid-cols-2 gap-4\">\n<div>\n<h5 class=\"font-semibold mb-2\">\u77edTTL\u4f18\u70b9<\/h5>\n<ul class=\"text-sm space-y-1\">\n<li>\u2022 DNS\u8bb0\u5f55\u66f4\u65b0\u66f4\u5feb\u4f20\u64ad<\/li>\n<li>\u2022 \u9002\u5408\u52a8\u6001\u73af\u5883<\/li>\n<\/ul><\/div>\n<div>\n<h5 class=\"font-semibold mb-2\">\u957fTTL\u4f18\u70b9<\/h5>\n<ul class=\"text-sm space-y-1\">\n<li>\u2022 \u51cf\u8f7b\u670d\u52a1\u5668\u8d1f\u8f7d<\/li>\n<li>\u2022 \u63d0\u9ad8\u89e3\u6790\u901f\u5ea6<\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/section>\n<p> <!-- HTTP Headers --><\/p>\n<section id=\"http-headers\" class=\"mb-16\">\n<div class=\"flex items-center mb-8\">\n <span class=\"section-number\">2<\/span><\/p>\n<h2 class=\"font-serif text-3xl font-bold text-primary\">HTTP\u8bf7\u6c42\u5934\uff08Headers\uff09\u5728CTF\u4e2d\u7684\u5229\u7528\u4e0e\u5206\u6790<\/h2>\n<\/p><\/div>\n<p class=\"text-lg mb-8\">\n HTTP\u8bf7\u6c42\u5934\u662fHTTP\u8bf7\u6c42\u62a5\u6587\u7684\u91cd\u8981\u7ec4\u6210\u90e8\u5206\uff0c\u643a\u5e26\u4e86\u5173\u4e8e\u5ba2\u6237\u7aef\u3001\u8bf7\u6c42\u548c\u54cd\u5e94\u7684\u5143\u6570\u636e\u3002\u5728CTF\u4e2d\uff0cHTTP\u8bf7\u6c42\u5934\u5f80\u5f80\u662fWeb\u6f0f\u6d1e\u5229\u7528\u7684\u5173\u952e\u5207\u5165\u70b9\u3002<br \/>\n <a href=\"https:\/\/www.cnblogs.com\/qiushuo\/p\/17454521.html\" class=\"citation\" target=\"_blank\" rel=\"nofollow\" >[202]<\/a>\n <\/p>\n<div class=\"overflow-x-auto mb-8\">\n<table class=\"w-full bg-white border border-border rounded-lg overflow-hidden\">\n<thead class=\"bg-gray-50\">\n<tr>\n<th class=\"px-6 py-4 text-left font-semibold text-secondary\">\u8bf7\u6c42\u5934 (Header)<\/th>\n<th class=\"px-6 py-4 text-left font-semibold text-secondary\">\u4e3b\u8981\u4f5c\u7528<\/th>\n<th class=\"px-6 py-4 text-left font-semibold text-secondary\">CTF\u4e2d\u7684\u5e38\u89c1\u5229\u7528\u65b9\u5f0f<\/th>\n<\/tr>\n<\/thead>\n<tbody class=\"divide-y divide-border\">\n<tr>\n<td class=\"px-6 py-4 font-mono font-semibold\">Referer<\/td>\n<td class=\"px-6 py-4 text-sm\">\u6307\u793a\u8bf7\u6c42\u7684\u6765\u6e90\u9875\u9762URL<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>\u4f2a\u9020\u6765\u6e90<\/strong>\uff0c\u7ed5\u8fc7\u57fa\u4e8e\u6765\u6e90\u7684CSRF\u9632\u62a4\u6216\u8bbf\u95ee\u63a7\u5236<\/td>\n<\/tr>\n<tr class=\"bg-gray-50\">\n<td class=\"px-6 py-4 font-mono font-semibold\">User-Agent<\/td>\n<td class=\"px-6 py-4 text-sm\">\u6807\u8bc6\u5ba2\u6237\u7aef\u8f6f\u4ef6\uff08\u6d4f\u89c8\u5668\u3001\u64cd\u4f5c\u7cfb\u7edf\u7b49\uff09<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>\u4f2a\u88c5\u5ba2\u6237\u7aef<\/strong>\uff0c\u7ed5\u8fc7\u5bf9\u7279\u5b9a\u6d4f\u89c8\u5668\u3001\u8bbe\u5907\u6216\u722c\u866b\u7684\u9650\u5236<\/td>\n<\/tr>\n<tr>\n<td class=\"px-6 py-4 font-mono font-semibold\">Host<\/td>\n<td class=\"px-6 py-4 text-sm\">\u6307\u5b9a\u8bf7\u6c42\u7684\u76ee\u6807\u4e3b\u673a\u540d\u548c\u7aef\u53e3\u53f7<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>Host\u5934\u6ce8\u5165<\/strong>\uff0c\u7ed5\u8fc7\u8bbf\u95ee\u63a7\u5236\u3001\u7f13\u5b58\u6295\u6bd2\u3001\u5bc6\u7801\u91cd\u7f6e\u4e2d\u6bd2<\/td>\n<\/tr>\n<tr class=\"bg-gray-50\">\n<td class=\"px-6 py-4 font-mono font-semibold\">Content-Type<\/td>\n<td class=\"px-6 py-4 text-sm\">\u6307\u793a\u8bf7\u6c42\u4f53\u7684\u5a92\u4f53\u7c7b\u578b\uff08MIME\uff09<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>MIME\u7c7b\u578b\u6df7\u6dc6<\/strong>\uff0c\u7ed5\u8fc7\u6587\u4ef6\u4e0a\u4f20\u9650\u5236<\/td>\n<\/tr>\n<tr>\n<td class=\"px-6 py-4 font-mono font-semibold\">X-Forwarded-For<\/td>\n<td class=\"px-6 py-4 text-sm\">\u6807\u8bc6\u5ba2\u6237\u7aef\u7684\u539f\u59cbIP\u5730\u5740\uff08\u901a\u8fc7\u4ee3\u7406\u65f6\uff09<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>\u4f2a\u9020IP\u5730\u5740<\/strong>\uff0c\u7ed5\u8fc7\u57fa\u4e8eIP\u7684\u8bbf\u95ee\u63a7\u5236\uff08\u767d\u540d\u5355\/\u9ed1\u540d\u5355\uff09<\/td>\n<\/tr>\n<tr class=\"bg-gray-50\">\n<td class=\"px-6 py-4 font-mono font-semibold\">Cookie<\/td>\n<td class=\"px-6 py-4 text-sm\">\u5b58\u50a8\u4f1a\u8bdd\u4fe1\u606f\u3001\u7528\u6237\u504f\u597d\u7b49<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>\u4f1a\u8bdd\u52ab\u6301\u3001\u6743\u9650\u63d0\u5347<\/strong>\uff0c\u901a\u8fc7\u7be1\u6539Cookie\u4e2d\u7684\u4f1a\u8bddID\u6216\u7528\u6237\u89d2\u8272<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<div id=\"referer-header\" class=\"mb-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">2.1 Referer\u5934\uff1a\u4f2a\u9020\u6765\u6e90\u4e0e\u7ed5\u8fc7\u9650\u5236<\/h3>\n<div class=\"protocol-card mb-6\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-link text-accent mr-2\"><\/i>\u4f5c\u7528\u4e0e\u683c\u5f0f<\/h4>\n<p class=\"mb-3\">Referer\u5934\u5305\u542b\u5f53\u524d\u8bf7\u6c42\u9875\u9762\u7684\u6765\u6e90\u9875\u9762\u5730\u5740\uff0c\u4e3b\u8981\u7528\u4e8e\u7edf\u8ba1\u5206\u6790\u3001\u9632\u76d7\u94fe\u548cCSRF\u9632\u62a4\u3002\u5176\u683c\u5f0f\u662f\u4e00\u4e2a\u5b8c\u6574\u7684URL\u3002<\/p>\n<div class=\"http-header\">\n <strong>\u793a\u4f8b\uff1a<\/strong> Referer: https:\/\/www.google.com\/search?q=ctf\n <\/div>\n<\/p><\/div>\n<div class=\"highlight-box\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-hack text-accent mr-2\"><\/i>CTF\u5229\u7528\u573a\u666f\uff1a\u7ed5\u8fc7CSRF\u9632\u62a4<\/h4>\n<p class=\"mb-4\">\u4e00\u4e9bWeb\u5e94\u7528\u4f1a\u68c0\u67e5\u8bf7\u6c42\u7684Referer\u5934\uff0c\u53ea\u6709\u5f53\u8bf7\u6c42\u6765\u6e90\u4e8e\u672c\u7ad9\u9875\u9762\u65f6\u624d\u8ba4\u4e3a\u5408\u6cd5\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6293\u5305\u5de5\u5177\u4fee\u6539Referer\u503c\uff0c\u4f2a\u9020\u4e3a\u670d\u52a1\u5668\u671f\u671b\u7684\u6765\u6e90\u9875\u9762\u3002<\/p>\n<h5 class=\"font-semibold mb-2\">\u5b9e\u4f8b\u5206\u6790<\/h5>\n<p class=\"mb-3\">\u4e00\u4e2a\u540d\u4e3aSecret.php\u7684\u9875\u9762\u8981\u6c42\u8bf7\u6c42\u5fc5\u987b\u6765\u81ea<br \/>\n <code>https:\/\/www.Sycsecret.com<\/code>\uff0c\u76f4\u63a5\u8bbf\u95ee\u4f1a\u8fd4\u56de\u9519\u8bef\u3002<br \/>\n <a href=\"https:\/\/blog.csdn.net\/qq_45521281\/article\/details\/105775452\" class=\"citation\" target=\"_blank\" rel=\"nofollow\" >[611]<\/a>\n <\/p>\n<div class=\"http-header\">\n <strong>\u539f\u59cb\u8bf7\u6c42\uff1a<\/strong><br \/>\n <br \/>\n GET \/Secret.php HTTP\/1.1<br \/>\n <br \/>\n Host: target.com<\/p>\n<p> <strong>\u4fee\u6539\u540e\u8bf7\u6c42\uff1a<\/strong><br \/>\n <br \/>\n GET \/Secret.php HTTP\/1.1<br \/>\n <br \/>\n Host: target.com<br \/>\n <br \/>\n Referer: https:\/\/www.Sycsecret.com\n <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div id=\"user-agent-header\" class=\"mb-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">2.2 User-Agent\u5934\uff1a\u4f2a\u88c5\u5ba2\u6237\u7aef\u4e0e\u7ed5\u8fc7\u68c0\u6d4b<\/h3>\n<div class=\"protocol-card mb-6\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-user-agent text-accent mr-2\"><\/i>\u4f5c\u7528\u4e0e\u683c\u5f0f<\/h4>\n<p class=\"mb-3\">User-Agent\u5934\u8ba9\u670d\u52a1\u5668\u8bc6\u522b\u53d1\u8d77\u8bf7\u6c42\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u7c7b\u578b\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u6d4f\u89c8\u5668\u7248\u672c\u7b49\u4fe1\u606f\u3002\u5178\u578b\u7684Chrome\u6d4f\u89c8\u5668User-Agent\u5b57\u7b26\u4e32\uff1a<\/p>\n<div class=\"http-header\">\n User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/91.0.4472.124 Safari\/537.36\n <\/div>\n<\/p><\/div>\n<div class=\"grid md:grid-cols-2 gap-6\">\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold mb-3\">\u4f2a\u88c5\u7279\u5b9a\u6d4f\u89c8\u5668<\/h4>\n<p class=\"text-sm mb-3\">\u9898\u76ee\u63d0\u793a"\u5fc5\u987b\u4f7f\u7528Syclover\u6d4f\u89c8\u5668\u624d\u80fd\u67e5\u770b\u6b64\u9875\u9762"\uff0c\u53ea\u9700\u4fee\u6539User-Agent\u4e3a\u7279\u5b9a\u5b57\u7b26\u4e32\u3002<\/p>\n<div class=\"http-header text-xs\">\n User-Agent: Syclover\/1.0 (Compatible; CTF-Browser)\n <\/div>\n<\/p><\/div>\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold mb-3\">\u4f2a\u88c5\u641c\u7d22\u5f15\u64ce\u722c\u866b<\/h4>\n<p class=\"text-sm mb-3\">\u670d\u52a1\u5668\u53ea\u5141\u8bb8\u722c\u866b\u8bbf\u95ee\u654f\u611f\u9875\u9762\uff0c\u53ef\u8bbe\u7f6e\u4e3aGooglebot\u5b57\u7b26\u4e32\u3002<\/p>\n<div class=\"http-header text-xs\">\n User-Agent: Mozilla\/5.0 (compatible; Googlebot\/2.1; +http:\/\/www.google.com\/bot.html)\n <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div id=\"host-header\" class=\"mb-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">2.3 Host\u5934\uff1aHost\u5934\u6ce8\u5165\u653b\u51fb<\/h3>\n<div class=\"protocol-card mb-6\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-server text-accent mr-2\"><\/i>\u4f5c\u7528\u4e0e\u683c\u5f0f<\/h4>\n<p class=\"mb-3\">Host\u5934\u6307\u660e\u8bf7\u6c42\u5c06\u8981\u53d1\u9001\u5230\u7684\u670d\u52a1\u5668\u4e3b\u673a\u540d\u548c\u7aef\u53e3\u53f7\uff0c\u662fHTTP\/1.1\u534f\u8bae\u4e2d\u5fc5\u9700\u7684\u8bf7\u6c42\u5934\u3002\u683c\u5f0f\uff1a<br \/>\n <code>Host: <domain>:<port><\/code>\n <\/p>\n<div class=\"http-header\">\n Host: www.example.com:8080\n <\/div>\n<p class=\"mt-3\">\u5728\u865a\u62df\u4e3b\u673a\u73af\u5883\u4e2d\uff0c\u670d\u52a1\u5668\u901a\u8fc7Host\u5b57\u6bb5\u5224\u65ad\u8bf7\u6c42\u7684\u662f\u54ea\u4e2a\u7f51\u7ad9\u3002<\/p>\n<\/p><\/div>\n<div class=\"highlight-box\">\n<h4 class=\"font-semibold text-lg mb-3\">\u5229\u7528\u573a\u666f\uff1aHost\u5934\u6ce8\u5165\u6f0f\u6d1e<\/h4>\n<div class=\"grid md:grid-cols-3 gap-4\">\n<div>\n<h5 class=\"font-semibold mb-2\">\u7ed5\u8fc7\u8bbf\u95ee\u63a7\u5236<\/h5>\n<p class=\"text-sm\">\u4f2a\u9020Host\u5934\u8bbf\u95ee\u5185\u7f51\u8d44\u6e90<\/p>\n<\/p><\/div>\n<div>\n<h5 class=\"font-semibold mb-2\">\u7f13\u5b58\u6295\u6bd2<\/h5>\n<p class=\"text-sm\">\u6076\u610f\u54cd\u5e94\u88ab\u7f13\u5b58\u5e76\u8fd4\u56de\u7ed9\u6240\u6709\u7528\u6237<\/p>\n<\/p><\/div>\n<div>\n<h5 class=\"font-semibold mb-2\">\u5bc6\u7801\u91cd\u7f6e\u4e2d\u6bd2<\/h5>\n<p class=\"text-sm\">\u7a83\u53d6\u7528\u6237\u7684\u5bc6\u7801\u91cd\u7f6e\u4ee4\u724c<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div id=\"content-type-header\" class=\"mb-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">2.4 Content-Type\u5934\uff1aMIME\u7c7b\u578b\u6df7\u6dc6\u4e0e\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e<\/h3>\n<div class=\"protocol-card mb-6\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-file-type text-accent mr-2\"><\/i>\u4f5c\u7528\u4e0e\u683c\u5f0f<\/h4>\n<p class=\"mb-3\">Content-Type\u5934\u6307\u793a\u8bf7\u6c42\u4f53\u7684\u5a92\u4f53\u7c7b\u578b\uff0c\u683c\u5f0f\u4e3a<br \/>\n <code>type\/subtype<\/code>\u3002\n <\/p>\n<div class=\"grid md:grid-cols-2 gap-4\">\n<div>\n<h5 class=\"font-semibold mb-2\">\u5e38\u89c1\u7c7b\u578b<\/h5>\n<ul class=\"text-sm space-y-1\">\n<li>\u2022 application\/x-www-form-urlencoded<\/li>\n<li>\u2022 multipart\/form-data<\/li>\n<li>\u2022 application\/json<\/li>\n<li>\u2022 text\/plain<\/li>\n<\/ul><\/div>\n<div>\n<h5 class=\"font-semibold mb-2\">\u6587\u4ef6\u4e0a\u4f20\u76f8\u5173<\/h5>\n<ul class=\"text-sm space-y-1\">\n<li>\u2022 image\/jpeg<\/li>\n<li>\u2022 image\/png<\/li>\n<li>\u2022 application\/pdf<\/li>\n<li>\u2022 text\/csv<\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"highlight-box\">\n<h4 class=\"font-semibold text-lg mb-3\">\u5229\u7528\u573a\u666f\uff1a\u7ed5\u8fc7\u6587\u4ef6\u4e0a\u4f20\u9650\u5236<\/h4>\n<p class=\"mb-4\">\u670d\u52a1\u5668\u901a\u8fc7\u68c0\u67e5\u6587\u4ef6\u6269\u5c55\u540d\u548cContent-Type\u5934\u9650\u5236\u4e0a\u4f20\u6587\u4ef6\u7c7b\u578b\u3002\u5982\u679c\u9a8c\u8bc1\u7b80\u5355\uff0c\u653b\u51fb\u8005\u53ef\u4fee\u6539Content-Type\u5934\u7ed5\u8fc7\u9650\u5236\u3002<\/p>\n<h5 class=\"font-semibold mb-2\">\u5b9e\u4f8b\uff1a\u4e0a\u4f20PHP webshell<\/h5>\n<div class=\"http-header\">\n <strong>\u539f\u59cb\uff1a<\/strong> Content-Type: application\/x-httpd-php<br \/>\n <br \/>\n <strong>\u4fee\u6539\u540e\uff1a<\/strong> Content-Type: image\/jpeg\n <\/div>\n<p class=\"mt-3\">\u5982\u679c\u670d\u52a1\u5668\u53ea\u9a8c\u8bc1Content-Type\u800c\u5ffd\u7565\u6587\u4ef6\u5185\u5bb9\uff0c\u6076\u610fPHP\u6587\u4ef6\u53ef\u80fd\u88ab\u6210\u529f\u4e0a\u4f20\u3002<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div id=\"xff-header\" class=\"mb-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">2.5 X-Forwarded-For\u5934\uff1a\u4f2a\u9020IP\u5730\u5740\u4e0e\u7ed5\u8fc7\u9650\u5236<\/h3>\n<div class=\"protocol-card mb-6\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-proxy text-accent mr-2\"><\/i>\u4f5c\u7528\u4e0e\u683c\u5f0f<\/h4>\n<p class=\"mb-3\">X-Forwarded-For\uff08XFF\uff09\u662f\u4e8b\u5b9e\u4e0a\u7684\u6807\u51c6HTTP\u5934\uff0c\u7528\u4e8e\u8bc6\u522b\u901a\u8fc7HTTP\u4ee3\u7406\u6216\u8d1f\u8f7d\u5747\u8861\u5668\u8fde\u63a5\u5230Web\u670d\u52a1\u5668\u7684\u5ba2\u6237\u7aef\u539f\u59cbIP\u5730\u5740\u3002<\/p>\n<div class=\"http-header\">\n X-Forwarded-For: client, proxy1, proxy2\n <\/div>\n<p class=\"mt-3\">\u5f53\u8bf7\u6c42\u7ecf\u8fc7\u591a\u4e2a\u4ee3\u7406\u65f6\uff0c\u6bcf\u4e2a\u4ee3\u7406\u90fd\u4f1a\u5c06\u5176\u770b\u5230\u7684\u5ba2\u6237\u7aefIP\u5730\u5740\u8ffd\u52a0\u5230XFF\u5934\u7684\u672b\u5c3e\uff0c\u5f62\u6210\u9017\u53f7\u5206\u9694\u7684IP\u5730\u5740\u5217\u8868\u3002<\/p>\n<\/p><\/div>\n<div class=\"highlight-box\">\n<h4 class=\"font-semibold text-lg mb-3\">\u5229\u7528\u573a\u666f\uff1a\u7ed5\u8fc7IP\u767d\u540d\u5355\/\u9ed1\u540d\u5355<\/h4>\n<p class=\"mb-4\">\u8bb8\u591aWeb\u5e94\u7528\u4f7f\u7528IP\u5730\u5740\u4f5c\u4e3a\u8bbf\u95ee\u63a7\u5236\u624b\u6bb5\u3002\u5982\u679c\u670d\u52a1\u5668\u76f4\u63a5\u4fe1\u4efbXFF\u5934\u4e2d\u7684IP\u5730\u5740\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f2a\u9020XFF\u5934\u7ed5\u8fc7\u9650\u5236\u3002<\/p>\n<h5 class=\"font-semibold mb-2\">\u5b9e\u4f8b\uff1a\u7ed5\u8fc7\u672c\u5730\u8bbf\u95ee\u9650\u5236<\/h5>\n<div class=\"http-header\">\n <strong>\u6dfb\u52a0\u5934\uff1a<\/strong><br \/>\n <br \/>\n X-Forwarded-For: 127.0.0.1<\/p>\n<p> <strong>\u5b8c\u6574\u8bf7\u6c42\u5934\u53ef\u80fd\u5305\u542b\uff1a<\/strong><br \/>\n <br \/>\n X-Forwarded-For: 127.0.0.1, <\u771f\u5b9eIP>\n <\/div>\n<p class=\"mt-3\">\u670d\u52a1\u5668\u68c0\u67e5XFF\u5934\u65f6\u53d1\u73b0127.0.0.1\uff0c\u8bef\u8ba4\u4e3a\u8bf7\u6c42\u6765\u81ea\u672c\u5730\uff0c\u6388\u4e88\u8bbf\u95ee\u6743\u9650\u3002<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div id=\"cookie-header\" class=\"mb-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">2.6 Cookie\u5934\uff1a\u4f1a\u8bdd\u7ba1\u7406\u4e0e\u6743\u9650\u63d0\u5347<\/h3>\n<div class=\"protocol-card mb-6\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-cookie text-accent mr-2\"><\/i>\u4f5c\u7528\u4e0e\u683c\u5f0f<\/h4>\n<p class=\"mb-3\">Cookie\u662f\u670d\u52a1\u5668\u53d1\u9001\u5230\u7528\u6237\u6d4f\u89c8\u5668\u5e76\u4fdd\u5b58\u5728\u672c\u5730\u7684\u4e00\u5c0f\u5757\u6570\u636e\uff0c\u5728\u540e\u7eed\u5bf9\u540c\u4e00\u670d\u52a1\u5668\u7684\u8bf7\u6c42\u4e2d\u81ea\u52a8\u643a\u5e26\u3002\u4e3b\u8981\u7528\u4e8e\u4f1a\u8bdd\u7ba1\u7406\u3001\u4e2a\u6027\u5316\u8bbe\u7f6e\u548c\u8ddf\u8e2a\u7528\u6237\u884c\u4e3a\u3002<\/p>\n<div class=\"http-header\">\n Cookie: sessionId=abc123; user=admin; theme=dark\n <\/div>\n<p class=\"mt-3\">Cookie\u901a\u5e38\u5305\u542b\u540d\u79f0\u3001\u503c\u3001\u57df\u3001\u8def\u5f84\u3001\u8fc7\u671f\u65f6\u95f4\u7b49\u5c5e\u6027\u3002\u5728CTF\u4e2d\uff0cCookie\u662f\u653b\u51fb\u7684\u91cd\u70b9\u76ee\u6807\uff0c\u5e38\u5305\u542b\u654f\u611f\u4fe1\u606f\u3002<\/p>\n<\/p><\/div>\n<div class=\"grid md:grid-cols-3 gap-4 mb-6\">\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold mb-3\">\u6743\u9650\u63d0\u5347<\/h4>\n<p class=\"text-sm\">\u5982\u679c\u7528\u6237\u89d2\u8272\u5b58\u50a8\u5728Cookie\u4e2d\uff0c\u53ef\u4fee\u6539\u5176\u4e3a\u66f4\u9ad8\u6743\u9650\u89d2\u8272\u3002<\/p>\n<div class=\"http-header text-xs mt-2\">\n role=user \u2192 role=admin\n <\/div>\n<\/p><\/div>\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold mb-3\">\u4f1a\u8bdd\u52ab\u6301<\/h4>\n<p class=\"text-sm\">\u731c\u6d4b\u6216\u4f2a\u9020\u6709\u6548\u7684Session ID\uff0c\u5192\u5145\u5176\u4ed6\u7528\u6237\u767b\u5f55\u3002<\/p>\n<\/p><\/div>\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold mb-3\">\u7ed5\u8fc7\u8ba4\u8bc1<\/h4>\n<p class=\"text-sm\">\u68c0\u67e5\u662f\u5426\u5b58\u5728\u7684\u6807\u5fd7\u4f4d\uff0c\u5982login=1\u3002<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"highlight-box\">\n<h4 class=\"font-semibold text-lg mb-3\">\u5b9e\u4f8b\uff1apicoCTF "Power Cookie"\u6311\u6218<\/h4>\n<p class=\"mb-3\">\u9875\u9762\u63d0\u4f9b"Continue as guest"\u6309\u94ae\uff0c\u70b9\u51fb\u540e\u670d\u52a1\u5668\u8bbe\u7f6eisAdmin=0\u7684Cookie\u3002\u8bbf\u95ee\/check.php\u65f6\u670d\u52a1\u5668\u68c0\u67e5\u6b64Cookie\u3002<br \/>\n <a href=\"https:\/\/medium.com\/@ahmednarmer1\/ctf-day-27-1e6bb61eb835\" class=\"citation\" target=\"_blank\" rel=\"nofollow\" >[386]<\/a>\n <\/p>\n<div class=\"http-header\">\n <strong>\u4fee\u6539\u524d\uff1a<\/strong> Cookie: isAdmin=0<br \/>\n <br \/>\n <strong>\u4fee\u6539\u540e\uff1a<\/strong> Cookie: isAdmin=1\n <\/div>\n<p class=\"mt-3\">\u670d\u52a1\u5668\u63a5\u6536\u4fee\u6539\u540e\u7684Cookie\uff0c\u8ba4\u4e3a\u7528\u6237\u662f\u7ba1\u7406\u5458\uff0c\u8fd4\u56deflag\u3002\u6e05\u6670\u5c55\u793aCookie\u7be1\u6539\u7684\u5a01\u529b\u3002<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/section>\n<p> <!-- HTTP Status Codes --><\/p>\n<section id=\"http-status\" class=\"mb-16\">\n<div class=\"flex items-center mb-8\">\n <span class=\"section-number\">3<\/span><\/p>\n<h2 class=\"font-serif text-3xl font-bold text-primary\">HTTP\u72b6\u6001\u7801\u5728CTF\u4e2d\u7684\u7279\u6b8a\u5229\u7528\u4ef7\u503c<\/h2>\n<\/p><\/div>\n<p class=\"text-lg mb-8\">\n HTTP\u72b6\u6001\u7801\u662f\u670d\u52a1\u5668\u5bf9\u5ba2\u6237\u7aef\u8bf7\u6c42\u7684\u54cd\u5e94\uff0c\u662f\u4e00\u4e2a\u4e09\u4f4d\u6570\u7684\u4ee3\u7801\uff0c\u8868\u793a\u8bf7\u6c42\u5904\u7406\u7684\u7ed3\u679c\u3002\u5728CTF\u4e2d\uff0c\u9664\u4e86\u5e38\u89c1\u7684200\u3001404\u7b49\u72b6\u6001\u7801\uff0c\u4e00\u4e9b\u7279\u5b9a\u7684\u72b6\u6001\u7801\u4e5f\u8574\u542b\u7740\u653b\u51fb\u673a\u4f1a\u3002\n <\/p>\n<div class=\"overflow-x-auto mb-8\">\n<table class=\"w-full bg-white border border-border rounded-lg overflow-hidden\">\n<thead class=\"bg-gray-50\">\n<tr>\n<th class=\"px-6 py-4 text-left font-semibold text-secondary\">\u72b6\u6001\u7801\u7cfb\u5217<\/th>\n<th class=\"px-6 py-4 text-left font-semibold text-secondary\">\u72b6\u6001\u7801<\/th>\n<th class=\"px-6 py-4 text-left font-semibold text-secondary\">\u542b\u4e49<\/th>\n<th class=\"px-6 py-4 text-left font-semibold text-secondary\">CTF\u4e2d\u7684\u5229\u7528\u4ef7\u503c<\/th>\n<\/tr>\n<\/thead>\n<tbody class=\"divide-y divide-border\">\n<tr>\n<td class=\"px-6 py-4 font-semibold\">3xx \u91cd\u5b9a\u5411<\/td>\n<td class=\"px-6 py-4 font-mono\">301\/302<\/td>\n<td class=\"px-6 py-4 text-sm\">\u8d44\u6e90\u5df2\u6c38\u4e45\/\u4e34\u65f6\u79fb\u52a8<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e<\/strong>\uff0c\u7ed5\u8fc7URL\u9ed1\u540d\u5355\uff0c\u914d\u5408\u5176\u4ed6\u6f0f\u6d1e\u6269\u5927\u653b\u51fb\u9762<\/td>\n<\/tr>\n<tr class=\"bg-gray-50\">\n<td class=\"px-6 py-4 font-semibold\" rowspan=\"2\">4xx \u5ba2\u6237\u7aef\u9519\u8bef<\/td>\n<td class=\"px-6 py-4 font-mono\">401<\/td>\n<td class=\"px-6 py-4 text-sm\">\u672a\u6388\u6743\uff0c\u9700\u8981\u8ba4\u8bc1<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>\u8ba4\u8bc1\u7ed5\u8fc7<\/strong>\uff0c\u5c1d\u8bd5\u5f31\u5bc6\u7801\u3001\u4f2a\u9020Session\/Cookie<\/td>\n<\/tr>\n<tr class=\"bg-gray-50\">\n<td class=\"px-6 py-4 font-mono\">403<\/td>\n<td class=\"px-6 py-4 text-sm\">\u7981\u6b62\u8bbf\u95ee\uff0c\u6743\u9650\u4e0d\u8db3<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>\u6743\u9650\u63d0\u5347<\/strong>\uff0c\u5c1d\u8bd5\u4e0d\u540cHTTP\u65b9\u6cd5\u3001\u8def\u5f84\u6df7\u6dc6\u3001\u4f2a\u9020\u8bf7\u6c42\u5934<\/td>\n<\/tr>\n<tr>\n<td class=\"px-6 py-4 font-semibold\">5xx \u670d\u52a1\u5668\u9519\u8bef<\/td>\n<td class=\"px-6 py-4 font-mono\">503<\/td>\n<td class=\"px-6 py-4 text-sm\">\u670d\u52a1\u4e0d\u53ef\u7528<\/td>\n<td class=\"px-6 py-4 text-sm\"><strong>\u4fe1\u606f\u6cc4\u9732<\/strong>\uff0c\u9519\u8bef\u9875\u9762\u53ef\u80fd\u5305\u542b\u5806\u6808\u8ddf\u8e2a\u3001\u5185\u90e8\u8def\u5f84\u7b49\u654f\u611f\u4fe1\u606f<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<div id=\"status-3xx\" class=\"mb-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">3.1 3xx\u91cd\u5b9a\u5411\u72b6\u6001\u7801<\/h3>\n<div class=\"protocol-card mb-6\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-redirect text-accent mr-2\"><\/i>301\/302\u72b6\u6001\u7801\u7684\u542b\u4e49\u4e0e\u533a\u522b<\/h4>\n<div class=\"grid md:grid-cols-2 gap-4\">\n<div>\n<h5 class=\"font-semibold mb-2\">301 Moved Permanently<\/h5>\n<p class=\"text-sm\">\u8d44\u6e90\u5df2\u88ab\u6c38\u4e45\u79fb\u52a8\u5230\u65b0\u7684URL\uff0c\u6d4f\u89c8\u5668\u4f1a\u7f13\u5b58\u8fd9\u4e2a\u91cd\u5b9a\u5411\u3002<\/p>\n<\/p><\/div>\n<div>\n<h5 class=\"font-semibold mb-2\">302 Found<\/h5>\n<p class=\"text-sm\">\u8d44\u6e90\u4e34\u65f6\u4f4d\u4e8e\u65b0\u7684URL\uff0c\u6d4f\u89c8\u5668\u901a\u5e38\u4e0d\u4f1a\u7f13\u5b58\u8fd9\u4e2a\u91cd\u5b9a\u5411\u3002<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p class=\"mt-4\">\u5728CTF\u4e2d\uff0c302\u66f4\u4e3a\u5e38\u89c1\uff0c\u56e0\u4e3a\u5b83\u8868\u793a\u4e34\u65f6\u7684\u3001\u53ef\u53d8\u7684\u91cd\u5b9a\u5411\uff0c\u66f4\u5bb9\u6613\u88ab\u653b\u51fb\u8005\u64cd\u63a7\u3002<\/p>\n<\/p><\/div>\n<div class=\"highlight-box\">\n<h4 class=\"font-semibold text-lg mb-3\">\u5229\u7528\u573a\u666f\uff1a\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e<\/h4>\n<p class=\"mb-4\">\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u662f\u6307Web\u5e94\u7528\u63a5\u53d7\u7528\u6237\u53ef\u63a7\u7684\u8f93\u5165\u4f5c\u4e3a\u91cd\u5b9a\u5411\u7684\u76ee\u6807URL\uff0c\u5e76\u4e14\u6ca1\u6709\u5bf9\u5176\u8fdb\u884c\u5145\u5206\u7684\u9a8c\u8bc1\u3002<\/p>\n<h5 class=\"font-semibold mb-2\">\u5b9e\u4f8b<\/h5>\n<div class=\"http-header mb-3\">\n <strong>\u6b63\u5e38\u767b\u5f55\u8df3\u8f6c\uff1a<\/strong><br \/>\n <br \/>\n https:\/\/example.com\/login?redirect=\/dashboard<\/p>\n<p> <strong>\u6076\u610f\u91cd\u5b9a\u5411\uff1a<\/strong><br \/>\n <br \/>\n https:\/\/example.com\/login?redirect=https:\/\/evil.com\n <\/div>\n<p class=\"mb-3\">\u5f53\u7528\u6237\u70b9\u51fb\u6076\u610f\u94fe\u63a5\u5e76\u6210\u529f\u767b\u5f55\u540e\uff0c\u4f1a\u88ab\u91cd\u5b9a\u5411\u5230\u653b\u51fb\u8005\u7684\u9493\u9c7c\u7f51\u7ad9\u3002<br \/>\n <a href=\"https:\/\/spyboy.blog\/2023\/11\/26\/unmasking-the-stealth-threat-of-open-url-redirection-in-web-applications\/\" class=\"citation\" target=\"_blank\" rel=\"nofollow\" >[367]<\/a>\n <\/p>\n<h5 class=\"font-semibold mb-2\">\u5176\u4ed6\u5229\u7528\u65b9\u5f0f<\/h5>\n<ul class=\"list-disc list-inside space-y-1 text-sm\">\n<li>\u7ed5\u8fc7URL\u9ed1\u540d\u5355\uff1a\u5148\u8bf7\u6c42\u5141\u8bb8\u7684\u5916\u90e8URL\uff0c\u518d302\u91cd\u5b9a\u5411\u5230\u5185\u7f51IP<\/li>\n<li>\u914d\u5408\u5176\u4ed6\u6f0f\u6d1e\uff1a\u4e0eXSS\u3001CSRF\u7ed3\u5408\u6269\u5927\u653b\u51fb\u9762<\/li>\n<li>\u7a83\u53d6OAuth Token\uff1a\u7be1\u6539redirect_uri\u53c2\u6570\u52ab\u6301\u7528\u6237\u8d26\u6237<\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div id=\"status-4xx\" class=\"mb-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">3.2 4xx\u5ba2\u6237\u7aef\u9519\u8bef\u72b6\u6001\u7801<\/h3>\n<div class=\"grid md:grid-cols-2 gap-6 mb-6\">\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-lock text-accent mr-2\"><\/i>401 Unauthorized<\/h4>\n<p class=\"text-sm mb-3\">\u8868\u793a\u8bf7\u6c42\u9700\u8981\u7528\u6237\u8ba4\u8bc1\uff0c\u670d\u52a1\u5668\u901a\u5e38\u4f1a\u5728\u54cd\u5e94\u4e2d\u5305\u542bWWW-Authenticate\u5934\u6307\u660e\u8ba4\u8bc1\u65b9\u5f0f\u3002<\/p>\n<div class=\"http-header text-xs\">\n WWW-Authenticate: Basic realm="Access to the staging site"\n <\/div>\n<\/p><\/div>\n<div class=\"protocol-card\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-ban text-accent mr-2\"><\/i>403 Forbidden<\/h4>\n<p class=\"text-sm mb-3\">\u8868\u793a\u670d\u52a1\u5668\u7406\u89e3\u4e86\u8bf7\u6c42\u4f46\u62d2\u7edd\u6267\u884c\uff0c\u901a\u5e38\u610f\u5473\u7740\u7528\u6237\u5df2\u901a\u8fc7\u8ba4\u8bc1\u4f46\u6ca1\u6709\u8db3\u591f\u6743\u9650\u3002<\/p>\n<div class=\"http-header text-xs\">\n HTTP\/1.1 403 Forbidden<br \/>\n <br \/>\n Content-Type: text\/html\n <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"highlight-box\">\n<h4 class=\"font-semibold text-lg mb-3\">\u5229\u7528\u573a\u666f\uff1a\u8ba4\u8bc1\u7ed5\u8fc7\u4e0e\u6743\u9650\u63d0\u5347<\/h4>\n<div class=\"grid md:grid-cols-2 gap-6\">\n<div>\n<h5 class=\"font-semibold mb-2\">\u7ed5\u8fc7\u8ba4\u8bc1\uff08401\uff09<\/h5>\n<ul class=\"text-sm space-y-1\">\n<li>\u2022 \u5f31\u5bc6\u7801\/\u9ed8\u8ba4\u51ed\u636e\u5c1d\u8bd5<\/li>\n<li>\u2022 \u8ba4\u8bc1\u903b\u8f91\u6f0f\u6d1e\u68c0\u67e5<\/li>\n<li>\u2022 Session\/Cookie\u4f2a\u9020<\/li>\n<\/ul><\/div>\n<div>\n<h5 class=\"font-semibold mb-2\">\u7ed5\u8fc7\u6388\u6743\uff08403\uff09<\/h5>\n<ul class=\"text-sm space-y-1\">\n<li>\u2022 HTTP\u65b9\u6cd5\u7ed5\u8fc7\uff08GET\u2192POST\u7b49\uff09<\/li>\n<li>\u2022 \u8def\u5f84\u6df7\u6dc6\uff08\/.\/\u3001\/..\/\u7b49\uff09<\/li>\n<li>\u2022 \u8bf7\u6c42\u5934\u7ed5\u8fc7\uff08X-Original-URL\u7b49\uff09<\/li>\n<li>\u2022 IP\u4f2a\u9020\uff08X-Forwarded-For\uff09<\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<h5 class=\"font-semibold mt-4 mb-2\">\u5b9e\u4f8b\uff1a\u901a\u8fc7\u4fee\u6539\u8bf7\u6c42\u5934\u7ed5\u8fc7403\u9650\u5236<\/h5>\n<p class=\"text-sm mb-3\">\u8bbf\u95ee\/admin\u8def\u5f84\u8fd4\u56de403 Forbidden\uff0c\u5c1d\u8bd5\u591a\u79cd\u65b9\u6cd5\u540e\uff0c\u6dfb\u52a0<br \/>\n <code>X-Original-URL: \/admin<\/code>\u5e76\u5c06\u8bf7\u6c42\u8def\u5f84\u6539\u4e3a\/\uff0c\u6210\u529f\u8bbf\u95ee\u7ba1\u7406\u9875\u9762\u3002\n <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div id=\"status-5xx\" class=\"mb-12\">\n<h3 class=\"font-serif text-2xl font-semibold text-secondary mb-4\">3.3 5xx\u670d\u52a1\u5668\u9519\u8bef\u72b6\u6001\u7801<\/h3>\n<div class=\"protocol-card mb-6\">\n<h4 class=\"font-semibold text-lg mb-3\"><i class=\"fas fa-exclamation-triangle text-accent mr-2\"><\/i>503\u72b6\u6001\u7801\u7684\u542b\u4e49<\/h4>\n<p class=\"mb-3\">503 Service Unavailable\u8868\u793a\u670d\u52a1\u5668\u5f53\u524d\u4e0d\u80fd\u5904\u7406\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\uff0c\u4e00\u6bb5\u65f6\u95f4\u540e\u53ef\u80fd\u6062\u590d\u6b63\u5e38\u3002\u901a\u5e38\u7531\u4e8e\u670d\u52a1\u5668\u8fc7\u8f7d\u3001\u505c\u673a\u7ef4\u62a4\u6216\u4f9d\u8d56\u670d\u52a1\u4e0d\u53ef\u7528\u5bfc\u81f4\u3002<\/p>\n<div class=\"http-header\">\n HTTP\/1.1 503 Service Unavailable<br \/>\n <br \/>\n Retry-After: 3600<br \/>\n <br \/>\n Content-Type: text\/html\n <\/div>\n<\/p><\/div>\n<div class=\"highlight-box\">\n<h4 class=\"font-semibold text-lg mb-3\">\u5229\u7528\u573a\u666f\uff1a\u4fe1\u606f\u6cc4\u9732\u4e0e\u62d2\u7edd\u670d\u52a1<\/h4>\n<div class=\"grid md:grid-cols-3 gap-4\">\n<div>\n<h5 class=\"font-semibold mb-2\">\u4fe1\u606f\u6cc4\u9732<\/h5>\n<p class=\"text-sm\">\u9519\u8bef\u54cd\u5e94\u4f53\u4e2d\u53ef\u80fd\u5305\u542b\u5806\u6808\u8ddf\u8e2a\u3001\u670d\u52a1\u5668\u8f6f\u4ef6\u7248\u672c\u3001\u5185\u90e8\u6587\u4ef6\u8def\u5f84\u7b49\u654f\u611f\u4fe1\u606f\u3002<\/p>\n<\/p><\/div>\n<div>\n<h5 class=\"font-semibold mb-2\">\u89e6\u53d1\u7279\u5b9a\u903b\u8f91<\/h5>\n<p class=\"text-sm\">\u6545\u610f\u8ba9\u4f9d\u8d56\u670d\u52a1\u8d85\u65f6\uff0c\u53ef\u80fd\u8fdb\u5165\u7279\u6b8a\u7684\u9519\u8bef\u5904\u7406\u5206\u652f\uff0c\u5b58\u5728\u6f0f\u6d1e\u3002<\/p>\n<\/p><\/div>\n<div>\n<h5 class=\"font-semibold mb-2\">\u62d2\u7edd\u670d\u52a1\uff08DoS\uff09<\/h5>\n<p class=\"text-sm\">\u53d1\u9001\u5927\u91cf\u7279\u5b9a\u8bf7\u6c42\u8017\u5c3d\u670d\u52a1\u5668\u8d44\u6e90\uff0c\u4f7f\u5176\u8fd4\u56de503\u3002<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<h5 class=\"font-semibold mt-4 mb-2\">\u5b9e\u4f8b\uff1a\u901a\u8fc7\u89e6\u53d1503\u9519\u8bef\u83b7\u53d6\u654f\u611f\u4fe1\u606f<\/h5>\n<p class=\"text-sm\">API\u7aef\u70b9\u5904\u7406\u5f02\u5e38\u5927\u8f93\u5165\u65f6\u8fd4\u56de503\uff0c\u9519\u8bef\u9875\u9762\u5305\u542b\u5b8c\u6574Python\u5806\u6808\u8ddf\u8e2a\uff0c\u5206\u6790\u540e\u53d1\u73b0\u672a\u516c\u5f00API\u7aef\u70b9\uff0c\u6700\u7ec8\u83b7\u53d6flag\u3002<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/section>\n<p> <!-- Complete Flow --><\/p>\n<section id=\"complete-flow\" class=\"mb-16\">\n<div class=\"protocol-card\">\n<h2 class=\"font-serif text-3xl font-bold text-primary mb-6\">\n <i class=\"fas fa-flow text-accent mr-3\"><\/i>\u5b8c\u6574\u6d41\u7a0b\uff1a\u4eceURL\u8f93\u5165\u5230\u9875\u9762\u5c55\u793a<br \/>\n <\/h2>\n<div class=\"mermaid-container\">\n<div class=\"mermaid-controls\">\n <button class=\"mermaid-control-btn zoom-in\" title=\"\u653e\u5927\"><br \/>\n <i class=\"fas fa-search-plus\"><\/i><br \/>\n <\/button><br \/>\n <button class=\"mermaid-control-btn zoom-out\" title=\"\u7f29\u5c0f\"><br \/>\n <i class=\"fas fa-search-minus\"><\/i><br \/>\n <\/button><br \/>\n <button class=\"mermaid-control-btn reset-zoom\" title=\"\u91cd\u7f6e\"><br \/>\n <i class=\"fas fa-expand-arrows-alt\"><\/i><br \/>\n <\/button><br \/>\n <button class=\"mermaid-control-btn fullscreen\" title=\"\u5168\u5c4f\u67e5\u770b\"><br \/>\n <i class=\"fas fa-expand\"><\/i><br \/>\n <\/button>\n <\/div>\n<div class=\"mermaid\">\n graph TD<br \/>\n A["\ud83c\udf10 \u6d4f\u89c8\u5668\u5730\u5740\u680f\u8f93\u5165URL"] --> B{"\ud83d\udcbe \u6d4f\u89c8\u5668DNS\u7f13\u5b58\u67e5\u8be2"}<br \/>\n B -->|"\u547d\u4e2d"| C["\ud83d\udd17 \u83b7\u53d6IP\u5730\u5740"]<br \/>\n B -->|"\u672a\u547d\u4e2d"| D["\ud83d\udcbb \u64cd\u4f5c\u7cfb\u7edfDNS\u7f13\u5b58\u67e5\u8be2"]<br \/>\n D -->|"\u547d\u4e2d"| C<br \/>\n D -->|"\u672a\u547d\u4e2d"| E["\ud83d\udcc4 Hosts\u6587\u4ef6\u67e5\u8be2"]<br \/>\n E -->|"\u547d\u4e2d"| C<br \/>\n E -->|"\u672a\u547d\u4e2d"| F["\ud83c\udf10 \u672c\u5730DNS\u670d\u52a1\u5668\u67e5\u8be2"]<br \/>\n F --> G{"\ud83d\udcbe LDNS\u7f13\u5b58\u67e5\u8be2"}<br \/>\n G -->|"\u547d\u4e2d"| C<br \/>\n G -->|"\u672a\u547d\u4e2d"| H["\ud83c\udf0d \u6839\u57df\u540d\u670d\u52a1\u5668\u67e5\u8be2"]<br \/>\n H --> I["\ud83c\udfe2 \u9876\u7ea7\u57df\u540d\u670d\u52a1\u5668\u67e5\u8be2"]<br \/>\n I --> J["\ud83c\udfe0 \u6743\u5a01\u57df\u540d\u670d\u52a1\u5668\u67e5\u8be2"]<br \/>\n J --> K["\ud83d\udccb \u8fd4\u56deIP\u5730\u5740"]<br \/>\n K --> L["\ud83d\udd04 LDNS\u7f13\u5b58\u66f4\u65b0"]<br \/>\n L --> M["\ud83d\udcbb \u64cd\u4f5c\u7cfb\u7edf\u7f13\u5b58\u66f4\u65b0"]<br \/>\n M --> N["\ud83c\udf10 \u6d4f\u89c8\u5668\u7f13\u5b58\u66f4\u65b0"]<br \/>\n N --> C<br \/>\n C --> O["\ud83d\udd17 TCP\u4e09\u6b21\u63e1\u624b\u5efa\u7acb\u8fde\u63a5"]<br \/>\n O --> P["\ud83d\udce4 \u6784\u5efaHTTP\u8bf7\u6c42"]<br \/>\n P --> Q["\ud83d\udcdd \u8bbe\u7f6e\u5404\u79cd\u8bf7\u6c42\u5934"]<br \/>\n Q --> R["\ud83d\udd04 \u53d1\u9001HTTP\u8bf7\u6c42"]<br \/>\n R --> S["\u23f3 \u670d\u52a1\u5668\u5904\u7406\u8bf7\u6c42"]<br \/>\n S --> T["\ud83d\udce5 \u8fd4\u56deHTTP\u54cd\u5e94"]<br \/>\n T --> U["\ud83d\udd0d \u5206\u6790\u72b6\u6001\u7801\u548c\u54cd\u5e94\u5934"]<br \/>\n U --> V["\ud83d\uddbc\ufe0f \u6d4f\u89c8\u5668\u6e32\u67d3\u9875\u9762"]\n <\/div>\n<\/p><\/div>\n<div class=\"grid md:grid-cols-2 gap-6 mt-8\">\n<div class=\"protocol-card\">\n<h3 class=\"font-serif text-xl font-semibold text-secondary mb-4\">\u5e94\u7528\u5c42\u5173\u952e\u64cd\u4f5c<\/h3>\n<ul class=\"space-y-2\">\n<li><i class=\"fas fa-link text-accent mr-2\"><\/i><strong>URL\u89e3\u6790\uff1a<\/strong>\u5206\u89e3\u534f\u8bae\u3001\u4e3b\u673a\u3001\u8def\u5f84\u3001\u67e5\u8be2\u53c2\u6570\u7b49<\/li>\n<li><i class=\"fas fa-file-code text-accent mr-2\"><\/i><strong>HTTP\u8bf7\u6c42\u6784\u5efa\uff1a<\/strong>\u8bbe\u7f6e\u8bf7\u6c42\u884c\u3001\u8bf7\u6c42\u5934\u3001\u8bf7\u6c42\u4f53<\/li>\n<li><i class=\"fas fa-eye text-accent mr-2\"><\/i><strong>HTTP\u54cd\u5e94\u89e3\u6790\uff1a<\/strong>\u5206\u6790\u72b6\u6001\u7801\u3001\u54cd\u5e94\u5934\u3001\u54cd\u5e94\u4f53<\/li>\n<\/ul><\/div>\n<div class=\"protocol-card\">\n<h3 class=\"font-serif text-xl font-semibold text-secondary mb-4\">\u4f20\u8f93\u5c42\u5173\u952e\u64cd\u4f5c<\/h3>\n<ul class=\"space-y-2\">\n<li><i class=\"fas fa-handshake text-accent mr-2\"><\/i><strong>TCP\u4e09\u6b21\u63e1\u624b\uff1a<\/strong>SYN \u2192 SYN-ACK \u2192 ACK<\/li>\n<li><i class=\"fas fa-exchange-alt text-accent mr-2\"><\/i><strong>\u6570\u636e\u4f20\u8f93\uff1a<\/strong>\u5e8f\u5217\u53f7\u548c\u786e\u8ba4\u53f7\u673a\u5236\u4fdd\u8bc1\u53ef\u9760\u4f20\u8f93<\/li>\n<li><i class=\"fas fa-times-circle text-accent mr-2\"><\/i><strong>TCP\u56db\u6b21\u6325\u624b\uff1a<\/strong>FIN \u2192 ACK \u2192 FIN \u2192 ACK<\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/section>\n<p> <\/main><\/p>\n<p> <script>\n \/\/ Initialize Mermaid with custom theme and configuration\n mermaid.initialize({\n startOnLoad: true,\n theme: 'base',\n themeVariables: {\n primaryColor: '#e3f2fd',\n primaryTextColor: '#1a2e40',\n primaryBorderColor: '#2d5a87',\n lineColor: '#2d5a87',\n secondaryColor: '#fff3e0',\n secondaryTextColor: '#1a2e40',\n secondaryBorderColor: '#4a90e2',\n tertiaryColor: '#f3e5f5',\n tertiaryTextColor: '#1a2e40',\n background: '#ffffff',\n mainBkg: '#e3f2fd',\n secondBkg: '#fff3e0',\n tertiaryBkg: '#f3e5f5',\n fontFamily: 'Inter, sans-serif',\n fontSize: '16px'\n },\n flowchart: {\n useMaxWidth: false,\n htmlLabels: true,\n curve: 'basis'\n },\n securityLevel: 'loose'\n });<\/p>\n<p> \/\/ Initialize Mermaid Controls for zoom and pan\n function initializeMermaidControls() {\n const containers = document.querySelectorAll('.mermaid-container');<\/p>\n<p> containers.forEach(container => {\n const mermaidElement = container.querySelector('.mermaid');\n let scale = 1;\n let isDragging = false;\n let startX, startY, translateX = 0, translateY = 0;<\/p>\n<p> \/\/ \u89e6\u6478\u76f8\u5173\u72b6\u6001\n let isTouch = false;\n let touchStartTime = 0;\n let initialDistance = 0;\n let initialScale = 1;\n let isPinching = false;<\/p>\n<p> \/\/ Zoom controls\n const zoomInBtn = container.querySelector('.zoom-in');\n const zoomOutBtn = container.querySelector('.zoom-out');\n const resetBtn = container.querySelector('.reset-zoom');\n const fullscreenBtn = container.querySelector('.fullscreen');<\/p>\n<p> function updateTransform() {\n mermaidElement.style.transform = `translate(${translateX}px, ${translateY}px) scale(${scale})`;<\/p>\n<p> if (scale > 1) {\n container.classList.add('zoomed');\n } else {\n container.classList.remove('zoomed');\n }<\/p>\n<p> mermaidElement.style.cursor = isDragging ? 'grabbing' : 'grab';\n }<\/p>\n<p> if (zoomInBtn) {\n zoomInBtn.addEventListener('click', () => {\n scale = Math.min(scale * 1.25, 4);\n updateTransform();\n });\n }<\/p>\n<p> if (zoomOutBtn) {\n zoomOutBtn.addEventListener('click', () => {\n scale = Math.max(scale \/ 1.25, 0.3);\n if (scale <= 1) {\n translateX = 0;\n translateY = 0;\n }\n updateTransform();\n });\n }\n\n if (resetBtn) {\n resetBtn.addEventListener('click', () => {\n scale = 1;\n translateX = 0;\n translateY = 0;\n updateTransform();\n });\n }<\/p>\n<p> if (fullscreenBtn) {\n fullscreenBtn.addEventListener('click', () => {\n if (container.requestFullscreen) {\n container.requestFullscreen();\n } else if (container.webkitRequestFullscreen) {\n container.webkitRequestFullscreen();\n } else if (container.msRequestFullscreen) {\n container.msRequestFullscreen();\n }\n });\n }<\/p>\n<p> \/\/ Mouse Events\n mermaidElement.addEventListener('mousedown', (e) => {\n if (isTouch) return; \/\/ \u5982\u679c\u662f\u89e6\u6478\u8bbe\u5907\uff0c\u5ffd\u7565\u9f20\u6807\u4e8b\u4ef6<\/p>\n<p> isDragging = true;\n startX = e.clientX - translateX;\n startY = e.clientY - translateY;\n mermaidElement.style.cursor = 'grabbing';\n updateTransform();\n e.preventDefault();\n });<\/p>\n<p> document.addEventListener('mousemove', (e) => {\n if (isDragging && !isTouch) {\n translateX = e.clientX - startX;\n translateY = e.clientY - startY;\n updateTransform();\n }\n });<\/p>\n<p> document.addEventListener('mouseup', () => {\n if (isDragging && !isTouch) {\n isDragging = false;\n mermaidElement.style.cursor = 'grab';\n updateTransform();\n }\n });<\/p>\n<p> document.addEventListener('mouseleave', () => {\n if (isDragging && !isTouch) {\n isDragging = false;\n mermaidElement.style.cursor = 'grab';\n updateTransform();\n }\n });<\/p>\n<p> \/\/ \u83b7\u53d6\u4e24\u70b9\u4e4b\u95f4\u7684\u8ddd\u79bb\n function getTouchDistance(touch1, touch2) {\n return Math.hypot(\n touch2.clientX - touch1.clientX,\n touch2.clientY - touch1.clientY\n );\n }<\/p>\n<p> \/\/ Touch Events - \u89e6\u6478\u4e8b\u4ef6\u5904\u7406\n mermaidElement.addEventListener('touchstart', (e) => {\n isTouch = true;\n touchStartTime = Date.now();<\/p>\n<p> if (e.touches.length === 1) {\n \/\/ \u5355\u6307\u62d6\u52a8\n isPinching = false;\n isDragging = true;<\/p>\n<p> const touch = e.touches[0];\n startX = touch.clientX - translateX;\n startY = touch.clientY - translateY;<\/p>\n<p> } else if (e.touches.length === 2) {\n \/\/ \u53cc\u6307\u7f29\u653e\n isPinching = true;\n isDragging = false;<\/p>\n<p> const touch1 = e.touches[0];\n const touch2 = e.touches[1];\n initialDistance = getTouchDistance(touch1, touch2);\n initialScale = scale;\n }<\/p>\n<p> e.preventDefault();\n }, { passive: false });<\/p>\n<p> mermaidElement.addEventListener('touchmove', (e) => {\n if (e.touches.length === 1 && isDragging && !isPinching) {\n \/\/ \u5355\u6307\u62d6\u52a8\n const touch = e.touches[0];\n translateX = touch.clientX - startX;\n translateY = touch.clientY - startY;\n updateTransform();<\/p>\n<p> } else if (e.touches.length === 2 && isPinching) {\n \/\/ \u53cc\u6307\u7f29\u653e\n const touch1 = e.touches[0];\n const touch2 = e.touches[1];\n const currentDistance = getTouchDistance(touch1, touch2);<\/p>\n<p> if (initialDistance > 0) {\n const newScale = Math.min(Math.max(\n initialScale * (currentDistance \/ initialDistance),\n 0.3\n ), 4);\n scale = newScale;\n updateTransform();\n }\n }<\/p>\n<p> e.preventDefault();\n }, { passive: false });<\/p>\n<p> mermaidElement.addEventListener('touchend', (e) => {\n \/\/ \u91cd\u7f6e\u72b6\u6001\n if (e.touches.length === 0) {\n isDragging = false;\n isPinching = false;\n initialDistance = 0;<\/p>\n<p> \/\/ \u5ef6\u8fdf\u91cd\u7f6eisTouch\uff0c\u907f\u514d\u9f20\u6807\u4e8b\u4ef6\u7acb\u5373\u89e6\u53d1\n setTimeout(() => {\n isTouch = false;\n }, 100);\n } else if (e.touches.length === 1 && isPinching) {\n \/\/ \u4ece\u53cc\u6307\u53d8\u4e3a\u5355\u6307\uff0c\u5207\u6362\u4e3a\u62d6\u52a8\u6a21\u5f0f\n isPinching = false;\n isDragging = true;<\/p>\n<p> const touch = e.touches[0];\n startX = touch.clientX - translateX;\n startY = touch.clientY - translateY;\n }<\/p>\n<p> updateTransform();\n });<\/p>\n<p> mermaidElement.addEventListener('touchcancel', (e) => {\n isDragging = false;\n isPinching = false;\n initialDistance = 0;<\/p>\n<p> setTimeout(() => {\n isTouch = false;\n }, 100);<\/p>\n<p> updateTransform();\n });<\/p>\n<p> \/\/ Enhanced wheel zoom with better center point handling\n container.addEventListener('wheel', (e) => {\n e.preventDefault();\n const rect = container.getBoundingClientRect();\n const centerX = rect.width \/ 2;\n const centerY = rect.height \/ 2;<\/p>\n<p> const delta = e.deltaY > 0 ? 0.9 : 1.1;\n const newScale = Math.min(Math.max(scale * delta, 0.3), 4);<\/p>\n<p> \/\/ Adjust translation to zoom towards center\n if (newScale !== scale) {\n const scaleDiff = newScale \/ scale;\n translateX = translateX * scaleDiff;\n translateY = translateY * scaleDiff;\n scale = newScale;<\/p>\n<p> if (scale <= 1) {\n translateX = 0;\n translateY = 0;\n }\n\n updateTransform();\n }\n });\n\n \/\/ Initialize display\n updateTransform();\n });\n }\n\n \/\/ Initialize mermaid controls after DOM is loaded\n document.addEventListener('DOMContentLoaded', function() {\n initializeMermaidControls();\n });\n \n \/\/ Table of Contents active link tracking\n const sections = document.querySelectorAll('section[id]');\n const tocLinks = document.querySelectorAll('.toc-link');\n \n function updateActiveLink() {\n let current = '';\n sections.forEach(section => {\n const sectionTop = section.offsetTop;\n const sectionHeight = section.clientHeight;\n if (window.pageYOffset >= sectionTop - 200) {\n current = section.getAttribute('id');\n }\n });<\/p>\n<p> tocLinks.forEach(link => {\n link.classList.remove('active');\n if (link.getAttribute('href') === '#' + current) {\n link.classList.add('active');\n }\n });\n }<\/p>\n<p> window.addEventListener('scroll', updateActiveLink);\n updateActiveLink();<\/p>\n<p> \/\/ Smooth scrolling for TOC links\n tocLinks.forEach(link => {\n link.addEventListener('click', function(e) {\n e.preventDefault();\n const targetId = this.getAttribute('href').substring(1);\n const targetSection = document.getElementById(targetId);\n if (targetSection) {\n targetSection.scrollIntoView({ behavior: 'smooth' });\n }\n });\n });<\/p>\n<p> \/\/ Add loading animation for images\n document.querySelectorAll('img').forEach(img => {\n img.addEventListener('load', function() {\n this.style.opacity = '1';\n });\n img.style.opacity = '0';\n img.style.transition = 'opacity 0.3s ease';\n });\n <\/script><\/p>\n<p><\/body><\/html><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CTF\u4e2d\u7684\u7f51\u7edc\u534f\u8bae\u4e0eHTTP\u653b\u9632\u6280\u672f\u8be6\u89e3 \u76ee\u5f55 \u5f15\u8a00 1. DNS\u57df\u540d\u89e3\u6790 1.1 \u672c\u5730\u7f13\u5b58\u67e5\u8be2 1.2 \u9012\u5f52\u67e5\u8be2\u4e0e\u8fed\u4ee3\u67e5\u8be2 1. ...<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"emotion":"","emotion_color":"","title_style":"","license":""},"categories":[26],"tags":[],"class_list":["post-310","post","type-post","status-publish","format-standard","hentry","category-internet"],"_links":{"self":[{"href":"https:\/\/index.cmiteam.cn\/index.php\/wp-json\/wp\/v2\/posts\/310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/index.cmiteam.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/index.cmiteam.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/index.cmiteam.cn\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/index.cmiteam.cn\/index.php\/wp-json\/wp\/v2\/comments?post=310"}],"version-history":[{"count":0,"href":"https:\/\/index.cmiteam.cn\/index.php\/wp-json\/wp\/v2\/posts\/310\/revisions"}],"wp:attachment":[{"href":"https:\/\/index.cmiteam.cn\/index.php\/wp-json\/wp\/v2\/media?parent=310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/index.cmiteam.cn\/index.php\/wp-json\/wp\/v2\/categories?post=310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/index.cmiteam.cn\/index.php\/wp-json\/wp\/v2\/tags?post=310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}