CN108985013A - Method, apparatus, client and the server-side that detection SWF file is used by third party application - Google Patents
Method, apparatus, client and the server-side that detection SWF file is used by third party application Download PDFInfo
- Publication number
- CN108985013A CN108985013A CN201710401175.7A CN201710401175A CN108985013A CN 108985013 A CN108985013 A CN 108985013A CN 201710401175 A CN201710401175 A CN 201710401175A CN 108985013 A CN108985013 A CN 108985013A
- Authority
- CN
- China
- Prior art keywords
- swf file
- client
- server
- address
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 46
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000006870 function Effects 0.000 claims description 33
- 238000004891 communication Methods 0.000 claims description 24
- 230000010365 information processing Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 19
- 230000005540 biological transmission Effects 0.000 description 5
- 230000002093 peripheral effect Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 241000251468 Actinopterygii Species 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Abstract
The present invention relates to technical field of information processing, a kind of method, apparatus, client and server-side that detection SWF file is used by third party application is provided, client is equipped with Flash, applied to client the described method includes: when SWF file is run by the application program of client, the operation address information of SWF file is obtained by Flash;Operation address information is sent to server-side, so that server-side determines whether SWF file is used by third party application according to operation address information;Applied to server-side the described method includes: obtaining the operation address information for the SWF file that client is sent;Judge to run whether address information meets preset standard, if not meeting, determines that SWF file is used by third party application.When SWF file by third party application in use, server-side can be known at the first time, to acquire corresponding measure, effectively avoid the problem that SWF file is by decompiling in the prior art.
Description
Technical field
The present invention relates to technical field of information processing, in particular to a kind of detection SWF file by third-party application journey
Method, apparatus, client and the server-side that sequence uses.
Background technique
Currently, Flash is widely used in webpage design and web animation production and video web page broadcasting etc..Mostly
Video website includes that webcast website all uses Flash as its video player, and most of web game also will use
Flash is developed, and the exploitation of Flash developed using ActionScript scripting language.Due to the characteristic of its scripting language,
Cause it to be very easy to by decompiling, so as to from the SWF file (the execution file of Flash) finally issued decompiling look into
It sees its source code, and finds the application method of its each functional interface and interface.Simultaneously because Flash has the original of emission mechanism
Reason, so as to get the total interface of SWF file from the SWF file finally issued, can then be adjusted by emission mechanism
With its interface function, third party application then can directly use the function of the SWF, so that Flash is extremely dangerous.
Summary of the invention
The purpose of the present invention is to provide one kind, to improve the above problem.
To achieve the goals above, technical solution used in the embodiment of the present invention is as follows:
In a first aspect, being applied to the present invention provides a kind of method that detection SWF file is used by third party application
With the client of server-side communication connection, client is equipped with Flash.The described method includes: working as SWF file answering by client
When being run with program, the operation address information of SWF file is obtained by Flash;Operation address information is sent to server-side, with
Server-side is set to determine whether SWF file is used by third party application according to operation address information.
Second aspect, the present invention provides a kind of methods that detection SWF file is used by third party application, are applied to
The server-side being connect with client communication.The described method includes: obtaining the operation address information for the SWF file that client is sent;
Judge to run whether address information meets preset standard, if not meeting, determines that SWF file is used by third party application.
The third aspect, the present invention provides a kind of devices that detection SWF file is used by third party application, are applied to
With the client of server-side communication connection, client is equipped with Flash.Described device includes that the first execution module and second execute
Module, wherein the first execution module is used to obtain SWF by Flash when SWF file is run by the application program of client
The operation address information of file;Second execution module is sent to server-side for will run address information so that server-side according to
Operation address information determines whether SWF file is used by third party application.
Fourth aspect, the present invention provides a kind of devices that detection SWF file is used by third party application, are applied to
The server-side being connect with client communication.Described device includes third execution module and the 4th execution module, wherein third executes
Module is used to obtain the operation address information for the SWF file that the client is sent;4th execution module is for judging institute
It states whether operation address information meets preset standard, if not meeting, determines that the SWF file is made by third party application
With.
5th aspect is equipped with Flash and communicates to connect with server-side the present invention provides a kind of client.It is described
Client includes the device that first memory, first processor and detection SWF file are used by third party application, institute
The device that detection SWF file is used by third party application is stated to be installed in the first memory and including one or more
The software function mould group executed by the first processor.The device that the detection SWF file is used by third party application
Including the first execution module and the second execution module, wherein the first execution module is used for when SWF file is by the application journey of client
When sort run, the operation address information of SWF file is obtained by Flash;Second execution module will be for that will run address information hair
It send to server-side, so that server-side determines whether SWF file is used by third party application according to operation address information.
6th aspect, the present invention provides a kind of server-side, the server-side is connect with client communication comprising second
The device that memory, second processor and detection SWF file are used by third party application, the detection SWF file quilt
The device that third party application uses is installed in the second memory and including one or more by the second processing
The software function mould group that device executes.The device that the detection SWF file is used by third party application includes that third executes mould
Block and the 4th execution module, wherein third execution module is used to obtain the SWF file of the client transmission operably
Location information;4th execution module, if not meeting, determines institute for judging whether the operation address information meets preset standard
SWF file is stated to be used by third party application.
Compared with the prior art, the invention has the following advantages: a kind of detection SWF file provided by the invention is by third
Method, apparatus, client and the server-side that square application program uses, when SWF file is run by the application program of client, visitor
Family end obtains the operation address information of SWF file by Flash, and sends server-side, server-side root for operation address information
According to operation address information, it will be able to determine whether SWF file is used by third party application, therefore, when SWF file is by third
Square application program to take appropriate measures, effectively avoids in the prior art in use, server-side can be known at the first time
The problem of SWF file is by decompiling.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows the schematic diagram that server-side provided in an embodiment of the present invention and client interact.
Fig. 2 shows the block diagrams of client provided in an embodiment of the present invention.
Fig. 3 shows the block diagram of server-side provided in an embodiment of the present invention.
Fig. 4 shows the detection SWF file provided in an embodiment of the present invention applied to client by third party application
The flow chart of the method used.
Fig. 5 is the sub-step flow chart of the step S101 shown in Fig. 4.
Fig. 6 is the sub-step flow chart of the sub-step S1011 shown in Fig. 5.
Fig. 7 is the sub-step flow chart of the sub-step S1012 shown in Fig. 5.
Fig. 8 shows the detection SWF file provided in an embodiment of the present invention applied to server-side by third party application
The flow chart of the method used.
Fig. 9 shows the block diagram of the first detection device provided in an embodiment of the present invention.
Figure 10 be Fig. 9 shown in the first detection device in the first execution module block diagram.
Figure 11 be Figure 10 shown in the first execution module in domain-name information acquiring unit block diagram.
Figure 12 be Figure 10 shown in the first execution module in the first URL address acquisition unit block diagram.
Figure 13 shows the block diagram of second detection device provided in an embodiment of the present invention.
Icon: 100- client;The first detection device of 110-;The first execution module of 111-;The second execution module of 112-;
1111- domain-name information acquiring unit;The first judging unit of 11111-;The sub- execution unit of 11112- first;The second son of 11113- is held
Row unit;The first URL address acquisition unit of 1112-;11121- second judgment unit;The sub- execution unit of 11122- third;
The sub- execution unit of 11123- the 4th;The 2nd URL address acquisition unit of 1113-;120- first memory;130- storage control;
140- first processor;150- Peripheral Interface;The first communication unit of 160-;170- radio frequency unit;200- server-side;210- second
Detection device;211- third execution module;The 4th execution module of 212-;220- second memory;230- second processor;240-
Second communication unit;300- network;400- third party application.
Specific embodiment
Below in conjunction with attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Usually exist
The component of the embodiment of the present invention described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.Cause
This, is not intended to limit claimed invention to the detailed description of the embodiment of the present invention provided in the accompanying drawings below
Range, but it is merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall within the protection scope of the present invention.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.Meanwhile of the invention
In description, term " first ", " second " etc. are only used for distinguishing description, are not understood to indicate or imply relative importance.
Fig. 1 is please referred to, Fig. 1 shows server-side 200 provided in an embodiment of the present invention and carries out at least one client 100
Interactive schematic diagram.Server-side 200 can be communicated by network 300 with client 100, to realize server-side 200 and client
Data communication or interaction between end 100.Server-side 200 can provide at least one third party for being suitable for various operating systems
The installation kit of application program 400 is downloaded for client 100.After client 100 accesses server-side 200 by network 300, it can pass through
Network 300 is suitable for the installation kit of the third party application 400 of the operating system of the client 100 from the downloading of server-side 200,
Third party application 400 to be installed in client 100.
In embodiments of the present invention, server-side 200 is web (website) server.Client 100 may be, but not limited to,
Smart phone, PC (personal computer, PC), tablet computer, personal digital assistant (personal
Digital assistant, PDA), mobile internet surfing equipment (mobile Internet device, MID) etc..Client 100
Operating system may be, but not limited to, Android (Android) system, IOS (iPhone operating system) system,
Windows phone system, Windows system etc..Third party application 400 can be any of the offer of server-side 200 can
For application program client 100 customized downloading and installed, it is preferable that in the present embodiment, third party application 400 can be
The local program of the client 100 of various operation SWF files.
Referring to figure 2., Fig. 2 is the block diagram of client 100 described in Fig. 1.The client 100 includes the first detection
Device 110, first memory 120, storage control 130, first processor 140, Peripheral Interface 150, the first communication unit 160
And radio frequency unit 170.
First memory 120, storage control 130, first processor 140, Peripheral Interface 150, radio frequency unit 170 and
Each element of first communication unit 160 is directly or indirectly electrically connected between each other, to realize the transmission or interaction of data.Example
Such as, these elements can be realized by one or more communication bus or signal wire be electrically connected between each other.First detection device
110 include that at least one can be stored in the first memory 120 or solidify in the form of software or firmware (firmware)
Software function module in the operating system (operating system, OS) of client 100.First memory 120 stores
The third party application 400 for thering is client 100 to download and install from server-side 200.First processor 140 is for executing the
The executable module stored in one memory 120, such as software function module and computer included by the first detection device 110
Program etc..
Wherein, first memory 120 may be, but not limited to, random access memory (Random Access
Memory, RAM), read-only memory (Read Only Memory, ROM), programmable read only memory (Programmable
Read-Only Memory, PROM), erasable read-only memory (Erasable Programmable Read-Only
Memory, EPROM), electricallyerasable ROM (EEROM) (Electric Erasable Programmable Read-Only
Memory, EEPROM) etc..Wherein, first memory 120 is for storing program, and first processor 140 is executed instruction receiving
Afterwards, described program is executed.First processor 140 and other possible components can store the access of first memory 120
It is carried out under the control of controller 130.
First processor 140 may be a kind of IC chip, the processing capacity with signal.Above-mentioned processor can
To be general processor, including central processing unit (Central Processing Unit, CPU), network processing unit (Network
Processor, NP) etc.;Can also be digital signal processor (DSP)), specific integrated circuit (ASIC), field programmable gate
Array (FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.It can be real
Now or execute the embodiment of the present invention in disclosed each method, step and logic diagram.General processor can be micro process
Device or the processor are also possible to any conventional processor etc..Peripheral Interface 150 by various input/output devices (such as
Radio frequency unit 170) it is coupled to the first processor 140 and first memory 120.In some embodiments, Peripheral Interface
150, first processor 140 and storage control 130 can be realized in one single chip.In some other example, they
It can be realized respectively by independent chip.
Radio frequency unit 170 realizes radio wave and telecommunications for receiving and transmitting radio wave signal (such as electromagnetic wave)
Number mutual conversion, to realize the wireless communication between client 100 and network 300 or other communication equipments.
First communication unit 160 is used to establish connection by network 300 and server-side 200, thus realize server-side 200 with
Communication connection between client 100.For example, first communication unit 160 can use the radio frequency letter of the transmission of radio frequency unit 170
It number is connected to network 300, and then is established and is communicated to connect by network 300 and server-side 200.
Referring to figure 3., Fig. 3 is the block diagram of server-side 200 shown in FIG. 1.Server-side 200 includes the second detection dress
Set 210, second memory 220, second processor 230 and the second communication unit 240.
Second memory 220, second processor 230 and each element of the second communication unit 240 between each other directly or
Ground connection is electrically connected, to realize the transmission or interaction of data.For example, these elements can pass through one or more communication between each other
Bus or signal wire, which are realized, to be electrically connected.Second detection device 210 includes at least one can be with software or firmware (firmware)
Form be stored in second memory 220 or be solidificated in the server-side 200 operating system (operating system,
OS the software function module in).Second processor 230 is used to execute the executable module stored in second memory 220, such as
Software function module included by second detection device 210 and computer program etc..
Wherein, the second memory 220 may be, but not limited to, random access memory (Random Access
Memory, RAM), read-only memory (Read Only Memory, ROM), programmable read only memory (Programmable
Read-Only Memory, PROM), erasable read-only memory (Erasable Programmable Read-Only
Memory, EPROM), electricallyerasable ROM (EEROM) (Electric Erasable Programmable Read-Only
Memory, EEPROM) etc..Wherein, second memory 220 is for storing program, and second processor 230 is executed instruction receiving
Afterwards, described program is executed.Second communication unit 240 is used to establish between server-side 200 and client 100 by network 300
Communication connection, and for passing through 300 sending and receiving data of network.
First embodiment
Referring to figure 4., Fig. 4 shows the detection SWF file provided in an embodiment of the present invention applied to client 100 by
The flow chart for the method that tripartite's application program uses.Client 100 is equipped with Flash, the detection SWF applied to client 100
Method that file is used by third party application the following steps are included:
Step S101 obtains the operation of SWF file by Flash when SWF file is run by the application program of client
Address information.
In embodiments of the present invention, the application program of client 100 includes web application and third party application
400, web application can be the application software operated on the net using web browser in internet or enterprises, example
Such as, the Baidu that is operated on the net using web browsers such as 360 browsers, Google's browser, IE browser, youku.com, bucket fish are straight
Application software, the third party application 400 such as broadcasting can be the various local programs for being installed on client 100, such as Baidu.com
Disk, storm video etc. are installed on the various APP (Application, using) of client 100.In embodiments of the present invention, SWF
File is the file of web application, if hacker directly acquires SWF file, can by third party application 400 into
Row operation, and when the application program of client 100 operation SWF file, it needs by calling the function in Flash.It therefore, can be with
Operation address acquisition of information function is write in Flash, and SWF file is obtained by this operation address acquisition of information function
Address information is run, the running environment of SWF file is judged by operation address information, to whether detect SWF by third party
Application program 400 uses.Operation address information may be, but not limited to, the domain name letter including the application program for running SWF file
Breath and URL (Uniform Resoure Locator, uniform resource locator) address of SWF file etc..
Referring to figure 5., step S101 may include following sub-step:
Whether sub-step S1011, the application program according to operation SWF file have domain name, determine the application of operation SWF file
The domain-name information of program.
In embodiments of the present invention, when SWF file is run by web application, that is, when normal operation, pass through
The domain name of the application program for the operation SWF file that Flash is obtained necessarily corresponds to the domain name of website, for example, when SWF file passes through
When browser is run by Baidu, the webpage of Baidu calls Flash to run SWF file, then Flash obtains the domain of its application program
Name is www.baidu.com;But when hacker directly acquires the SWF file of web application and by third-party application journey
When sequence 400 is run, website domain name can not then be got by Flash, it therefore, can be according to the application program of operation SWF file
Whether there is domain name, to determine the domain-name information for the application program for running SWF file, website domain can not be got when passing through Flash
When name, the domain-name information that the application program of operation SWF file can be set is a fixed local information, such as
Localhost (local host).
As an implementation, the application program of operation SWF file is determined by operation address acquisition of information function
The method of domain-name information may is that firstly, create a field object localDomain using the component that Flash is provided, can be with
Pass through var localDomain:LocalConnection=new LocalConnection ();Sentence is realized, wherein
LocalConnection is then the component of creation field object localDomain is obtained by calling the method for the component
To field object localDomain, and the domain name for running the application program of SWF file is obtained by field object localDomain
MyDomainNameData can pass through var myDomainNameData:String=localDomain.domain;Sentence
It realizes, wherein.For normal operation SWF file acquisition to domain-name information be its domain name for corresponding to website, and for by the
The SWF file that tripartite uses, the domain-name information got are then fixed " localhost " information.
Fig. 6 is please referred to, step S1011 may include following sub-step:
Sub-step S10111, judges whether the application program for running SWF file has domain name.
In embodiments of the present invention, if the application program of operation SWF file has domain name, sub-step S10112 is executed,
If the application program of operation SWF file does not have domain name, sub-step S10113 is executed.
Sub-step S10112 obtains the domain-name information of application program.
In embodiments of the present invention, if the application program of operation SWF file has domain name, this is obtained by Flash and is answered
With the domain-name information of program, for example, domain-name information is www.baidu.com.
Sub-step S10113, using the first preset value as the domain-name information of application program.
In embodiments of the present invention, if operation SWF file application program there is no domain name, using the first preset value as
The domain-name information of application program, when all third party applications 400 run SWF file, domain-name information is first pre-
If value, the first preset value can be a fixed local information, such as localhost (local host).
Whether sub-step S1012, the application program according to operation SWF file have the address URL, determine the first of SWF file
The address URL.
In embodiments of the present invention, the first address URL may be, but not limited to, the application program according to operation SWF file
The address URL of identified SWF file.When SWF file is run by web application, that is, when normal operation, SWF text
The server path information of first address URL of the part SWF file that necessarily domain name of the website and the website are run, that is,
The address URL of the Website page, for example, http://zhidao.baidu.com/question/124891257.html;But
It is, when hacker directly acquires the SWF file of web application and runs by third party application 400, to pass through Flash
The address URL of website can not be then got, therefore, whether can be had according to the current page of the application program of operation SWF file
The address URL, to determine the first address URL of SWF file, when the address URL of current page can not be got by Flash,
First URL address of the local disk routing information as SWF file of SWF file can be set, wherein third party application
400 are stored in client 100 by local disk path.
It as an implementation, can be by calling JavaScript script generation in operation address acquisition of information function
In other words code is provided to obtain the address URL of the application program of operation SWF file by Flash
ExternalInterface.call interface calls the function code of JavaScript, can pass through var weburl:
String=ExternalInterface.call (function getUrl () { return
window.location.href;});Sentence is realized, wherein function getUrl () { return
window.location.href;Sentence be the address acquisition application program URL write JavaScript code,
Window.location.href sentence is then the JavaScript code of the address application program URL got.
Fig. 7 is please referred to, step S1012 may include following sub-step:
Sub-step S10111, judges whether the application program for running SWF file has the address URL.
In embodiments of the present invention, if the application program of operation SWF file has the address URL, sub-step is executed
S10122 executes sub-step S10123 if the application program of operation SWF file does not have the address URL.
Sub-step S10122, using the address URL as the first address URL of SWF file.
In embodiments of the present invention, if the application program of operation SWF file has the address URL, by the URL of application program
First URL address of the address as SWF file, such as http://zhidao.baidu.com/question/
124891257.html。
Sub-step S10123, using the local disk routing information of SWF file as the first address URL of SWF file,
In, third party application is stored in client by local disk path.
It in embodiments of the present invention, will be by SWF file if the application program of operation SWF file has and there is not the address URL
First URL address of the local disk routing information as SWF file, for example, C: Users Administrator
Desktop\**.swf。
Sub-step S1013, the 2nd address URL of the stage object acquisition SWF file loaded from SWF file, wherein SWF
The operation address information of file includes domain-name information, the first address URL and the 2nd address URL.
In embodiments of the present invention, the 2nd address URL may be, but not limited to, the stage object loaded according to SWF file
The address URL of identified SWF file.Since the stage object for being used to be rendered in SWF file all has rootSprite
Root object, therefore the address URL of the rootSprite root object is exactly the 2nd address URL of SWF file.
In embodiments of the present invention, when SWF file is run by web application, that is, when normal operation,
The server path of the address URL of the rootSprite root object SWF file that necessarily domain name of the website and the website are run
Information, that is, the address URL of the Website page;But when hacker directly acquires the SWF file of web application and passes through
When third party application 400 is run, the address URL of rootSprite root object can not be then got by Flash, therefore,
It can not be got currently according to rootSprite root object, to determine the 2nd address URL of SWF file when by Flash
When the address URL of the page, second of the local disk routing information of rootSprite root object as SWF file can be set
The address URL.
As an implementation, SWF is obtained according to rootSprite root object in operation address acquisition of information function
The method of 2nd address URL of file may be, but not limited to, through Var weburl:String=
rootSprite.stage.loaderInfo.url.toString();Sentence is realized, wherein weburl is then got
The address URL of rootSprite root object.
In embodiments of the present invention, the operation address information of SWF file includes running the domain name of the application program of SWF file
Information, the first address URL of SWF file and the 2nd address URL of SWF file.By call Javascript scripted code come
The advantages of obtaining the first address URL of SWF file and coming the 2nd address URL of SWF file using stage object is to use difference
Technological means obtain the address URL of SWF file, data can be prevented to be tampered, improve the operation of the SWF file of acquisition
The safety of address information.
Operation address information is sent to server-side, so that server-side determines SWF according to operation address information by step S102
Whether file is used by third party application.
In embodiments of the present invention, operation address acquisition of information function can be called to obtain in the Key Functions of Flash
The operation address information of SWF file is taken, and reports server after the information is encrypted.Key Functions can be Flash most
Start the function for executing or initializing, which must can be called to, and Key Functions get operation address information
After the operation address information of acquisition SWF file for obtaining function acquisition, then accessed operation address information can be added
Server is reported to after close, server can judge operation address information, so that it is determined that whether SWF file is by third party
Application program 400 uses.
As an implementation, Info=AES.encrypt (myDomainNameData+weburl+ can be passed through
weburl2,KEY);Sentence realizes the operation address information that SWF file is added in the Key Functions of Flash, and by the information
Server is reported to after being encrypted, wherein AES.encrypt is the encryption interface of AES encryption algorithm;Parameter
MyDomainNameData+weburl+weburl2 is domain-name information, the SWF file for running the application program of SWF file respectively
The first address URL and SWF file the 2nd address URL;KEY is the KEY information that encryption uses;Info data be encryption after on
The data of registration server.
Fig. 8 is please referred to, Fig. 8 shows the detection SWF file provided in an embodiment of the present invention applied to server-side 200 by
The flow chart for the method that tripartite's application program uses.Detection SWF file applied to server-side 200 is made by third party application
Method the following steps are included:
Step S201 obtains the operation address information for the SWF file that client is sent.
In embodiments of the present invention, after client 100 has reported the operation address information of SWF, server-side 200 is got
After reporting information, information can be reported to be decrypted this first, to get the domain name letter of the application program of operation SWF file
Breath, the first address URL of SWF file and the 2nd address URL of SWF file.
As an implementation, server-side 200 can pass through myDomainNameData+ to reporting information to be decrypted
Weburl+weburl2=AES.decrypt (Info, KEY);Sentence is realized, wherein AES.decrypt is AES decipherment algorithm
Decryption interface;Parameter KEY is the same KEY used when encrypting with client 100;Result data myDomainNameData+
Weburl+weburl2 is the domain-name information of application program, the first address URL of SWF file and the SWF for running SWF file respectively
2nd address URL of file.
Step S202 judges to run whether address information meets preset standard, if not meeting, determines SWF file by the
Tripartite's application program uses.
In embodiments of the present invention, server-side 200 can judge the SWF file according to SWF running paper address information
It is to run in normal web application or used by third party application 400, preset standard can be, but unlimited
In domain-name information, the first address URL of SWF file and the 2nd address URL of SWF file of the application program of operation SWF file
It is network address, when SWF running paper address information meets preset standard, that is, the application program of operation SWF file
Domain-name information, the first address URL of SWF file and the 2nd address URL of SWF file when being network address, determine SWF text
Part operates in normal environment, otherwise, when SWF running paper address information does not meet preset standard, that is, operation SWF file
The domain-name information of application program, the first address URL of SWF file and SWF file the 2nd address URL in any one not
When being network address, for example, parameter myDomainNameData is the first address URL of " localhost " or SWF file
It is similar " C: Users Administrator Desktop * * .swf " with any one in the 2nd address URL of SWF file
SWF file in the disk storage routing information of client 100, be determined as that SWF file is made by third party application 400
With.
In embodiments of the present invention, firstly, when SWF file is run by the application program of client 100, client 100
The operation address information of SWF file is obtained by Flash, and sends server-side 200, server-side 200 for operation address information
According to operation address information, it will be able to determine whether SWF file is used by third party application 400, when SWF file is by third
Square application program 400 to acquire corresponding measure, effectively avoids existing in use, server-side 200 can be known at the first time
The problem of SWF file is by decompiling in technology;Secondly, with obtaining the URL of SWF file by using different technological means
Location can prevent data to be tampered, and improve the safety of the operation address information of the SWF file of acquisition;Finally, server-side
200 by the operation address information of SWF file include the domain-name information of application program for running SWF file, SWF file first
The different information in the 2nd address URL three of the address URL and SWF file carrys out the running environment of comprehensive judgement SWF file, improves
The accuracy that server-side 200 determines.
Second embodiment
Fig. 9 is please referred to, Fig. 9 shows the block diagram of the first detection device 110 of present pre-ferred embodiments offer.
First detection device 110 is applied to client 100 comprising the first execution module 111 and the second execution module 112.
First execution module 111, for being obtained by Flash when SWF file is run by the application program of client
The operation address information of SWF file.
In embodiments of the present invention, the first execution module 111 can be used for executing step S101.
Figure 10 is please referred to, Figure 10 illustrates for the box of the first execution module 111 in the first detection device 110 shown in Fig. 9
Figure.First execution module 111 is including domain-name information acquiring unit 1111, the first URL address acquisition unit 1112 and the 2nd URL
Location acquiring unit 1113.
Domain-name information acquiring unit 1111 determines operation for whether having domain name according to the application program of operation SWF file
The domain-name information of the application program of SWF file.
In embodiments of the present invention, domain-name information acquiring unit 1111 can be used for executing sub-step S1011.
Please refer to Figure 11, Figure 11 is the side of domain-name information acquiring unit 1111 in the first execution module 111 shown in Figure 10
Frame schematic diagram.Domain-name information acquiring unit 1111 includes the first judging unit 11111, the first sub- execution unit 11112 and second
Sub- execution unit 11113.
First judging unit 11111, for judging whether the application program for running SWF file has domain name.
In embodiments of the present invention, the first judging unit 11111 can be used for executing sub-step S10111.
In embodiments of the present invention, if the implementing result of the first judging unit 11111 is "Yes", turn the first son and execute
Unit 11112 executes sub-step S10112, if the implementing result of the first judging unit 11111 is "No", turns the second son and holds
Row unit 11113 executes sub-step S10113.
First sub- execution unit 11112, for obtaining the domain-name information of application program.
In embodiments of the present invention, the first sub- execution unit 11112 can be used for executing sub-step S10112.
Second sub- execution unit 11113, for using the first preset value as the domain-name information of application program.
In embodiments of the present invention, the second sub- execution unit 11113 can be used for executing sub-step S10113.
First URL address acquisition unit 1112, for whether having the address URL according to the application program of operation SWF file, really
Determine the first address URL of SWF file.
In embodiments of the present invention, the first URL address acquisition unit 1112 can be used for executing sub-step S1012.
Figure 12 is please referred to, Figure 12 is the first URL address acquisition unit 1112 in the first execution module 111 shown in Figure 10
Block diagram.First URL address acquisition unit 1112 include second judgment unit 11121, the sub- execution unit 11122 of third and
4th sub- execution unit 11123.
Second judgment unit 11121, for judging whether the application program for running SWF file has the address URL.
In embodiments of the present invention, second judgment unit 11121 can be used for executing sub-step S10121.
In embodiments of the present invention, if the implementing result of second judgment unit 11121 is "Yes", turn the execution of third
Unit 11122 executes sub-step S10122, if the implementing result of second judgment unit 11121 is "No", turns the 4th son and holds
Row unit 11123 executes sub-step S10123.
The sub- execution unit 11122 of third, for using the address URL as the first address URL of SWF file.
In embodiments of the present invention, the sub- execution unit 11122 of third can be used for executing sub-step S10122.
4th sub- execution unit 11123, for using the local disk routing information of SWF file as the first of SWF file
The address URL, wherein third party application is stored in client by local disk path.
In embodiments of the present invention, the 4th sub- execution unit 11123 can be used for executing sub-step S10123.
2nd URL address acquisition unit 1113, second of the stage object acquisition SWF file for being loaded from SWF file
The address URL, wherein the operation address information of SWF file includes domain-name information, the first address URL and the 2nd address URL.
In embodiments of the present invention, the 2nd URL address acquisition unit 1113 can be used for executing sub-step S1013.
Second execution module 112 is sent to server-side for that will run address information, so that server-side is according to operation address
Information determines whether SWF file is used by third party application.
In embodiments of the present invention, the second execution module 112 can be used for executing step S102.
Figure 13 is please referred to, Fig. 9 shows the box signal of the second detection device 210 of present pre-ferred embodiments offer
Figure.Second detection device 210 is applied to server-side 200 comprising third execution module 211 and the 4th execution module 212.
Third execution module 211, the operation address information of the SWF file for obtaining client transmission.
In embodiments of the present invention, third execution module 211 can be used for executing step S201.
4th execution module 212 runs whether address information meets preset standard for judging, if not meeting, determines
SWF file is used by third party application.
In embodiments of the present invention, the 4th execution module 212 can be used for executing step S202.
In conclusion a kind of method, apparatus that detection SWF file is used by third party application provided by the invention,
Client and server-side, client are equipped with Flash, applied to client the described method includes: when SWF file is by client
Application program operation when, pass through Flash obtain SWF file operation address information;Operation address information is sent to service
End, so that server-side determines whether SWF file is used by third party application according to operation address information.Applied to server-side
The described method includes: obtain client send SWF file operation address information;Judge to run whether address information meets
Preset standard determines that SWF file is used by third party application if not meeting.The present invention is answered when SWF file by third party
With program in use, server-side can be known at the first time, to acquire corresponding measure, SWF in the prior art is effectively avoided
The problem of file is by decompiling;In addition, obtaining the address URL of SWF file using different technological means, data can be prevented
It is tampered, improves the safety of the operation address information of the SWF file of acquisition;Meanwhile server-side by different information come comprehensive
The running environment for determining SWF file is closed, the accuracy of server-side judgement is improved.
In several embodiments provided herein, it should be understood that disclosed device and method can also pass through
Other modes are realized.The apparatus embodiments described above are merely exemplary, for example, flow chart and block diagram in attached drawing
Show the device of multiple embodiments according to the present invention, the architectural framework in the cards of method and computer program product,
Function and operation.In this regard, each box in flowchart or block diagram can represent the one of a module, section or code
Part, a part of the module, section or code, which includes that one or more is for implementing the specified logical function, to be held
Row instruction.It should also be noted that function marked in the box can also be to be different from some implementations as replacement
The sequence marked in attached drawing occurs.For example, two continuous boxes can actually be basically executed in parallel, they are sometimes
It can execute in the opposite order, this depends on the function involved.It is also noted that every in block diagram and or flow chart
The combination of box in a box and block diagram and or flow chart can use the dedicated base for executing defined function or movement
It realizes, or can realize using a combination of dedicated hardware and computer instructions in the system of hardware.
In addition, each functional module in each embodiment of the present invention can integrate one independent portion of formation together
Point, it is also possible to modules individualism, an independent part can also be integrated to form with two or more modules.
It, can be with if the function is realized and when sold or used as an independent product in the form of software function module
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.It needs
Illustrate, herein, relational terms such as first and second and the like be used merely to by an entity or operation with
Another entity or operation distinguish, and without necessarily requiring or implying between these entities or operation, there are any this realities
The relationship or sequence on border.Moreover, the terms "include", "comprise" or its any other variant are intended to the packet of nonexcludability
Contain, so that the process, method, article or equipment for including a series of elements not only includes those elements, but also including
Other elements that are not explicitly listed, or further include for elements inherent to such a process, method, article, or device.
In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including the element
Process, method, article or equipment in there is also other identical elements.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.It should also be noted that similar label and letter exist
Similar terms are indicated in following attached drawing, therefore, once being defined in a certain Xiang Yi attached drawing, are then not required in subsequent attached drawing
It is further defined and explained.
Claims (10)
1. a kind of method that detection SWF file is used by third party application, which is characterized in that be applied to communicate with server-side
The client of connection, the client are equipped with Flash, which comprises
When the SWF file is run by the application program of the client, the operation of the SWF file is obtained by Flash
Address information;
The operation address information is sent to server-side, so that the server-side is according to operation address information judgement
Whether SWF file is used by third party application.
2. the method as described in claim 1, which is characterized in that the operation address for obtaining the SWF file by Flash
The step of information, comprising:
Whether there is domain name according to the application program for running the SWF file, determines the domain for running the application program of the SWF file
Name information;
Whether there is the address URL according to the application program for running the SWF file, determines the first address URL of the SWF file;
2nd address URL of SWF file described in the stage object acquisition loaded from the SWF file, wherein the SWF file
Operation address information include domain name information, the first address URL and the 2nd address URL.
3. method according to claim 2, which is characterized in that whether the application program according to the operation SWF file
The step of having domain name, determining the domain-name information for running the application program of the SWF file, comprising:
When the application program for running the SWF file has domain name, the domain-name information of the application program is obtained;Described in operation
When the application program of SWF file does not have domain name, using the first preset value as the domain-name information of the application program.
4. method according to claim 2, which is characterized in that whether the application program according to the operation SWF file
The step of having the address URL, determining the first address URL of the SWF file, comprising:
When the application program for running the SWF file has the address URL, using the address URL as the first of the SWF file
The address URL, when the application program for running the SWF file does not have the address URL, by the local disk path of the SWF file
First URL address of the information as the SWF file, wherein the third party application is stored by local disk path
In the client.
5. a kind of method for being used by third party application of detection SWF file, which is characterized in that be applied to and client communication
The server-side of connection, which comprises
Obtain the operation address information for the SWF file that the client is sent;
Judge whether the operation address information meets preset standard, if not meeting, determines that the SWF file is answered by third party
It is used with program.
6. method as claimed in claim 5, which is characterized in that operation address information includes running the SWF file
The domain-name information of application program, the first address URL of the SWF file and the SWF file the 2nd address URL, it is described to sentence
The step of whether the operation address information of breaking meets preset standard, comprising:
When domain name information, the first address URL and the 2nd address URL are network address, the operation address information symbol
Close preset standard.
7. a kind of device that detection SWF file is used by third party application, which is characterized in that be applied to communicate with server-side
The client of connection, the client are equipped with Flash, and described device includes:
First execution module, for being obtained by Flash when the SWF file is run by the application program of the client
The operation address information of the SWF file;
Second execution module, for the operation address information to be sent to server-side, so that the server-side is according to the fortune
Row address information determines whether the SWF file is used by third party application.
8. a kind of device for being used by third party application of detection SWF file, which is characterized in that be applied to and client communication
The server-side of connection, described device include:
Third execution module, for obtaining the operation address information for the SWF file that the client is sent;
4th execution module, for judging whether the operation address information meets preset standard, if not meeting, described in judgement
SWF file is used by third party application.
9. a kind of client, which is characterized in that the client is equipped with Flash, and communicates to connect with server-side, the client
End includes:
First memory;
First processor;And
The device that detection SWF file is used by third party application, the detection SWF file are used by third party application
The device software function mould that is installed in the first memory and is executed including one or more by the first processor
Group comprising:
First execution module, for obtaining the SWF file by Flash when the SWF file is run by application program
Run address information;
Second execution module, for the operation address information to be sent to server-side, so that the server-side is according to the fortune
Row address information determines whether the SWF file is used by third party application.
10. a kind of server-side, which is characterized in that the server-side is connect with client communication, and the server-side includes:
Second memory;
Second processor;And
The device that detection SWF file is used by third party application, the detection SWF file are used by third party application
The device software function mould that is installed in the second memory and is executed including one or more by the second processor
Group comprising:
Third execution module, for obtaining the operation address information for the SWF file that the client is sent;
4th execution module, for judging whether the operation address information meets preset standard, if not meeting, described in judgement
SWF file is used by third party application.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710401175.7A CN108985013B (en) | 2017-05-31 | 2017-05-31 | Method, device, client and server for detecting use of SWF file by third-party application program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710401175.7A CN108985013B (en) | 2017-05-31 | 2017-05-31 | Method, device, client and server for detecting use of SWF file by third-party application program |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108985013A true CN108985013A (en) | 2018-12-11 |
CN108985013B CN108985013B (en) | 2021-01-01 |
Family
ID=64502212
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710401175.7A Active CN108985013B (en) | 2017-05-31 | 2017-05-31 | Method, device, client and server for detecting use of SWF file by third-party application program |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108985013B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111162961A (en) * | 2019-12-05 | 2020-05-15 | 任子行网络技术股份有限公司 | Method, system and readable storage medium for discovering mobile application master control server |
CN111447298A (en) * | 2020-03-24 | 2020-07-24 | 北京字节跳动网络技术有限公司 | Method, device, equipment and medium for acquiring network address in application program |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102750492A (en) * | 2012-06-07 | 2012-10-24 | 中国电子科技集团公司第三十研究所 | Method and device for defending rogue programs based on working directories |
CN103336917A (en) * | 2013-05-09 | 2013-10-02 | 四三九九网络股份有限公司 | Method and device for adding domain locking to SWF files in batches |
US20140344928A1 (en) * | 2010-03-04 | 2014-11-20 | Jayesh Sreedharan | Systems and methods for risk rating and pro-actively detecting malicious online ads |
CN105827609A (en) * | 2016-03-31 | 2016-08-03 | 乐视控股(北京)有限公司 | Link theft prevention method and system based on feature code query optimization |
-
2017
- 2017-05-31 CN CN201710401175.7A patent/CN108985013B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140344928A1 (en) * | 2010-03-04 | 2014-11-20 | Jayesh Sreedharan | Systems and methods for risk rating and pro-actively detecting malicious online ads |
CN102750492A (en) * | 2012-06-07 | 2012-10-24 | 中国电子科技集团公司第三十研究所 | Method and device for defending rogue programs based on working directories |
CN103336917A (en) * | 2013-05-09 | 2013-10-02 | 四三九九网络股份有限公司 | Method and device for adding domain locking to SWF files in batches |
CN105827609A (en) * | 2016-03-31 | 2016-08-03 | 乐视控股(北京)有限公司 | Link theft prevention method and system based on feature code query optimization |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111162961A (en) * | 2019-12-05 | 2020-05-15 | 任子行网络技术股份有限公司 | Method, system and readable storage medium for discovering mobile application master control server |
CN111447298A (en) * | 2020-03-24 | 2020-07-24 | 北京字节跳动网络技术有限公司 | Method, device, equipment and medium for acquiring network address in application program |
Also Published As
Publication number | Publication date |
---|---|
CN108985013B (en) | 2021-01-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9553918B1 (en) | Stateful and stateless cookie operations servers | |
US9219787B1 (en) | Stateless cookie operations server | |
US9264435B2 (en) | Apparatus and methods for access solutions to wireless and wired networks | |
JP2020017298A (en) | Distributed, decentralized data aggregation | |
CN106209886B (en) | Web interface data encryption is endorsed method, apparatus and server | |
CN102739653B (en) | Detection method and device aiming at webpage address | |
US20160036849A1 (en) | Method, Apparatus and System for Detecting and Disabling Computer Disruptive Technologies | |
CN103634399B (en) | Method and device for realizing cross-domain data transmission | |
CN109347882B (en) | Webpage Trojan horse monitoring method, device, equipment and storage medium | |
CN107390994B (en) | Interface presentation method and device | |
CN105631355A (en) | Data processing method and device | |
EP2776970B1 (en) | Encoding labels in values to capture information flows | |
CN104239577A (en) | Method and device for detecting authenticity of webpage data | |
CN104519050A (en) | Login method and login system | |
US11444970B2 (en) | Dynamic security test system | |
KR101190261B1 (en) | Hybrid interaction client honeypot system and its operation method | |
CN105205072B (en) | The methods of exhibiting and system of webpage information | |
CN103368957A (en) | Method, system, client and server for processing webpage access behavior | |
CN111163095A (en) | Network attack analysis method, network attack analysis device, computing device, and medium | |
CN109672658B (en) | JSON hijacking vulnerability detection method, device, equipment and storage medium | |
US11595436B2 (en) | Rule-based dynamic security test system | |
CN103647652B (en) | A kind of method for realizing data transfer, device and server | |
CN105119928A (en) | Data transmission method, device and system for Android intelligent terminal | |
CN114282233A (en) | WEB performance optimization method and device, computer equipment and storage medium | |
CN104717226A (en) | Method and device for detecting website address |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |