CN102136964B - Website testing method and system - Google Patents
Website testing method and system Download PDFInfo
- Publication number
- CN102136964B CN102136964B CN 201010559355 CN201010559355A CN102136964B CN 102136964 B CN102136964 B CN 102136964B CN 201010559355 CN201010559355 CN 201010559355 CN 201010559355 A CN201010559355 A CN 201010559355A CN 102136964 B CN102136964 B CN 102136964B
- Authority
- CN
- China
- Prior art keywords
- website
- test
- identification information
- http packet
- cookie
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a website testing method, which comprises the following steps of: 1, logging in a testing website, and acquiring identification information in a message transmitted by the testing website; and 2, transmitting an access request to the testing website according to the identification information to acquire website testing data. The invention also discloses a website testing system, which comprises an acquisition module and a testing module, wherein the acquisition module is used for logging in the testing website, and acquiring the identification information in the message transmitted by the testing website; and the testing module is used for transmitting the access request to the testing website according to the identification information to acquire the website testing data. In the website testing method and the website testing system provided by the invention, a verification code is not required in a way of forging website login information by utilizing the website identification information, and a developer is not required to regulate a code of the website, so low cost is ensured, and security risks are avoided.
Description
Technical field
The present invention relates to the website field tests, more particularly, relate to a kind of website testing method and system that utilizes website logo information to carry out the website test.
Background technology
In order to protect privacy of user, the safe coefficient of user profile is all improved in nearly all website with verification code technology.Along with the development of technology, the identifying code verification technique is tending towards complicated, and computer can't automatically identify all identifying codes, brings larger difficulty to automatic test when therefore guaranteeing information security, and follow-up test job also can't launch.For this situation, usually take following way to solve this problem that identifying code brings: 1, the contact developer masks identifying code; 2, the contact developer provides the generic validation code.By top two kinds of methods, can avoid the problem of identifying code.
But from top two kinds of methods as can be known, avoiding identifying code depends on the developer and adjusts code.For a system that has reached the standard grade, carry out the improvement cost height in order to test, and transformation can bring certain security risk, two kinds of methods are all not too suitable in the case.
Summary of the invention
The technical problem to be solved in the present invention is, for the website testing method of prior art and system because avoid the defective of the high and security risk of cost that the identifying code problem brings.Provide a kind of utilize website logo information forge the website the mode of log-on message walk around website testing method and the system of identifying code, this website testing method and system do not need the developer to adjust the website code, cost is low, without security risk.
The technical solution adopted for the present invention to solve the technical problems is: construct a kind of website testing method, comprising step: S1, log in the test website, obtain the identification information in the message that sends described test website; S2, send access request to obtain website test data according to described identification information to described test website.
In website testing method of the present invention, described step S1 comprises: S11, login test website, obtain the HTTP packet that all the machine network interface cards receive, whether send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produce judged result; S12, according to described judged result, obtain the identification information in the message that sends described test website.
In website testing method of the present invention, described step S12 comprises: when Cookie is used in described test website, obtain described identification information in the cookie information from heading; When Cookie is not used in described test website, from the Accept information of heading, obtain described identification information.
In website testing method of the present invention, described step S2 comprises: S21, according to described identification information structure HTTP packet; S22, send access request to obtain website test data according to described HTTP packet to described test website.
In website testing method of the present invention, described step S21 comprises: when Cookie is used in described test website, use described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie is not used in described test website, use described identification information to consist of Accept attribute information in the heading of described HTTP packet.
The present invention also constructs a kind of Website testing system, comprising: acquisition module: be used for logging in the test website, obtain the identification information in the message that sends described test website; And test module: be used for sending access request to described test website to obtain website test data according to described identification information.
In Website testing system of the present invention, described acquisition module comprises: judging unit: be used for login test website, obtain the HTTP packet that all the machine network interface cards receive, whether send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produce judged result; And acquiring unit: be used for according to described judged result, obtain the identification information in the message that sends described test website.
In Website testing system of the present invention, when Cookie is used in described test website, obtain described identification information in the cookie information of described acquiring unit from heading; When Cookie was not used in described test website, described acquiring unit obtained described identification information from the Accept information of heading.
In Website testing system of the present invention, described test module comprises: structural unit: be used for according to described identification information structure HTTP packet; And test cell: be used for sending access request to described test website to obtain website test data according to described HTTP packet.
In Website testing system of the present invention, when Cookie was used in described test website, described structural unit used described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie was not used in described test website, described structural unit used described identification information to consist of Accept attribute information in the heading of described HTTP packet.
Implement website testing method of the present invention and system, have following beneficial effect: utilize website logo information forge the website the mode of log-on message walk around identifying code, do not need the developer to adjust the website code, cost is low, without security risk.
Judge the source of HTTP packet as elementary screening, the workload that the minimizing identification information obtains.Adopt different identification information getting method and using method for using the different test website with not using Cookie.
Description of drawings
The invention will be further described below in conjunction with drawings and Examples, in the accompanying drawing:
Fig. 1 is the flow chart of the first preferred embodiment of website testing method of the present invention;
Fig. 2 is the flow chart of the second preferred embodiment of website testing method of the present invention;
Fig. 3 is the flow chart of the 3rd preferred embodiment of website testing method of the present invention;
Fig. 4 is the structural representation of the first preferred embodiment of Website testing system of the present invention;
Fig. 5 is the structural representation of the second preferred embodiment of Website testing system of the present invention;
Fig. 6 is the structural representation of the 3rd preferred embodiment of Website testing system of the present invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, is not intended to limit the present invention.
In the flow chart of the first preferred embodiment of website testing method of the present invention shown in Figure 1, described website testing method starts from step 100; Proceed to step 101 after the step 100, log in the test website, obtain the identification information in the message that sends described test website; Subsequently, to next step 102, send access request to described test website to obtain website test data according to described identification information; Last the method ends at step 103.When adopting this website method of testing to carry out the website test, initial landing test website, log in successfully and from the message that the test website is returned, read identification information afterwards, when carrying out subsequently the website test, the identification information that application is obtained sends access request (project of test) to the test website, obtains the data of returning the website and tests to carry out the website.Can avoid every test when carrying out like this website test all needs the input validation code, does not need the developer to adjust the website code, has avoided transforming the expensive and security risk that cause the website for adjusting the website code.
In the flow chart of the second preferred embodiment of website testing method of the present invention shown in Figure 2, described website testing method starts from step 200; Proceed to step 201 after the step 200, whether login test website obtains the HTTP packet that all the machine network interface cards receive, send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produces judged result; Subsequently, to next step 202, according to described judged result, obtain the identification information in the message that sends described test website; Subsequently, to next step 203, send access request to described test website to obtain website test data according to described identification information.Last the method ends at step 204.After logging in the test website, the machine network interface card will receive outside HTTP packet, wherein have from the test website and send, also have and send from non-test website, whether the Host determined property HTTP packet according to the HTTP packet that receives sends from the test website, as sending the identification information that then from the HTTP packet, obtains in the message from the test website, as not being to send and then abandon this HTTP packet from the test website.Arranging like this can greatly reduce the workload that identification information obtains, and avoids obtaining wrong identification information.
In the flow chart of the 3rd preferred embodiment of website testing method of the present invention shown in Figure 3, described website testing method starts from step 300; Proceed to step 301 after the step 300, log in the test website, obtain the identification information in the message that sends described test website; Subsequently, to next step 302, according to described identification information structure HTTP packet; Subsequently, to next step 303, send access request to described test website to obtain website test data according to described HTTP packet.Last the method ends at step 304.Construct the HTTP packet so that can utilize website logo information to forge log-on message of website by identification information, thereby walk around the process of input validation code, so that the website automatic test is carried out.
Preferred embodiment as website testing method of the present invention, when Cookie is used in described test website, obtain described identification information in the cookie information from heading, use described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie is not used in described test website, from the Accept information of heading, obtain described identification information, use described identification information to consist of Accept attribute information in the heading of described HTTP packet.May setup and use Cookie and do not use two kinds of settings of Cookie for the website, adopt obtaining and using method of different identification informations.
When Cookie is used in described test website, obtain described identification information in the cookie information from the heading of testing the HTTP packet that sends the website, be generally: JSESSIONID=xxx, information is identification information after the SESSIONID parameter.
Carry out website when test, use described identification information to consist of Cookie attribute information in the heading of described HTTP packet, specific as follows:
GET/user_details.jsp?HTTP/1.1
Accept:image/gif,image/jpeg,image/pjpeg,image/pjpeg,
Accept-Language:zh-cn
Accept-Encoding:gzip,deflate
Host: website IP:8080
Connection:Keep-Alive
Cookie: get access to sign and write herein
When Cookie is not used in described test website, from the Accept information of the heading of the HTTP packet that sends of test website, obtain described identification information, is the sign information exchange often among the Accept: http://www.xxx.com/xxx/xx.xx? JSESSIONID=xxxx, information is identification information after the JSESSIONID parameter.
Carry out website when test, use described identification information to consist of Accept attribute information in the heading of described HTTP packet, specific as follows:
GET/user_details.jsp? JSESSIONID=gets access to sign and writes HTTP/1.1 herein
Accept:image/gif,image/jpeg,image/pjpeg,image/pjpeg,
Accept-Language:zh-cn
Accept-Encoding:gzip,deflate
Host: website IP:8080
Connection:Keep-Alive。
So namely realized the website test to the automation of use and the different test website of not using Cookie.
The present invention also constructs a kind of Website testing system, and in the structural representation of the first preferred embodiment of Website testing system of the present invention shown in Figure 4, described Website testing system comprises acquisition module 1 and test module 2.Acquisition module 1 is used for logging in the test website, obtains the identification information in the message that sends described test website; Test module 2 is used for sending access request to described test website to obtain website test data according to described identification information.When adopting this website test macro to carry out the website test, at first acquisition module 1 logs in the test website, log in successfully and from the message that the test website is returned, read identification information afterwards, when carrying out subsequently the website test, test module 2 is used the identification information that obtains and is sent access request (project of test) to the test website, obtains the data of returning the website and tests to carry out the website.Can avoid every test when carrying out like this website test all needs the input validation code, does not need the developer to adjust the website code, has avoided transforming the expensive and security risk that cause the website for adjusting the website code.
In the structural representation of the second preferred embodiment of Website testing system of the present invention shown in Figure 5, acquisition module 1 comprises judging unit 11 and acquiring unit 12.Whether judging unit 11 is used for login test website, obtains the HTTP packet that all the machine network interface cards receive, send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produces judged result; Acquiring unit 12 is used for according to described judged result, obtains the identification information in the message that sends described test website.After logging in the test website, the machine network interface card will receive outside HTTP packet, wherein have from the test website and send, also have and send from non-test website, whether judging unit 11 sends from the test website according to the Host determined property HTTP packet of the HTTP packet that receives, as sending 12 identification informations that obtain in the message of acquiring unit from the test website from the HTTP packet, as not being to send from the test website, 12 of acquiring units abandon this HTTP packet.Arranging like this can greatly reduce the workload that identification information obtains, and avoids obtaining wrong identification information.
In the structural representation of the 3rd preferred embodiment of Website testing system of the present invention shown in Figure 6, test module 2 comprises structural unit 21 and test cell 22.Structural unit 21 is used for according to described identification information structure HTTP packet; Test cell 22 is used for sending access request to described test website to obtain website test data according to described HTTP packet.Structural unit 21 constructs the HTTP packet by identification information so that test cell 22 can utilize website logo information to forge log-on message of website, thereby walks around the process of input validation code, so that the website automatic test is carried out.
Preferred embodiment as Website testing system of the present invention, when Cookie is used in described test website, obtain described identification information in the cookie information of acquiring unit 12 from heading, structural unit 21 uses described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie was not used in described test website, acquiring unit 12 obtained described identification information from the Accept information of heading, and structural unit 21 uses described identification information to consist of Accept attribute information in the heading of described HTTP packet.May setup and use Cookie and do not use two kinds of settings of Cookie for the website, adopt obtaining and using method of different identification informations.Concrete implementation is referring to above-mentioned relevant website testing method.So namely realized the website test to the automation of use and the different test website of not using Cookie.
The above only is embodiments of the invention; be not so limit claim of the present invention; every equivalent structure transformation that utilizes specification of the present invention and accompanying drawing content to do, or directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.
Claims (2)
1. a website testing method is characterized in that, comprises step:
Whether S11, login test website obtain the HTTP packet that all the machine network interface cards receive, send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produce judged result;
S12, according to described judged result, obtain the identification information in the message that sends described test website;
S21, according to described identification information structure HTTP packet;
S22, send access request to obtain website test data according to described HTTP packet to described test website;
Wherein, described step S12 comprises: when Cookie is used in described test website, obtain described identification information in the cookie information from heading; When Cookie is not used in described test website, from the Accept information of heading, obtain described identification information;
Described step S21 comprises: when Cookie is used in described test website, use described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie is not used in described test website, use described identification information to consist of Accept attribute information in the heading of described HTTP packet.
2. a Website testing system is characterized in that, comprising:
Acquisition module (1): be used for logging in the test website, obtain the identification information in the message that sends described test website; And
Test module (2): be used for sending access request to described test website to obtain website test data according to described identification information;
Wherein, described acquisition module (1) comprising:
Judging unit (11): be used for login test website, obtain the HTTP packet that all the machine network interface cards receive, whether send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produce judged result; And
Acquiring unit (12): be used for according to described judged result, obtain the identification information in the message that sends described test website;
Described test module (2) comprising:
Structural unit (21): be used for according to described identification information structure HTTP packet; And
Test cell (22): be used for sending access request to described test website to obtain website test data according to described HTTP packet;
When Cookie is used in described test website, obtain described identification information in the cookie information of described acquiring unit (12) from heading; When Cookie was not used in described test website, described acquiring unit (12) obtained described identification information from the Accept information of heading;
When Cookie was used in described test website, described structural unit (21) used described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie was not used in described test website, described structural unit (21) used described identification information to consist of Accept attribute information in the heading of described HTTP packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010559355 CN102136964B (en) | 2010-11-25 | 2010-11-25 | Website testing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010559355 CN102136964B (en) | 2010-11-25 | 2010-11-25 | Website testing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102136964A CN102136964A (en) | 2011-07-27 |
| CN102136964B true CN102136964B (en) | 2013-02-27 |
Family
ID=44296625
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010559355 Active CN102136964B (en) | 2010-11-25 | 2010-11-25 | Website testing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102136964B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102541732B (en) * | 2011-12-23 | 2015-05-27 | 中国移动(深圳)有限公司 | Method for constructing Web automatic testing framework |
| CN103634159B (en) * | 2012-08-24 | 2018-11-09 | 百度在线网络技术(北京)有限公司 | A kind of traffic playback method and device based on simulation login |
| CN103490896B (en) * | 2013-09-16 | 2017-02-08 | 北京创世泰克科技股份有限公司 | Multi-user website automatic logger and achieving method thereof |
| CN104580436A (en) * | 2014-12-29 | 2015-04-29 | 北京锐安科技有限公司 | Method and device for acquiring report data of illegal website |
| US10063571B2 (en) * | 2016-01-04 | 2018-08-28 | Microsoft Technology Licensing, Llc | Systems and methods for the detection of advanced attackers using client side honeytokens |
| CN109635549A (en) * | 2018-12-13 | 2019-04-16 | 郑州云海信息技术有限公司 | A kind of method and device verified in automatic test |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1952964A (en) * | 2005-10-18 | 2007-04-25 | 邱文志 | Testing method for web site system |
| CN101572608A (en) * | 2009-06-17 | 2009-11-04 | 杭州华三通信技术有限公司 | Method and device for acquiring once-login parameters |
| CN101778013A (en) * | 2009-12-28 | 2010-07-14 | 北京世纪互联宽带数据中心有限公司 | Website testing system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102105920A (en) * | 2008-07-29 | 2011-06-22 | 摩托罗拉移动公司 | Method and system for securing communication sessions |
-
2010
- 2010-11-25 CN CN 201010559355 patent/CN102136964B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1952964A (en) * | 2005-10-18 | 2007-04-25 | 邱文志 | Testing method for web site system |
| CN101572608A (en) * | 2009-06-17 | 2009-11-04 | 杭州华三通信技术有限公司 | Method and device for acquiring once-login parameters |
| CN101778013A (en) * | 2009-12-28 | 2010-07-14 | 北京世纪互联宽带数据中心有限公司 | Website testing system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102136964A (en) | 2011-07-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102136964B (en) | Website testing method and system | |
| CN102801616B (en) | Message sending and receiving method, device and system | |
| US9294463B2 (en) | Apparatus, method and system for context-aware security control in cloud environment | |
| CN105051685B (en) | For causing networked asset to be able to access that locally applied system and method | |
| CN105898893B (en) | Full-duplex communication method for mobile terminal and Internet of things equipment | |
| CN103346972A (en) | Flow control device and method based on user terminal | |
| CN105897652A (en) | Standard protocol based heterogeneous terminal dynamic access method | |
| CN105827658A (en) | Method and device for multi-application synchronization login | |
| CN106484611A (en) | Fuzz testing method and apparatus based on automation protocol adaptation | |
| CN104468592A (en) | Login method and system | |
| CN103490896B (en) | Multi-user website automatic logger and achieving method thereof | |
| CN110290015A (en) | Remote deployment method, apparatus and storage medium | |
| KR20180048634A (en) | Custom resource types for machine-to-machine communication | |
| CN104079571A (en) | Method and device for recognizing Android simulator | |
| CN104468265A (en) | Method and device for detecting online states of local area network terminals | |
| CN108270819A (en) | Remote debugging method, server and the system of mobile equipment | |
| CN108124007A (en) | The method and apparatus of message data real-time Transmission | |
| WO2017054307A1 (en) | Recognition method and apparatus for user information | |
| CN103970882A (en) | Method and device for rendering page | |
| CN111066014A (en) | Apparatus, method and program for remotely managing devices | |
| CN103997437A (en) | Cloud server registration function testing method | |
| CN111211934A (en) | Cluster remote communication test method and system | |
| CN103369000A (en) | Data transmission method and data transmission system | |
| CN105530137A (en) | Traffic data analysis method and traffic data analysis system | |
| CN108363922B (en) | Automatic malicious code simulation detection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 518048 Guangdong province Futian District Shenzhen City Binhe Road, No. 9023, building 11, 41 layers of the country through the Patentee after: Medium shift information technology Co., Ltd. Address before: 518048 Futian District Binhe Road, Shenzhen, Guangdong Province, ten building, Xinzhou mansion, Xinzhou Patentee before: China Mobile (Shenzhen) Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200312 Address after: Room 1006, building 16, yard 16, Yingcai North Third Street, future science city, Changping District, Beijing 100000 Co-patentee after: CHINA MOBILE COMMUNICATIONS GROUP Co.,Ltd. Patentee after: China Mobile Information Technology Co., Ltd Address before: 518048, Guangdong Province, Futian District, Shenzhen Binhe Road, 9023 Tong Building, 11 and 41 Patentee before: Medium shift information technology Co., Ltd. |