CN104881605B - A kind of webpage redirects leak detection method and device - Google Patents
A kind of webpage redirects leak detection method and device Download PDFInfo
- Publication number
- CN104881605B CN104881605B CN201410068982.8A CN201410068982A CN104881605B CN 104881605 B CN104881605 B CN 104881605B CN 201410068982 A CN201410068982 A CN 201410068982A CN 104881605 B CN104881605 B CN 104881605B
- Authority
- CN
- China
- Prior art keywords
- webpage
- address
- network
- target
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to a kind of webpages to redirect leak detection method, apparatus and system.In one embodiment, above-mentioned method includes:Obtain the input parameter in target webpage;Sending out first network by browser engine asks the value that address test is used as to the input parameter to be committed to the target webpage;It monitors the second network request that the browser engine is sent out and is compared the target network address of second network request with the address test;The parameter of the target webpage is recorded if detecting that the target network address of second network request matches with the address test, and there are webpages to redirect loophole.Above-mentioned method and device can promote the recall rate that webpage redirects loophole.
Description
Technical field
The present invention relates to computer security techniques more particularly to a kind of webpage to redirect leak detection method and device.
Background technology
Webpage redirects(redirect)Refer to realizing browser by some mechanism when some target webpages are accessed
By self-navigation to the technology of a new page.Webpage is redirected brings many facilities to the design of website, but simultaneously
Challenge is brought to network security technology.There are webpages to redirect loophole in some webpages using redirecting technique, that is, is responsible for
Whether the web page program of redirection does not verify target network address legal, is redirected directly to target network address, this webpage can be sharp
With phishing attack is carried out, so as to cause the leakage sensitive informations such as user account number and password.
Webpage, which redirects loophole, can be divided into generic web page redirection loophole, DOM(Document Object Model, text
Shelves object model)Webpage redirects loophole and redirects loophole with multiple webpage.Wherein, it refers to negative that generic web page, which redirects loophole,
The web page program that duty turns to, which returns in source code, can find target network address, as long as this loophole is according to simple characteristic matching
It was found that.It refers to that the web page program for being responsible for turning to is realized by scripted code, and returns to source in web page program that DOM webpages, which redirect loophole,
Target network address can not be found in code, this loophole is difficult to detect.It refers to by repeatedly redirecting just that multiple webpage, which redirects loophole,
It can be redirected to the loophole of target network address, for example web page program A is redirected to web page program B, B and is redirected to web page program C again,
C is just finally redirected to target network address, and this loophole is also difficult to detect.
Prior art detection scheme can only detect generic web page by simple characteristic matching and redirect loophole, can not detect
DOM webpages redirect loophole and multiple webpage redirects loophole.
Invention content
In view of this, it is necessary to provide a kind of webpages to redirect leak detection method and device, can detect in website
Various redirection loopholes.
A kind of webpage redirection leak detection method, including:Obtain the input parameter in target webpage;Drawn by browser
It holds up and sends out first network request and using address test as the value of the input parameter be committed to the target webpage;It monitors described clear
Look at device engine the second network request and the target network address of second network request is compared with the address test
Compared with;The target webpage is recorded if detecting that the target network address of second network request matches with the address test
There are webpages to redirect loophole for the parameter.
A kind of webpage redirection Hole Detection device, including:Parameter acquisition module, for obtaining the input in target webpage
Parameter;Request sending module regard address test as the input ginseng for sending out first network request by browser engine
Several values is committed to the target webpage;Monitoring modular, for monitoring the second network request that the browser engine is sent out simultaneously
The target network address of second network request is compared with the address test;Hole Detection module, if for detecting
The target network address of second network request matches with the address test, and the parameter for recording the target webpage is deposited
Loophole is redirected in webpage.
Leak detection method and device are redirected according to above-mentioned webpage, normal webpage is simulated by browser engine
Loading procedure, either multiple webpage redirects loophole or script redirects loophole and can detected, and improves net
Page redirects the coverage rate of Hole Detection.
For the above and other objects, features and advantages of the present invention can be clearer and more comprehensible, preferred embodiment cited below particularly,
And coordinate institute's accompanying drawings, it is described in detail below.
Description of the drawings
Fig. 1 is the running environment schematic diagram of method and device provided in an embodiment of the present invention.
Fig. 2 is the structure diagram of the Hole Detection server in Fig. 1.
Fig. 3 is the structure diagram of the Website server in Fig. 1.
Fig. 4 and Fig. 5 is that the webpage that first embodiment provides redirects leak detection method flow chart.
Fig. 6 is that the webpage that second embodiment provides redirects leak detection method flow chart.
Fig. 7 is that the webpage that 3rd embodiment provides redirects leak detection method flow chart.
Fig. 8 is that the webpage that fourth embodiment provides redirects leak detection method flow chart.
Fig. 9 is the structure diagram that the webpage that the 5th embodiment provides redirects Hole Detection device.
Figure 10 is the structure diagram that the webpage that sixth embodiment provides redirects Hole Detection device.
Figure 11 is the structure diagram that the webpage that the 7th embodiment provides redirects Hole Detection device.
Figure 12 is the structure diagram that the webpage that the 8th embodiment provides redirects Hole Detection device.
Specific implementation mode
Further to illustrate that the present invention is the technological means and effect realized predetermined goal of the invention and taken, below in conjunction with
Specific implementation mode, structure, feature and its effect according to the present invention is described in detail as after in attached drawing and preferred embodiment.
The present embodiments relate to a kind of webpages to redirect leak detection method and device, is used for each in detection website
In webpage loophole is redirected with the presence or absence of webpage.Refering to fig. 1, it is the running environment schematic diagram of above-mentioned method and device.One
A or multiple Hole Detection servers 100(One is only shown in Fig. 1)Network and one or more Website servers 200 can be passed through
(One is only shown in Fig. 1)It is connected.Above-mentioned network may be, for example, internet, LAN, intranet etc..
Fig. 2 is further regarded to, is the structure diagram of one embodiment of above-mentioned Hole Detection server 100.Such as Fig. 2
Shown, Hole Detection server 100 includes:Memory 102, storage control 104, one or more(One is only shown in figure)
Processor 106, Peripheral Interface 108 and network module 110.It is appreciated that structure shown in Fig. 2 is only to illustrate, it is not right
The structure of Hole Detection server 100 causes to limit.For example, Hole Detection server 100 may also include it is more than shown in Fig. 2
Either less component or with the configuration different from shown in Fig. 2.
Memory 102 can be used for storing software program and module, as the webpage in the embodiment of the present invention redirects loophole
Corresponding program instruction/the module of detection method and device, processor 104 are stored in the software journey in memory 102 by operation
Sequence and module realize above-mentioned method to perform various functions application and data processing.
Memory 102 may include high speed random access memory, may also include nonvolatile memory, such as one or more magnetic
Property storage device, flash memory or other non-volatile solid state memories.In some instances, memory 102 can further comprise
The memory remotely located relative to processor 106, these remote memories can pass through network connection to Hole Detection service
Device 100.The example of above-mentioned network includes but not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.
Processor 106 and other possible components can carry out the access of memory 102 under the control of storage control 104.
Peripheral Interface 108 couples various input/output devices to processor 106.106 run memory 102 of processor
Interior various softwares, Command Arithmetic Unit 100 perform various functions and carry out data processing.In some embodiments, peripheral hardware
Interface 108, processor 106 and storage control 104 can be realized in one single chip.In some other example, they
It can be realized respectively by independent chip.
Network module 110 is for receiving and transmitting network signal.Above-mentioned network signal may include wireless signal or have
Line signal.In an example, above-mentioned network signal is cable network signal.At this point, network module 110 may include processor,
The elements such as random access memory, converter, crystal oscillator.
Above-mentioned software program and module include:Operating system 122, browser engine 124 and Hole Detection module
126.Wherein operating system 122 may be, for example, LINUX, UNIX, WINDOWS, may include various for managing system task(Example
Such as memory management, storage device control, power management)Component software and/or driving, and can be with various hardware or software group
Part mutually communicates, to provide the running environment of other software component.Browser engine 124 and Hole Detection module 126 are transported
Row is on the basis of operating system 122.Browser engine 124 may be, for example, Webkit browser engines.Hole Detection module 126
The webpage that the embodiment of the present invention is implemented by browser engine 124 redirects leak detection method.
Fig. 3 is further regarded to, is the structure diagram of one embodiment of the Website server 200 in Fig. 1.Such as Fig. 3 institutes
Show, it is similar to the structure of Hole Detection server 100, the difference is that, Website server 200 may not include browser
Engine 124 and Hole Detection module 126, and include Website server module 224.Website server module 224 operates in behaviour
On the basis of making system 122, and monitored come the web access requests of automatic network by the network service of operating system 122, according to
Web access requests complete corresponding data processing, and return the result the data of webpage or extended formatting to client.It is above-mentioned
Website server module 224 such as may include dynamic web page script and script interpreter.Above-mentioned script interpreter example
It can be such as Apache Website server programs, be used to dynamic web page script being processed into client acceptable format, example
Such as hypertext markup(HTML)Language format or extensible markup language(XML)Format etc..
First embodiment
The present embodiment provides a kind of webpages to redirect leak detection method, and refering to Fig. 4, the above method includes the following steps:
Step S110, the input parameter in target webpage is obtained.
Target webpage refers to corresponding to a network address(Uniform Resource Locator, URL), such as " http://
The webpage of www.test.com/jump.php ".It is appreciated that a webpage is by Website server(Such as Website server 200)
Interior one or more scripts generate and are back to client(Such as Hole Detection server 100).In order to Website server into
Row interacts, and can have multiple parameters in the webpage of front end, can be committed to Website server by POST mode GET modes.Website
Server upon receiving a request, can handle these parameters, and the value of some parameters may be used as redirecting
Destination address.If do not verified to the legitimacy of the value of these parameters, it is possible to the browser of client be caused to be weighed
It is directed to malice network address.
Therefore, above-mentioned input parameter refers to just the parameter that can be received and processed by Website server in the webpage of front end,
Such as it can be received and in additional parameter and web page source code in the URL that handles<input>Join included in element
Number.
With above-mentioned webpage " http:For //www.test.com/jump.php ", can have there are two parameter:url
And user.The two parameters can be carried out detecting, and can also be a detection part parameter, such as only detection parameters url.
Step S120, first network is sent out by browser engine and asks the value that address test is used as to the input parameter
It is committed to the target webpage.
It is called for other applications to realize as shown in Fig. 2, browser engine 124 provides application programming interface
The load of webpage.
Refering to Fig. 5, in an example, step S120 specifically includes following steps:
Step S121, meet the parameter of predetermined format according to the title of the address test and input parameter construction
Value is to character string.
Above-mentioned address test may be, for example, http://www.51diaoyu.com, and input parameter is above-mentioned parameter
url.Thus, it is possible to construct parameter value to character string " url=http://www.51diaoyu.com”.
Step S122, the parameter value is connected in series to after the network address of the target webpage character and obtains the first network address.
It is appreciated that in URL, can use "" by network address with parameter value to connecting.For example, by target webpage
Network address " http://www.test.com/jump.php " can be obtained the first network address after being connect to character string with parameter value
“http://www.test.com/jump.php?url=http://www.51diaoyu.com”。
Step S123, the first network is sent out to first network address by the browser engine to ask.
For example, the first network address is passed to browser engine 124.Correspondingly, browser engine 124 is according in the first network address
Including domain name carry out domain name mapping operation, the corresponding Website server of the first network address is then obtained according to domain name mapping result
(Such as Website server 200 shown in FIG. 1)IP address, then with the IP request establish network connection, establishing network connect
First network request is sent to Website server 200 after connecing.In first network request, it may include for allowing Website server
The routing information of 200 identification target webpages, such as "/jump.phpurl=http://www.51diaoyu.com”.
It is appreciated that in above-mentioned routing information, " jump.php " indicates corresponding Web page application program, and " url=
http://www.51diaoyu.com " is incoming parameter value pair.Website server 200 is called according to " jump.php " and is corresponded to
Web page application program, and by parameter value to " url=http://www.51diaoyu.com " is supplied to the corresponding net
Page application program.
Redirection mechanism may be set in the Web page application program, and the target network address redirected is exactly parameter
The value of url.Common redirection mode has:301 redirect, 302 redirect, " metafresh " and script are redirected.
It is super that 301 redirections, which refer to the conditional code returned after the network request for receiving client in Web page application program,
Text transfer protocol(HTTP)The conditional code 301 of defined, and as 301 conditional codes also provide the target network address of redirection.
302 redirections are similar with 301 redirections, the difference is that, 301 redirect the permanent transfer of representative(Permanently
Moved), and 302 redirections represent temporary transfer (Temporarily Moved).
It refers in html page of the Web page application program by setting return that " meta fresh ", which is redirected,<meta>Mark
Label make browser engine load target webpage automatically.If for example, setting<meta>Label is as follows:<meta http-equiv="
refresh"content="5;url=http://www.51diaoyu.com">, browser engine can be made automatic after 5 seconds
Load target webpage " http://www.51diaoyu.com”.
It refers to that Web page application program realizes browser by the script being arranged in the html page returned that script, which redirects,
Automatic load target webpage.For example, by html page include be similar to "<script>window.location.href
=http://www.51diaoyu.com</script>" Javascript scripts the redirection of browser can be realized, pass through
One timer is set, delay load is can also be achieved.
Above redirection mechanism is merely illustrative, and arbitrary redirection mechanism may be used in Website server 200.Regardless of
Using which kind of redirection mechanism, Web page application program is required for the target network address that setting redirects.If Web page application program is straight
The value using above-mentioned parameter url is connect as the target network address redirected, legitimate verification is carried out without the value to parameter url,
Such situation is exactly that there are webpages to redirect loophole by parameter url in the Web page application program.
Step S130, the second network request that the browser engine is sent out is monitored and by the mesh of second network request
Mark network address is compared with the address test.
If having used redirection mechanism in target webpage, either which kind of mechanism is browsing after the regular hour
Device engine can all be redirected to target network address.It is redirected for 301,302, after receiving conditional code, browser engine is
Start to load target network address, and " meta fresh " is when meeting trigger condition, for example, the delay of setting with script redirection
In the case of arrival, browser engine starts to load target network address.
It is appreciated that either which kind of mechanism triggering, browser engine can all be sent out to the corresponding server of target network address
Network request(The second i.e. above-mentioned network request).
As described above, if Website server 200 not to the legitimacy of parameter url verified and directly as weight
The target network address of orientation, then browser engine will be loaded directly into above-mentioned address test " http://
www.51diaoyu.com”。
In step s 130, in order to realize the second network request for monitoring browser engine and sending out, injection skill may be used
Art(Hooking)A module is injected to browser engine, is responsible for when browser engine sends network request to application
Layer sends a piece of news, and includes at least the target network address of network request within the message.Correspondingly, in step s 130, exist
Application layer can monitor above-mentioned message, and can receive the target network address that the second net routing request is therefrom parsed after message.
Then the target network address of the second network request can be compared with address test.
Step S140, it is recorded if detecting that the target network address of second network request matches with the address test
There are webpages to redirect loophole for the parameter of the target webpage.
If detecting that the target network address of second network request matches with the address test, illustrate that webpage is answered
Use program directly using the value of parameter as the target network address redirected, that is to say, that there are webpages is heavy to loophole for the parameter, this
When can record the network address and parameter name of target webpage.
Leak detection method is redirected according to the webpage of the present embodiment, normal webpage is simulated by browser engine
Loading procedure, either multiple webpage redirects loophole or script redirects loophole and can detected, and improves webpage
Redirect the coverage rate of Hole Detection.
Second embodiment
The present embodiment provides a kind of webpages to redirect leak detection method, and refering to Fig. 6, the above method includes the following steps:
Step S210, the set of the input parameter in target webpage is obtained.
Above-mentioned input parameter refers to just the parameter that can be received and processed by Website server in the webpage of front end, such as can
It is received and in additional parameter and web page source code in the URL that handles<input>Parameter included in element.Input
The set of parameter for example may include parameter all in target webpage.The number such as array, queue may be used in the set of input parameter
It is stored according to structure.
Step S220, a parameter is obtained from set.
The parameter of input may include multiple, but the detection of webpage redirection loophole can carry out respectively, therefore, can
Webpage redirection Hole Detection is carried out to obtain a parameter from set every time.
Step S230, webpage is carried out to the parameter of acquisition and redirects Hole Detection.
For a determining parameter, the detailed process for carrying out webpage redirection Hole Detection can refer in first embodiment
Associated description, i.e., be committed to target webpage using address test as the value of parameter, and monitor whether follow-up browser engine is sent out
Go out the network request that target network address is address test, there are webpages to redirect loophole if detecting, loophole is otherwise not present.
Step S240, judge whether to detect next parameter, if re-executing step S220, otherwise, flow terminates.
For example, whether also there is the parameter not being detected in judging the set of input parameter, if so, again from input parameter
Set in obtain a parameter not detected, i.e., execute step S220 again;Otherwise, illustrate parameter all in target webpage
Detection finishes, and the redirection Hole Detection flow of target webpage terminates.
Leak detection method is redirected according to the webpage of the present embodiment, normal webpage is simulated by browser engine
Loading procedure, either multiple webpage redirects loophole or script redirects loophole and can detected, and improves webpage
Redirect the coverage rate of Hole Detection.
3rd embodiment
The present embodiment provides a kind of webpages to redirect leak detection method, and refering to Fig. 7, the above method includes the following steps:
Step S310, the set of the input parameter in target webpage is obtained.
Above-mentioned input parameter refers to just the parameter that can be received and processed by Website server in the webpage of front end, such as can
It is received and in additional parameter and web page source code in the URL that handles<input>Parameter included in element.Input
The set of parameter for example may include parameter all in target webpage.The number such as array, queue may be used in the set of input parameter
It is stored according to structure.
Step S320, first network request is sent out using multiple and different address tests as institute by browser engine
It states the value of multiple input parameter while being committed to the target webpage and recording pair between different address tests and input parameter
It should be related to.
The network address of above-mentioned target webpage is, for example, " http://www.test.com/jump.php " can have two
A parameter:Url and user.It can be for one corresponding address test of each parameter setting and according to parameter and its value constructing variable
Value is to character string.Such as the address test for example, " http corresponding to parameter url://www.51diaoyu1.com ", and correspond to
In the address test for example, " http of parameter user://www.51diaoyu2.com”.Correspondingly, the parameter value pair constructed
Character string can be " url=http://www.51diaoyu1.com&user=http://www.51diaoyu2.com”.
Then, parameter value is connected in series to after the network address of the target webpage character and obtains network address http://
www.test.com/jump.php?url=http://www.51diaoyu1.com&user=http://
www.51diaoyu2.com”.Above-mentioned network address is passed into browser engine 124.Correspondingly, browser engine 124 is according to network address
The domain name for including inside carries out domain name mapping operation, then obtains the corresponding Website server of network address according to domain name mapping result(Example
Website server 200 as shown in Figure 1)IP address, then with the IP request establish network connection, after the network connection established
First network request is sent to Website server 200.In first network request, it may include for allowing Website server 200
Identify the routing information of target webpage, such as "/jump.phpurl=http://www.51diaoyu1.com&user=
http://www.51diaoyu2.com”。
It is appreciated that in above-mentioned routing information, " jump.php " indicates corresponding Web page application program, and " url=
http://www.51diaoyu1.com&user=http://www.51diaoyu2.com " is incoming parameter value pair.Website
Server 200 calls corresponding Web page application program according to " jump.php ", and by parameter value to " url=http://
www.51diaoyu1.com&user=http://www.51diaoyu2.com " is supplied to the corresponding web application journey
Sequence.
Step S330, the second network request for sending out of monitoring browser engine and by the target network address of the second network request with
Address test is compared.
Web page application program may use the target network address that the value of above-mentioned parameter is redirected as webpage.It is appreciated that
Either by which kind of redirection mechanism, it is " http that last browser engine 124, which can send out target network address,://
Www.51diaoyu1.com " or " http:The network request of //www.51diaoyu2.com "(The second i.e. above-mentioned network is asked
It asks).
Step S340, corresponding parameter is recorded if detecting that the target network address of the second network request is matched with address test
There is webpage to redirect loophole.
If detecting that the target network address of second network request matches with any address test, illustrate that webpage is answered
Use program directly using the value of parameter as the target network address redirected, that is to say, that there are webpages is heavy to loophole for the parameter, this
When can record the network address and parameter name of target webpage.
Leak detection method is redirected according to the webpage of the present embodiment, multiple parameters can be detected in primary network request,
Webpage can be provided and redirect Hole Detection efficiency.
Fourth embodiment
The present embodiment provides a kind of webpages to redirect leak detection method, refering to Fig. 8, the method and Fig. 6 institutes of the present embodiment
The method shown is similar, the difference is that, between step S230 and step S240 further include step S410, judge whether to surpass
Spending the predetermined time is not detected the second network request that target network address and the address test match or in the given time
Detect the second network request that target network address matches with the address test;If so, thening follow the steps S240;Otherwise, after
It is continuous to execute step S230.
In general, even if webpage redirection is set place, the time is not more than several seconds kinds.Therefore, in step
In S410, the predetermined time is for example, it can be set to be 10 seconds, when target network address and address test phase was not detected more than 10 seconds
When the second network request matched, that is, being considered as corresponding parameter, there is no webpages to redirect loophole, can carry out next parameter
Detection.
Leak detection method is redirected according to the webpage of the present embodiment, it can be to avoid the detection process indefinite duration of a parameter
Etc. stay, so as to promoted webpage redirect loophole detection efficiency.
5th embodiment
The present embodiment provides a kind of webpages to redirect Hole Detection device, and refering to Fig. 9, the device of the present embodiment includes:Ginseng
Number acquisition module 51, request sending module 52, monitoring modular 53 and Hole Detection module 54.
Parameter acquisition module 51 is used to obtain the input parameter in target webpage.
Above-mentioned input parameter refers to just the parameter that can be received and processed by Website server in the webpage of front end, such as can
It is received and in additional parameter and web page source code in the URL that handles<input>Parameter included in element.Input
The set of parameter for example may include parameter all in target webpage.The number such as array, queue may be used in the set of input parameter
It is stored according to structure.
Request sending module 52 be used for by browser engine send out first network ask address test being used as it is described defeated
The value for entering parameter is committed to the target webpage.
Monitoring modular 53 is used to monitor the second network request that the browser engine is sent out and asks second network
The target network address asked is compared with the address test.For example, monitoring modular 53, which monitors the browser engine, issues application
The message of layer;And the target network address of second network request is parsed from the message.Then, monitoring modular will be above-mentioned
Target network address be compared with address test.
If Hole Detection module 54 is for detecting the target network address of second network request and the address test phase
Matching then records the parameter of the target webpage, and there are webpages to redirect loophole.
Hole Detection device is redirected according to the webpage of the present embodiment, normal webpage is simulated by browser engine
Loading procedure, either multiple webpage redirects loophole or script redirects loophole and can detected, and improves webpage
Redirect the coverage rate of Hole Detection.
Sixth embodiment
Hole Detection device is redirected the present embodiment provides a kind of webpage, refering to fig. 10, it is similar to the device of Fig. 9,
The difference is that request sending module 52 includes:Character string structural unit 521, network address structural unit 522 and request hair
Send unit 523.
Character string structural unit 521 is used for:Met according to the title of the address test and input parameter construction
The parameter value of predetermined format is to character string.
Network address structural unit 53 is used for:It is obtained after the parameter value is connected in series to the network address of the target webpage to character
First network address.
First transmission unit 523 is used for:By the browser engine first network is sent out to first network address
Request.
Hole Detection device is redirected according to the webpage of the present embodiment, normal webpage is simulated by browser engine
Loading procedure, either multiple webpage redirects loophole or script redirects loophole and can detected, and improves webpage
Redirect the coverage rate of Hole Detection.
7th embodiment
Hole Detection device is redirected the present embodiment provides a kind of webpage, refering to fig. 11, it is similar to the device of Fig. 9,
The difference is that request sending module 52 includes:Second transmission unit 524, for distinguishing multiple and different address tests
Value as the multiple input parameter be committed to the target webpage simultaneously and record different address tests and input parameter it
Between correspondence.
Hole Detection device is redirected according to the webpage of the present embodiment, multiple parameters can be detected in primary network request,
Webpage can be provided and redirect Hole Detection efficiency.
8th embodiment
Hole Detection device is redirected the present embodiment provides a kind of webpage, refering to fig. 12, it is similar to the device of Fig. 9,
The difference is that monitoring modular 53 includes:Overtime judging unit 531, is used for:If target network is not detected more than the predetermined time
Location and the second network request that the address test matches, which then stop monitoring the second network that the browser engine is sent out, asks
It asks and the request sending module is notified to proceed by the detection of next input parameter.
Hole Detection device is redirected according to the webpage of the present embodiment, normal webpage is simulated by browser engine
Loading procedure, either multiple webpage redirects loophole or script redirects loophole and can detected, and improves webpage
Redirect the coverage rate of Hole Detection.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is executable to be stored with computer
Instruction, above-mentioned computer readable storage medium is, for example, nonvolatile memory such as CD, hard disk or flash memory.It is above-mentioned
Computer executable instructions deposit for allowing computer or similar arithmetic unit to complete above-mentioned distribution type file graphic data
Take method and device.
The above described is only a preferred embodiment of the present invention, be not intended to limit the present invention in any form, though
So the present invention has been disclosed with preferred embodiment as above, and however, it is not intended to limit the invention, any those skilled in the art, not
It is detached within the scope of technical solution of the present invention, when the technology contents using the disclosure above make a little change or are modified to equivalent change
The equivalent embodiment of change, as long as being without departing from technical solution of the present invention content, according to the technical essence of the invention to implementing above
Any brief introduction modification, equivalent variations and modification made by example, in the range of still falling within technical solution of the present invention.
Claims (8)
1. a kind of webpage redirects leak detection method, which is characterized in that including:
Obtain the input parameter in target webpage;
Sending out first network by browser engine asks the value that address test is used as to the input parameter to be committed to the mesh
Mark webpage;
A piece of news is sent to application layer when browser engine sends network request, and includes at least net within the message
The target network address of network request monitors the second network request that the browser engine is sent out and by second network in application layer
The target network address of request is compared with the address test;The second network request that the monitoring browser engine is sent out
The message of application layer is issued including monitoring the browser engine;And second network request is parsed from the message
Target network address;
The target webpage is recorded if detecting that the target network address of second network request matches with the address test
Parameter there are webpage redirect loophole.
2. webpage as described in claim 1 redirects leak detection method, which is characterized in that described to be sent out by browser engine
Go out first network request address test is committed to the target webpage as the value of the input parameter to include:
Meet the parameter value of predetermined format to character string according to the title of the address test and input parameter construction;
The parameter value is connected in series to after the network address of the target webpage character and obtains the first network address;And
By the browser engine first network request is sent out to first network address.
3. webpage as described in claim 1 redirects leak detection method, which is characterized in that if not detected more than the predetermined time
Then stop monitoring that the browser engine sends out the to the second network request that target network address and the address test match
Two network requests and the detection for proceeding by next input parameter.
4. webpage as described in claim 1 redirects leak detection method, which is characterized in that the input parameter includes multiple
Input parameter;
It is described first network request sent out by browser engine address test is used as to the value of the input parameter be committed to institute
Stating target webpage includes:It is committed to the target using multiple and different address tests as the value of the multiple input parameter
Webpage simultaneously records the correspondence between different address tests and input parameter.
5. a kind of webpage redirects Hole Detection device, which is characterized in that including:
Parameter acquisition module, for obtaining the input parameter in target webpage;
Request sending module regard address test as the input parameter for sending out first network request by browser engine
Value be committed to the target webpage;
Monitoring modular for sending a piece of news to application layer when browser engine sends network request, and disappears at this
Under the premise of the target network address for including at least network request in breath, the second net that the browser engine is sent out is monitored in application layer
Network asks and is compared the target network address of second network request with the address test;
The monitoring modular is specifically used for monitoring the message that the browser engine issues application layer;And it is solved from the message
The target network address of second network request is precipitated;
Hole Detection module, for if detecting that the target network address of second network request matches with the address test
Recording the parameter of the target webpage, there are webpages to redirect loophole.
6. webpage as claimed in claim 5 redirects Hole Detection device, which is characterized in that the request sending module is used
In:
Meet the parameter value of predetermined format to character string according to the title of the address test and input parameter construction;
The parameter value is connected in series to after the network address of the target webpage character and obtains the first network address;And
By the browser engine first network request is sent out to first network address.
7. webpage as claimed in claim 6 redirects Hole Detection device, which is characterized in that the monitoring modular is additionally operable to:
Stop monitoring institute if the second network request that target network address matches with the address test is not detected more than the predetermined time
It states the second network request that browser engine is sent out and the request sending module is notified to proceed by next input parameter
Detection.
8. webpage as claimed in claim 5 redirects Hole Detection device, which is characterized in that the input parameter includes multiple
Input parameter;
The request sending module is used for:Simultaneously using multiple and different address tests as the value of the multiple input parameter
It is committed to the target webpage and records the correspondence between different address tests and input parameter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410068982.8A CN104881605B (en) | 2014-02-27 | 2014-02-27 | A kind of webpage redirects leak detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410068982.8A CN104881605B (en) | 2014-02-27 | 2014-02-27 | A kind of webpage redirects leak detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104881605A CN104881605A (en) | 2015-09-02 |
| CN104881605B true CN104881605B (en) | 2018-10-02 |
Family
ID=53949095
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410068982.8A Active CN104881605B (en) | 2014-02-27 | 2014-02-27 | A kind of webpage redirects leak detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104881605B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106066850A (en) * | 2016-05-30 | 2016-11-02 | 乐视控股(北京)有限公司 | A kind of content processing method and device |
| CN106709353B (en) * | 2016-10-27 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Security detection method and device for search engine |
| CN108809890B (en) * | 2017-04-26 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Vulnerability detection method, test server and client |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101431809A (en) * | 2008-10-28 | 2009-05-13 | 中国科学院研究生院 | OBEX protocol bug excavation method and system |
| CN101820419A (en) * | 2010-03-23 | 2010-09-01 | 北京大学 | Method for automatically positioning webpage Trojan mount point in Trojan linked webpage |
| CN102857352A (en) * | 2012-09-07 | 2013-01-02 | 青岛海信传媒网络技术有限公司 | Multicasting and broadcasting method and system based on overlay network |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964025B (en) * | 2009-07-23 | 2016-02-03 | 北京神州绿盟信息安全科技股份有限公司 | XSS detection method and equipment |
| CN102955913A (en) * | 2011-08-25 | 2013-03-06 | 腾讯科技(深圳)有限公司 | Method and system for detecting hung Trojans of web page |
| CN102446253B (en) * | 2011-12-23 | 2014-12-10 | 北京奇虎科技有限公司 | Webpage trojan detection method and system |
-
2014
- 2014-02-27 CN CN201410068982.8A patent/CN104881605B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101431809A (en) * | 2008-10-28 | 2009-05-13 | 中国科学院研究生院 | OBEX protocol bug excavation method and system |
| CN101820419A (en) * | 2010-03-23 | 2010-09-01 | 北京大学 | Method for automatically positioning webpage Trojan mount point in Trojan linked webpage |
| CN102857352A (en) * | 2012-09-07 | 2013-01-02 | 青岛海信传媒网络技术有限公司 | Multicasting and broadcasting method and system based on overlay network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104881605A (en) | 2015-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104767775B (en) | Web application information push method and system | |
| CN104881603B (en) | Webpage redirects leak detection method and device | |
| CN105337961B (en) | The method and server communicated with client | |
| CN110209583B (en) | Security test method, security test device, security test system, security test equipment and security test storage medium | |
| CN109428878A (en) | Leak detection method, detection device and detection system | |
| CN104468363B (en) | Page reorientation method, routing device, terminal device and system | |
| US20160285781A1 (en) | Data processing method, apparatus, client, server and system | |
| CN110020062B (en) | Customizable web crawler method and system | |
| US10380382B2 (en) | Apparatus, method and computer-readable storage medium for securing javascript | |
| CN104657659B (en) | A kind of storage cross-site attack script loophole detection method, apparatus and system | |
| CN103605689B (en) | It is a kind of to obtain the method and device for accessing the residence time | |
| CN104834588B (en) | The method and apparatus for detecting resident formula cross site scripting loophole | |
| CN104253785B (en) | Dangerous network address recognition methods, apparatus and system | |
| CN104967644A (en) | Message push method, apparatus and system | |
| CN107911381A (en) | Access method, system, server-side and the client of application programming interface | |
| CN104852919A (en) | Method and apparatus for realizing portal authentication | |
| CN104363251A (en) | Website security detecting method and device | |
| CN104881605B (en) | A kind of webpage redirects leak detection method and device | |
| CN104573520A (en) | Method and device for detecting permanent type cross site scripting vulnerability | |
| US8789177B1 (en) | Method and system for automatically obtaining web page content in the presence of redirects | |
| CN103647652A (en) | Method, device and server for achieving data transmission | |
| CN114465741B (en) | Abnormality detection method, abnormality detection device, computer equipment and storage medium | |
| CN111597559B (en) | System command injection vulnerability detection method and device, equipment and storage medium | |
| CN103501334B (en) | Data transmission method, equipment and network system | |
| CN106484720A (en) | The method and apparatus that the effectiveness of URL is promoted in a kind of detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |