CN103634305B - The recognition methods of website firewall and equipment - Google Patents
The recognition methods of website firewall and equipment Download PDFInfo
- Publication number
- CN103634305B CN103634305B CN201310575322.4A CN201310575322A CN103634305B CN 103634305 B CN103634305 B CN 103634305B CN 201310575322 A CN201310575322 A CN 201310575322A CN 103634305 B CN103634305 B CN 103634305B
- Authority
- CN
- China
- Prior art keywords
- fire wall
- website
- response message
- information related
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 230000004044 response Effects 0.000 claims abstract description 88
- 238000012360 testing method Methods 0.000 claims description 37
- 238000010276 construction Methods 0.000 claims description 5
- 230000007246 mechanism Effects 0.000 abstract description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 230000002265 prevention Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000001035 drying Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 206010022000 influenza Diseases 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000000246 remedial effect Effects 0.000 description 1
Landscapes
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Invention provides recognition methods and the equipment of a kind of website firewall, and this method includes:HTTP request is sent to website;Receive the response message that website returns;Obtain the information related to fire wall in response message;According to the information related to fire wall, fire wall is identified.By the invention it is possible to solve, because the mechanism of fire wall is different, the problem of causing to identify inconvenience, fire wall used in website can be identified exactly.
Description
Technical field
The present invention relates to Internet technical field, recognition methods and equipment more particularly to a kind of website firewall.
Background technology
With the development of Internet technology, network security is also more and more taken seriously, and nowadays, influences network security
Main factor come from the attack of hacker.At present, in order to avoid attack of the hacker to website, most website installation
There is fire wall, this provides favourable guarantee for web portal security to a certain extent.
But in the fire wall that uses of current web, still there is part fire wall due to the leak that itself is designed and peace be present
Full blast danger.Therefore, when user conducts interviews to website, it is necessary to identify whether the website has used fire wall, and use
The species of fire wall, prompt the user with fire wall used in the website again afterwards and whether there is security risk, in order to user
Remedial measure can be used.
Because the mechanism of existing fire wall is not quite similar, result in every kind of fire wall has different recognition methods, because
How this, accurately identify fire wall used in website, and correlation technique is still not implemented.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome above mentioned problem or at least in part solve on
State the recognition methods suitable for website firewall of problem and correspondingly equipment.
According to one aspect of the present invention, there is provided a kind of recognition methods of website firewall, including:
HTTP request is sent to website;
Receive the response message that website returns;
Obtain the information related to fire wall in response message;
According to the information related to fire wall, fire wall is identified.
Alternatively, HTTP request is sent to website, including:
To the URL of website(Uniform Resource Locator, URL)Send GET request;
The information related to fire wall in response message is obtained, including:
Obtain the information related to fire wall in the head for the response message for GET request that website returns.
Alternatively, HTTP request is sent to website, including:
A link of website is extracted from index database, constructs cross-site scripting attack(XSS)Leak test request;
By cross-site scripting attack(XSS)Leak test request is sent to website;
The information related to fire wall in response message is obtained, including:
Obtain website return is directed to cross-site scripting attack(XSS)The head of the response message of leak test request and/or
The information related to fire wall in content.
Alternatively, HTTP request is sent to website, including:
Leak test request is sent to website with preset frequency;
The information related to fire wall in response message is obtained, including:
Obtain website return the response message for leak test request head and/or content in fire wall phase
The information of pass.
Alternatively, according to the information related to fire wall, fire wall is identified, including:
According to the preset information related to fire wall and the corresponding relation of fire wall, fire wall is identified.
Alternatively, the information related to fire wall includes:
The characteristic information of the specific part extracted from response message.
According to one aspect of the present invention, a kind of identification equipment of fire wall is additionally provided, including:
Transmitter is asked, is configured to send HTTP request to website;
Receiver is responded, is configured to receive the response message that website returns;
Information acquirer, it is configured to obtain the information related to fire wall in response message;
Fire wall identifier, it is configured to, according to the information related to fire wall, identify fire wall.
Alternatively, request transmitter is additionally configured to the URL transmission GET requests of website;
Correspondingly, information acquirer is additionally configured in the head for the response message for GET request that acquisition website returns
The information related to fire wall.
Alternatively, request transmitter is additionally configured to extract a link of website from index database, and construction cross site scripting is attacked
Hit(XSS)Leak test request, and by cross-site scripting attack(XSS)Leak test request is sent to website;
Correspondingly, information acquirer be additionally configured to obtain website return be directed to cross-site scripting attack(XSS)Leak is tested
The information related to fire wall in the head of the response message of request and/or content.
Alternatively, request transmitter is additionally configured to send leak test request to website with preset frequency;
Correspondingly, information acquirer is additionally configured to obtain the head for the response message for leak test request that website returns
The information related to fire wall in portion and/or content.
Alternatively, fire wall identifier is additionally configured to the correspondence according to the preset information related to fire wall and fire wall
Relation, identify fire wall.
Alternatively, the information related to fire wall includes:
The characteristic information of the specific part extracted from response message.
The invention provides a kind of recognition methods of website firewall, by sending HTTP request to website and receiving website
The response message of return, the information related to fire wall in response message is obtained, so as to according to related to fire wall
Information identifies fire wall used in website.The identification method has versatility, can solve due to fire wall mechanism not
Together, the problem of causing to identify inconvenience, fire wall used in website can be identified exactly.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 is a kind of recognition methods flow chart of website firewall according to an embodiment of the invention;
Fig. 2 is the specific recognition methods flow chart of the first website firewall according to an embodiment of the invention;
Fig. 3 is that the response header in the http response information that a website according to an embodiment of the invention returns shows
It is intended to;
Fig. 4 is the specific recognition methods flow chart of second of website firewall according to an embodiment of the invention;
Fig. 5 is the specific recognition methods flow chart of the third website firewall according to an embodiment of the invention;
Fig. 6 is a kind of structured flowchart of the identification equipment of fire wall according to an embodiment of the invention.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although this public affairs is shown in accompanying drawing
The exemplary embodiment opened, it being understood, however, that may be realized in various forms the disclosure without the reality that should be illustrated here
Example is applied to be limited.Conversely, there is provided these embodiments are to be able to thoroughly understand the disclosure, and can be by the model of the disclosure
Enclose and be completely communicated to those skilled in the art.
Embodiment one
The embodiments of the invention provide a kind of recognition methods of website firewall.This method is to that can identify that fire wall is set
It is standby to be improved.For example, the equipment in the present embodiment can be PC(Personal Computer, personal computer), hand
The subscriber terminal equipments such as machine, HPC.
Fig. 1 is a kind of recognition methods flow chart of website firewall according to an embodiment of the invention, and this method includes
Step S102 to S106.
S102, HTTP request is sent to website.
S104, the response message that website returns is received, and obtain the information related to fire wall in response message.
S106, according to the information related to fire wall, identify fire wall.
The embodiments of the invention provide a kind of recognition methods of website firewall, by sending HTTP request to website and connecing
The response message that website returns is received, the information related to fire wall in response message is obtained, so as to basis and fire wall
Related information identifies fire wall used in website.The identification method has versatility, can solve due to fire wall
Mechanism is different, the problem of causing to identify inconvenience, can identify fire wall used in website exactly.
Embodiment two
The present embodiment is a kind of concrete application scene of above-described embodiment one, being capable of clearer, tool by the present embodiment
Illustrate method provided by the present invention body., can be by identifying setting for fire wall when realizing the method that the present embodiment provides
It is standby to carry out the identification of website firewall.
As the refinement of above-described embodiment one, the specific recognition methods of three kinds of website firewalls is present embodiments provided.Should
Three kinds of methods can perform respectively and mutually it is independent, specifically introduce the specific knowledge of three kinds of website firewalls below in conjunction with the accompanying drawings
Other method.
It should be noted that for part website, a HTTP request is sent toward website, is carried if in its response message
Firewall information, the information is directly taken out, identify corresponding fire wall, for those websites, can only pass through
The first method introduced as follows identifies website firewall.
Fig. 2 is the specific recognition methods flow chart of the first website firewall according to an embodiment of the invention, the party
Method includes step S201 to S204.
First, step S201 is performed by the said equipment, i.e., sends GET request to the website URL of user's current accessed.
Wherein, GET request is one kind in HTTP request, and GET request is to ask for a kind of of data to server to ask.
Generally, the parameter of GET request can be followed and transmitted after URL, and the data of request can be attached to after URL, split URL and biography with " "
Transmission of data, it is connected with " & " between parameter, " XX " in " %XX " is the ASCII that the symbol is represented with 16 systems, if data are
English alphabet/numeral, send as former state, if space, be converted to "+", if Chinese or other characters, then directly word
Symbol string is encrypted with BASE64.
In addition, the data of GET transmission have size limitation, because GET is to submit data by URL, GET can be submitted
Data volume it is relevant with URL length, different browsers are different to URL length limitation.
After Website server receives the GET request, it can be parsed and return to corresponding response message.
Then, identify that the equipment of fire wall continues executing with step S202, receive the GET that is directed to that Website server returns and ask
The response message asked, the response message is parsed, and judge whether include the letter related to fire wall in response message
Breath.If comprising the related information of fire wall, step S203, if not including, end operation are performed.
State code, head response and response text three parts are included in http response information.Generally, the fire wall letter of website
Breath can be write in the head response of http response information, so, whether step S202 includes and prevents fires in response message is judged
, can be directly by judging whether the head of response message includes the information related to fire wall come real during the information of wall correlation
It is existing.Wherein, the information related to fire wall is the characteristic information of the specific part extracted in response message.
Alternatively, if the head of response message includes such as Server:TbGf4/X.X.X、Server:XxxWAF or
Server:The information such as xxxFirewall, then illustrate to contain the information related to fire wall in the header information.
In order to more clearly describe the information related to fire wall mentioned by the present embodiment, the present embodiment additionally provides figure
3, illustrate the response header schematic diagram in the http response information that a website returns.Wherein, included in Fig. 3 with fire prevention
The related information of wall is Server:Safe3Web Firewall.
S203, it is above-mentioned for the response message of the GET request in extract the information related to fire wall.Be extracted with
After the related information of fire wall, step S204 is continued executing with, i.e., according to the information related to fire wall of acquisition, identification fire prevention
The type of wall.
In the present embodiment, the type list of a fire wall can be locally stored with, is presetting the information related to fire wall
With the corresponding relation of fire wall, therefore according to corresponding to the firewall type table can find the information related to fire wall
Firewall type.
For example, the firewall information that step S203 is extracted is Server:TbGf4/X.X.X, then illustrate the fire wall
Type is website bodyguard.
It should also be noted that, when taking the above method not get the related information of website firewall in order to
Enough further ensure that and get the related information of website firewall, the present embodiment institute can also be performed based on the above method
The second method of offer.
In addition, it should also be noted that, for part website, its fire wall primary protection website vulnerability, so construction
One XSS leaks test request sends the past, as carried firewall information in its response message, then can directly take out the information,
And corresponding firewall type is identified, for those websites, only it can be known by the second method introduced as follows
Other website firewall.
Lower mask body introduces the second method that the present embodiment is provided, and Fig. 4 is according to an embodiment of the invention
The specific recognition methods flow chart of two kinds of website firewalls, the method comprising the steps of S301 to S304.
First, step S301 is performed, a link of current accessed website is extracted from index database, constructs XSS(Cross
Site Scripting, cross-site scripting attack)Leak test request, and the XSS leak test requests are sent to the website.
In the present embodiment, the web site url extracted in index database can be any one link under current site.In structure
When making XSS leak test requests, it can utilize<script>…</script>,<iframe>…</iframe>Deng label and
The functions such as alret construct a series of data, then again by the data of the construction and the company under above-mentioned current site in advance
Connect and be combined, be available for testing the test URL of XSS leaks, the URL is XSS leak test requests.
For example, it is linked as under the current site shifted to an earlier date in the present embodiment:
webscan.XXX.cn/a/a.php?a=1
Being configured to XSS tests URL is then:
webscan.XXX.cn/a/a.phpa=1<script>alert(123)</script>).
Wherein, XXX.cn is the domain name of the website.
It should be noted that if website does not install fire wall, be relatively easy to XSS leaks occur, thus easily by
The attack of malicious code.
After Website server receives the XSS leak test requests, it can be parsed and return to corresponding response message.
Then, identify that the equipment of fire wall continues executing with step S302, receive Website server return is directed to XSS leaks
The response message of test request, the response message is parsed, and judge whether include in response message and fire wall phase
The information of pass.If comprising the related information of fire wall, step S303, if not including, end operation are performed.
Unlike above-mentioned first method, whether step S302 includes and fire wall phase in response message is judged
During the information of pass, not only whether can include the information related to fire wall by judging the head of response message to realize,
The information related to fire wall whether can also be included by judging the text of response message to realize.Wherein, as long as in head
The information related to fire wall at least one of portion or text message be present, that is, determine to include fire wall phase in response message
The information of pass.
It should be noted that step S302 searches whether to include the information related to fire wall in the head of response message
Method it is identical with step S202 method.And search whether to include the information related to fire wall in the text of response message
Exactly check whether comprising fire wall interception characteristic information inside the content of return, for example, safety dog intercepts the interior of page return
Appearance includes:Web portal security dog .*www.safedog.cn.
S303, it is above-mentioned for the response message of XSS leak test requests in extract the information related to fire wall.Carrying
After having taken the information related to fire wall, step S304 is continued executing with, i.e., according to the information related to fire wall of acquisition, is known
The type of other fire wall.
Similarly, the type list of a fire wall can be locally stored with, presetting the information related to fire wall and prevent
The corresponding relation of wall with flues, therefore the fire wall according to corresponding to the firewall type table can find the information related to fire wall
Type.
For example, the firewall information that step S303 is extracted is Server:TbGf4/X.X.X, then illustrate the fire wall
Type is website bodyguard.
It should also be noted that, when taking the above method not get the related information of website firewall in order to
Enough further ensure that and get the related information of website firewall, the present embodiment institute can also be performed based on the above method
The third method provided.
It should also be noted that, for part website, its fire wall main function is to prevent DDOS/CC from attacking, if
Frequently it is sent to ask, such as N is have sent within one minute(N is beyond the acceptable access frequency in the website)Secondary HTTP
Request, fire wall then confirms it is the attack to server, at this point it is possible to firewall information directly is taken out from its response message,
Corresponding firewall type is identified, for those websites, only can be identified by the third method introduced as follows
Website firewall.
Lower mask body introduces the third method that the present embodiment is provided, and Fig. 5 is according to an embodiment of the invention
The specific recognition methods flow chart of three kinds of website firewalls, the method comprising the steps of S401 to S407.
First, step S401 is performed, leak test request is sent to the website of current accessed with preset frequency.The present embodiment
In, can be to send 60 leak test requests within one minute, at this moment, server is then considered that website is attacked by DDOS/CC,
Now, fire wall takes self-prevention action to above-mentioned attack, and returns to response message.
Then, identify that the equipment of fire wall continues executing with step S402, receive being sent out for continuous for Website server return
The response message for the leak test request sent, is parsed to the response message, and obtains the state generation in each response message
Code.
It is above-mentioned to refer in http response information comprising state code, head response and response text three parts.Wherein, state generation
Code represents whether request is understood or is satisfied, and different state codes represents different implications.For example, work as state code
For 204 when, represent request and receive, but return information for sky.
S403, whether the state code for judging to obtain is continuous special code, if so, step S404 is then continued executing with,
If it is not, then end operation.
When server thinks to receive DDOS/CC attacks, the state code of return is special code, and expression can not receive
Request, during such as special code 403, statement is forbidden accessing, during special code 500, then it represents that server mistake.
S404, judges whether the continuous number for special state code occur exceedes preset times.If exceeding preset times,
Step S405 is continued executing with, if not less than preset times, end operation.
Alternatively, preset times could be arranged to 20 times, if 30 special codes continuously occurs in this step S404
403, then beyond preset times, now continue executing with step S405.
S405, judge whether include the information related to fire wall in response message.If include the related letter of fire wall
Breath, then perform step S406, if not including, end operation.
It should be noted that whether step S405 when including the information related to fire wall in judging response message,
Not only whether can include the information related to fire wall by judging the head of response message to realize, can also be by sentencing
Whether the text of disconnected response message includes the information related to fire wall to realize.Wherein, as long as believing on head or text
The information related to fire wall at least one of breath be present, that is, determine the information for including fire wall correlation in response message.
Step S405 searches whether to include the method and step of the information related to fire wall in the head of response message
S202 method is identical.And it is exactly to check to return to be searched whether in the text of response message comprising the information related to fire wall
Content inside whether comprising fire wall intercept characteristic information.
S406, the information related to fire wall is extracted in the response message for leak test request.Be extracted with
After the related information of fire wall, step S407 is continued executing with, i.e., according to the information related to fire wall of acquisition, identification fire prevention
The type of wall.
It should be noted that the recognition methods of the above-mentioned three kinds of fire walls provided in embodiment two, can be prevented fires
Wall identifies.Preferable execution sequence is method one, method two and method three, but can also be used alone, or with other order
The identification of fire wall is performed successively.
The embodiments of the invention provide a kind of recognition methods of website firewall, by sending HTTP requests simultaneously to website
The response message that website returns is received, the information related to fire wall in response message is obtained, so as to basis and fire prevention
Wall related information identifies fire wall used in website.The identification method has versatility, can solve due to fire wall
Mechanism it is different, the problem of causing to identify inconvenience, fire wall used in website can be identified exactly.
Embodiment three
Fig. 6 is a kind of structured flowchart of the identification equipment for fire wall that one embodiment of the invention provides, and the equipment 600 is wrapped
Include:
Transmitter 610 is asked, is configured to send HTTP request to website;
Receiver 620 is responded, is configured to receive the response message that website returns;
Information acquirer 630, it is configured to obtain the information related to fire wall in response message;
Fire wall identifier 640, it is configured to, according to the information related to fire wall, identify fire wall.
Alternatively, request transmitter 610 is additionally configured to the uniform resource position mark URL transmission GET request of website;
Correspondingly, information acquirer 630 is additionally configured to obtain the head for the response message for GET request that website returns
In the information related to fire wall.
Alternatively, request transmitter 610 is additionally configured to extract a link of website from index database, constructs cross site scripting
Attack(XSS)Leak test request, and by cross-site scripting attack(XSS)Leak test request is sent to website;
Correspondingly, information acquirer 630 be additionally configured to obtain website return be directed to cross-site scripting attack(XSS)Leak is surveyed
The information related to fire wall in the head of the response message of examination request and/or content.
Alternatively, request transmitter 610 is additionally configured to send leak test request to website with preset frequency;
Correspondingly, information acquirer 630 is additionally configured to obtain the response message for leak test request that website returns
Head and/or content in the information related to fire wall.
Alternatively, fire wall identifier 640 is additionally configured to according to the preset information related to fire wall and fire wall
Corresponding relation, identify fire wall.
Alternatively, the information related to fire wall includes:
The characteristic information of the specific part extracted from response message.
The embodiments of the invention provide a kind of identification equipment of website firewall, by sending HTTP request to website and connecing
The response message that website returns is received, the information related to fire wall in response message is obtained, so as to basis and fire wall
Related information identifies fire wall used in website.The identification equipment has versatility, can solve due to fire wall
Mechanism is different, the problem of causing to identify inconvenience, can identify fire wall used in website exactly.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
The application claims of shield features more more than the feature being expressly recited in each claim.It is more precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself
Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is to this specification(Including adjoint claim, summary and accompanying drawing)Disclosed in all features and so disclosed appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification(Including adjoint power
Profit requirement, summary and accompanying drawing)Disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
Replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in detail in the claims, embodiment claimed it is one of any
Mode it can use in any combination.
The all parts embodiment of the present invention can be realized with hardware, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor(DSP)To realize one in the identification equipment of fire wall according to embodiments of the present invention
The some or all functions of a little or whole parts.The present invention is also implemented as performing method as described herein
Some or all equipment or program of device(For example, computer program and computer program product).Such realization
The program of the present invention can store on a computer-readable medium, or can have the form of one or more signal.This
The signal of sample can be downloaded from internet website and obtained, and either provided on carrier signal or carried in the form of any other
For.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and being come by means of properly programmed computer real
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
So far, although those skilled in the art will appreciate that detailed herein have shown and described multiple showing for the present invention
Example property embodiment, still, still can be direct according to present disclosure without departing from the spirit and scope of the present invention
It is determined that or derive many other variations or modifications for meeting the principle of the invention.Therefore, the scope of the present invention is understood that and recognized
It is set to and covers other all these variations or modifications.
Claims (10)
1. a kind of recognition methods of website firewall, including:
One of website link is extracted from index database, using label or construction of function data, by the data with it is described
Link combination, obtains cross-site scripting attack (XSS) leak test request;
The cross-site scripting attack (XSS) leak test request is sent to the website;
Receive the response message that the website returns;
Obtain the information related to fire wall in the response message;
According to the information related to fire wall, the fire wall is identified.
2. the method according to claim 11, wherein, the letter related to fire wall obtained in the response message
Breath, including:
Obtain the head for the response message for the cross-site scripting attack (XSS) leak test request that the website returns
And/or the information related to fire wall in content.
3. the method according to claim 11, wherein, it is described to send out the cross-site scripting attack (XSS) leak test request
The website is delivered to, including:
Cross-site scripting attack (XSS) the leak test request is sent to the website with preset frequency.
4. according to the method any one of claim 1-3, wherein, according to the information related to fire wall, identification
The fire wall, including:
The corresponding relation of the information related to fire wall and the fire wall according to preset, identify the fire wall.
5. according to the method any one of claim 1-3, wherein, the information related to fire wall includes:
The characteristic information of the specific part extracted from response message.
6. a kind of identification equipment of fire wall, including:
Data builder, it is configured to extract a link of website from index database, using label or construction of function data, by institute
State data to combine with described link, obtain cross-site scripting attack (XSS) leak test request;
Transmitter is asked, is configured to send the cross-site scripting attack (XSS) leak test request to the website;
Receiver is responded, is configured to receive the response message that the website returns;
Information acquirer, it is configured to obtain the information related to fire wall in the response message;
Fire wall identifier, it is configured to, according to the information related to fire wall, identify the fire wall.
7. equipment according to claim 6, wherein, described information getter is additionally configured to obtain the pin that the website returns
It is related to fire wall in head and/or content to the response message of the cross-site scripting attack (XSS) leak test request
Information.
8. equipment according to claim 6, wherein, the request transmitter is additionally configured to preset frequency to the website
Send the cross-site scripting attack (XSS) leak test request.
9. according to the equipment any one of claim 6-8, wherein, the fire wall identifier is additionally configured to according to preset
The information related to fire wall and the fire wall corresponding relation, identify the fire wall.
10. according to the equipment any one of claim 6-8, wherein, the information related to fire wall includes:From sound
Answer the characteristic information of the specific part extracted in information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310575322.4A CN103634305B (en) | 2013-11-15 | 2013-11-15 | The recognition methods of website firewall and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310575322.4A CN103634305B (en) | 2013-11-15 | 2013-11-15 | The recognition methods of website firewall and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103634305A CN103634305A (en) | 2014-03-12 |
| CN103634305B true CN103634305B (en) | 2017-11-10 |
Family
ID=50214933
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310575322.4A Active CN103634305B (en) | 2013-11-15 | 2013-11-15 | The recognition methods of website firewall and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103634305B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105512559B (en) | 2014-10-17 | 2019-09-17 | 阿里巴巴集团控股有限公司 | It is a kind of for providing the method and apparatus of accession page |
| CN107634964B (en) * | 2017-10-13 | 2020-05-12 | 杭州迪普科技股份有限公司 | WAF (Wireless Access Filter) testing method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006131124A1 (en) * | 2005-06-10 | 2006-12-14 | Gatesweeper Solutions Inc. | Anti-hacker system with honey pot |
| CN101938532A (en) * | 2010-09-17 | 2011-01-05 | 北京神州泰岳软件股份有限公司 | UDP-based method and system for penetrating through NAT equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090119769A1 (en) * | 2007-11-05 | 2009-05-07 | Microsoft Corporation | Cross-site scripting filter |
| CN101534289B (en) * | 2008-03-14 | 2012-05-23 | 华为技术有限公司 | Method, node device and system for traversing firewall |
| CN101873324B (en) * | 2010-06-22 | 2013-11-06 | 北京神州泰岳软件股份有限公司 | Method for passing through firewall |
-
2013
- 2013-11-15 CN CN201310575322.4A patent/CN103634305B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006131124A1 (en) * | 2005-06-10 | 2006-12-14 | Gatesweeper Solutions Inc. | Anti-hacker system with honey pot |
| CN101938532A (en) * | 2010-09-17 | 2011-01-05 | 北京神州泰岳软件股份有限公司 | UDP-based method and system for penetrating through NAT equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103634305A (en) | 2014-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11151258B2 (en) | System and method for identifying network security threats and assessing network security | |
| CN104301302B (en) | Go beyond one's commission attack detection method and device | |
| CA2595758C (en) | System for detecting vulnerabilities in web applications using client-side application interfaces | |
| CN108809890B (en) | Vulnerability detection method, test server and client | |
| CN105430011A (en) | Method and device for detecting distributed denial of service attack | |
| CN104539605B (en) | Website XSS leak detection methods and equipment | |
| CN104765682B (en) | Detection method and system under the line of cross site scripting leak | |
| CN106713318B (en) | WEB site safety protection method and system | |
| CN106657035B (en) | A kind of network message transmission method and device | |
| CN105635064B (en) | CSRF attack detection method and device | |
| CN102594914A (en) | Remote debugging method based on cloud platform | |
| CN109672658B (en) | JSON hijacking vulnerability detection method, device, equipment and storage medium | |
| CN109617917A (en) | Address virtual Web application security firewall methods, devices and systems | |
| CN107295116A (en) | A kind of domain name analytic method, apparatus and system | |
| CN110557358A (en) | Honeypot server communication method, SSLStrip man-in-the-middle attack perception method and related device | |
| CN104506541A (en) | Website loophole alarming method and device | |
| CN108769063A (en) | A kind of method and device of automatic detection WebLogic known bugs | |
| JP6636222B2 (en) | Security diagnosis device and security diagnosis method | |
| CN103634305B (en) | The recognition methods of website firewall and equipment | |
| CN104660556A (en) | Cross site request forgery vulnerability detection method and device | |
| CN106161411B (en) | A kind of webpage verification using data-hiding technology method and device | |
| CN114357457A (en) | Vulnerability detection method and device, electronic equipment and storage medium | |
| CN104038474A (en) | Internet access detection method and device | |
| CN111225038A (en) | Server access method and device | |
| CN105072109A (en) | Method and system for preventing cross-site scripting attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20161209 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Applicant after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after: QAX Technology Group Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |