http是將內(nèi)容文字通過(guò)tcp傳送,內(nèi)容是明文,未經(jīng)加密,可透過(guò)tcpdump偷看。
https將內(nèi)容文字用不對(duì)稱的方式加密后再傳送,加密協(xié)議是TLS或SSL,透過(guò)tcpdump看到的內(nèi)容是亂碼。而且服務(wù)器端更換密鑰無(wú)需通知client。
How hackers love your HTTP data
https://blog.usejournal.com/how-hackers-love-your-http-data-157e76f2c66a
How you could get hacked at a coffee shop
https://medium.com/bugbountywriteup/how-you-could-get-hacked-at-a-coffee-shop-3a81a53c0b4fHacker Lexicon: What Is HTTPS?
https://www.wired.com/2016/04/hacker-lexicon-what-is-https-encryption/