CN104881605A - Method and apparatus for detecting webpage redirection vulnerabilities - Google Patents
Method and apparatus for detecting webpage redirection vulnerabilities Download PDFInfo
- Publication number
- CN104881605A CN104881605A CN201410068982.8A CN201410068982A CN104881605A CN 104881605 A CN104881605 A CN 104881605A CN 201410068982 A CN201410068982 A CN 201410068982A CN 104881605 A CN104881605 A CN 104881605A
- Authority
- CN
- China
- Prior art keywords
- webpage
- redirected
- address
- network
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention provides a method and apparatus for detecting webpage redirection vulnerabilities. In one embodiment, the method comprises steps of obtaining input parameters in a target webpage; sending a first network request through a browser engine to make a tested web address as the value of the input parameters and submitting to the target webpage; monitoring a second network request sent from the browser engine and comparing a target web address of the second network request and the tested web address; and recording that the parameters of the target webpage have webpage redirection vulnerabilities if the target web address of the second network request matches the tested web address. By adopting the method and the apparatus, the detection rate of webpage redirection vulnerabilities can be raised.
Description
Technical field
The present invention relates to computer security technique, particularly relate to a kind of webpage and be redirected leak detection method and device.
Background technology
Webpage is redirected (redirect) and refers to and realize browser by the technology of self-navigation to new page when some target webs are accessed by some mechanism.Webpage is redirected and brings a lot of facility to the design of website, but also brings challenge to network security technology simultaneously.There is webpage in the webpage of some use redirecting techniques and be redirected leak, namely the web page program being responsible for being redirected does not verify that whether target network address is legal, directly be redirected to target network address, this webpage can be utilized and carry out phishing attack, thus causes revealing the sensitive information such as user account number and password.
Webpage is redirected leak and generic web page can be divided into be redirected leak, DOM(DocumentObject Model, DOM Document Object Model) webpage is redirected leak and is redirected leak with repeatedly webpage.Wherein, generic web page is redirected leak and refers to return in source code at the web page program being responsible for turning to and can find target network address, as long as this leak can find according to simple characteristic matching.DOM webpage is redirected leak and refers to that the web page program being responsible for turning to is realized by scripted code, and returns in source code at web page program and cannot find target network address, and this leak is difficult to detect.Repeatedly webpage is redirected leak and refers to that such as web page program A is redirected to web page program B, and B is redirected to again web page program C, and C is just finally redirected to target network address through being repeatedly redirected the leak that just can be redirected to target network address, and this leak is also difficult to detect.
Prior art detection scheme can only detect generic web page by simple characteristic matching be redirected leak, cannot detect DOM webpage be redirected leak and repeatedly webpage be redirected leak.
Summary of the invention
In view of this, be necessary to provide a kind of webpage to be redirected leak detection method and device, it can detect the various redirected leak in website.
A kind of webpage is redirected leak detection method, comprising: obtain the input parameter in target web; Send first network request by browser engine and address test is committed to described target web as the value of described input parameter; Monitor second network request that described browser engine sends and the target network address of described second network request and described address test are compared; If detect, the target network address of described second network request and described address test match, and the described parameter recording described target web exists webpage and is redirected leak.
A kind of webpage is redirected Hole Detection device, comprising: parameter acquisition module, for obtaining the input parameter in target web; Request sending module, is committed to described target web using address test as the value of described input parameter for being sent first network request by browser engine; Monitoring modular, for monitoring second network request that described browser engine sends and the target network address of described second network request and described address test being compared; Hole Detection module, if match for the target network address and described address test described second network request being detected, there is webpage and be redirected leak in the described parameter recording described target web.
Leak detection method and device is redirected according to above-mentioned webpage, the loading procedure of normal webpage is simulated by browser engine, no matter be that repeatedly webpage is redirected leak, or script is redirected leak and can both detect, and improves the coverage rate that webpage is redirected Hole Detection.
For above and other object of the present invention, feature and advantage can be become apparent, preferred embodiment cited below particularly, and coordinate institute's accompanying drawings, be described in detail below.
Accompanying drawing explanation
The running environment schematic diagram of the method that Fig. 1 provides for the embodiment of the present invention and device.
Fig. 2 is the structured flowchart of the Hole Detection server in Fig. 1.
Fig. 3 is the structured flowchart of the Website server in Fig. 1.
Fig. 4 and Fig. 5 is redirected leak detection method process flow diagram for the webpage that the first embodiment provides.
Fig. 6 is redirected leak detection method process flow diagram for the webpage that the second embodiment provides.
The webpage that Fig. 7 provides for the 3rd embodiment is redirected leak detection method process flow diagram.
The webpage that Fig. 8 provides for the 4th embodiment is redirected leak detection method process flow diagram.
Fig. 9 is redirected the structured flowchart of Hole Detection device for webpage that the 5th embodiment provides.
Figure 10 is redirected the structured flowchart of Hole Detection device for webpage that the 6th embodiment provides.
Figure 11 is redirected the structured flowchart of Hole Detection device for webpage that the 7th embodiment provides.
Figure 12 is redirected the structured flowchart of Hole Detection device for webpage that the 8th embodiment provides.
Embodiment
For further setting forth the present invention for the technological means that realizes predetermined goal of the invention and take and effect, below in conjunction with accompanying drawing and preferred embodiment, to according to the specific embodiment of the present invention, structure, feature and effect thereof, be described in detail as follows.
The embodiment of the present invention relates to a kind of webpage and is redirected leak detection method and device, and it is redirected leak for whether there is webpage in each webpage in detection website.Consult Fig. 1, it is the running environment schematic diagram of above-mentioned method and device.One is only illustrated in one or more Hole Detection server 100(Fig. 1) only illustrate one by network with one or more Website server 200(Fig. 1) be connected.Above-mentioned network such as can be internet, LAN (Local Area Network), intranet etc.
Consult Fig. 2 further, it is the structured flowchart of an embodiment of above-mentioned Hole Detection server 100.As shown in Figure 2, Hole Detection server 100 comprises: storer 102, memory controller 104, one or more (only illustrating one in figure) processor 106, Peripheral Interface 108 and mixed-media network modules mixed-media 110.Be appreciated that the structure shown in Fig. 2 is only signal, it does not cause restriction to the structure of Hole Detection server 100.Such as, Hole Detection server 100 also can comprise than assembly more or less shown in Fig. 2, or has the configuration different from shown in Fig. 2.
Storer 102 can be used for storing software program and module, as the webpage in the embodiment of the present invention is redirected leak detection method and programmed instruction/module corresponding to device, processor 104 is by running the software program and module that are stored in storer 102, thus perform the application of various function and data processing, namely realize above-mentioned method.
Storer 102 can comprise high speed random access memory, also can comprise nonvolatile memory, as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, storer 102 can comprise the storer relative to the long-range setting of processor 106 further, and these remote memories can be connected to Hole Detection server 100 by network.The example of above-mentioned network includes but not limited to internet, intranet, LAN (Local Area Network), mobile radio communication and combination thereof.Processor 106 and other possible assemblies can carry out the access of storer 102 under the control of memory controller 104.
Various input/output device is coupled to processor 106 by Peripheral Interface 108.Various softwares in processor 106 run memory 102, Command Arithmetic Unit 100 perform various function and carry out data processing.In certain embodiments, Peripheral Interface 108, processor 106 and memory controller 104 can realize in one single chip.In some other example, they can respectively by independently chip realization.
Mixed-media network modules mixed-media 110 is for receiving and sending network signal.Above-mentioned network signal can comprise wireless signal or wire signal.In an example, above-mentioned network signal is cable network signal.Now, mixed-media network modules mixed-media 110 can comprise the elements such as processor, random access memory, converter, crystal oscillator.
Above-mentioned software program and module comprise: operating system 122, browser engine 124 and Hole Detection module 126.Wherein operating system 122 such as can be LINUX, UNIX, WINDOWS, it can comprise the various component software for management system task (such as memory management, memory device control, power management etc.) and/or driving, and can with various hardware or the mutual communication of component software, thus provide the running environment of other component softwares.Browser engine 124 and Hole Detection module 126 operate on the basis of operating system 122.Browser engine 124 such as can be Webkit browser engine.Hole Detection module 126 is redirected leak detection method by the webpage of the browser engine 124 specific implementation embodiment of the present invention.
Consult Fig. 3 further, it is the structured flowchart of an embodiment of Website server 200 in Fig. 1.As shown in Figure 3, it is similar to the structure of Hole Detection server 100, and its difference is, Website server 200 can not comprise browser engine 124 and Hole Detection module 126, and comprises Website server module 224.Website server module 224 operates on the basis of operating system 122, and monitor the web access requests of automatic network by the network service of operating system 122, complete corresponding data processing according to web access requests, and the data returning results webpage or extended formatting are to client.Above-mentioned Website server module 224 such as can comprise dynamic web page script and script interpreter etc.Above-mentioned script interpreter such as can be Apache Website server program, and it is for being processed into client acceptable form by dynamic web page script, such as hypertext markup (HTML) language format or extend markup language (XML) form etc.
First embodiment
The present embodiment provides a kind of webpage to be redirected leak detection method, and consult Fig. 4, said method comprises the following steps:
Step S110, the input parameter obtained in target web.
Target web refers to corresponding to a network address (Uniform Resource Locator, URL), the such as webpage of " http://www.test.com/jump.php ".Be appreciated that a webpage is generated by the one or more scripts in Website server (as Website server 200) and is back to client (as Hole Detection server 100).In order to carry out alternately, having multiple parameter in the webpage of front end with Website server, it is committed to Website server by POST mode GET mode.Website server upon receiving a request, can process these parameters, and the value of some parameters may be used as the destination address carrying out being redirected.If do not verified the legitimacy of the value of these parameters, the browser of client just may be caused to be redirected to malice network address.
Therefore, above-mentioned input parameter just refers to can be received by Website server and the parameter processed in the webpage of front end, such as, can be received and the parameter comprised in the additional parameter in the URL processed and the <input> element in web page source code.
For above-mentioned webpage " http://www.test.com/jump.php ", it can have two parameter: url and user.These two parameters can detect, and also can be detecting portion parameters, such as only detected parameters url.
Step S120, to be sent first network request by browser engine address test is committed to described target web as the value of described input parameter.
As shown in Figure 2, browser engine 124 provides application programming interface for other application calls thus realizes the loading of webpage.
Consult Fig. 5, in an example, step S120 specifically comprises the following steps:
Step S121, meet the parameter value of predetermined format to character string according to the title structure of described address test and described input parameter.
Above-mentioned address test such as can be http://www.51diaoyu.com, and input parameter is above-mentioned parameter url.Thus, parameter value can be constructed to character string " url=http: //www.51diaoyu.com ".
Step S122, described parameter value is connected to described target web to character string network address after obtain the first network address.
Being appreciated that in URL, " " can being used by network address and parameter value to coupling together.Such as, the first network address " http://www.test.com/jump.php url=http: //www.51diaoyu.com " can be obtained after the network address " http://www.test.com/jump.php " of target web character string being connected with parameter value.
Step S123, send described first network request by described browser engine to described first network address.
Such as, the first network address is passed to browser engine 124.Correspondingly, browser engine 124 carries out domain name mapping operation according to the domain name comprised in the first network address, then the IP address of Website server corresponding to the first network address (Website server 200 such as shown in Fig. 1) is obtained according to domain name mapping result, then ask to set up network with this IP to be connected, after the network connection established first network request is sent to Website server 200.In first network request, the routing information for allowing Website server 200 identify target web can be comprised, such as "/jump.php url=http: //www.51diaoyu.com ".
Be appreciated that in above-mentioned routing information, " jump.php " indicates corresponding Web page application program, and " url=http: //www.51diaoyu.com " is the parameter value pair imported into.Website server 200 calls corresponding Web page application program according to " jump.php ", and parameter value is supplied to the Web page application program of described correspondence to " url=http: //www.51diaoyu.com ".
Redirection mechanism may be set in this Web page application program, and the target network address be redirected is exactly the value of parameter url.Conventional redirected mode has: 301 to be redirected, 302 to be redirected, " metafresh ", be redirected with script.
301 are redirected and refer to that the status code returned after receiving the network request of client at Web page application program is the status code 301 of HTTP(Hypertext Transport Protocol) defined, and also provide redirected target network address along with 301 status codes.302 are redirected and are redirected with 301 similar, and its difference is, 301 are redirected the permanent transfer (Permanently Moved) of representative, and 302 are redirected and represent temporary transfer (Temporarily Moved).
" meta fresh " is redirected and refers to that the <meta> label that Web page application program passes through to arrange in the html page returned makes the automatic loaded targets webpage of browser engine.Such as, as follows if arrange <meta> label: <meta http-equiv=" refresh " content=" 5; >, can make browser engine automatic loaded targets webpage " http://www.51diaoyu.com " after 5 seconds url=http: //www.51diaoyu.com ".
Script is redirected and refers to that Web page application program realizes the automatic loaded targets webpage of browser by the script arranged in the html page that returns.Such as, the Javascript script being similar to " <script>window.location.href=http://www.51diaoyu.com</script> " by comprising at html page can realize being redirected of browser, by arranging a timer, also can realize time delay and loading.
Above redirection mechanism is only example, and Website server 200 can adopt arbitrary redirection mechanism.And no matter adopting which kind of redirection mechanism, Web page application program all needs to set the target network address be redirected.If Web page application program directly adopts the value of above-mentioned parameter url as the target network address be redirected, and legitimate verification is not carried out to the value of parameter url, this kind of situation be exactly in this Web page application program this parameter url there is webpage and be redirected leak.
Step S130, monitor second network request that described browser engine sends and the target network address of described second network request and described address test are compared.
If employ redirection mechanism in target web, no matter be which kind of mechanism, all can be redirected to target network address in browser engine after the regular hour.Be redirected for 301,302, after receiving status code, namely browser engine starts loaded targets network address, and " meta fresh " and script to be redirected be when meeting trigger condition, such as, when the time delay of setting arrives, browser engine starts loaded targets network address.
Be appreciated that no matter be which kind of mechanism triggers, browser engine all can send network request (namely above-mentioned second network request) to the server that target network address is corresponding.
As mentioned above, if Website server 200 is not verified the legitimacy of parameter url and directly it can be used as redirected target network address, then browser engine directly will load above-mentioned address test " http://www.51diaoyu.com ".
In step s 130, which, in order to realize the second network request that monitoring browser engine sends, implantttion technique (Hooking) can be adopted to inject a module to browser engine, be responsible for sending a piece of news when browser engine sends network request to application layer, and at least comprise the target network address of network request within the message.Correspondingly, in step s 130, which, above-mentioned message can be monitored in application layer, and after message can be received, therefrom parse the target network address of the second net routing request.Then the target network address of second network request and address test can be compared.
If step S140 detects that the target network address of described second network request and described address test match, there is webpage and be redirected leak in the described parameter recording described target web.
If detect that the target network address of described second network request and described address test match, then illustrate Web page application program directly using the value of parameter as be redirected target network address, that is, it is heavy to leak to there is webpage in this parameter, now can the network address of record object webpage and parameter name.
Webpage according to the present embodiment is redirected leak detection method, the loading procedure of normal webpage is simulated by browser engine, no matter be that repeatedly webpage is redirected leak, or script is redirected leak and can both detect, and improves the coverage rate that webpage is redirected Hole Detection.
Second embodiment
The present embodiment provides a kind of webpage to be redirected leak detection method, and consult Fig. 6, said method comprises the following steps:
The set of the input parameter in step S210, acquisition target web.
Above-mentioned input parameter just refers to can be received by Website server and the parameter processed in the webpage of front end, such as, can be received and the parameter comprised in the additional parameter in the URL processed and the <input> element in web page source code.The set of input parameter such as can comprise parameters all in target web.The set of input parameter can adopt the data structure such as array, queue to store.
Step S220, from set obtain a parameter.
The parameter of input may comprise multiple, but the detection that webpage is redirected leak can be carried out respectively, therefore, can at every turn from set an acquisition parameter carry out webpage and be redirected Hole Detection.
Step S230, the parameter obtained is carried out to webpage and is redirected Hole Detection.
For the parameter that is determined, carry out webpage be redirected the detailed process of Hole Detection can with reference to the associated description in the first embodiment, target web is committed to as the value of parameter by address test, and monitor follow-up browser engine and whether send the network request that target network address is address test, if detect, there is webpage and be redirected leak, otherwise there is not leak.
Step S240, judge whether to detect next parameter, if re-execute step S220, otherwise flow process terminates.
Such as, judge whether also there is the parameter not carrying out detecting in the set of input parameter, if so, from the set of input parameter, obtain a parameter do not detected again, namely again perform step S220; Otherwise illustrate that parameter detecting all in target web is complete, the redirected Hole Detection flow process of target web terminates.
Webpage according to the present embodiment is redirected leak detection method, the loading procedure of normal webpage is simulated by browser engine, no matter be that repeatedly webpage is redirected leak, or script is redirected leak and can both detect, and improves the coverage rate that webpage is redirected Hole Detection.
3rd embodiment
The present embodiment provides a kind of webpage to be redirected leak detection method, and consult Fig. 7, said method comprises the following steps:
The set of the input parameter in step S310, acquisition target web.
Above-mentioned input parameter just refers to can be received by Website server and the parameter processed in the webpage of front end, such as, can be received and the parameter comprised in the additional parameter in the URL processed and the <input> element in web page source code.The set of input parameter such as can comprise parameters all in target web.The set of input parameter can adopt the data structure such as array, queue to store.
Step S320, send first network request by browser engine and be committed to described target web simultaneously using multiple different address test as the value of described multiple input parameter and record the corresponding relation between different address test and input parameter.
The network address of above-mentioned target web is such as " http://www.test.com/jump.php ", and it can have two parameter: url and user.Can be address test corresponding to each optimum configurations one and according to parameter and value constructing variable value thereof to character string.The address test such as corresponding to parameter url is such as " http://www.51diaoyu1.com ", and the address test corresponding to parameter user is such as " http://www.51diaoyu2.com ".Correspondingly, the parameter value constructed can be " url=http: //www.51diaoyu1.com & user=http: //www.51diaoyu2.com " character string.
Then, network address http://www.test.com/jump.php url=http is obtained parameter value is connected to the network address of described target web to character string after: //www.51diaoyu1.com & user=http: //www.51diaoyu2.com ".Above-mentioned network address is passed to browser engine 124.Correspondingly, browser engine 124 carries out domain name mapping operation according to the domain name comprised in network address, then the IP address of Website server (Website server 200 such as shown in Fig. 1) corresponding to network address is obtained according to domain name mapping result, then ask to set up network with this IP to be connected, after the network connection established first network request is sent to Website server 200.In first network request, the routing information for allowing Website server 200 identify target web can be comprised, such as "/jump.php url=http: //www.51diaoyu1.com & user=http: //www.51diaoyu2.com ".
Be appreciated that in above-mentioned routing information, " jump.php " indicates corresponding Web page application program, and " url=http: //www.51diaoyu1.com & user=http: //www.51diaoyu2.com " is the parameter value pair imported into.Website server 200 calls corresponding Web page application program according to " jump.php ", and parameter value is supplied to the Web page application program of described correspondence to " url=http: //www.51diaoyu1.com & user=http: //www.51diaoyu2.com ".
The target network address of second network request and address test also compare by the second network request that step S330, monitoring browser engine send.
The target network address that Web page application program may use the value of above-mentioned parameter to be redirected as webpage.Be appreciated that, no matter be by which kind of redirection mechanism, last browser engine 124 all can send the network request (namely above-mentioned second network request) that target network address is " http://www.51diaoyu1.com " or " http://www.51diaoyu2.com ".
If step S340 detects that the target network address of second network request is mated with address test, recording corresponding parameter has webpage to be redirected leak.
If detect that the target network address of described second network request and arbitrary address test match, then illustrate Web page application program directly using the value of parameter as be redirected target network address, that is, it is heavy to leak to there is webpage in this parameter, now can the network address of record object webpage and parameter name.
Webpage according to the present embodiment is redirected leak detection method, can detect multiple parameter in primary network request, and webpage can be provided to be redirected Hole Detection efficiency.
4th embodiment
The present embodiment provides a kind of webpage to be redirected leak detection method, consult Fig. 8, the method of the present embodiment is similar to the method shown in Fig. 6, its difference is, also comprises step S410, judges whether that exceeding the schedule time does not detect the second network request that target network address and described address test match or the second network request that target network address and described address test match detected in the given time between step S230 and step S240; If so, then step S240 is performed; Otherwise, continue to perform step S230.
In general, even if webpage is redirected when being set place, its time also can not exceed several seconds kinds.Therefore, in step S410, the schedule time such as can be set as 10 seconds, when the second network request that target network address and address test match not detected more than 10 seconds, there is not webpage and be redirected leak in the parameter being namely considered as correspondence, can carry out the detection of next parameter.
Webpage according to the present embodiment is redirected leak detection method, the testing process of a parameter can be avoided indefinite etc. to stay, thus can promote the detection efficiency that webpage is redirected leak.
5th embodiment
The present embodiment provides a kind of webpage to be redirected Hole Detection device, consults Fig. 9, and the device of the present embodiment comprises: parameter acquisition module 51, request sending module 52, monitoring modular 53 and Hole Detection module 54.
Parameter acquisition module 51 is for obtaining the input parameter in target web.
Above-mentioned input parameter just refers to can be received by Website server and the parameter processed in the webpage of front end, such as, can be received and the parameter comprised in the additional parameter in the URL processed and the <input> element in web page source code.The set of input parameter such as can comprise parameters all in target web.The set of input parameter can adopt the data structure such as array, queue to store.
Address test is committed to described target web as the value of described input parameter for being sent first network request by browser engine by request sending module 52.
Monitoring modular 53 is for the second network request of monitoring described browser engine and sending and the target network address of described second network request and described address test are compared.Such as, monitoring modular 53 monitors the message that described browser engine issues application layer; And from described message, parse the target network address of described second network request.Then, above-mentioned target network address and address test compare by monitoring modular.
If Hole Detection module 54 matches for the target network address and described address test described second network request being detected, there is webpage and be redirected leak in the described parameter recording described target web.
Hole Detection device is redirected according to the webpage of the present embodiment, the loading procedure of normal webpage is simulated by browser engine, no matter be that repeatedly webpage is redirected leak, or script is redirected leak and can both detect, and improves the coverage rate that webpage is redirected Hole Detection.
6th embodiment
The present embodiment provides a kind of webpage to be redirected Hole Detection device, consults Figure 10, and it is similar to the device of Fig. 9, and its difference is, request sending module 52 comprises: character string tectonic element 521, network address tectonic element 522 and request transmitting unit 523.
Character string tectonic element 521 for: the title structure according to described address test and described input parameter meets the parameter value of predetermined format to character string.
Network address tectonic element 53 for: obtain the first network address described parameter value is connected to the network address of described target web to character string after.
First transmitting element 523 for: send described first network request by described browser engine to described first network address.
Hole Detection device is redirected according to the webpage of the present embodiment, the loading procedure of normal webpage is simulated by browser engine, no matter be that repeatedly webpage is redirected leak, or script is redirected leak and can both detect, and improves the coverage rate that webpage is redirected Hole Detection.
7th embodiment
The present embodiment provides a kind of webpage to be redirected Hole Detection device, consult Figure 11, it is similar to the device of Fig. 9, its difference is, request sending module 52 comprises: the second transmitting element 524, for being committed to described target web using multiple different address test as the value of described multiple input parameter and recording the corresponding relation between different address test and input parameter simultaneously.
Be redirected Hole Detection device according to the webpage of the present embodiment, multiple parameter can be detected in primary network request, webpage can be provided to be redirected Hole Detection efficiency.
8th embodiment
The present embodiment provides a kind of webpage to be redirected Hole Detection device, consult Figure 12, it is similar to the device of Fig. 9, its difference is, monitoring modular 53 comprises: overtime identifying unit 531, for: if exceed the schedule time second network request that target network address and described address test match not detected, stop monitoring second network request that described browser engine sends and notify that described request sending module starts to carry out the detection of next input parameter.
Hole Detection device is redirected according to the webpage of the present embodiment, the loading procedure of normal webpage is simulated by browser engine, no matter be that repeatedly webpage is redirected leak, or script is redirected leak and can both detect, and improves the coverage rate that webpage is redirected Hole Detection.
In addition, the embodiment of the present invention also provides a kind of computer-readable recording medium, is stored with computer executable instructions, and above-mentioned computer-readable recording medium is such as nonvolatile memory such as CD, hard disk or flash memory.Above-mentioned computer executable instructions completes above-mentioned distribution type file graphic data access method and device for allowing computing machine or similar arithmetic unit.
The above, it is only preferred embodiment of the present invention, not any pro forma restriction is done to the present invention, although the present invention discloses as above with preferred embodiment, but and be not used to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, make a little change when the technology contents of above-mentioned announcement can be utilized or be modified to the Equivalent embodiments of equivalent variations, in every case be do not depart from technical solution of the present invention content, according to any brief introduction amendment that technical spirit of the present invention is done above embodiment, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.
Claims (10)
1. webpage is redirected a leak detection method, it is characterized in that, comprising:
Obtain the input parameter in target web;
Send first network request by browser engine and address test is committed to described target web as the value of described input parameter;
Monitor second network request that described browser engine sends and the target network address of described second network request and described address test are compared;
If detect, the target network address of described second network request and described address test match, and the described parameter recording described target web exists webpage and is redirected leak.
2. webpage as claimed in claim 1 is redirected leak detection method, it is characterized in that, describedly sends first network request by browser engine and an address test is committed to described target web as the value of described parameter comprises:
Title structure according to described address test and described input parameter meets the parameter value of predetermined format to character string;
The first network address is obtained described parameter value is connected to the network address of described target web to character string after; And
Described first network request is sent to described first network address by described browser engine.
3. webpage as claimed in claim 1 is redirected leak detection method, and it is characterized in that, the second network request that the described browser engine of described monitoring sends comprises:
Monitor the message that described browser engine issues application layer; And
The target network address of described second network request is parsed from described message.
4. webpage as claimed in claim 1 is redirected leak detection method, it is characterized in that, if exceed the schedule time second network request that target network address and described address test match not detected, stop monitoring second network request that described browser engine sends and start to carry out the detection of next input parameter.
5. webpage as claimed in claim 1 is redirected leak detection method, and it is characterized in that, described input parameter comprises multiple input parameter;
Describedly send first network request by browser engine and an address test is committed to described target web as the value of described input parameter comprises: be committed to described target web using multiple different address test as the value of described multiple input parameter and record the corresponding relation between different address test and input parameter.
6. webpage is redirected a Hole Detection device, it is characterized in that, comprising:
Parameter acquisition module, for obtaining the input parameter in target web;
Request sending module, is committed to described target web using address test as the value of described input parameter for being sent first network request by browser engine;
Monitoring modular, for monitoring second network request that described browser engine sends and the target network address of described second network request and described address test being compared;
Hole Detection module, if match for the target network address and described address test described second network request being detected, there is webpage and be redirected leak in the described parameter recording described target web.
7. webpage as claimed in claim 6 is redirected Hole Detection device, and it is characterized in that, described request sending module is used for:
Title structure according to described address test and described input parameter meets the parameter value of predetermined format to character string;
The first network address is obtained described parameter value is connected to the network address of described target web to character string after; And
Described first network request is sent to described first network address by described browser engine.
8. webpage as claimed in claim 6 is redirected Hole Detection device, and it is characterized in that, described monitoring modular is used for:
Monitor the message that described browser engine issues application layer; And
The target network address of described second network request is parsed from described message.
9. webpage as claimed in claim 6 is redirected Hole Detection device, it is characterized in that, described monitoring modular also for: if exceed the schedule time second network request that target network address and described address test match not detected, stop monitoring second network request that described browser engine sends and notify that described request sending module starts to carry out the detection of next input parameter.
10. webpage as claimed in claim 6 is redirected Hole Detection device, and it is characterized in that, described input parameter comprises multiple input parameter;
Described request sending module is used for: be committed to described target web simultaneously using multiple different address test as the value of described multiple input parameter and record the corresponding relation between different address test and input parameter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410068982.8A CN104881605B (en) | 2014-02-27 | 2014-02-27 | A kind of webpage redirects leak detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410068982.8A CN104881605B (en) | 2014-02-27 | 2014-02-27 | A kind of webpage redirects leak detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104881605A true CN104881605A (en) | 2015-09-02 |
| CN104881605B CN104881605B (en) | 2018-10-02 |
Family
ID=53949095
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410068982.8A Active CN104881605B (en) | 2014-02-27 | 2014-02-27 | A kind of webpage redirects leak detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104881605B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106066850A (en) * | 2016-05-30 | 2016-11-02 | 乐视控股(北京)有限公司 | A kind of content processing method and device |
| CN106709353A (en) * | 2016-10-27 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Safety detection method and device of search engine |
| CN108809890A (en) * | 2017-04-26 | 2018-11-13 | 腾讯科技(深圳)有限公司 | Leak detection method, test server and client |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101431809A (en) * | 2008-10-28 | 2009-05-13 | 中国科学院研究生院 | OBEX protocol bug excavation method and system |
| CN101820419A (en) * | 2010-03-23 | 2010-09-01 | 北京大学 | Method for automatically positioning webpage Trojan mount point in Trojan linked webpage |
| CN101964025A (en) * | 2009-07-23 | 2011-02-02 | 中联绿盟信息技术(北京)有限公司 | XSS (Cross Site Scripting) detection method and device |
| CN102446253A (en) * | 2011-12-23 | 2012-05-09 | 北京奇虎科技有限公司 | Webpage trojan detection method and system |
| CN102857352A (en) * | 2012-09-07 | 2013-01-02 | 青岛海信传媒网络技术有限公司 | Multicasting and broadcasting method and system based on overlay network |
| CN102955913A (en) * | 2011-08-25 | 2013-03-06 | 腾讯科技(深圳)有限公司 | Method and system for detecting hung Trojans of web page |
-
2014
- 2014-02-27 CN CN201410068982.8A patent/CN104881605B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101431809A (en) * | 2008-10-28 | 2009-05-13 | 中国科学院研究生院 | OBEX protocol bug excavation method and system |
| CN101964025A (en) * | 2009-07-23 | 2011-02-02 | 中联绿盟信息技术(北京)有限公司 | XSS (Cross Site Scripting) detection method and device |
| CN101820419A (en) * | 2010-03-23 | 2010-09-01 | 北京大学 | Method for automatically positioning webpage Trojan mount point in Trojan linked webpage |
| CN102955913A (en) * | 2011-08-25 | 2013-03-06 | 腾讯科技(深圳)有限公司 | Method and system for detecting hung Trojans of web page |
| CN102446253A (en) * | 2011-12-23 | 2012-05-09 | 北京奇虎科技有限公司 | Webpage trojan detection method and system |
| CN102857352A (en) * | 2012-09-07 | 2013-01-02 | 青岛海信传媒网络技术有限公司 | Multicasting and broadcasting method and system based on overlay network |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106066850A (en) * | 2016-05-30 | 2016-11-02 | 乐视控股(北京)有限公司 | A kind of content processing method and device |
| CN106709353A (en) * | 2016-10-27 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Safety detection method and device of search engine |
| CN108809890A (en) * | 2017-04-26 | 2018-11-13 | 腾讯科技(深圳)有限公司 | Leak detection method, test server and client |
| CN108809890B (en) * | 2017-04-26 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Vulnerability detection method, test server and client |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104881605B (en) | 2018-10-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104881603A (en) | Method and apparatus for detecting webpage redirection vulnerabilities | |
| CN110209583B (en) | Security test method, security test device, security test system, security test equipment and security test storage medium | |
| CN107436873B (en) | Website jumping method, device and transfer device | |
| CN102821137B (en) | A kind of website security detection method and system | |
| CN110020062B (en) | Customizable web crawler method and system | |
| CN104657659A (en) | Storage cross-site attack script vulnerability detection method, device and system | |
| CN102739663A (en) | Detection method and scanning engine of web pages | |
| CN105187396A (en) | Method and device for identifying web crawler | |
| CN104239577A (en) | Method and device for detecting authenticity of webpage data | |
| CN104765682B (en) | Detection method and system under the line of cross site scripting leak | |
| CN104573520B (en) | The method and apparatus for detecting resident formula cross site scripting loophole | |
| CN107124430B (en) | Page hijacking monitoring method, device, system and storage medium | |
| CN108667766B (en) | File detection method and file detection device | |
| CN104834588B (en) | The method and apparatus for detecting resident formula cross site scripting loophole | |
| CN104967644A (en) | Message push method, apparatus and system | |
| US8789177B1 (en) | Method and system for automatically obtaining web page content in the presence of redirects | |
| CN103701779A (en) | Method and device for accessing website for second time and firewall equipment | |
| CN103902534A (en) | Method and device for triggering local operations through webpage program | |
| CN104881605A (en) | Method and apparatus for detecting webpage redirection vulnerabilities | |
| CN110347955B (en) | Resource detection method and device | |
| CN103647652A (en) | Method, device and server for achieving data transmission | |
| CN114357457A (en) | Vulnerability detection method and device, electronic equipment and storage medium | |
| CN104375935A (en) | Method and device for testing SQL injection attack | |
| CN114238978A (en) | Vulnerability scanning system, vulnerability scanning method and computer equipment | |
| CN103501334A (en) | Data transmission method, data transmission equipment and network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |