CN105099991A - Mobile terminal network data packet capturing method and device - Google Patents
Mobile terminal network data packet capturing method and device Download PDFInfo
- Publication number
- CN105099991A CN105099991A CN201410175709.5A CN201410175709A CN105099991A CN 105099991 A CN105099991 A CN 105099991A CN 201410175709 A CN201410175709 A CN 201410175709A CN 105099991 A CN105099991 A CN 105099991A
- Authority
- CN
- China
- Prior art keywords
- network data
- event
- function
- mobile terminal
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/725—Cordless telephones
Abstract
The invention discloses a mobile terminal network data packet capturing method and device. The method comprises the steps that a network data transmitting event of an application program in mobile terminal equipment is monitored via a function which is hooked in the mobile terminal equipment and used for transmitting network data; the function used for transmitting the network data is a unified interface function provided by the operating system of the mobile terminal equipment, and all the applications installed in the mobile terminal equipment require to invoke the function when the network data require to be transmitted; and when the network data transmitting event is monitored, the network data transmitting event is intercepted, and data packets to be transmitted are extracted from the event. The network data transmitted by the application program can be effectively extracted via the method so that the method has wide applicability for multiple programs.
Description
Technical field
The present invention relates to technical field of mobile terminals, be specifically related to the method and the device that capture network packet in the terminal.
Background technology
For the ease of application, can carry relatively large-scale operating system in most mobile terminal device, operating system is in charge of the software and hardware resources of mobile terminal device, controls the operation of other programs, and provides service and support for the operation of other programs.On operating system, user can install the software application of various feature richness, and these software application relate to people's work entertainment etc. aspect.In the software application of user installation, be no lack of and require higher application to running environment, the such as Internet bank, once the user profile of sensitivity is stolen by rogue program, just may bring loss to user; Also have some application in addition, certain reason may be in, in the unwitting situation of user, by the server of some user data upload in terminal equipment to oneself, etc.Therefore on the mobile terminal device, also usually need to take certain safety measure, wherein, the packet of application programs transmitting-receiving is monitored on mobile terminals, and safety analysis judgement is carried out to the packet of transmitting-receiving, when finding wherein to comprise the sensitive data of user, carrying out tackling or pointing out to user, is a kind of measure wherein.In the process, the packet how grabbing application transmitting-receiving is a crucial problem.
Use traditional host-host protocols such as http to carry out for the situation of transfer of data for some, the transceiving data event of general directly monitoring application self, can grab the packet of its transmitting-receiving.But, for the host-host protocols such as https, owing to being encrypted packet in the process of transmission packet, therefore, when adopting the transmitting-receiving event of traditional mode to application to monitor, the packet grabbed directly cannot to carry out analysis operation often.For this reason, some Network Data Control instruments have been there are in prior art, these instruments are when capturing https packet, general needs are modeled to the client of application, if application or website need to be encrypted data, also need the certificate obtaining and install application or website in advance, then utilize the certificate got to communicate with server end, therefrom grab the packet applied and upload or receive.
Although this mode can grab https packet, but often can only for specific application, such as certain monitoring tools is merely able to realize data transmit-receive monitoring to a browser software, for the mobile terminal application emerged in an endless stream, the monitoring tools of this data transmit-receive or mode lack general applicability, cannot meet the demand of data security.In addition, for the receipt transmitting-receiving be based upon on the secure connection of encryption, the mode of this crawl packet also needs to install corresponding safety certificate on the terminal device, effective security monitoring can be realized, when safety certificate cannot be obtained, this technological means then still the packet that cannot realize mobile terminal is received and dispatched effectively capture.
Therefore, how more convenient effectively capture the packet that mobile terminal device is received and dispatched, be the technical problem solved in the urgent need to those skilled in the art.
Summary of the invention
In view of the above problems, the present invention is proposed to provide a kind of overcoming the problems referred to above or the method capturing network packet in the terminal solved the problem at least in part and the device capturing network packet accordingly in the terminal.
