目录
一、什么是HTTP
1、定义
2、HTTP工作架构
3、结构(取自菜鸟网站)
3.1 客户端请求消息
3.2 服务端请求消息
二、如何进行HTTP接口测试
三、HTTP常用请求方式
1、GET请求
1.1 不带参数的GET请求
1.2 带参数的GET请求
2、POST请求
2.1 不带参数的POST请求
2.2 带参数的POST请求
3、GET与POST区别
四、HTTP常见工具
大家都知道程序=算法+数据结构,CPU调用程序运行时,程序就转变成了进程实体。如果想要两台计算机上的进程相互通信,就需要通过网络实现。而两台计算机之间通信的规则,则是由通信协议决定的。
根据OSI七层模型,每一个层级都有与之对应的通信协议。OSI七层协议模型从上到下分为应用层、表现层、会话层、传输层、网络层、链路层、物理层,而HTTP就是应用层的一种协议。
HTTP协议(HyperText Transfer Protocol,超文本传输协议)是因特网上应用最为广泛的一种网络传输协议,所有的WWW文件都必须遵守这个标准。HTTP是一个基于TCP/IP通信协议来传递数据(HTML 文件, 图片文件, 查询结果等)[取自菜鸟网站]。
HTTP是基于客户端-服务端架构的工作方式:
客户端通过HTTP协议,使用URL请求服务端接口,获取响应数据,再渲染在前端页面呈现给用户。
客户端发送一个HTTP请求到服务器的请求消息包括以下格式:请求行(request line)、请求头部(header)、空行和请求数据四个部分组成,下图给出了请求报文的一般格式。
HTTP响应也由四个部分组成,分别是:状态行、消息报头、空行和响应正文。
HTTP接口测试过程
HTTP的请求方式有GET、POST、HEAD、PUT、DELETE、CONNECT、OPTIONS、TRACE、PATCH,比较常用的请求方式是POST和GET。
HtTTP请求模拟网址:https://httpbin.org/#/HTTP_Methods/get_get
不带参数的GET请求
curl -X GET "https://httpbin.org/get" -H "accept: application/json" -vv 2>&1
请求报文:
> GET /get HTTP/2 #请求方法 url HTTP协议版本
> Host: httpbin.org #请求头
> User-Agent: curl/7.64.1 #请求头
> accept: application/json #请求头
>
响应报文:
< HTTP/2 200 #HTTP协议版本 状态码
< date: Wed, 09 Jun 2021 09:06:30 GMT #响应头
< content-type: application/json #响应头
< content-length: 270 #响应头
< server: gunicorn/19.9.0 #响应头
< access-control-allow-origin: * #响应头
< access-control-allow-credentials: true #响应头
<
{ #响应体
"args": {},
"headers": {
"Accept": "application/json",
"Host": "httpbin.org",
"User-Agent": "curl/7.64.1",
"X-Amzn-Trace-Id": "Root=1-60c08496-0d60db887fe14e1519d3e7a8"
},
"origin": "183.128.110.251",
"url": "https://httpbin.org/get"
}
curl 'https://xueqiu.com/query/v1/search/web/stock.json?q=sogo&size=3&page=1' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36' -H 'Cookie: xq_a_token=ac3c2b00373aafa819dd63230fff55140e7d0bb4' -vv 2>&1 | less
请求报文:
> GET /query/v1/search/web/stock.json?q=sogo&size=3&page=1 HTTP/1.1 #请求方法 url+参数 HTTP协议版本
> Host: xueqiu.com #请求头
> Accept: */* #请求头
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 #请求头
> Cookie: xq_a_token=ac3c2b00373aafa819dd63230fff55140e7d0bb4 #请求头
>
响应报文
< HTTP/1.1 200
< Date: Wed, 09 Jun 2021 09:19:18 GMT
< Content-Type: application/json;charset=UTF-8
< Content-Length: 177
< Connection: keep-alive
< Set-Cookie: acw_tc=2760820616232303589484316eacbe2080d583559daaad4156c4be5a59e1a2;path=/;HttpOnly;Max-Age=1800
< Server: openresty
< Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0
< P3P: "CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT""
< Strict-Transport-Security: max-age=31536000
<
* Connection #0 to host xueqiu.com left intact
{"count":1,"list":[{"code":"SOGO","current":"8.35","name":"搜狗","percentage":0.0,"type":0}],"maxPage":1,"page":1,"query_id":1402555897972219904,"recommend_cards":[],"size":1}*
curl -X POST "https://httpbin.org/post" -H "accept: application/json" -vv 2>&1
请求报文:
> POST /post HTTP/2 #请求方法 url HTTP协议版本
> Host: httpbin.org #请求头
> User-Agent: curl/7.64.1 #请求头
> accept: application/json #请求头
>
响应报文:
< HTTP/2 200
< date: Wed, 09 Jun 2021 09:22:28 GMT
< content-type: application/json
< content-length: 334
< server: gunicorn/19.9.0
< access-control-allow-origin: *
< access-control-allow-credentials: true
<
{
"args": {},
"data": "",
"files": {},
"form": {},
"headers": {
"Accept": "application/json",
"Host": "httpbin.org",
"User-Agent": "curl/7.64.1",
"X-Amzn-Trace-Id": "Root=1-60c08854-4d72ce5d1cc3823540988383"
},
"json": null,
"origin": "183.128.110.251",
"url": "https://httpbin.org/post"
}
curl 'https://xueqiu.com/upload/web?category=web_behavior' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36' -H 'Content-Type: text/plain' -H 'Cookie: xq_a_token=ac3c2b00373aafa819dd63230fff55140e7d0bb4' --data-raw '-1|1623230223144|mac|1440x900|31||1|{"cookiesu":"361623215165261","ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36","referurl":"https://xueqiu.com/","url":"https://xueqiu.com/k?q=sogo","type":"搜索输入"}' -vv
请求报文:
> POST /upload/web?category=web_behavior HTTP/1.1 #请求方法 url HTTP协议版本
> Host: xueqiu.com #请求头
> Accept: */* #请求头
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 #请求头
> Content-Type: text/plain #请求头
> Cookie: xq_a_token=ac3c2b00373aafa819dd63230fff55140e7d0bb4 #请求头
> Content-Length: 286 #请求头
>
* upload completely sent off: 286 out of 286 bytes #请求数据
响应报文:
< HTTP/1.1 200 OK
< Date: Wed, 09 Jun 2021 09:27:13 GMT
< Content-Type: text/plain;charset=UTF-8
< Content-Length: 30
< Connection: keep-alive
< Set-Cookie: acw_tc=2760820216232308330166792e8048e541cca05b87bc442107d9d1e9842f8c;path=/;HttpOnly;Max-Age=1800
< Server: openresty
< Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0
< P3P: "CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT""
< Strict-Transport-Security: max-age=31536000
<
* Connection #0 to host xueqiu.com left intact
{"isSuccess":true,"retCode":1}*
从1.2中报文来看,主要的不同有:请求方法不一致,一个是GET,一个是POST;请求参数的位置不一致:GET请求的参数是连接在URL中,增加了篡改的可能性,而POST参数放在请求体中,因此POST请求相对GET请求来说较为安全。
比较常用的测试工具是postman、jmeter等,比较常用的协议分析工具有fiddler、tcpdump+wireshark、Charles等。