這些請求來自哪裏？

我正在使用提琴手來分析網站的請求。下面GET這些請求來自哪裏？

GET https://tss.sfs.db.com/websso/sso_FallThrough.sso?Xe47eKuUc4rm2LW9V1BHSzU1....

HTTP/1.1 302 Found 
Date: Wed, 06 Jul 2016 16:13:19 GMT 
Server: dweb 
Set-Cookie: CTSESSION=AAAAAQABAHid6vs1jduDPC1Q9ItYbjKC6Ih4bImKPTYYA6fOLowLvtT%2FsUj%2F2o7kl4ovRmo8qfOQjQgx%2B%2BQL6%2F6sspncrVYJOc62ijGMQ67Z9L%2FaklW42jLwx6BzfN2BUAiw5fU4lemLzDDlX0pGSNY1kXVCaqOS5UlOX8z62hA%3D; domain=tss.sfs.db.com; path=/; Secure; HttpOnly 
Location: /investauthenticated/servlet/web/Web?document=index 
Content-Length: 235 
Keep-Alive: timeout=5, max=100 
Connection: Keep-Alive 
Content-Type: text/html; charset=iso-8859-1 

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
<html><head> 
<title>302 Found</title> 
</head><body> 
<h1>Found</h1> 
<p>The document has moved <a href="/investauthenticated/servlet/web/Web?document=index">here</a>.</p> 
</body></html>

的Location頭重定向到

GET https://tss.sfs.db.com/investauthenticated/servlet/web/Web?document=index

和響應是

HTTP/1.1 200 OK 
Date: Wed, 06 Jul 2016 16:13:19 GMT 
Server: dweb 
Content-Length: 1500 
Set-Cookie: JSESSIONID=r73A_C0735ZlDXOeMyM7w9hSgnkMUHloIm3qIdgMKkHZ3KSPi30f!-828505221; path=/; HttpOnly 
DB-Nickname: VTJGc2RHVmtYMStCbW4yYnlaQ2Ywei9pRHlENzd3aHFQYlhVNWZSbXFJUT0= 
X-DB-NAR: 26564-1 
Keep-Alive: timeout=5, max=99 
Connection: Keep-Alive 
Content-Type: text/xml 

<?xml version="1.0" encoding="ISO-8859-1"?><?xml-stylesheet type='text/xsl' href='/stylesheets/application_internet.xsl'?><application servleturi="/investauthenticated/servlet/web/Web"> 
<menu href="Web?document=menu"/> 
<clock href="/html/invest/clock.html"/> 
<main href="Web?document=viewPortfolio&amp;portfolio=my">View All</main> 
<headerlink class="blue_11" href="https://www.tss.db.com" style="margin-left:196px" target="root">TSS Home</headerlink> 
<headerlink class="blue_11" href="http://www.db.com/index_e.htm" target="root">DB Home</headerlink> 
<headerlink class="blue_11" href="Web?document=home" target="main">Home</headerlink> 
<headerlink class="blue_11" href="Web?document=Contact" target="main">Contacts</headerlink> 
<headerlink class="blue_11" href="/html/invest/FAQS.html" target="main">FAQs</headerlink> 
<headerlink class="blue_11" href="logout" target="">Logout</headerlink> 
<subheaderlink class="horizontal_navi first" href="https://www.tss.db.com" target="root">Trust &amp; Securities Services</subheaderlink> 
<subheaderlink class="horizontal_navi" href="Web?document=home" target="main">Home</subheaderlink> 
<search class="white_11">Search by:</search> 
<search checked="true" class="blue_11_bold" id="r1">CUSIP</search> 
<search class="blue_11_bold" id="r2">ISIN</search> 
<search class="blue_11_bold" id="r3">Issuer</search> 
<parameters> 
<parameter name="document">index</parameter> 
<parameter name="release.build.name">4.3.15 2016-05-26 </parameter> 
</parameters> 
</application>

然而，療法e是它後面的以下請求。他們來自哪裏？有沒有Location，元或客戶端JavaScript重定向？

GET https://tss.sfs.db.com/investauthenticated/servlet/web/Web?document=index&frame=topbar&OWASP_CSRFTOKEN= HTTP/1.1 
GET https://tss.sfs.db.com/investauthenticated/servlet/web/Web?document=index&frame=content&OWASP_CSRFTOKEN= HTTP/1.1 
GET https://tss.sfs.db.com/investauthenticated/servlet/web/Web?document=index&frame=bottombar&OWASP_CSRFTOKEN= HTTP/1.1

來源

2016-07-06 ca9163d9

的XML文檔具有stylesheet分配給它：

<?xml-stylesheet type='text/xsl' href='/stylesheets/application_internet.xsl'?>

該樣式表使Web瀏覽器轉換XML爲HTML，以及HTML包含三個<frame>標籤：

<frameset frameborder="no" framespacing="0"> 
    <xsl:attribute name="rows">134,*,35</xsl:attribute> 
    <!-- always have a topbar --> 
    <frame noresize="noresize" name="topbar" marginwidth="0" marginheight="0" scrolling="no"> 
     <xsl:attribute name="src"><xsl:value-of select="$uri"/>?document=<xsl:value-of select="$document"/>&amp;frame=topbar&amp;OWASP_CSRFTOKEN=<xsl:value-of select="$owasp_csrftoken"/></xsl:attribute> 
    </frame>     
    <!-- always have a content row --> 
    <frame noresize="noresize" name="content" marginwidth="0" marginheight="0" scrolling="no"> 
     <xsl:attribute name="src"><xsl:value-of select="$uri"/>?document=<xsl:value-of select="$document"/>&amp;frame=content&amp;OWASP_CSRFTOKEN=<xsl:value-of select="$owasp_csrftoken"/></xsl:attribute> 
    </frame> 
    <!-- always have a bottombar --> 
    <frame noresize="noresize" name="bottombar" marginwidth="0" marginheight="0" scrolling="no"> 
     <xsl:attribute name="src"><xsl:value-of select="$uri"/>?document=<xsl:value-of select="$document"/>&amp;frame=bottombar&amp;OWASP_CSRFTOKEN=<xsl:value-of select="$owasp_csrftoken"/></xsl:attribute> 
    </frame>     
</frameset>

其中：

$uri是https://tss.sfs.db.com/investauthenticated/servlet/web/Web。
$document是index。
$owasp_csrftoken是空白。

因此生產這種HTML：

<frameset frameborder="no" framespacing="0" rows="134,*,35"> 
    <!-- always have a topbar --> 
    <frame noresize="noresize" name="topbar" marginwidth="0" marginheight="0" scrolling="no" src="https://tss.sfs.db.com/investauthenticated/servlet/web/Web?document=index&frame=topbar&OWASP_CSRFTOKEN="/> 
    <!-- always have a content row --> 
    <frame noresize="noresize" name="content" marginwidth="0" marginheight="0" scrolling="no" src="https://tss.sfs.db.com/investauthenticated/servlet/web/Web?document=index&frame=content&OWASP_CSRFTOKEN="/> 
    <!-- always have a bottombar --> 
    <frame noresize="noresize" name="bottombar" marginwidth="0" marginheight="0" scrolling="no" src="https://tss.sfs.db.com/investauthenticated/servlet/web/Web?document=index&frame=bottombar&OWASP_CSRFTOKEN="/> 
</frameset>

哪一個是你所看到的三個URL。

來源

2016-07-06 21:14:00 gudok

謝謝。瀏覽器/客戶端是否發生了xslt轉換？我沒有看到在我登錄的會話中下載的xsl文件。也許它是在我登錄之前下載的，如果它是真的？ – ca9163d9

轉型是客戶端。服務器只發送XML和樣式表，然後瀏覽器解釋它們並翻譯顯示。 –

@RemyLebeau明白了。在我開始記錄會話之前，應該下載xsl文件。 – ca9163d9

這些請求來自哪裏？

回答

相關問題