[研究]curl檢測HTTP/2

[研究]curl檢測HTTP/2

2025-06-09

環境：Visual Studio 2022 + ASP.NET + WebForm + Web Application + C# + SQL Server 2019 + SQL Server Management Studio (SSMS) 19

********************************************************************************

Rocky Linux 9.5

[root@localhost ~]# curl --version curl 7.76.1 (x86_64-redhat-linux-gnu) libcurl/7.76.1 OpenSSL/3.2.2 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0 Release-Date: 2021-04-14 Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets [root@localhost ~]#

實際測試

[root@localhost ~]# curl --http2 -I https://www.google.com HTTP/2 200 content-type: text/html; charset=ISO-8859-1 content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-ga9b8uHP7ceHEfCj8jv6_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp accept-ch: Sec-CH-Prefers-Color-Scheme p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." date: Mon, 09 Jun 2025 02:03:34 GMT server: gws x-xss-protection: 0 x-frame-options: SAMEORIGIN expires: Mon, 09 Jun 2025 02:03:34 GMT cache-control: private set-cookie: AEC=AVh_V2gfgkYCKISRWird9OU6SF1DejA9SVueWn_2ZCWmbLz7CT3gqkADUwo; expires=Sat, 06-Dec-2025 02:03:34 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax set-cookie: NID=524=nyA2xsX3MvlZfj3A2zFxdpXMe6u2YEd5HPht_oMx0aFfi57DLiz-DUHObv-FSWlI2EJqAHnEQ7vuJwtE_DeGrWXCeDmwEZ4Xs_YRU28J-RYGj3p4WFceIHLt19YcNpr8uPwO-uOzk1w5mXX_6WE76UYmAQP8vjTyeqOg9FnJ-Za2n38Ysj4hurWofK7G0hX2FqY53F6u4MGYXJA; expires=Tue, 09-Dec-2025 02:03:34 GMT; path=/; domain=.google.com; HttpOnly alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 [root@localhost ~]#

實際測試

[root@localhost ~]# curl --http2 -I https://www.hinet.net HTTP/2 403 server: HiNetCDN date: Mon, 09 Jun 2025 02:05:46 GMT content-type: text/plain content-length: 10 x-request-id: 6723b1b39de9f1c01bb75b84c4dccd8d x-cache: RULE [root@localhost ~]#

Windows Server 2019繁體中文標準版，不支援 HTTP/2檢查

C:\>curl --version curl 8.9.1 (Windows) libcurl/8.9.1 Schannel zlib/1.3 WinIDN Release-Date: 2024-07-31 Protocols: dict file ftp ftps http https imap imaps ipfs ipns mqtt pop3 pop3s smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets C:\>

Windows Server 2025繁體中文標準版，不支援 HTTP/2檢查

C:\>curl --version curl 8.12.1 (Windows) libcurl/8.12.1 Schannel zlib/1.3 WinIDN Release-Date: 2025-02-13 Protocols: dict file ftp ftps http https imap imaps ipfs ipns mqtt pop3 pop3s smb smbs smtp smtps telnet tftp ws wss Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets C:\>

Kali 2025.1c 支援 HTTP/2檢查

[root@localhost ~]# ┌──(kali㉿kali)-[~] └─$ curl --version curl 8.12.1 (x86_64-pc-linux-gnu) libcurl/8.12.1 GnuTLS/3.8.9 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.2 libssh2/1.11.1 nghttp2/1.64.0 ngtcp2/1.9.1 nghttp3/1.6.0 librtmp/2.3 OpenLDAP/2.6.9 Release-Date: 2025-02-13, security patched: 8.12.1-2 Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd ┌──(kali㉿kali)-[~] └─$

Kali 2025.1c 的 curl 檢測 Windows Server 2025 的 IIS 10.0 安裝自簽憑證

┌──(kali㉿kali)-[~] └─$ curl --http2 -I https://192.168.128.144/ curl: (60) server verification failed: certificate signer not trusted. (CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none) More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the webpage mentioned above. ┌──(kali㉿kali)-[~] └─$ curl --http2 -I http://192.168.128.144/ HTTP/1.1 200 OK Content-Length: 703 Content-Type: text/html Last-Modified: Mon, 09 Jun 2025 03:51:03 GMT Accept-Ranges: bytes ETag: "8bc6eab8f1d8db1:0" Server: Microsoft-IIS/10.0 Date: Mon, 09 Jun 2025 03:58:13 GMT ┌──(kali㉿kali)-[~] └─$

Kali 2025.1c 的 curl 檢測 Windows Server 2025 的 IIS 10.0 安裝自簽憑證

┌──(kali㉿kali)-[~] └─$ curl --http2 -I -k https://192.168.128.131/ curl: (35) GnuTLS, handshake failed: Key usage violation in certificate has been detected. ┌──(kali㉿kali)-[~] └─$

Windows Server 2025 的 IIS 10.0 改用正式憑證，Kali Linux 的 /etc/hosts 中設定網址和 IP 對應；

Win + R → 輸入 regedit

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

新增：

名稱 類型 數值

EnableHttp2 DWORD (32-bit) 1

命令提示字元(系統管理員)執行 iisreset

┌──(kali㉿kali)-[~] └─$ curl --http2 -I -k https://(遮蔽)/ HTTP/2 200 content-length: 703 content-type: text/html last-modified: Mon, 09 Jun 2025 07:49:53 GMT accept-ranges: bytes etag: "af791a1613d9db1:0" server: Microsoft-IIS/10.0 date: Mon, 09 Jun 2025 08:19:21 GMT ┌──(kali㉿kali)-[~] └─$

(完)

相關