配置支持PUT上传的web环境
支持put上传需要修改以下配置http.conf
//打开下面两个moduleLoadModule dav_module modules/mod_dav.soLoadModule dav_fs_module modules/mod_dav_fs.so//增加一下配置,允许Apache支持put方法Dav On AllowOverride None Options ALL Order allow,deny Allow from allDavLockDB DavLock
除此之外,想要通过put上传文件,需要建立一个文件夹 DavLock 文件目录位置为 ./Apache/DavLock为Apache安装目录下增加一个锁文件WebDAV使得应用程序可以直接将文件写到 Web Server 上,并且在写文件时候可以对文件加锁,写完后对文件解锁,还可以支持对文件所做的版本控制。基于 WebDAV可以实现一个功能强大的内容管理系统或者配置管理系统。
PUT上传报文模板
PUT /test.txt HTTP/1.1Accept: */*Accept-Language: en-USUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: 127.0.0.1hello world
COPY报文模板
COPY /test.txt HTTP/1.1Host: test.comDestination: http://test.com/test.asp
MOVE报文模板
MOVE /dir_name/test.aspx HTTP/1.1Destination: /test.aspxHost: test.com//MOVE方法要求移动的文件不在同一个文件夹内
Success后服务器响应状态
PUT,COPY,MOVE等方法执行成功后服务器响应的返回值都会是201
测试
使用BurpSuit的Repeater模块发包
put上传
Request请求包
PUT /test.txt HTTP/1.1Accept: */*Accept-Language: en-USUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: 127.0.0.1Content-Length: 35 hello world" ?>
Respons响应包
HTTP/1.1 201 CreatedDate: Fri, 22 Dec 2017 09:46:32 GMTServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.5.38Location: http://127.0.0.1/test.txtContent-Length: 181Content-Type: text/html; charset=ISO-8859-1201 Created Created
Resource /test.txt has been created.
COPY修改文件后缀
Request请求包
COPY /test.txt HTTP/1.1Accept: */*Accept-Language: en-USUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Host: 127.0.0.1Destination: http://127.0.0.1/test.phpContent-Length: 2\r\n\r\n#必须要有两个回车,便于理解使用(\r\n)表明,实际直接敲两个回车就好。
Respons响应包
HTTP/1.1 201 CreatedDate: Fri, 22 Dec 2017 09:56:11 GMTServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.5.38Location: http://127.0.0.1/test.phpContent-Length: 184Content-Type: text/html; charset=ISO-8859-1201 Created Created
Destination /test.php has been created.
访问test.php
Request请求包
GET /test.php HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://127.0.0.1/Connection: closeUpgrade-Insecure-Requests: 1
Respons响应包
HTTP/1.1 200 OKDate: Fri, 22 Dec 2017 10:07:57 GMTServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.5.38X-Powered-By: PHP/5.5.38Content-Length: 19Connection: closeContent-Type: text/htmlhello world
访问test.txt
Request请求包
GET /test.txt HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://127.0.0.1/Connection: closeUpgrade-Insecure-Requests: 1
Respons响应包
HTTP/1.1 200 OKDate: Fri, 22 Dec 2017 10:09:23 GMTServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.5.38Last-Modified: Fri, 22 Dec 2017 09:46:32 GMTETag: "1a-560eab110da27"Accept-Ranges: bytesContent-Length: 26Connection: closeContent-Type: text/plainecho "hello world
"