paulwong

http與https的區別

http是將內容文字通過tcp傳送，內容是明文，未經加密，可透過tcpdump偷看。

https將內容文字用不對稱的方式加密后再傳送，加密協議是TLS或SSL，透過tcpdump看到的內容是亂碼。而且服務器端更換密鑰無需通知client。

How hackers love your HTTP data
https://blog.usejournal.com/how-hackers-love-your-http-data-157e76f2c66a

How you could get hacked at a coffee shop
https://medium.com/bugbountywriteup/how-you-could-get-hacked-at-a-coffee-shop-3a81a53c0b4f

Hacker Lexicon: What Is HTTPS?
https://www.wired.com/2016/04/hacker-lexicon-what-is-https-encryption/

posted on 2021-02-04 17:00 paulwong 閱讀(216) 評論(0) 編輯收藏所屬分類: HTTP