According to one aspect of the present invention, provide the method capturing network packet in the terminal, comprising:
By in hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; Wherein, the unified interface function that the operating system that the described function for sending network data is mobile terminal device provides, install in mobile terminal device each be applied in need send network data time, all need to call this function;
When monitoring the event of described transmission network data, the event of this transmission network data is tackled, and extract packet to be sent from this event.
Alternatively, the described packet to be sent extracted from this event is the packet before application program performs cryptographic operation.
Alternatively, when described operating system is iOS system, the described function for sending network data comprises sslread function.
Alternatively, also comprise:
Legitimacy analysis is carried out to the packet to be sent extracted;
If it is determined that go out described packet to comprise user's sensitive data, then carry out tackling or sending information to user.
Alternatively, also comprise:
By the function for receiving network data in hook mobile terminal device, the event of the receiving network data of application program in mobile terminal device is monitored; Wherein, the described unified interface function provided for the function of the receiving network data operating system that is mobile terminal device, each installation in mobile terminal device is applied in when needing receiving network data, all needs to call this function;
When monitoring the event of described receiving network data, the event of this receiving network data is tackled, and from this event, extract the packet received.
Alternatively, the described packet received extracted from this event is the packet after application performs decryption oprerations.
Alternatively, when described operating system is iOS system, the described function for receiving network data comprises sslwrite function.
According to a further aspect in the invention, provide the device capturing network packet in the terminal, comprising:
Monitoring unit, for by hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; Wherein, the unified interface function that the operating system that the described function for sending network data is mobile terminal device provides, install in mobile terminal device each be applied in need send network data time, all need to call this function;
Data extracting unit, for when monitoring the event of described transmission network data, tackles the event of this transmission network data, and extract packet to be sent from this event.
Alternatively, the described packet to be sent extracted from this event is the packet before application program performs cryptographic operation.
Alternatively, also comprise
Data analysis unit, for carrying out legitimacy analysis to the packet to be sent extracted;
Data interception unit, if it is determined that comprise user's sensitive data for going out described packet, then carries out tackling or sending information to user.
According to the method capturing network packet in the terminal of the present invention, can by hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; And then, when monitoring the event of described transmission network data, the event of this transmission network data is tackled, and packet to be sent is extracted from this event, send the event of network data from application program the data effectively can extracted application program and send, and, because application program is when sending network data, usually need to call the unified interface function of taking into custody control, thus this method is relative to prior art, for multiple programs, all there is applicability widely.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of specification, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the flow chart of the method capturing network packet according to an embodiment of the invention in the terminal; And,
Fig. 2 shows the schematic diagram of the device capturing network packet according to an embodiment of the invention in the terminal.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Please refer to Fig. 1, be the flow chart capturing the method for network packet in the terminal according to invention embodiment, as shown in the figure, this method capturing network packet in the terminal comprises the following steps:
S110: by hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; Wherein, the unified interface function that the operating system that the described function for sending network data is mobile terminal device provides, install in mobile terminal device each be applied in need send network data time, all need to call this function;
In mobile terminal device, the operating system of relative complex is installed usually, for the application program on upper strata provides support.If the application program in mobile terminal device needs interconnection network and by network transceiving data, usually need the interface that call operation system provides.First by the function for transceiver network data in hook mobile terminal device, the event of application program transceiver network data in mobile terminal device can be monitored.Usually, the application program of mobile terminal device this locality will send data to the specific network address, need to call in mobile terminal device for sending the function of network data, equally, when some rogue programs need the sensitive data sending user, also need the function for sending network data called in mobile terminal device, the data of this locality are sent.Therefore, in the method that the embodiment of the present invention provides, mainly can by hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored, knows that application program sends the event of network data.
Wherein, the unified interface function that the operating system comprising mobile terminal device for the function for sending network data provides, each installation in mobile terminal device is applied in when needing to send network data, all needs the function called.Such as, in the mobile terminal device that Apple produces, the operating system of installing is iOS, in iOS operating system, if application program needs to initiate encryption connection, and when outwards sending data, need to call the sslread function provided in iOS operating system.Now, this function in the mobile terminal device of iOS operating system can be carried by hook, realize the monitoring of the event of the transmission network data to the application program wherein run.
In addition, malicious application can also pass through receiving network data, realize receiving hacker's instruction, download the malicious acts such as rogue program, therefore except monitoring sends except local sensitive data to malicious application, , in the method that the embodiment of the present invention provides, that may upload the function of the transmission network data of local data except monitoring calls event, can also monitor the event of local application receiving network data, during specific implementation, can by the function for receiving network data in hook mobile terminal device, the event of the receiving network data of application program in mobile terminal device is monitored, wherein, the unified interface function that the operating system that the function for receiving network data comprises mobile terminal device provides, each installation in mobile terminal device is applied in when needing receiving network data, all needs to call this function.Such as carry in the mobile terminal of iOS operating system, if local application needs to accept network data, need to call sslwrite function, by this function of hook, the monitoring of the event of the receiving network data to application program in mobile terminal device can be realized.
S120: when monitoring the event of described transmission network data, the event of this transmission network data is tackled, and extract packet to be sent from this event.
When after the event monitoring the transmission network data that local application triggers, the network data that application program sends can be tackled, further, can extract from this event and be sent to packet, the data analysis that application programs sends, determine its fail safe, or determine whether it is the sensitive data of user.As previously mentioned, when application program on the mobile terminal device sends data, it can be the encrypted transmission based on encryption connection, realize the data capture in this transfer of data, if do not possess corresponding deciphering means, such as decruption key or certificate, just be difficult to realize further data analysis, now just need when monitoring the event of transmission network data of application program in mobile terminal device, to to be sent to it before data are encrypted in application program, from function call event, to extract unencrypted packet to be sent.During specific implementation, hook mechanism can be utilized, the transmission interface function of the operating system that application programs is called carries out hook, like this, when the transmission interface function of application call operating system, just can when application call sends the system interface function of data, obtain the parameter that application program transmits to system function, the function parameter representing the data that application program will send or receive is had in parameter, this function parameter can be extracted, thus realize the acquisition of the packet that application programs will send.And in this process, the function parameter of accessed representative sending/receiving data, is the data without encryption, is convenient to realize follow-up Information Security analysis.
As previously mentioned, the malicious act of application program, except sending the sensitive data of user, can also have and receive hacker's instruction, download the malicious acts such as rogue program, therefore, the event of application programs receiving network data can also monitor, and the packet that application program in event receives is obtained.Concrete implementation also can be utilize hook mechanism, and the receiving interface function of the operating system that application programs is called carries out hook.When packet is encrypted, when extracting data, after performing decryption oprerations, data wherein can be extracted again, corresponding, the packet extracted from the event of receiving network data is the packet after application performs decryption oprerations.
Such as in iOS operating system can respectively application programs transceiving data time the interface function that calls, sslread and sslwrite carries out hook, and the function prototype realizing hook can be as follows:
MSHookFunction((void*)SSLWrite,(void*)_hook_SSLWrite,(void**)&_real_SSLWrite);
MSHookFunction((void*)SSLRead,(void*)_hook_SSLRead,(void**)&_real_SSLRead);
By realizing above-mentioned hook function, the data that application program will be received and dispatched can be obtained in the code of hook function.
To send and the monitoring of event of receiving network data achieving application programs, and after acquisition to the packet of all transmitting-receivings, can further to the packet to be sent extracted, or packet to be received carries out legitimacy analysis; If it is determined that transmission packet comprises user's sensitive data, or receive the malicious instructions that data are remote control, or download behaviors such as rogue program etc., then carry out tackling or sending information to user, take further safety measure with reminding user.
Above the method capturing network packet in the terminal that the embodiment of the present invention provides is described in detail, pass through the method, can by hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; And then, when monitoring the event of described transmission network data, the event of this transmission network data is tackled, and packet to be sent is extracted from this event, the data effectively can extracted application program and send are sent the event of network data from application program, and, because application program is when sending network data, usually need to call the unified interface function of taking into custody control, thus this method has applicability more widely relative to prior art.
Corresponding with the method capturing network packet in the terminal that the embodiment of the present invention provides, additionally provide the device capturing network packet in the terminal, please refer to Fig. 2, for capturing the schematic diagram of the device of network packet according to an embodiment of the invention in the terminal, as shown in the figure, this device can comprise:
Monitoring unit 210, for by hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; Wherein, for sending the unified interface function that operating system that the function of network data is mobile terminal device provides, each installation in mobile terminal device is applied in when needing to send network data, all needs to call this function;
Data extracting unit 220, for when monitoring the event of described transmission network data, tackles the event of this transmission network data, and extract packet to be sent from this event.
Wherein, the packet to be sent extracted from the event of transmission network data can be the packet that application program performs before cryptographic operation.When the operating system that mobile terminal device carries is iOS system, the function of institute's hook can be the sslread function for sending network data.
Under another kind of implementation, this device capturing network packet in the terminal can also comprise:
Data analysis unit, for carrying out legitimacy analysis to the packet to be sent extracted;
Data interception unit, if it is determined that comprise user's sensitive data for going out described packet, then carries out tackling or sending information to user.
When for obtaining data that application program in mobile terminal receives, monitoring unit 210 can also be used for, by the function for receiving network data in hook mobile terminal device, the event of the receiving network data of application program in mobile terminal device is monitored; Wherein, the unified interface function that the operating system that the function for receiving network data is mobile terminal device provides, each installation in mobile terminal device is applied in when needing receiving network data, all needs to call this function;
When monitoring the event of receiving network data, the event of this receiving network data is tackled, and from this event, extract the packet received.
Wherein, if based on the transfer of data of encryption connection, corresponding is the packet that application performs after decryption oprerations from receiving the packet received extracted the event of data.When the operating system that mobile terminal device carries is iOS system, the data receiver function of institute's hook can be the sslwrite function for receiving network data.
Above the device capturing network packet in the terminal that the embodiment of the present invention provides is introduced, by this device, can utilize for sending the function of network data in hook mobile terminal device, the event of the transmission network data of application program in mobile terminal device is monitored.And then, when monitoring the event of described transmission network data, the event of this transmission network data is tackled, and packet to be sent is extracted from this event, the data effectively can extracted application program and send are sent the event of network data from application program, and, because application program is when sending network data, usually need to call the unified interface function of taking into custody control, relative to prior art, there is applicability more widely.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In specification provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary compound mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions capturing the some or all parts in the device of network packet in the terminal that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
The application can be applied to computer system/server, and it can operate with other universal or special computing system environment numerous or together with configuring.The example of the well-known computing system being suitable for using together with computer system/server, environment and/or configuration includes but not limited to: personal computer system, server computer system, thin client, thick client computer, hand-held or laptop devices, the system based on microprocessor, Set Top Box, programmable consumer electronics, NetPC Network PC, little type Ji calculate machine Xi Tong ﹑ large computer system and comprise the distributed cloud computing technology environment of above-mentioned any system, etc.
Computer system/server can describe under the general linguistic context of the computer system executable instruction (such as program module) performed by computer system.Usually, program module can comprise routine, program, target program, assembly, logic, data structure etc., and they perform specific task or realize specific abstract data type.Computer system/server can be implemented in distributed cloud computing environment, and in distributed cloud computing environment, task is performed by the remote processing devices by communication network links.In distributed cloud computing environment, program module can be positioned at and comprise on the Local or Remote computing system storage medium of memory device.
Present invention also offers A1, a kind of method capturing network packet in the terminal, comprising:
By in hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; Wherein, the unified interface function that the operating system that the described function for sending network data is mobile terminal device provides, install in mobile terminal device each be applied in need send network data time, all need to call this function;
When monitoring the event of described transmission network data, the event of this transmission network data is tackled, and extract packet to be sent from this event.
A2, method as described in A1, the described packet to be sent extracted from this event is the packet before application program performs cryptographic operation.
A3, method as described in A1, when described operating system is iOS system, the described function for sending network data comprises sslread function.
A4, method as described in any one of A1 to A3, also comprise:
Legitimacy analysis is carried out to the packet to be sent extracted;
If it is determined that go out described packet to comprise user's sensitive data, then carry out tackling or sending information to user.
A5, method as described in any one of A1 to A3, also comprise:
By the function for receiving network data in hook mobile terminal device, the event of the receiving network data of application program in mobile terminal device is monitored; Wherein, the described unified interface function provided for the function of the receiving network data operating system that is mobile terminal device, each installation in mobile terminal device is applied in when needing receiving network data, all needs to call this function;
When monitoring the event of described receiving network data, the event of this receiving network data is tackled, and from this event, extract the packet received.
A6, method as described in A5, the described packet received extracted from this event is the packet after application performs decryption oprerations.
A7, method as described in A5, when described operating system is iOS system, the described function for receiving network data comprises sslwrite function.
B8, a kind of device capturing network packet in the terminal, comprising:
Monitoring unit, for by hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; Wherein, the unified interface function that the operating system that the described function for sending network data is mobile terminal device provides, install in mobile terminal device each be applied in need send network data time, all need to call this function;
Data extracting unit, for when monitoring the event of described transmission network data, tackles the event of this transmission network data, and extract packet to be sent from this event.
B9, device as described in B8, the described packet to be sent extracted from this event is the packet before application program performs cryptographic operation.
B10, device as described in B8, when described operating system is iOS system, the described function for sending network data comprises sslread function.
B11, device as described in any one of B8 to B10, also comprise
Data analysis unit, for carrying out legitimacy analysis to the packet to be sent extracted;
Data interception unit, if it is determined that comprise user's sensitive data for going out described packet, then carries out tackling or sending information to user.
B12, device as described in any one of B8 to B10, described monitoring unit also for:
By the function for receiving network data in hook mobile terminal device, the event of the receiving network data of application program in mobile terminal device is monitored; Wherein, the described unified interface function provided for the function of the receiving network data operating system that is mobile terminal device, each installation in mobile terminal device is applied in when needing receiving network data, all needs to call this function;
Described data extracting unit also for: when monitoring the event of described receiving network data, the event of this receiving network data is tackled, and from this event, extracts the packet received.
B13, device as described in B12, the described packet received extracted from this event is the packet after application performs decryption oprerations.
B14, device as described in B12, when described operating system is iOS system, the described function for receiving network data comprises sslwrite function.
Claims (10)
1. capture a method for network packet in the terminal, comprising:
By in hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; Wherein, the unified interface function that the operating system that the described function for sending network data is mobile terminal device provides, install in mobile terminal device each be applied in need send network data time, all need to call this function;
When monitoring the event of described transmission network data, the event of this transmission network data is tackled, and extract packet to be sent from this event.
2. the method for claim 1, the described packet to be sent extracted from this event is the packet before application program performs cryptographic operation.
3. the method for claim 1, when described operating system is iOS system, the described function for sending network data comprises sslread function.
4. the method as described in any one of claims 1 to 3, also comprises:
Legitimacy analysis is carried out to the packet to be sent extracted;
If it is determined that go out described packet to comprise user's sensitive data, then carry out tackling or sending information to user.
5. the method as described in any one of claims 1 to 3, also comprises:
By the function for receiving network data in hook mobile terminal device, the event of the receiving network data of application program in mobile terminal device is monitored; Wherein, the described unified interface function provided for the function of the receiving network data operating system that is mobile terminal device, each installation in mobile terminal device is applied in when needing receiving network data, all needs to call this function;
When monitoring the event of described receiving network data, the event of this receiving network data is tackled, and from this event, extract the packet received.
6. method as claimed in claim 5, the described packet received extracted from this event is the packet after application performs decryption oprerations.
7. method as claimed in claim 5, when described operating system is iOS system, the described function for receiving network data comprises sslwrite function.
8. capture a device for network packet in the terminal, comprising:
Monitoring unit, for by hook mobile terminal device for sending the function of network data, the event of the transmission network data of application program in mobile terminal device is monitored; Wherein, the unified interface function that the operating system that the described function for sending network data is mobile terminal device provides, install in mobile terminal device each be applied in need send network data time, all need to call this function;
Data extracting unit, for when monitoring the event of described transmission network data, tackles the event of this transmission network data, and extract packet to be sent from this event.
9. device as claimed in claim 8, the described packet to be sent extracted from this event is the packet before application program performs cryptographic operation.
10. device as claimed in claim 8, when described operating system is iOS system, the described function for sending network data comprises sslread function.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410175709.5A CN105099991B (en) | 2014-04-28 | 2014-04-28 | The method and device of network packet is grabbed in the terminal |
| PCT/CN2015/077656 WO2015165375A1 (en) | 2014-04-28 | 2015-04-28 | Method and device for capturing network data packet in mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410175709.5A CN105099991B (en) | 2014-04-28 | 2014-04-28 | The method and device of network packet is grabbed in the terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105099991A true CN105099991A (en) | 2015-11-25 |
| CN105099991B CN105099991B (en) | 2019-05-31 |
Family
ID=54358174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410175709.5A Active CN105099991B (en) | 2014-04-28 | 2014-04-28 | The method and device of network packet is grabbed in the terminal |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105099991B (en) |
| WO (1) | WO2015165375A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106101105A (en) * | 2016-06-14 | 2016-11-09 | 北京小米移动软件有限公司 | Data processing method, Apparatus and system |
| CN107220258A (en) * | 2016-03-22 | 2017-09-29 | 阿里巴巴集团控股有限公司 | For method, device and the terminal of the data for capturing five application page |
| CN107528820A (en) * | 2017-06-07 | 2017-12-29 | 中国银联股份有限公司 | For the encipher-decipher method of application program, device and method for auditing safely and platform |
| CN113225354A (en) * | 2021-06-02 | 2021-08-06 | 郑州信大捷安信息技术股份有限公司 | Method and system for analyzing secure channel encrypted data |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090055525A1 (en) * | 2007-08-24 | 2009-02-26 | Tibbo Technology | System for Remote Configuration, Control, and Monitoring of Devices Over Computer Network Using Central Server |
| CN102932375A (en) * | 2012-11-22 | 2013-02-13 | 北京奇虎科技有限公司 | Protection method and device for network access behavior |
| CN103198255A (en) * | 2013-04-03 | 2013-07-10 | 武汉大学 | Method and system for monitoring and intercepting sensitive behaviour of Android software |
| CN103428582A (en) * | 2013-09-02 | 2013-12-04 | 贝壳网际(北京)安全技术有限公司 | Video playing method and device and client |
| CN103442360A (en) * | 2013-09-09 | 2013-12-11 | 北京网秦天下科技有限公司 | Method for detecting safety of mobile application, and mobile terminal |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8561176B1 (en) * | 2007-01-24 | 2013-10-15 | Mcafee, Inc. | System, method and computer program product for monitoring and/or analyzing at least one aspect of an invocation of an interface |
| CN101286850B (en) * | 2007-04-10 | 2010-12-15 | 深圳职业技术学院 | Defensive installation for security of router, defense system and method |
| CN103051617B (en) * | 2012-12-18 | 2015-09-02 | 北京奇虎科技有限公司 | The method of the network behavior of recognizer, Apparatus and system |
| CN103368978B (en) * | 2013-08-02 | 2016-06-08 | 公安部第三研究所 | Realize intelligent mobile terminal application leak and the method for communication security detection |
-
2014
- 2014-04-28 CN CN201410175709.5A patent/CN105099991B/en active Active
-
2015
- 2015-04-28 WO PCT/CN2015/077656 patent/WO2015165375A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090055525A1 (en) * | 2007-08-24 | 2009-02-26 | Tibbo Technology | System for Remote Configuration, Control, and Monitoring of Devices Over Computer Network Using Central Server |
| CN102932375A (en) * | 2012-11-22 | 2013-02-13 | 北京奇虎科技有限公司 | Protection method and device for network access behavior |
| CN103198255A (en) * | 2013-04-03 | 2013-07-10 | 武汉大学 | Method and system for monitoring and intercepting sensitive behaviour of Android software |
| CN103428582A (en) * | 2013-09-02 | 2013-12-04 | 贝壳网际(北京)安全技术有限公司 | Video playing method and device and client |
| CN103442360A (en) * | 2013-09-09 | 2013-12-11 | 北京网秦天下科技有限公司 | Method for detecting safety of mobile application, and mobile terminal |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107220258A (en) * | 2016-03-22 | 2017-09-29 | 阿里巴巴集团控股有限公司 | For method, device and the terminal of the data for capturing five application page |
| CN106101105A (en) * | 2016-06-14 | 2016-11-09 | 北京小米移动软件有限公司 | Data processing method, Apparatus and system |
| CN107528820A (en) * | 2017-06-07 | 2017-12-29 | 中国银联股份有限公司 | For the encipher-decipher method of application program, device and method for auditing safely and platform |
| CN113225354A (en) * | 2021-06-02 | 2021-08-06 | 郑州信大捷安信息技术股份有限公司 | Method and system for analyzing secure channel encrypted data |
| CN113225354B (en) * | 2021-06-02 | 2022-03-22 | 郑州信大捷安信息技术股份有限公司 | Method and system for analyzing secure channel encrypted data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105099991B (en) | 2019-05-31 |
| WO2015165375A1 (en) | 2015-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10270789B2 (en) | Multiphase threat analysis and correlation engine | |
| JP2023524619A (en) | Treat data flows differently based on interest | |
| US20170289191A1 (en) | Infiltration Detection and Network Rerouting | |
| US8875296B2 (en) | Methods and systems for providing a framework to test the security of computing system over a network | |
| US20200177636A1 (en) | Cybersecurity threat detection and mitigation system | |
| KR20180120157A (en) | Data set extraction based pattern matching | |
| US11489853B2 (en) | Distributed threat sensor data aggregation and data export | |
| CN104798355A (en) | Mobile device management and security | |
| CN111163095B (en) | Network attack analysis method, network attack analysis device, computing device, and medium | |
| US11792221B2 (en) | Rest API scanning for security testing | |
| CN105809037A (en) | System and method for rapidly deploying trusted execution environment application | |
| CN103631678A (en) | Backup method, restoring method and device for client software | |
| WO2018160413A1 (en) | Managing data encrypting application | |
| CN105099991A (en) | Mobile terminal network data packet capturing method and device | |
| EP3669515A1 (en) | Securely transferring selective datasets between terminals | |
| EP3355228B1 (en) | Endpoint vulnerability analysis platform | |
| WO2022019930A1 (en) | Rasp-based implementation using a security manager | |
| Kim et al. | Burnfit: Analyzing and exploiting wearable devices | |
| US20210344726A1 (en) | Threat sensor deployment and management | |
| CN112491792B (en) | Data secure transmission method, device, equipment and readable storage medium | |
| US9106514B1 (en) | Hybrid network software provision | |
| Altayaran et al. | Security threats of application programming interface (API's) in internet of things (IoT) communications | |
| Rafaele et al. | IoT security analysis: Kunbus Revolution Pi connect | |
| CN102882965B (en) | Document down loading method and system | |
| US20240073238A1 (en) | Method and system for ensuring compliance of computing systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220728 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |