CN105354490B - Method and equipment for processing hijacked browser - Google Patents
Method and equipment for processing hijacked browser Download PDFInfo
- Publication number
- CN105354490B CN105354490B CN201510639660.9A CN201510639660A CN105354490B CN 105354490 B CN105354490 B CN 105354490B CN 201510639660 A CN201510639660 A CN 201510639660A CN 105354490 B CN105354490 B CN 105354490B
- Authority
- CN
- China
- Prior art keywords
- browser
- hijacked
- webpage
- original
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000003860 storage Methods 0.000 claims abstract description 52
- 230000008569 process Effects 0.000 abstract description 19
- 230000000694 effects Effects 0.000 abstract description 6
- 238000004904 shortening Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000009191 jumping Effects 0.000 description 4
- 238000003672 processing method Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001954 sterilising effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The invention discloses a method and equipment for processing a hijacked browser, which are used for identifying whether the browser is hijacked or not; when the browser is hijacked, acquiring identification information of an original webpage which is not hijacked and corresponds to the hijacked webpage loaded on the browser; acquiring address information of the original webpage from local storage equipment according to the identification information of the original webpage; acquiring page content of the original page based on the address information; and loading the page content in the browser to display the page content. The method and the device for processing the hijacked browser solve the technical problem that the processing time is long when the browser is hijacked in the prior art, and achieve the technical effects of shortening the processing time and improving the utilization rate of the browser in the process of processing the hijacked browser.
Description
Technical Field
The invention relates to the technical field of computer networks, in particular to a method and equipment for processing a hijacked browser.
Background
However, in reality, the Browser is tampered with in the forms of Browser plug-ins, Browser Helper Objects (BHO), Winsock L SP, etc., so that the Browser is hijacked, and when the Browser is hijacked, the home page of the Browser and the internet search page become unknown websites, the home page and the internet search page are turned to malicious webpages when accessing normal websites, and the Browser speed is severely slowed down when inputting wrong websites and hijacking software-specified websites and inputting characters.
In the prior art, when a browser is hijacked, the following processing is generally adopted: firstly, unloading and reloading a browser; secondly, sterilizing through antivirus software; the processing method has long processing time, and the browser cannot be used when the browser is reinstalled, so that the method for processing the hijacked browser in the prior art has the problems of long processing time and low utilization rate of the browser in the process of processing the hijacked browser.
Disclosure of Invention
The embodiment of the application provides a method and equipment for processing a hijacked browser, solves the technical problem that the processing time is long in the processing method when the browser is hijacked in the prior art, and achieves the technical effects of shortening the processing time and improving the utilization rate of the browser in the process of processing the hijacked browser.
On one hand, the present application provides the following technical solutions through an embodiment of the present application:
the application discloses a method for processing hijacked browser, which comprises the following steps:
identifying whether the browser is hijacked;
when the browser is hijacked, acquiring identification information of an original webpage which is not hijacked and corresponds to the hijacked webpage loaded on the browser;
acquiring address information of the original webpage from local storage equipment according to the identification information of the original webpage;
acquiring page content of the original page based on the address information;
and loading the page content in the browser to display the page content.
Optionally, before the obtaining the address information of the original webpage from the local storage device, the method further includes:
address information of a preset webpage is stored in the local storage device in advance, and the preset webpage contains the original webpage.
Optionally, the obtaining of the mark information of the non-hijacked original webpage corresponding to the hijacked webpage loaded on the browser specifically includes:
acquiring jump information corresponding to the hijacked webpage;
and acquiring mark information of the original webpage which is not hijacked based on the jump information, wherein the mark information comprises the name of the original webpage.
Optionally, the local storage device includes a user terminal for installing the browser and a local server connected to the user terminal.
Optionally, the loading the page content in the browser specifically includes:
and loading the page content in the browser, and covering the display content of the hijacked webpage with the page content.
Optionally, the loading the page content in the browser specifically includes:
and loading the page content in the browser, and replacing the display content of the hijacked webpage with the page content.
On the other hand, the present application provides the following technical solutions through an embodiment of the present application:
the application also discloses a device for processing hijacked browser, which comprises:
the identification unit is used for identifying whether the browser is hijacked or not;
the system comprises an original webpage acquisition unit, a first storage unit and a second storage unit, wherein the original webpage acquisition unit is used for acquiring identification information of an original webpage which is not hijacked and corresponds to a hijacked webpage loaded on the browser when identifying that the browser is hijacked;
the address information acquisition unit is used for acquiring the address information of the original webpage from local storage equipment according to the identification information of the original webpage;
a page content obtaining unit, configured to obtain page content of the original page based on the address information;
and the loading unit is used for loading the page content in the browser so as to display the page content loading unit.
Optionally, the apparatus further comprises:
and the pre-storage unit is used for pre-storing the address information of a preset webpage in the local storage device before the address information of the original webpage is acquired from the local storage device, wherein the preset webpage comprises the original webpage.
Optionally, the apparatus further comprises:
the jump information acquisition unit is used for acquiring jump information corresponding to the hijacked webpage;
an address information obtaining unit, configured to obtain, based on the skip information, flag information of the non-hijacked original web page, where the flag information includes a name of the original web page
Optionally, the loading unit is specifically configured to load the page content in the browser, and overlay the page content with the display content of the hijacked webpage.
Optionally, the loading unit is specifically configured to load the page content in the browser, and replace the display content of the hijacked webpage with the page content.
One or more technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:
according to the method and the equipment for processing the hijacked browser, whether the browser is hijacked or not is firstly identified, and when the browser is identified to be hijacked, identification information of an original webpage which is not hijacked and corresponds to the hijacked webpage loaded on the browser is acquired; acquiring address information of the original webpage from local storage equipment according to the identification information; and based on the address information, acquiring and loading the page content of the original page to display the page content, so that the page content of the original page can be directly acquired from the local storage device to be loaded when the browser is identified to be hijacked, the page content of the original page can be immediately displayed by the browser, the processing time is shortened, the browser can still be used in the processing process, and the utilization rate of the browser in the process of processing the hijacked browser is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of a method for handling a hijacked browser according to an embodiment of the present invention;
fig. 2 is a block diagram of a device for handling a hijacked browser according to an embodiment of the present invention.
Detailed Description
The embodiment of the application provides a method and equipment for processing a hijacked browser, solves the technical problem that the processing time is long in the processing method when the browser is hijacked in the prior art, and achieves the technical effects of shortening the processing time and improving the utilization rate of the browser in the process of processing the hijacked browser.
In order to better understand the technical solution, the technical solution will be described in detail with reference to the drawings and the specific embodiments.
Referring to fig. 1, a method for handling a hijacked browser according to an embodiment of the present invention includes the following steps:
s101: identifying whether the browser is hijacked;
s102: when the browser is hijacked, acquiring identification information of an original webpage which is not hijacked and corresponds to the hijacked webpage loaded on the browser;
s103: acquiring address information of the original webpage from local storage equipment according to the identification information of the original webpage;
s104: acquiring page content of the original page based on the address information;
s105: and loading the page content in the browser to display the page content.
In step S101, the execution subject of the present application may be a device in which the browser is installed, or may be the browser, and the present application is not particularly limited, where when the browser is identified as being hijacked, whether the browser is hijacked or not may be identified through three methods, and the first identification method may specifically be to acquire a web access request and operation information corresponding to the web access request; detecting whether the operation information accords with a preset rule or not, wherein the preset rule comprises an operation request allowed by the browser; when the browser detects that the operation information does not accord with the preset rule, the browser recognizes that the browser is hijacked; and when the browser detects that the operation information accords with the preset rule, identifying that the browser is not hijacked.
After the browser is started, operation information of a user is received, and based on the operation information, the browser automatically generates and acquires a web access request corresponding to the operation information, so that the browser can acquire the web access request and operation information corresponding to the web access request, where the operation information may be, for example, information of a hyperlink on a navigation page of the browser clicked by the user, or information of search information input in a search bar of the browser, and of course, an execution subject of the first identification method may also be equipment.
For example, taking a browser as an example, after the a browser is started, the a browser receives search information www.axxx.com input by the user in the search bar of the a browser, and the a browser generates a web page access request for accessing www.axxx.com based on the operation information, for example, the web page access request includes String url ═ http:// www.axxx.com/; thus, the a browser can receive a webpage access request for accessing www.axxx.com and the corresponding operation information, the operation information is information input www.axxx.com in the search bar of the a browser, because the preset rule of the a browser is a first operation request for inputting search information in the search bar of the browser and a second operation request generated by clicking a hyperlink on a navigation page of the browser, and because the operation information is matched with the first operation request, the operation information is determined to be in accordance with the preset rule, even if the a browser can judge that the a browser is not hijacked, so that the accuracy of the browser for identifying whether the browser is hijacked or not according to the judgment result is improved, and the browser judges whether the browser is hijacked by itself, compared with the manual judgment in the prior art, the judgment work efficiency can be greatly improved.
Specifically, the second identification method may specifically identify whether the browser is hijacked by using a domain name, and includes the following specific steps: the method comprises the steps that a browser obtains a webpage access request of a navigation page and obtains a target domain name corresponding to the webpage access request; the browser judges whether the target domain name is consistent with the original domain name of the navigation page or not; when the browser judges that the target domain name is consistent with the original domain name, identifying that the browser is not hijacked; and when the browser judges that the target domain name is inconsistent with the original domain name, identifying that the browser is hijacked.
The method comprises the steps that a navigation page is automatically loaded when a browser is started, so that the browser can obtain a webpage access request of the navigation page, and then the target domain name is obtained according to the webpage access request; of course, after the browser is started, when the browser receives a start request for starting the navigation page by a user, the browser loads the navigation page according to the start request, and further obtains a web page access request of the navigation page, and then obtains the target domain name according to the web page access request, and then determines whether the target domain name is consistent with the original domain name, and of course, the execution main body of the first identification method may also be equipment.
For example, taking a browser as an example, when the a browser is started, the a browser automatically loads a navigation page, and when the a browser loads the a navigation page, the a browser generates a web page access request of the a navigation page, for example, including String url ═ http:// ha.bxxx.cn/; therefore, the browser can extract the target domain name as hao.bxxx.cn from the webpage access request of the a navigation page, if the original domain name of the a navigation page stored in the a browser in advance is hao.axxx.cn, the a browser judges that the target domain name is inconsistent with the original domain name due to the fact that the hao.bxxx.cn is different from the hao.axxx.cn, so that the a browser detects that the judgment result represents that the target domain name is inconsistent with the original domain name, and the a browser is hijacked; if the original domain name of the navigation page a stored in the browser a is hao.
Specifically, the third identification method may specifically be to determine whether the browser is hijacked or not according to parameter setting information of a command line of a shortcut, and the specific implementation steps of the third identification method are as follows: acquiring parameter setting information of a command line of a shortcut of the browser; judging whether a setting mode corresponding to the parameter setting information is consistent with a preset mode or not; when the setting mode is judged to be inconsistent with the preset mode, identifying that the browser is hijacked; and when the setting mode is judged to be consistent with the preset mode, identifying that the browser is not hijacked.
The execution main body of the third identification mode is a device, the device may be, for example, a tablet computer, a notebook computer, a smart phone, a desktop computer, and the like, a browser is installed in the device, when parameter setting information of a command line of a shortcut of the browser is acquired, a command line program installed in the device may be started, for example, in a windows environment, the command line program is usually cmd. Of course, the parameter setting information may also be obtained by checking attribute information of the shortcut of the browser, and further, the preset mode may be a default setting mode of the shortcut of the browser, and may specifically be a manual setting mode or an automatic setting mode.
For example, taking a notebook computer a as an example, a browser b is installed in the notebook computer a and a shortcut of the browser b is created, according to the received information that the user inputs cmd in the search bar of the start menu of the notebook computer a, cmd. Then displaying the parameter setting information corresponding to the shortcut of the browser b in cmd.exe when the command information corresponding to the shortcut of the browser b is searched according to the received command information, thus, the notebook computer A can obtain the parameter setting information, if the setting mode information of the shortcut contained in the parameter setting information shows that the setting mode corresponding to the shortcut of the browser is a manual setting mode, if the manual setting mode is the same as the preset mode, determining that the setting mode is consistent with the preset mode, and thus determining that the browser is not hijacked; if the setting mode corresponding to the shortcut of the browser b is the automatic setting mode, the setting mode is determined to be inconsistent with the preset mode due to the fact that the automatic setting mode is different from the preset mode, and therefore the browser b can be determined to be hijacked.
When the browser b is not hijacked, the setting mode corresponding to the shortcut of the browser b is inevitably the preset mode, and when the browser b is hijacked, the setting mode corresponding to the shortcut of the browser b is different from the preset mode, so that whether the browser b is hijacked can be accurately judged by judging whether the setting mode corresponding to the shortcut of the browser b is consistent with the preset mode, and the judgment accuracy is improved.
Step S102 is executed next, in which, when the browser is hijacked, identification information of an original webpage that is not hijacked and corresponds to the hijacked webpage loaded on the browser is acquired.
For example, taking an a browser as an example, when the a browser receives that a user clicks a key of an automatic a navigation page of the a browser, the a browser automatically loads the a navigation page on the a browser, but the a browser is hijacked, and the loaded a navigation page is hijacked to a b navigation page, so that the page content of the b navigation page displayed on the a browser is enabled, wherein the a navigation page is the original webpage which is not hijacked, and the b navigation page is the hijacked webpage.
In a specific implementation process, when the browser is hijacked through the step S101, jump information corresponding to the hijacked webpage can be acquired; and acquiring identification information of the original webpage which is not hijacked based on the skip information, wherein the skip information comprises information for skipping from the original webpage to the hijacked webpage, so that the skip information comprises information such as the name of the original webpage and the name of the hijacked webpage, and the like.
For example, taking a browser as an example, when the browser a recognizes that the browser a is hijacked, the browser a acquires a hijacked page loaded on the browser a as a c navigation page, where the c navigation page is the hijacked webpage, acquires jump information corresponding to the c navigation page, and acquires identification information of the a navigation page as a according to the jump information if the jump information includes information for jumping from the navigation page a to the navigation page c.
Step S103 is executed next, in which the address information of the original web page is acquired from the local storage device according to the identification information of the original web page.
In a specific implementation process, address information of a preset web page may be stored in the local storage device in advance, where the preset web page includes web pages frequently used by a user and a large number of known web pages, so that the preset web page includes the original web page, and the address information of the preset web page is stored in the local storage device, so that a search is performed in the local storage device by using part or all of content in the identification information of the original web page as a keyword, and the address information matched with the identification information is found to be the address information of the original web page, where the address information may be, for example, UR L of the original web page.
Specifically, an index may be established for the address information of the preset page, so that when the corresponding address information is found according to the identification information of the original webpage, the address information of the original webpage can be found more quickly through the index, and the finding efficiency is improved; of course, it may also be that all address information stored in the local storage device is traversed, and then the address information of the original web page is found, where the name of each page in the preset pages may be used as a file name, so that the address information of the original web page may be quickly obtained by searching through the identification information of the original web page.
For example, taking an a browser as an example, when the a browser identifies that the a browser is hijacked, the a browser acquires that a hijacked page loaded on the a browser is a c navigation page, the c navigation page is the hijacked webpage, acquires jump information corresponding to the c navigation page, acquires that identification information of the a navigation page is a according to the jump information if the jump information includes information for jumping from the a navigation page to the c navigation page, searches for a keyword which is a from address information of a preset page stored in a tablet computer a provided with the a browser, and finds corresponding address information, namely address information of the a navigation page, such as http:// ha.
Step S104 is performed next, in which the page content of the original page is acquired based on the address information.
In a specific implementation process, after the address information is acquired in step S104, an access request for accessing the original web page is generated according to the address information, so that the server storing the original web page returns the page content of the original web page to the browser when receiving the access request, and thus the page content of the original web page can be acquired.
For example, taking an a browser as an example, when the a browser identifies that the a browser is hijacked, the a browser acquires that a hijacked page loaded on the a browser is a c navigation page, the c navigation page is the hijacked webpage, acquires jump information corresponding to the c navigation page, acquires that identification information of the a navigation page is a according to the jump information if the jump information includes information for jumping from the a navigation page to the c navigation page, searches for a keyword which is a from address information of a preset page stored in a tablet computer a provided with the a browser, finds corresponding address information, namely address information of the a navigation page, such as http:// ha.axxx.cn/, and then generates an access request for accessing the a navigation page, so that a server storing the a navigation page returns content of the a navigation page to the a browser according to the access request, and enabling the a browser to acquire the page content of the a navigation page.
Step S105 is performed next, in which the page content is loaded in the browser to display the page content.
In a specific implementation process, the page content can be loaded in the browser, and the display content of the hijacked webpage is covered with the page content; the page content can be loaded in the browser, the display content of the hijacked webpage is replaced by the page content, the page content of the original webpage can be loaded on the browser through the two modes, the browser can immediately display the page content of the original webpage, the processing time is shortened, the browser can still be used in the processing process, and the utilization rate of the browser in the process of processing the hijacked browser is improved.
Specifically, after the page content of the original page is acquired through step S104, the page content is directly loaded on the browser and displayed so that the displayed content matches the user' S needs.
For example, taking an a browser as an example, when the a browser identifies that the a browser is hijacked, the a browser acquires that a hijacked page loaded on the a browser is a c navigation page, the c navigation page is the hijacked webpage, acquires jump information corresponding to the c navigation page, acquires that identification information of the a navigation page is a according to the jump information if the jump information includes information for jumping from the a navigation page to the c navigation page, searches for a keyword which is a from address information of a preset page stored in a tablet computer a provided with the a browser, finds corresponding address information, namely address information of the a navigation page, such as http:// ha.axxx.cn/, and then generates an access request for accessing the a navigation page, so that a server storing the a navigation page returns content of the a navigation page to the a browser according to the access request, the browser a can acquire the page content of the navigation page a, and then directly loads the acquired page content of the navigation page a on the browser a, so that the page content of the navigation page a covers the page content of the navigation page c, and thus, the page content of the navigation page a is still displayed on the browser a, the problem that the hijacked webpage, namely the navigation page c, is displayed on the browser a is solved, the processing time is shortened, the browser a can still be used in the processing process, and the utilization rate of the browser a in the process of processing the hijacked browser a is improved.
One or more technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:
according to the method for processing the hijacked browser, whether the browser is hijacked or not is firstly identified, and when the browser is identified to be hijacked, identification information of an original webpage which is not hijacked and corresponds to the hijacked webpage loaded on the browser is acquired; acquiring address information of the original webpage from local storage equipment according to the identification information; and based on the address information, acquiring and loading the page content of the original page to display the page content, so that the page content of the original page can be directly acquired from the local storage device to be loaded when the browser is identified to be hijacked, the page content of the original page can be immediately displayed by the browser, the processing time is shortened, the browser can still be used in the processing process, and the utilization rate of the browser in the process of processing the hijacked browser is improved.
According to the same inventive concept, another embodiment of the present application provides an apparatus for handling a browser being hijacked, referring to fig. 2, the apparatus comprising:
an identifying unit 201 for identifying whether the browser is hijacked;
an original web page obtaining unit 202, configured to, when it is identified that the browser is hijacked, obtain identification information of an original web page that is not hijacked and corresponds to a hijacked web page loaded on the browser;
an address information obtaining unit 203, configured to obtain, according to the identification information of the original web page, address information of the original web page from a local storage device;
a page content obtaining unit 204, configured to obtain page content of the original page based on the address information;
a loading unit 205, configured to load the page content in the browser, so as to display the page content in the browser.
When the device identifies that the browser is hijacked, the device can identify whether the browser is hijacked through three methods, wherein the first identification method can specifically be to acquire a webpage access request and operation information corresponding to the webpage access request; detecting whether the operation information accords with a preset rule or not, wherein the preset rule comprises an operation request allowed by the browser; when the operation information is detected to be not in accordance with the preset rule, identifying that the browser is hijacked; and when the operation information is detected to accord with the preset rule, identifying that the browser is not hijacked.
Specifically, the second identification method may specifically identify whether the browser is hijacked by using a domain name, and includes the following specific steps: the equipment acquires a webpage access request of a navigation page and acquires a target domain name corresponding to the webpage access request; judging whether the target domain name is consistent with the original domain name of the navigation page or not; when the target domain name is judged to be consistent with the original domain name, identifying that the browser is not hijacked; and when the target domain name is judged to be inconsistent with the original domain name, identifying that the browser is hijacked.
Specifically, the third identification manner may specifically be whether the browser is hijacked or not through parameter setting information of a command line of the shortcut, and the specific implementation steps are as follows: the equipment acquires parameter setting information of a command line of a shortcut of the browser; judging whether a setting mode corresponding to the parameter setting information is consistent with a preset mode or not; when the setting mode is judged to be inconsistent with the preset mode, identifying that the browser is hijacked; and when the setting mode is judged to be consistent with the preset mode, identifying that the browser is not hijacked.
Specifically, the apparatus further comprises:
a pre-storing unit 206, configured to pre-store address information of a preset web page in the local storage device before the address information of the original web page is obtained from the local storage device, where the preset web page includes the address information of the original web page
Specifically, the apparatus further comprises:
a jump information obtaining unit 207, configured to obtain jump information corresponding to the hijacked webpage;
the original web page obtaining unit 202 is specifically configured to obtain, based on the skip information, identification information of the original web page that is not hijacked, where the identification information includes a name of the original web page.
Specifically, the local storage device includes a user terminal for installing the browser and a local server connected to the user terminal.
Specifically, the loading unit 205 is specifically configured to load the page content in the browser, and overlay the page content with the display content of the hijacked webpage.
Specifically, the loading unit 205 is specifically configured to load the page content in the browser, and replace the display content of the hijacked webpage with the page content.
The technical scheme in the embodiment of the application at least has the following technical effects or advantages:
according to the equipment for processing the hijacked browser, whether the browser is hijacked or not is firstly identified, and when the browser is identified to be hijacked, the identification information of the original webpage which is not hijacked and corresponds to the hijacked webpage loaded on the browser is acquired; acquiring address information of the original webpage from local storage equipment according to the identification information; and based on the address information, acquiring and loading the page content of the original page to display the page content, so that the page content of the original page can be directly acquired from the local storage device to be loaded when the browser is identified to be hijacked, the page content of the original page can be immediately displayed by the browser, the processing time is shortened, the browser can still be used in the processing process, and the utilization rate of the browser in the process of processing the hijacked browser is improved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
The invention discloses A1, a method for processing browser hijacked, which is characterized by comprising the following steps:
identifying whether the browser is hijacked;
when the browser is hijacked, acquiring identification information of an original webpage which is not hijacked and corresponds to the hijacked webpage loaded on the browser;
acquiring address information of the original webpage from local storage equipment according to the identification information of the original webpage;
acquiring page content of the original page based on the address information;
and loading the page content in the browser to display the page content.
A2, the method of claim A1, wherein prior to the obtaining the address information of the original web page from the local storage device, the method further comprises:
address information of a preset webpage is stored in the local storage device in advance, and the preset webpage contains the original webpage.
A3, the method of claim a1, wherein the obtaining the mark information of the non-hijacked original web page corresponding to the hijacked web page loaded on the browser specifically includes:
acquiring jump information corresponding to the hijacked webpage;
and acquiring mark information of the original webpage which is not hijacked based on the jump information, wherein the mark information comprises the name of the original webpage.
A4, the method of claim a1, wherein the local storage device comprises a user terminal installing the browser and a local server connected to the user terminal.
A5, the method according to any one of claims a1 to a4, wherein the loading the page content in the browser specifically includes:
and loading the page content in the browser, and covering the display content of the hijacked webpage with the page content.
A6, the method according to any one of claims a1 to a4, wherein the loading the page content in the browser specifically includes:
and loading the page content in the browser, and replacing the display content of the hijacked webpage with the page content.
B7, an apparatus for handling browser hijacking, comprising:
the identification unit is used for identifying whether the browser is hijacked or not;
the system comprises an original webpage acquisition unit, a first storage unit and a second storage unit, wherein the original webpage acquisition unit is used for acquiring identification information of an original webpage which is not hijacked and corresponds to a hijacked webpage loaded on the browser when identifying that the browser is hijacked;
the address information acquisition unit is used for acquiring the address information of the original webpage from local storage equipment according to the identification information of the original webpage;
a page content obtaining unit, configured to obtain page content of the original page based on the address information;
and the loading unit is used for loading the page content in the browser so as to display the page content loading unit.
B8, the apparatus of claim B7, further comprising:
and the pre-storage unit is used for pre-storing the address information of a preset webpage in the local storage device before the address information of the original webpage is acquired from the local storage device, wherein the preset webpage comprises the original webpage.
B9, the apparatus of claim B7, further comprising:
the jump information acquisition unit is used for acquiring jump information corresponding to the hijacked webpage;
an address information obtaining unit, configured to obtain, based on the skip information, flag information of the non-hijacked original web page, where the flag information includes a name of the original web page
B10, the device according to any one of claims B7 to B9, wherein the loading unit is specifically configured to load the page content in the browser and overlay the page content with the display content of the hijacked webpage.
B11, the device according to any one of claims B7 to B9, wherein the loading unit is specifically configured to load the page content in the browser and replace the displayed content of the hijacked webpage with the page content.
Claims (7)
1. A method for handling hijacking of a browser, comprising:
identifying whether a browser is hijacked, wherein the hijacked browser is hijacked by tampering with the browser;
when the browser is hijacked, acquiring identification information of an original webpage which is not hijacked and corresponds to the hijacked webpage loaded on the browser;
acquiring address information of the original webpage stored in the local storage device in advance from the local storage device according to the identification information of the original webpage;
generating an access request for accessing the original webpage based on the address information, and acquiring page content of the original webpage from a server for storing the original webpage;
loading the page content in the browser, and covering the display content of the hijacked webpage with the page content or replacing the display content of the hijacked webpage with the page content to display the page content.
2. The method of claim 1, wherein prior to said retrieving the address information of the original web page from the local storage device, the method further comprises:
address information of a preset webpage is stored in the local storage device in advance, and the preset webpage contains the original webpage.
3. The method according to claim 1, wherein the obtaining of the mark information of the non-hijacked original webpage corresponding to the hijacked webpage loaded on the browser specifically includes:
acquiring jump information corresponding to the hijacked webpage;
and acquiring mark information of the original webpage which is not hijacked based on the jump information, wherein the mark information comprises the name of the original webpage.
4. The method of claim 1, wherein the local storage device comprises a user terminal that installs the browser and a local server connected to the user terminal.
5. A device for handling browser hijacking, the device comprising:
the identification unit is used for identifying whether the browser is hijacked or not, wherein the browser is hijacked by tampering the browser;
the system comprises an original webpage acquisition unit, a first storage unit and a second storage unit, wherein the original webpage acquisition unit is used for acquiring identification information of an original webpage which is not hijacked and corresponds to a hijacked webpage loaded on the browser when identifying that the browser is hijacked;
an address information obtaining unit, configured to obtain, from a local storage device, address information of the original web page stored in the local storage device in advance according to the identification information of the original web page;
a page content obtaining unit, configured to generate an access request for accessing the original web page based on the address information, and obtain page content of the original web page from a server storing the original web page;
and the loading unit is used for loading the page content in the browser, covering the display content of the hijacked webpage with the page content or replacing the display content of the hijacked webpage with the page content so as to display the page content loading unit.
6. The apparatus of claim 5, wherein the apparatus further comprises:
and the pre-storage unit is used for pre-storing the address information of a preset webpage in the local storage device before the address information of the original webpage is acquired from the local storage device, wherein the preset webpage comprises the original webpage.
7. The apparatus of claim 5, wherein the apparatus further comprises:
the jump information acquisition unit is used for acquiring jump information corresponding to the hijacked webpage;
and the address information acquisition unit is used for acquiring the mark information of the original webpage which is not hijacked based on the jump information, wherein the mark information comprises the name of the original webpage.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510639660.9A CN105354490B (en) | 2015-09-30 | 2015-09-30 | Method and equipment for processing hijacked browser |
| PCT/CN2016/100574 WO2017054731A1 (en) | 2015-09-30 | 2016-09-28 | Method and device for processing hijacked browser |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510639660.9A CN105354490B (en) | 2015-09-30 | 2015-09-30 | Method and equipment for processing hijacked browser |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105354490A CN105354490A (en) | 2016-02-24 |
| CN105354490B true CN105354490B (en) | 2020-07-28 |
Family
ID=55330461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510639660.9A Active CN105354490B (en) | 2015-09-30 | 2015-09-30 | Method and equipment for processing hijacked browser |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105354490B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017054731A1 (en) * | 2015-09-30 | 2017-04-06 | 北京奇虎科技有限公司 | Method and device for processing hijacked browser |
| WO2017054716A1 (en) * | 2015-09-30 | 2017-04-06 | 北京奇虎科技有限公司 | Method for recognizing hijacked browser and browser |
| CN107038194B (en) * | 2016-11-17 | 2020-12-15 | 创新先进技术有限公司 | Page jump method and device |
| CN108595957B (en) * | 2018-05-02 | 2023-04-14 | 腾讯科技(深圳)有限公司 | Browser homepage tampering detection method, device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594934A (en) * | 2011-12-30 | 2012-07-18 | 奇智软件(北京)有限公司 | Method and device for identifying hijacked website |
| CN103699840A (en) * | 2013-12-12 | 2014-04-02 | 北京奇虎科技有限公司 | Method and device for detecting page jacking |
| CN104125121A (en) * | 2014-08-15 | 2014-10-29 | 携程计算机技术(上海)有限公司 | Network hijacking behavior detecting system and method |
| CN104679747A (en) * | 2013-11-26 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Detection device and method for website redirection |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8181246B2 (en) * | 2007-06-20 | 2012-05-15 | Imperva, Inc. | System and method for preventing web frauds committed using client-scripting attacks |
-
2015
- 2015-09-30 CN CN201510639660.9A patent/CN105354490B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594934A (en) * | 2011-12-30 | 2012-07-18 | 奇智软件(北京)有限公司 | Method and device for identifying hijacked website |
| CN104679747A (en) * | 2013-11-26 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Detection device and method for website redirection |
| CN103699840A (en) * | 2013-12-12 | 2014-04-02 | 北京奇虎科技有限公司 | Method and device for detecting page jacking |
| CN104125121A (en) * | 2014-08-15 | 2014-10-29 | 携程计算机技术(上海)有限公司 | Network hijacking behavior detecting system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105354490A (en) | 2016-02-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2018223717A1 (en) | Webpage front-end testing method, device, system, apparatus and readable storage medium | |
| US10733259B2 (en) | Web page access method and apparatus | |
| WO2016177341A1 (en) | Interface calling method and device, and terminal | |
| US11086638B2 (en) | Method and apparatus for loading application | |
| CN105354490B (en) | Method and equipment for processing hijacked browser | |
| US9876777B2 (en) | Method and browser for online banking login | |
| CN107133165B (en) | Browser compatibility detection method and device | |
| CN106202100B (en) | Page loading method and device | |
| CN107679214B (en) | Link positioning method, device, terminal and computer readable storage medium | |
| CN109522500B (en) | Webpage display method, device, terminal and storage medium | |
| CN105160246A (en) | Method for identifying hijacked browser and browser | |
| CN104504058A (en) | Web page presentation method and browser device | |
| US20160328110A1 (en) | Method, system, equipment and device for identifying image based on image | |
| CN108182363B (en) | Detection method, system and storage medium of embedded office document | |
| WO2017054716A1 (en) | Method for recognizing hijacked browser and browser | |
| CN110362341B (en) | Business management method, device, equipment and storage medium based on micro-service architecture | |
| CN112000884A (en) | User content recommendation method and device, server and storage medium | |
| WO2017054731A1 (en) | Method and device for processing hijacked browser | |
| CN110677506A (en) | Network access method, device, computer equipment and storage medium | |
| CN105243134B (en) | A kind of method and apparatus handling browser of being held as a hostage | |
| EP2998885A1 (en) | Method and device for information search | |
| CN108268298B (en) | Desktop icon generation method and device, storage medium and electronic equipment | |
| CN110889116A (en) | Advertisement blocking method and device and electronic equipment | |
| CN105224653B (en) | Processing method and processing equipment when a kind of browser is held as a hostage | |
| AU2013206622B2 (en) | Download management method and device based on Android browser |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240105 Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |