CN113411333A - Unauthorized access vulnerability detection method, device, system and storage medium - Google Patents
Unauthorized access vulnerability detection method, device, system and storage medium Download PDFInfo
- Publication number
- CN113411333A CN113411333A CN202110680411.XA CN202110680411A CN113411333A CN 113411333 A CN113411333 A CN 113411333A CN 202110680411 A CN202110680411 A CN 202110680411A CN 113411333 A CN113411333 A CN 113411333A
- Authority
- CN
- China
- Prior art keywords
- target
- http request
- return information
- unauthorized access
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 115
- 235000014510 cooky Nutrition 0.000 claims abstract description 44
- 238000000034 method Methods 0.000 claims abstract description 21
- 238000004590 computer program Methods 0.000 claims description 13
- 230000006870 function Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 4
- 230000004044 response Effects 0.000 description 20
- 230000000977 initiatory effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000007547 defect Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses an unauthorized access vulnerability detection method, device, system and storage medium, wherein the method comprises the following steps: when receiving an http request for accessing a target website by a user, sending the http request to a server of the target website, and acquiring original return information sent by the server of the target website according to the http request; determining request parameters of the http request, replacing cookie information in the request parameters, and generating a first target http request; acquiring first target return information sent by a server of a target website according to a first target http request, and comparing the original return information with the first target return information; and generating an override detection result according to the obtained first comparison result. By means of unified replacement of cookie parameters by the proxy server, automatic override detection can be achieved, adaptability is wide, override holes can be timely and effectively detected, and override detection efficiency is effectively improved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a system, an electronic device, and a computer-readable storage medium for detecting an unauthorized access vulnerability.
Background
With the rapid development of computer networks and communication technologies, global communication using an open network environment has become a trend of the times. The Web application is more and more extensive, and the requirements of website construction and webpage design are more and more increased, but the requirements are also easily threatened by the problem of network security, and general attention is drawn. The website unauthorized access vulnerability is a common logic security vulnerability of the current website, most of WEB (world Wide Web) applications, namely global Wide area networks (also called world Wide Web) have authority division and control, and the unauthorized vulnerability is caused by that a website server terminal excessively trusts a data operation request provided by a user, the judgment on the operation authority of the user is ignored, and related parameters can be modified to have the functions of adding, deleting, modifying and checking other accounts, so that the vulnerability is generated. Where an override is understood to be beyond the right or scope of rights. Most WEB applications have authority division and control, but if the design of the authority control function has defects, an attacker can access unauthorized functions or data through the defects, and the unauthorized function or data is an unauthorized vulnerability. The attacker can perform some operations after the unauthorized access, such as viewing sensitive information, performing some operations of increasing and deleting, and the like.
According to the unauthorized access vulnerability detection method in the related art, a url of a website is obtained through a crawler program and the like, the obtained url of the website is manually analyzed and judged, private parameters corresponding to the website are analyzed and judged, and the unauthorized access vulnerability detection is carried out by replacing the private parameters for controlling access permission. The method cannot realize automatic unauthorized detection, cannot timely discover and process bugs, and cannot realize uniform unauthorized detection of all websites due to the fact that private parameters of different websites are different, and private parameters corresponding to different websites need to be analyzed and judged, and different unauthorized detection strategies are formulated.
Disclosure of Invention
The application aims to provide an unauthorized access vulnerability detection method, device, system, electronic equipment and computer readable storage medium, which can realize automatic unauthorized detection by uniformly replacing cookie parameters by using a proxy server, have wide adaptability, do not need to establish different unauthorized access vulnerability detection strategies due to different private parameters of different websites, can timely and effectively detect the unauthorized access vulnerability, and effectively improve the unauthorized detection efficiency. The specific scheme is as follows:
in a first aspect, the present application discloses an unauthorized access vulnerability detection method, including:
when receiving an http request of a user for accessing a target website, sending the http request to a server of the target website, and acquiring original return information sent by the server of the target website according to the http request;
determining request parameters of the http request, replacing cookie information in the request parameters, and generating a first target http request;
acquiring first target return information sent by a server of the target website according to the first target http request, and comparing the original return information with the first target return information;
and generating an override detection result according to the obtained first comparison result.
Optionally, after the determining the request parameter of the http request, the method further includes:
deleting cookie information in the request parameters to generate a second target http request;
acquiring second target return information sent by the server of the target website according to the second target http request, and comparing the original return information with the second target return information to generate a second comparison result;
and generating an updated unauthorized detection result according to the second comparison result and the first comparison result.
Optionally, the generating an updated unauthorized detection result according to the second comparison result and the first comparison result includes:
and if the second comparison result is different from the first comparison result, the updated unauthorized detection result indicates that the target website has unauthorized access holes.
Optionally, the replacing the cookie information in the request parameter includes:
and replacing the cookie information in the request parameter by using a library function.
In a second aspect, the present application discloses an unauthorized access vulnerability detection apparatus, which is applied to a proxy server, and includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for sending an http request to a server of a target website when the http request of a user for accessing the target website is received, and acquiring original return information sent by the server of the target website according to the http request;
the replacing module is used for determining request parameters of the http request, replacing cookie information in the request parameters and generating a first target http request;
the first comparison module is used for acquiring first target return information sent by a server of the target website according to the first target http request and comparing the original return information with the first target return information;
and the first generation module is used for generating an unauthorized detection result according to the obtained first comparison result.
Optionally, the method further includes:
the deleting module is used for deleting the cookie information in the request parameter and generating a second target http request;
the second comparison module is used for acquiring second target return information sent by the server of the target website according to the second target http request, comparing the original return information with the second target return information and generating a second comparison result;
and the second generation module is used for generating an updated unauthorized detection result according to the second comparison result and the first comparison result.
Optionally, the second generating module includes:
and the unauthorized detection result unit is used for judging that the updated unauthorized access vulnerability exists in the target website if the second comparison result is different from the first comparison result.
In a third aspect, the present application discloses an unauthorized access vulnerability detection system, comprising:
the client is used for sending an http request for accessing the target website;
the proxy server is used for realizing the steps of the unauthorized access vulnerability detection method when the computer program is executed;
and the website server is used for receiving the http request and the first target http request, and sending original return information generated according to the http request and first target return information sent according to the first target http request to the proxy server.
In a fourth aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the above-mentioned unauthorized access vulnerability detection method when executing the computer program.
In a fifth aspect, the present application discloses a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the unauthorized access vulnerability detection method as described above.
The application provides an unauthorized access vulnerability detection method, which is applied to a proxy server and comprises the following steps: when receiving an http request of a user for accessing a target website, sending the http request to a server of the target website, and acquiring original return information sent by the server of the target website according to the http request; determining request parameters of the http request, replacing cookie information in the request parameters, and generating a first target http request; acquiring first target return information sent by a server of the target website according to the first target http request, and comparing the original return information with the first target return information; and generating an override detection result according to the obtained first comparison result.
Therefore, the method and the device have the advantages that the proxy server is used for replacing cookie parameter information of the http request of the user, a new http request, namely a first target http request, is initiated, and then the obtained original return information is compared with new return information, namely the first target return information, so that the unauthorized detection result is obtained; the method and the device have the advantages that automatic unauthorized detection can be achieved by uniformly replacing cookie parameters through the proxy server, the adaptability is wide, different unauthorized access vulnerability detection strategies do not need to be formulated due to different private parameters of different websites, the defects that different unauthorized access vulnerability detection modes need to be formulated in the related technology, unauthorized vulnerabilities cannot be timely and effectively discovered and the detection efficiency is low due to the fact that different unauthorized access vulnerability detection modes need to be formulated in different websites and different private parameters of different websites are different are overcome, and the unauthorized vulnerabilities can be timely and effectively detected, and the unauthorized detection efficiency is effectively improved. The application also provides an unauthorized access vulnerability detection device, system, electronic equipment and computer readable storage medium, which have the beneficial effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an unauthorized access vulnerability detection method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating automated detection of website unauthorized vulnerabilities according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an unauthorized access vulnerability detection apparatus according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The common unauthorized access vulnerability detection method comprises the following steps that firstly, vulnerability detection is carried out by network security practitioners or website administrators through a manual test method; secondly, a url (Uniform Resource Locator, which refers to a network address) of the website is obtained through a crawler program and the like, and then the url is analyzed and judged. The method is characterized in that unauthorized access vulnerabilities existing in the website cannot be found in time, manual testing needs to be performed regularly, and long-term and frequent vulnerability disposal work needs to be performed if the website is updated frequently. In the unauthorized access vulnerability detection method in the second mode, most of the private parameters for controlling access to the permission in an http (Hypertext Transfer Protocol) request are replaced, but the private parameters of different websites are different, so that the private parameters corresponding to the websites need to be analyzed and judged, and a certain error rate exists. Based on the above technical problems, this embodiment provides an unauthorized access vulnerability detection method, which can implement automatic unauthorized detection by using a proxy server to uniformly replace cookie (data stored on a user local terminal) parameters, and has a wide applicability, and different unauthorized access vulnerability detection strategies need not to be formulated due to different private parameters of different websites, so that an unauthorized vulnerability can be timely and effectively detected, and the unauthorized detection efficiency is effectively improved, specifically referring to fig. 1, where fig. 1 is a flowchart of an unauthorized access vulnerability detection method provided in this embodiment of the present application, specifically including:
s101, when receiving an http request of a user for accessing a target website, sending the http request to a server of the target website, and acquiring original return information sent by the server of the target website according to the http request.
The execution subject of this embodiment is a proxy server, which functions to proxy network users to obtain network information. It is, in a descriptive sense, a transfer station for network information. When a user normally requests a website, a request is sent to the Web server, which returns a response to the user. If the proxy server is set, a bridge is actually built between the local server and the server, the local server does not directly initiate a request to the Web server but sends the request to the proxy server, the request is sent to the proxy server, then the proxy server sends the request to the Web server, and then the proxy server forwards a response returned by the Web server to the local server. After the agent is set, all the flow for visiting the website can be obtained. In this embodiment, when receiving an http request, the proxy server forwards the http request to a server of a target website; after receiving the http request forwarded by the proxy server, the server responds to the http request and sends a response result, namely the original return information, to the proxy server so that the proxy server forwards the original return information to the client where the user is located. The present embodiment does not limit the specific object of the user accessing the target website, and may be any website. The embodiment also does not limit the specific content of the original return information, and the specific content is determined according to the specific http request.
S102, determining request parameters of the http request, replacing cookie information in the request parameters, and generating a first target http request.
It is understood that the present embodiment may determine the request parameters of the http request by parsing the http request. The embodiment does not limit the specific content of the request parameter, and may include cookie information, and may also include others. It will also be appreciated that cookie information is data (typically encrypted) that certain web sites store on the user's local terminal for Session control tracking purposes to identify the user's identity, and is temporarily or permanently stored by the user's client computer. In this embodiment, a new http request, that is, a first target http request, is generated by replacing cookie information in the request parameter.
The embodiment does not limit the specific way of replacing the cookie information, and may edit, i.e., replace, the cookie information in the request parameter through a postman interface tool, or modify, through a library function, the cookie information in the request parameter. In this particular embodiment, replacing the cookie information in the request parameter may include:
the cookie information in the request parameters is replaced with a library function.
In the embodiment, the cookie information in the request parameter is replaced by the library function, so that automatic replacement can be realized without manual modification and replacement.
S103, acquiring first target return information sent by the server of the target website according to the first target http request, and comparing the original return information with the first target return information.
In this embodiment, the proxy server obtains a response result of the server of the target website to the first target http request, that is, first target return information, and then compares the original return information corresponding to the original http request with the first target return information corresponding to the first target http request. It can be understood that, in this embodiment, the comparison between the original return information and the first target return information is a text comparison, and the comparison result is obtained, that is, the first comparison result in step S104.
And S104, generating an unauthorized detection result according to the obtained first comparison result.
It is understood that the first comparison in this example includes comparing the same results, and comparing different results. In this embodiment, an unauthorized detection result is generated according to the first comparison result, specifically, when the first comparison result is that the same information is compared, the unauthorized detection result indicates that no unauthorized access hole exists in the target website; and when the first comparison result is that the comparison is different information, the unauthorized detection result indicates that the target website has unauthorized access holes.
In this specific embodiment, in order to further increase the accuracy of the unauthorized detection result and prevent errors caused by unauthorized detection only by replacing cookie information, this embodiment may further include, after determining the request parameters of the http request:
cookie information in the request parameters is deleted, and a second target http request is generated;
acquiring second target return information sent by a server of the target website according to the second target http request, comparing the original return information with the second target return information, and generating a second comparison result;
and generating an updated unauthorized detection result according to the second comparison result and the first comparison result.
In this embodiment, after the request parameter of the http request is determined, another new http request, that is, a second target http request, may be generated by deleting cookie information in the request parameter; then, a response result, namely second target return information, obtained by the server of the target website responding to the second target http request is obtained; and comparing the second target return information with the original return information corresponding to the http request without deleting the cookie information to obtain a second comparison result. It is understood that the second alignment result may be the same information, or different information. And finally, generating an updated unauthorized detection result according to the second comparison result and the first comparison result. The embodiment does not limit the specific manner of generating the updated unauthorized detection result according to the second comparison result and the first comparison result, for example, if the second comparison result is that the original return information is the same as the second target return information, and the first comparison result is that the original return information is the same as the first target return information, at this time, the updated unauthorized detection result is obtained, that is, the target website does not have an unauthorized access hole; if the second comparison result is the comparison of different information, namely the original return information is different from the second target return information, and the first comparison result is the comparison of different information, namely the original return information is different from the first target return information, at the moment, the updated unauthorized detection result is obtained, namely the target website has an unauthorized access hole; if the second comparison result is that the comparison is identical information, namely the original return information is identical to the second target return information, the first comparison result is also identical to the comparison, namely the original return information is not identical to the first target return information, or if the second comparison result is that the comparison is not identical to the comparison, namely the original return information is not identical to the second target return information, the first comparison result is also identical to the comparison, namely the original return information is identical to the first target return information, and at the moment, the updated unauthorized detection result is obtained, namely the target website has an unauthorized access hole.
It can be understood that, in this embodiment, by additionally providing a way of modifying cookie information, that is, deleting cookie information, and then comparing a response result obtained by an http request generated after the cookie information is deleted, that is, second target return information, with the original return information, further performing unauthorized access vulnerability detection, the accuracy of an unauthorized detection result can be further increased, and an error caused by performing unauthorized detection only by replacing the cookie information is prevented.
It can also be understood that, in this embodiment, as long as the first comparison result is different from the second comparison result, that is, the original returned information is the same as the first target returned information, the original returned information is different from the second target returned information, or the original returned information is different from the first target returned information, and the original returned information is the same as the second target returned information, it is determined that the target website has the unauthorized access hole, that is, as long as the original returned information is different from the first target returned information or the second target returned information, it is determined that the target website has the unauthorized access hole, and the security of the target website can be effectively guaranteed.
In this specific embodiment, generating the updated unauthorized detection result according to the second comparison result and the first comparison result may include:
and if the second comparison result is different from the first comparison result, the updated unauthorized detection result indicates that the target website has an unauthorized access vulnerability.
Based on the technical scheme, the automatic unauthorized detection can be realized by uniformly replacing the cookie parameters by the proxy server, the adaptability is wide, different unauthorized access vulnerability detection strategies do not need to be formulated due to different private parameters of different websites, the unauthorized vulnerability can be timely and effectively detected, and the unauthorized detection efficiency is effectively improved.
The following provides a specific embodiment of an agent-based device for automatically detecting a website unauthorized vulnerability, which can enable a user to continuously and timely find the unauthorized vulnerability and improve the security of the website. Fig. 2 is a schematic flowchart of a process for automatically detecting a website unauthorized vulnerability based on an agent according to this embodiment.
1. The device is installed on the target website server, and the agent information is configured.
2. And when the user accesses the target website, the agent tool, namely the corresponding agent server, acquires the corresponding flow, and stores the corresponding url information, namely the corresponding original http request.
3. Acquiring Response information of an original url, namely original return information corresponding to the acquired original http request, and marking the Response information as Response A;
4. obtaining Request information of an original url, namely obtaining Request parameters of an http Request, verifying through an http Request tool (for example, the Request information can be edited through a postman interface tool, wherein postman is an http Request tool), deleting cookie information in the Request parameters through the tool (generally programming in an automation program, modifying the Request parameters through a library function and initiating a Request), initiating the http Request again, and obtaining corresponding Response, which is marked as Response B; the corresponding proxy server sends a generated new http request, namely a second target http request, and acquires second target return information;
5. obtaining Request information of an original url, similarly, verifying through an http Request tool, replacing cookie information through the tool (modifying Request parameters and initiating a Request through a library function in an automation program by general programming), initiating the http Request again, and obtaining a corresponding Response, which is marked as Response C; and the corresponding proxy server sends the generated new http request, namely the first target http request, and acquires the first target return information.
6. Comparing the Response A obtained in the step 3 with the Response B obtained in the step 4 to judge whether the texts of the two Response results are the same;
if the URL is the same as the target website, the url has no unauthorized access vulnerability, namely the corresponding target website has no unauthorized access vulnerability;
if not, the url has an unauthorized access hole, namely the corresponding target website has an unauthorized access hole.
7. Comparing the Response A obtained in the step 3 with the Response obtained in the step 5 to judge whether the two responses texts are the same;
if the URL is the same as the target website, the url has no unauthorized access hole, namely, the corresponding target website has no unauthorized access hole.
If not, the url has an unauthorized access hole, namely the corresponding target website has an unauthorized access hole.
In this embodiment, the process from step 2 to step 7 may be performed continuously, and the analysis and the judgment may be performed immediately as long as the agent tool obtains the traffic, so as to continuously detect the unauthorized access vulnerability of the target website.
Based on the technical scheme, the method comprises the steps of automatically collecting the flow of the accessed website through a proxy tool, namely a proxy server, storing the collected flow in a warehouse, replacing cookie information of an http request, deleting the cookie information and the like, accessing the target website for multiple times, and judging whether the target website has a vulnerability of unauthorized access according to a response result. The proxy tool is used for building a service platform to realize automatic detection of the unauthorized access vulnerability of the target website and continuous monitoring of the target website, and meanwhile, the device can adapt to different types of websites and help users to more effectively process the unauthorized vulnerability of the website. The method can realize more convenient and faster automatic flow acquisition, solve the problem of non-uniform token verification and authority verification modes of different websites, and effectively improve the detection efficiency and accuracy.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an unauthorized access vulnerability detection apparatus provided in an embodiment of the present application, where the unauthorized access vulnerability detection apparatus described below and the unauthorized access vulnerability detection method described above may be referred to in a mutually corresponding manner, and relevant modules are all disposed therein, and the schematic structural diagram includes:
in some specific embodiments, the method specifically includes:
the obtaining module 301 is configured to send an http request to a server of a target website when receiving the http request of a user for accessing the target website, and obtain original return information sent by the server of the target website according to the http request;
a replacing module 302, configured to determine a request parameter of the http request, replace cookie information in the request parameter, and generate a first target http request;
the first comparison module 303 is configured to obtain first target return information sent by a server of the target website according to the first target http request, and compare the original return information with the first target return information;
the first generating module 304 is configured to generate an unauthorized detection result according to the obtained first comparison result.
In some specific embodiments, the method further comprises:
the deleting module is used for deleting cookie information in the request parameters and generating a second target http request;
the second comparison module is used for acquiring second target return information sent by a server of the target website according to the second target http request, comparing the original return information with the second target return information and generating a second comparison result;
and the second generation module is used for generating an updated unauthorized detection result according to the second comparison result and the first comparison result.
In some specific embodiments, the second generating module includes:
and the unauthorized detection result unit is used for updating the unauthorized detection result to be the target website with unauthorized access holes if the second comparison result is different from the first comparison result.
Since the embodiment of the unauthorized access vulnerability detection apparatus portion and the embodiment of the unauthorized access vulnerability detection method portion correspond to each other, for the embodiment of the unauthorized access vulnerability detection apparatus portion, reference is made to the description of the embodiment of the unauthorized access vulnerability detection method portion, and details are not repeated here.
The application also discloses an unauthorized access vulnerability detection system, including:
the client is used for sending an http request for accessing the target website;
the proxy server is used for realizing the steps of the unauthorized access vulnerability detection method when executing the computer program;
and the website server is used for receiving the http request and the first target http request, and sending the original return information generated according to the http request and the first target return information sent according to the first target http request to the proxy server.
Since the embodiment of the unauthorized access vulnerability detection system part corresponds to the embodiment of the unauthorized access vulnerability detection method part, for the embodiment of the unauthorized access vulnerability detection system part, reference is made to the description of the embodiment of the unauthorized access vulnerability detection method part, which is not repeated here.
In the following, an electronic device provided by an embodiment of the present application is introduced, and the electronic device described below and the unauthorized access vulnerability detection method described above may be referred to correspondingly.
The application also discloses an electronic device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the unauthorized access vulnerability detection method when executing the computer program.
Since the embodiment of the electronic device portion corresponds to the embodiment of the unauthorized access vulnerability detection method portion, for the embodiment of the electronic device portion, reference is made to the description of the embodiment of the unauthorized access vulnerability detection method portion, and details are not repeated here.
In the following, a computer-readable storage medium provided in an embodiment of the present application is introduced, and the computer-readable storage medium described below and the unauthorized access vulnerability detection method described above may be referred to in a corresponding manner.
The application also discloses a computer readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the above-mentioned unauthorized access vulnerability detection method.
Since the embodiment of the computer-readable storage medium portion corresponds to the embodiment of the unauthorized access vulnerability detection method portion, for the embodiment of the computer-readable storage medium portion, reference is made to the description of the embodiment of the unauthorized access vulnerability detection method portion, and details are not repeated here.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The unauthorized access vulnerability detection method, device, system, electronic device and computer readable storage medium provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. An unauthorized access vulnerability detection method is applied to a proxy server and comprises the following steps:
when receiving an http request of a user for accessing a target website, sending the http request to a server of the target website, and acquiring original return information sent by the server of the target website according to the http request;
determining request parameters of the http request, replacing cookie information in the request parameters, and generating a first target http request;
acquiring first target return information sent by a server of the target website according to the first target http request, and comparing the original return information with the first target return information;
and generating an override detection result according to the obtained first comparison result.
2. The unauthorized access vulnerability detection method of claim 1, wherein after the determining the request parameters of the http request, further comprising:
deleting cookie information in the request parameters to generate a second target http request;
acquiring second target return information sent by the server of the target website according to the second target http request, and comparing the original return information with the second target return information to generate a second comparison result;
and generating an updated unauthorized detection result according to the second comparison result and the first comparison result.
3. The unauthorized access vulnerability detection method of claim 2, wherein the generating an updated unauthorized detection result according to the second comparison result and the first comparison result comprises:
and if the second comparison result is different from the first comparison result, the updated unauthorized detection result indicates that the target website has unauthorized access holes.
4. The unauthorized access vulnerability detection method of claim 1, wherein the replacing cookie information in the request parameters comprises:
and replacing the cookie information in the request parameter by using a library function.
5. An unauthorized access vulnerability detection device applied to a proxy server includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for sending an http request to a server of a target website when the http request of a user for accessing the target website is received, and acquiring original return information sent by the server of the target website according to the http request;
the replacing module is used for determining request parameters of the http request, replacing cookie information in the request parameters and generating a first target http request;
the first comparison module is used for acquiring first target return information sent by a server of the target website according to the first target http request and comparing the original return information with the first target return information;
and the first generation module is used for generating an unauthorized detection result according to the obtained first comparison result.
6. The unauthorized access vulnerability detection apparatus of claim 5, further comprising:
the deleting module is used for deleting the cookie information in the request parameter and generating a second target http request;
the second comparison module is used for acquiring second target return information sent by the server of the target website according to the second target http request, comparing the original return information with the second target return information and generating a second comparison result;
and the second generation module is used for generating an updated unauthorized detection result according to the second comparison result and the first comparison result.
7. The unauthorized access vulnerability detection apparatus of claim 5, wherein the second generation module comprises:
and the unauthorized detection result unit is used for judging that the updated unauthorized access vulnerability exists in the target website if the second comparison result is different from the first comparison result.
8. An unauthorized access vulnerability detection system, comprising:
the client is used for sending an http request for accessing the target website;
a proxy server for implementing the steps of the unauthorized access vulnerability detection method according to any of claims 1 to 4 when executing the computer program;
and the website server is used for receiving the http request and the first target http request, and sending original return information generated according to the http request and first target return information sent according to the first target http request to the proxy server.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the unauthorized access vulnerability detection method according to any of claims 1 to 4 when executing the computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, carries out the steps of the method of unauthorized access vulnerability detection according to any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110680411.XA CN113411333A (en) | 2021-06-18 | 2021-06-18 | Unauthorized access vulnerability detection method, device, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110680411.XA CN113411333A (en) | 2021-06-18 | 2021-06-18 | Unauthorized access vulnerability detection method, device, system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113411333A true CN113411333A (en) | 2021-09-17 |
Family
ID=77681556
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110680411.XA Pending CN113411333A (en) | 2021-06-18 | 2021-06-18 | Unauthorized access vulnerability detection method, device, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113411333A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499960A (en) * | 2021-12-24 | 2022-05-13 | 深圳开源互联网安全技术有限公司 | CSRF vulnerability identification method and device and computer readable storage medium |
| CN115051824A (en) * | 2022-03-30 | 2022-09-13 | 杭州默安科技有限公司 | Vertical override detection method, system, equipment and storage medium |
| CN117040801A (en) * | 2023-07-14 | 2023-11-10 | 华能信息技术有限公司 | Vulnerability detection method based on web middleware |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7779103B1 (en) * | 2006-12-12 | 2010-08-17 | Google Inc. | Dual cookie security system |
| CN107294919A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of detection method and device of horizontal authority leak |
| CN108833365A (en) * | 2018-05-24 | 2018-11-16 | 杭州默安科技有限公司 | A kind of service logic leak detection method and its system based on flow |
| CN109660552A (en) * | 2019-01-03 | 2019-04-19 | 杭州电子科技大学 | A kind of Web defence method combining address jump and WAF technology |
| CN110489966A (en) * | 2019-08-12 | 2019-11-22 | 腾讯科技(深圳)有限公司 | Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment |
| CN111104675A (en) * | 2019-11-15 | 2020-05-05 | 泰康保险集团股份有限公司 | Method and device for detecting system security vulnerability |
| CN111767542A (en) * | 2020-02-06 | 2020-10-13 | 北京沃东天骏信息技术有限公司 | Unauthorized detection method and device |
| CN112464250A (en) * | 2020-12-15 | 2021-03-09 | 光通天下网络科技股份有限公司 | Method, device and medium for automatically detecting unauthorized vulnerability |
-
2021
- 2021-06-18 CN CN202110680411.XA patent/CN113411333A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7779103B1 (en) * | 2006-12-12 | 2010-08-17 | Google Inc. | Dual cookie security system |
| CN107294919A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of detection method and device of horizontal authority leak |
| CN108833365A (en) * | 2018-05-24 | 2018-11-16 | 杭州默安科技有限公司 | A kind of service logic leak detection method and its system based on flow |
| CN109660552A (en) * | 2019-01-03 | 2019-04-19 | 杭州电子科技大学 | A kind of Web defence method combining address jump and WAF technology |
| CN110489966A (en) * | 2019-08-12 | 2019-11-22 | 腾讯科技(深圳)有限公司 | Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment |
| CN111104675A (en) * | 2019-11-15 | 2020-05-05 | 泰康保险集团股份有限公司 | Method and device for detecting system security vulnerability |
| CN111767542A (en) * | 2020-02-06 | 2020-10-13 | 北京沃东天骏信息技术有限公司 | Unauthorized detection method and device |
| CN112464250A (en) * | 2020-12-15 | 2021-03-09 | 光通天下网络科技股份有限公司 | Method, device and medium for automatically detecting unauthorized vulnerability |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499960A (en) * | 2021-12-24 | 2022-05-13 | 深圳开源互联网安全技术有限公司 | CSRF vulnerability identification method and device and computer readable storage medium |
| CN114499960B (en) * | 2021-12-24 | 2024-03-22 | 深圳开源互联网安全技术有限公司 | CSRF vulnerability identification method, device and computer readable storage medium |
| CN115051824A (en) * | 2022-03-30 | 2022-09-13 | 杭州默安科技有限公司 | Vertical override detection method, system, equipment and storage medium |
| CN115051824B (en) * | 2022-03-30 | 2024-04-02 | 杭州默安科技有限公司 | Vertical override detection method, system, equipment and storage medium |
| CN117040801A (en) * | 2023-07-14 | 2023-11-10 | 华能信息技术有限公司 | Vulnerability detection method based on web middleware |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324311B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| US10257199B2 (en) | Online privacy management system with enhanced automatic information detection | |
| CN113411333A (en) | Unauthorized access vulnerability detection method, device, system and storage medium | |
| US10248782B2 (en) | Systems and methods for access control to web applications and identification of web browsers | |
| KR101001132B1 (en) | Method and System for Determining Vulnerability of Web Application | |
| CN111209565B (en) | Horizontal override vulnerability detection method, equipment and computer readable storage medium | |
| US20140041048A1 (en) | Online Privacy Management | |
| CN107528858B (en) | Login method, device and equipment based on webpage and storage medium | |
| CN104580074A (en) | Logging method of client end application and corresponding server of logging method | |
| CN111431753A (en) | Asset information updating method, device, equipment and storage medium | |
| KR102090982B1 (en) | How to identify malicious websites, devices and computer storage media | |
| CN104601573A (en) | Verification method and device for Android platform URL (Uniform Resource Locator) access result | |
| CN112822147B (en) | Method, system and equipment for analyzing attack chain | |
| CN113961940B (en) | Override detection method and device based on authority dynamic update mechanism | |
| CN113518077A (en) | Malicious web crawler detection method, device, equipment and storage medium | |
| CN112100536A (en) | Webpage access method, device and equipment and readable storage medium | |
| KR20180075881A (en) | Method and Apparatus for Analyzing Web Vulnerability for Client-side | |
| CN113194099B (en) | Data proxy method and proxy server | |
| EP2973192A1 (en) | Online privacy management | |
| CN111241547B (en) | Method, device and system for detecting override vulnerability | |
| CN111767542A (en) | Unauthorized detection method and device | |
| CN110958160B (en) | Website detection method, device and system and computer readable storage medium | |
| CN113872919B (en) | Vulnerability scanning method and device | |
| CN110061864B (en) | Method and system for automatically verifying domain name configuration | |
| KR101482508B1 (en) | Browsing method for preventing file outflow and recording-medium recorded program thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210917 |
|
| RJ01 | Rejection of invention patent application after publication |