逆向工程HTTP请求 [英] Reverse Engineering HTTP request

问题描述

我正在尝试解码Android instagram应用发送到graph.instagram.com的帖子数据.这个问题类似于在这里找到的那​​个问题:

I am trying to decode the post data sent to graph.instagram.com by the Android instagram app. The question is simillar to the one found here:

反向工程师HTTP请求

似乎iPhone应用程序的处理方式与Android应用程序不同，或者自从提出此问题以来，情况有所改变.我已经使用Burp捕获了流量，看来主要数据现在已经作为.gz文件发送到IG了:

It seems that either the iPhone app handles this differently to the Android app or something has changed since that question was asked. I've captured the traffic using Burp and it seems the main data is now sent to IG as a .gz file:

POST /logging_client_events HTTP/1.1
X-IG-Connection-Type: WIFI
X-IG-Capabilities: 3brTAw==
X-IG-App-ID: 567067343352427
User-Agent: Instagram 24.0.0.11.201 Android (23/6.0; 240dpi; 480x854; LENOVO/Lenovo; Lenovo A2016a40; A2016a40; mt6735; en_GB)
Accept-Language: en-GB, en-US
Content-Type: multipart/form-data; boundary=EuG_-5FMs7IwTX7eBzBDIJ9VEteYsO
Accept-Encoding: gzip, deflate
Host: graph.instagram.com
X-FB-HTTP-Engine: Liger
Connection: close
Content-Length: 4206

--EuG_-5FMs7IwTX7eBzBDIJ9VEteYsO
Content-Disposition: form-data; name="access_token"

567067343352427|f249176f09e26ce54212b472dbab8fa8
--EuG_-5FMs7IwTX7eBzBDIJ9VEteYsO
Content-Disposition: form-data; name="format"

json
--EuG_-5FMs7IwTX7eBzBDIJ9VEteYsO
Content-Disposition: form-data; name="cmsg"; filename="a24cc6f3-23f1-438f-aecb-3f201d312c90_1.batch.gz"
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary

í][sÚHý/<ÇÞ¾ª»]µÎÈÎâZ‰M›H[[*!HHÀ"0—©ùïûµ„mƒ2v‚�ÎTRCß/ç|§ïú½VÄÿ«�áµp<’Ní¬Æ-�,A¥œ0"j•×m<?ÂNü‡ñ)A|Ú³$ëÃY~IŽ  ¶À¹ß&Q\%GÛ(–�=a´‹NÕ‰dqû$Ʋ’�Ðn‡B"n˜'Ù2øŽ˜E\ÉhXÅ       ‹"«KOÀCDÙ= ã¨}B»PàÅ$RâÌÊÀúÿ¢Ñ°›ô‚¨Gƒ¢¬G[p£H°PѸ2L¥$¡âmÊCÅ"ò  ÚDçqnK×~8ÆüœÄ½YNtK„Ó°vöŸßkÃ0�Á'Ó°7    ó`4é…Ã$
n"xw‚$OªŠ@¬iRÆОĄóSiqpÏG�Y¦}º1DÑ¡²dƒG¼˜N Ÿßky0蘖…±Dq‚1—J   p�âŒa]í°
÷È-¦@AgÊ¢¢t©�(Ï$ŒÉ°LGƒX×7^^ÿëÕ*l©Y=áþv5÷¾fE›\êéXÔólõ•\μւw>ei„ŠòË4$7Ú?÷•ÿïyÒùz3ö«[õô*÷Ó‹¥×tæ�OW©Ÿ~IœfÄ\;Kò7šYæÚ7™ÛúÌ�¦Gœæs싹۬/œæ5k4Ôýw½¨Ý,úY")Ô&Ó¬�è´/°Ó¬/Ý4ZºÍÏ�æ¥Ü™Æ×9qÓkÔ°ÏWŽ}Í»ö€9«Næ§uÒ«ÔI=ä¥ýÄùt½tí/    ¤Gv6ðs¿ïÚ×Ôµ¯ò†}™5Z/ÿOnâØ=î~ºÊtÞN³ŸøÍÏIê‘lØÎ/QçëUm˜Ô‡èïΣÙ0êa4­ÐõmowGY6š€¤é¬Ðþåo蟲"Eí}

--EuG_-5FMs7IwTX7eBzBDIJ9VEteYsO
Content-Disposition: form-data; name="sent_time"

1512267283.408
--EuG_-5FMs7IwTX7eBzBDIJ9VEteYsO
Content-Disposition: form-data; name="cmethod"

deflate
--EuG_-5FMs7IwTX7eBzBDIJ9VEteYsO--

由于某种原因，我无法将乱码"完全粘贴到二进制文件下，​​并且在几行后会中断.

For some reason I am unable to paste the 'gibberish' below binary fully and it cuts off after a few lines.

有人知道这是怎么编码的吗?它应该是.gz，但是Burp的输出看起来并不像它.无论如何，我可以保存文件以便检查吗?打p，也没有提琴手支持这样的事情.

Any idea how this is encoded? it's supposed to be .gz but the output from Burp doesn't look anything like it. Is there anyway I can save the file so I can inspect it? Burp, nor fiddler seem to support anything like that.

推荐答案

要对其进行解压缩，请使用省略标头检查的充气机

To decompress it use inflater that omit header check

Zlib::Inflate.new(-Zlib::MAX_WBITS).inflate(File.read("*.batch.gz"))

在红宝石文档中，我们可能会读到

In the ruby doc we might read this

Zlib::Inflate.new(window_bits = Zlib::MAX_WBITS)

创建新的充气流以进行减压. window_bits设置历史记录缓冲区的大小，并可以具有以下值:

Creates a new inflate stream for decompression. window_bits sets the size of the history buffer and can have the following values:

• 0-膨胀使用zlib标头中的窗口大小 压缩流.

• 0 - Have inflate use the window size from the zlib header of the compressed stream.

(8..15)- 覆盖压缩流中膨胀标头的窗口大小.窗口大小必须大于或等于压缩流的窗口大小.

(8..15) - Overrides the window size of the inflate header in the compressed stream. The window size must be greater than or equal to the window size of the compressed stream.

大于15将32-添加到window_bits以启用zlib和gzip 自动标头检测解码，或加16仅解码 gzip格式(对于非gzip，将引发Zlib :: DataError 流).

Greater than 15 Add 32 - to window_bits to enable zlib and gzip decoding with automatic header detection, or add 16 to decode only the gzip format (a Zlib::DataError will be raised for a non-gzip stream).

(-8 ..- 15)-启用原始放气模式，该模式不会生成检查 值，并且不会在 流的结尾.

(-8..-15) - Enables raw deflate mode which will not generate a check value, and will not look for any check values for comparison at the end of the stream.

这可与其他使用deflate压缩数据格式的格式一起使用，例如zip，它们提供自己的校验值.

This is for use with other formats that use the deflate compressed data format such as zip which provide their own check values.

https://ruby​​-doc .org/stdlib-2.6.3/libdoc/zlib/rdoc/Zlib/Inflate.html

这篇关于逆向工程HTTP请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！