如何使用openssl的s_client向服务器发送一个简短的string?我已经阅读了s_client手册,但没有找到任何可用的标志。或者有没有其他方法可以达到这个目的?
openssl
s_client
string
kwvwclae1#
有人知道如何使用openssl的s_client向服务器发送一个短字符串吗?你可以echo它在下面,我用了一个GET与HTTP/1.0和tweeter粗暴地拒绝了我的请求:
echo
GET
HTTP/1.0
HTTP/1.0 400 Bad Request Content-Length: 0
-ign_eof保持连接打开以读取响应。Tweeter使用Verisign作为CA。您可以从here获取 VeriSign Class 3 Primary CA - G5,然后将其用作-CAfile的参数,以确保链验证。以下是s_client(1)上的OpenSSL文档。
-ign_eof
-CAfile
s_client(1)
$ echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect twitter.com:443 -CAfile PCA-3G5.pem -ign_eof CONNECTED(00000003) depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)06, CN = VeriSign Class 3 Extended Validation SSL CA verify return:1 depth=0 1.3.6.1.4.1.311.60.2.1.3 = US, 1.3.6.1.4.1.311.60.2.1.2 = Delaware, businessCategory = Private Organization, serialNumber = 4337446, C = US, postalCode = 94103-1307, ST = California, L = San Francisco, street = 1355 Market St, O = "Twitter, Inc.", OU = Twitter Security, CN = twitter.com verify return:1 --- Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private Organization/serialNumber=4337446/C=US/postalCode=94103-1307/ST=California/L=San Francisco/street=1355 Market St/O=Twitter, Inc./OU=Twitter Security/CN=twitter.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 --- Server certificate -----BEGIN CERTIFICATE----- MIIGCjCCBPKgAwIBAgIQNC7E3U4iWJiTy5wznxxGDDANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x NDA0MDgwMDAwMDBaFw0xNjA1MDkyMzU5NTlaMIIBEjETMBEGCysGAQQBgjc8AgED EwJVUzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0 ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzQzMzc0NDYxCzAJBgNVBAYTAlVTMRMw EQYDVQQRFAo5NDEwMy0xMzA3MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH FA1TYW4gRnJhbmNpc2NvMRcwFQYDVQQJFA4xMzU1IE1hcmtldCBTdDEWMBQGA1UE ChQNVHdpdHRlciwgSW5jLjEZMBcGA1UECxQQVHdpdHRlciBTZWN1cml0eTEUMBIG A1UEAxQLdHdpdHRlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDGh6KKnZPGMiX5lC8Me9pev8CWscg5cIifrEV5WVW2v8sCoFlBDdnnIw26tqku c/uL2aJoB8LAxllik0eNWRq9Q4YDRNuW05YIRQMEgRmAZvIKBpcLCcsB7YVLY7Jp FBWGOEiUmL2c6GTc2NQWa723Jqwc6VgXZjDiL+wpHKUYc5RZz4IO3SdJ/Xlq38te t5ZffCp/LBhhYNNUMStjEGdQwZCcnWF1DuaZ5TgxzdSGBSdFhssh5aCQO65TjQVn cx4g8LNhXHNO7UxNIbEtuPmc0J8amPRHA0euHrgp2wBRZ0tL8Xphm0be3uAoA3DE dO/d4wTMBNn5pN13Z9kYhzW/AgMBAAGjggGvMIIBqzAnBgNVHREEIDAeggt0d2l0 dGVyLmNvbYIPd3d3LnR3aXR0ZXIuY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQD AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkG C2CGSAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWdu LmNvbS9jcHMwHQYDVR0OBBYEFBdQCycEZZ1SEbOZAgDknEo1GgKeMB8GA1UdIwQY MBaAFPyKULqeuSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6 Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYI KwYBBQUHAQEEcDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52 ZXJpc2lnbi5jb20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVy aXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQELBQADggEBAIfv GC219t5efjKTRhtwn2lEtWaQpsYlSyeN8KxLnVJlHRb5z1j8oJER6JmjeqelTvZ1 RlxZ3A8cQdrntpeh9kFkU3wMK6TjaMKYDrIaFzV1M4FXsqBbJ6vAb2GX1lDu7oxS /FrNXH9ebFclDDlXJ3FWGbABxf+xpeowr9y+Md5xgQ0Lpm82NZFei9zuJayJYh4B ZbIJ4D9XBa73ZqIBvGXixeahHIvBA9Q0T92gQDJoMXuQ3RkVt63lL4EoJaEQNr1f JDn2Wb0MFtKokWF1zb86glCCb7nvc/vbotiWzZt+a49XSByZ1F17I49F/N5cU9ZU DQzsM2ToLAU2fwA6h/U= -----END CERTIFICATE----- subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private Organization/serialNumber=4337446/C=US/postalCode=94103-1307/ST=California/L=San Francisco/street=1355 Market St/O=Twitter, Inc./OU=Twitter Security/CN=twitter.com issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA --- No client certificate CA names sent --- SSL handshake has read 3724 bytes and written 446 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 53BE6F30E6C52AAFFC01EAD8D5938C78... Session-ID-ctx: Master-Key: 87810BE6303E8EB831EC63E243D4C6E7... Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 129600 (seconds) TLS session ticket: 0000 - 95 93 d8 f3 27 2f 4c 11-ab 14 ee 04 46 e3 a8 e5 ....'/L.....F... 0010 - 7f 35 16 07 6d 5e 80 7c-fa 1d cd 78 39 7e 82 0b .5..m^.|...x9~.. 0020 - 1d ee d6 99 2d d2 03 db-ab b8 37 5d f5 a5 28 62 ....-.....7]..(b 0030 - 3b f6 c7 c3 dc 7c 77 de-0f 60 d8 4c 8c f6 8e 8b ;....|w..`.L.... 0040 - c8 8e 65 68 96 ec 27 f1-26 5d 4c 25 49 fd c0 ca ..eh..'.&]L%I... 0050 - c5 86 00 19 f1 26 5a 3e-fd df ca 12 a9 f8 17 bb .....&Z>........ 0060 - 77 b8 5b 1c 58 1a 6b 16-d1 16 e0 d9 e8 b2 bf 92 w.[.X.k......... 0070 - 44 07 60 17 a0 11 23 52-3a 14 d0 79 85 a3 ae 8d D.`...#R:..y.... 0080 - 17 d1 b8 44 d7 c3 3e ab-67 4c 7a c0 d6 cd 7e fe ...D..>.gLz...~. 0090 - b7 95 56 69 8f 5f 3e ee-2a c1 f9 0e 46 75 a6 79 ..Vi._>.*...Fu.y Start Time: 1398724229 Timeout : 300 (sec) Verify return code: 0 (ok) --- HTTP/1.0 400 Bad Request Content-Length: 0 closed
ulydmbyx2#
echo "YOUR TEXT HERE" | openssl s_client -connect host:port
mrzz3bfm3#
openssl s_client应用程序可以用来通过一些创造性的bash脚本将数据发送到Web服务器。
openssl s_client
connectToHost="localhost:8443" ; \ dataToPost='{login: "Hello-world", password:"secret"}'; \ dataLen=$(expr length "${dataToPost}" ) ; \ ( printf "POST / HTTP/1.1\n" ; \ printf "Host: %s\n" "${connectToHost}"; \ printf "Content-Length: %d\n" "$((dataLen+1))" ; \ printf "Content-Type: application/x-www-form-urlencoded\r\n\r\n" ; \ printf "%s\n" "${dataToPost}" ; \ sleep 1.5 ) | openssl s_client -connect ${connectToHost}
printf和sleep语句用圆括号组合在一起,以保持管道打开,直到s_client有机会发送请求并接收响应。这会延迟文件结束信号,因此不需要-ign_eof选项。这种方法的缺点是,无论服务器如何,请求总是需要指定的时间。在bash中有很多方法可以获取字符串的长度。使用expr比其他方法更冗长,但比${#dataToPost}更容易理解。dataLen的值被递增以包括几行后的换行符。这只是为了让事情看起来更漂亮。HTTP请求头的第一行是操作POST。Host指令通常是必需的。请从s_client -connect参数相应地填充此指令。HTTP头部分的结尾总是用\r\n\r\n表示。最后一点注意。我可能过度使用了行继续符,但在手动测试或在Dockerfile内部运行时,有一个命令是很好的。
expr
${#dataToPost}
\r\n\r\n
3条答案
按热度按时间kwvwclae1#
有人知道如何使用openssl的s_client向服务器发送一个短字符串吗?
你可以
echo它在下面,我用了一个GET与HTTP/1.0和tweeter粗暴地拒绝了我的请求:-ign_eof保持连接打开以读取响应。Tweeter使用Verisign作为CA。您可以从here获取 VeriSign Class 3 Primary CA - G5,然后将其用作
-CAfile的参数,以确保链验证。以下是
s_client(1)上的OpenSSL文档。ulydmbyx2#
mrzz3bfm3#
openssl s_client应用程序可以用来通过一些创造性的bash脚本将数据发送到Web服务器。printf和sleep语句用圆括号组合在一起,以保持管道打开,直到s_client有机会发送请求并接收响应。这会延迟文件结束信号,因此不需要
-ign_eof选项。这种方法的缺点是,无论服务器如何,请求总是需要指定的时间。在bash中有很多方法可以获取字符串的长度。使用
expr比其他方法更冗长,但比${#dataToPost}更容易理解。dataLen的值被递增以包括几行后的换行符。这只是为了让事情看起来更漂亮。HTTP请求头的第一行是操作POST。
Host指令通常是必需的。请从s_client -connect参数相应地填充此指令。
HTTP头部分的结尾总是用
\r\n\r\n表示。最后一点注意。我可能过度使用了行继续符,但在手动测试或在Dockerfile内部运行时,有一个命令是很好的。