CN105656943B - A kind of application data interception system and method - Google Patents
A kind of application data interception system and method Download PDFInfo
- Publication number
- CN105656943B CN105656943B CN201610147276.1A CN201610147276A CN105656943B CN 105656943 B CN105656943 B CN 105656943B CN 201610147276 A CN201610147276 A CN 201610147276A CN 105656943 B CN105656943 B CN 105656943B
- Authority
- CN
- China
- Prior art keywords
- data
- client
- unit
- server
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of application data interception system and methods, belong to application program running technology field;System includes client and server-side, and wherein client includes applying unit, agent unit and driving unit;Method includes: step S1, and use one is set to the applying unit in client, and output is associated with the application data of an application program in client;Step S2, use one are set to the agent unit in client, obtain the preset data interception rule of server-side;Step S3, use one are set to the driving unit in client, are intercepted according to data interception rule to the application data that applying unit exports, the application data intercepted are sent to agent unit;Step S4, agent unit is by the application data forwarding intercepted to server-side.The beneficial effect of above-mentioned technical proposal is: accomplishing that destination address is constant when applying data redirection, avoiding the problem that, which influences whole system when executing application intercepts, operates normally.
Description
Technical field
The present invention relates to application program running technology field more particularly to a kind of application data interception system and methods.
Background technique
It currently realizes in windows platform and is generallyd use using the client of data interception in order to support transport layer application
The mode of LSP or TDI intercepts data, but the problem of this interception mode is:
1) when existing application data interception for system-wide, once occur mistake during using data interception
Accidentally, it is easy to influence whole system, causes system crash;
2) for application program, interception process be difficult to accomplish it is transparent, such as would generally be connection after data interception
It is forwarded to the agent of the machine, the destination address that application program is seen at this time is not just originally to issue the address of server-side, and can
It can be a unified destination address such as 127.0.0.1, this is for certain transmission the machine in the packet or opposite end IP
The application program of location port can not just support its application data interception to operate;
3) existing Interception Technology is more outmoded, such as the Windows system (such as more than Vista version of more recent version
Windows system) just do not support TDI technology.
Summary of the invention
According to the above-mentioned problems in the prior art, a kind of technical side using data interception system and method is now provided
Case, it is intended to accomplish that destination address is constant when applying data redirection, avoid influencing whole system when executing application intercepts
The problem of normal operation.
Above-mentioned technical proposal specifically includes:
A kind of application data interception system, wherein including client and server-side, the client is remote with the server-side
Journey connection;
The client includes:
Applying unit is associated with the application for exporting corresponding to the application program setting in a client
The application data of program;
Agent unit, connects the applying unit, and the agent unit is used to obtain from the server-side pre-set
Data interception rule;
Driving unit, is separately connected the applying unit and the agent unit, and the driving unit obtains the data
Rule is intercepted, and the application data that the applying unit exports are intercepted according to the data interception rule, it is described
Driving unit is based on Windows system filter stage and is set;
The application data intercepted are sent to the agent unit by the driving unit, and through the agent unit
It is forwarded to the server-side.
Preferably, this applies data interception system, wherein the driving unit is ALE driving unit.
Preferably, this applies data interception system, wherein the application data include:
Formulate the connection of the process of the application program;And/or
Save the storage address of the relevant data of the application program.
Preferably, this applies data interception system, wherein the agent unit acquisition is intercepted described using data
Afterwards, the application data are packaged and are transmitted to the server-side.
Preferably, this applies data interception system, wherein the server-side is the Virtual Private Network based on Secure Socket Layer
The server of network.
It is a kind of to apply data interception method, wherein including client and server-side, the client is remote with the server-side
Journey connection, further includes:
Step S1, use one are set to the applying unit in the client, and output is associated in the client one
The application data of application program;
Step S2, use one are set to the agent unit in the client, obtain the preset data of the server-side and block
Cut rule;
Step S3, use one are set to the driving unit in the client, according to the data interception rule to described
The application data of applying unit output are intercepted, and the application data intercepted are sent to the agent unit;
Step S4, the agent unit is by the application data forwarding intercepted to the server-side;
The driving unit is based on Windows system filter stage and is set.
Preferably, this applies data interception method, wherein the driving unit is ALE driving unit.
Preferably, this applies data interception method, wherein the application data include:
Formulate the connection of the process of the application program;And/or
Save the storage address of the relevant data of the application program.
Preferably, this applies data interception method, wherein in the step S4, what the agent unit acquisition was intercepted
After the application data, the application data are packaged and are transmitted to the server-side.
Preferably, this applies data interception method, wherein the server-side is the Virtual Private Network based on Secure Socket Layer
The server of network.
The beneficial effect of above-mentioned technical proposal is:
1) a kind of application data interception system is provided, can accomplish that destination address is constant when applying data redirection, avoids
The problem of whole system operates normally is influenced when executing application intercepts;
2) it provides a kind of using data interception method, can support above-mentioned application data interception system worked well.
Detailed description of the invention
Fig. 1 is a kind of structural schematic diagram using data interception system in preferred embodiment of the invention;
Fig. 2 is a kind of flow diagram using data interception method in preferred embodiment of the invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art without creative labor it is obtained it is all its
His embodiment, shall fall within the protection scope of the present invention.
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the present invention can phase
Mutually combination.
The present invention will be further explained below with reference to the attached drawings and specific examples, but not as the limitation of the invention.
In preferred embodiment of the invention, it is based on the above-mentioned problems in the prior art, a kind of application number is now provided
According to intercepting system, the specific structure of the system is as shown in Figure 1, include that customer end A and server-side B, customer end A are remote with server-side B
Journey connection.Further, include: in customer end A
Applying unit 1 is associated with application program for exporting corresponding to the application program setting in a customer end A
Using data;
Agent unit 2, connects applying unit 1, and agent unit 2 is used to obtain pre-set data interception rule from server-side
Then;
Driving unit 3, is separately connected applying unit 1 and agent unit 2, and driving unit 3 obtains data interception rule, and root
The application data that applying unit exports are intercepted according to data interception rule, it is flat that driving unit 3 is based on the filtering of Windows system
Platform is set;
The application data intercepted are sent to agent unit 2 by driving unit 3, and are forwarded to server-side through agent unit 2
B。
In a specific embodiment, it can be directed to one applying unit 1 of an application setting, it can also be for not
The same same applying unit 1 of application setting.The effect of the applying unit 1 is to be responsible for output application program operational process
The a series of of middle generation apply data.
In the embodiment, using after data, this is intercepted the output of applying unit 1 using data drived unit 3.Driving unit
3 intercept the preset rules obtained from agent unit 2 from server-side B using the rule of data foundation.In other words, in server-side B
The data interception rule using data is pre-set, the application data obtained are wanted with interception service end.Then in client
The agent unit 2 of one the machine of interior setting, the agent unit 2 are blocked for obtaining above-mentioned data preset in server-side B
Cut rule, and these rules are issued in driving unit 3.
With rear drive unit 3 according to these data interceptions rule, the application data exported to applying unit 1 are intercepted,
Agent unit 2 obtains these intercepted and applies data, and transfers it to server-side, to complete transport layer application data
Intercept operation.
In this embodiment, 2 moment of agent unit monitors driving unit 3, and obtains what the process that it is exported intercepted in time
Using data.
In preferred embodiment of the invention, above-mentioned driving unit 3 is based on WFP (Windows Filtering
Platform, WFP) setting, further, above-mentioned driving unit 3 is ALE driving unit.
In preferred embodiment of the invention, above-mentioned data interception rule can specifically include server-side B and wish customer end A
It intercepts the rule of which data, such as three browsers (browser A, browser B and clear may be opened simultaneously in customer end A
Look at device C), and server-side B only wants to the related browsing data that client sends browser A, server-side B can block data at this time
Cut rule is preset as the related browsing data that an interception browser A is sent.
In preferred embodiment of the invention, above-mentioned driving unit 3 can be preformed bottom layer driving in client
Program, correspondingly, above-mentioned agent unit 2 can be acted on behalf of for the machine pre-generated in client.
In preferred embodiment of the invention, above-mentioned application data may include:
Formulate the connection of the process of application program;And/or
Save the storage address of the relevant data of application program.
In preferred embodiment of the invention, above-mentioned agent unit 3 is by monitoring the application data got by interception
Afterwards, these are transmitted using data to above-mentioned server-side B.
In preferred embodiment of the invention, above-mentioned server-side B is the clothes of the Virtual Private Network based on Secure Socket Layer
Business device, specifically, server-side B are SSL VPN.
In conclusion in technical solution of the present invention, one the machine is set in client and is acted on behalf of, the agency is for from server-side
Preset data interception rule is obtained, and the rule is handed down to the ALE that bottom is write in advance and is driven.Driving can be according to above-mentioned
Data interception rule intercepts the application data generated in application program operation process, and the machine agency monitors from driving
The connection of forwarding simultaneously obtains the above-mentioned application data intercepted, and then applies data forwarding to server-side these, to complete
One is completely applied data interception process.
In preferred embodiment of the invention, it is based on applications described herein above data interception system, one kind is now provided and is answered
It equally include client and server-side in this method with data interception method, step is as shown in Figure 2, comprising:
Step S1, use one are set to the applying unit in client, and output is associated with an application program in client
Application data;
Step S2, use one are set to the agent unit in client, obtain the preset data interception rule of server-side;
Step S3, use one are set to the driving unit in client, are exported according to data interception rule to applying unit
Application data intercepted, the application data intercepted are sent to agent unit;
Step S4, agent unit is by the application data forwarding intercepted to server-side;
Above-mentioned driving unit is based on Windows system filter stage and is set.
In preferred embodiment of the invention, as mentioned above it is possible, above-mentioned driving unit is ALE driving unit.
In preferred embodiment of the invention, as mentioned above it is possible, above-mentioned application data include:
Formulate the connection of the process of application program;And/or
Save the storage address of the relevant data of application program.
It,, will after agent unit obtains the application data intercepted in above-mentioned steps S4 in preferred embodiment of the invention
It is packaged using data and is transmitted to server-side.
In preferred embodiment of the invention, as mentioned above it is possible, above-mentioned server-side is SSL VPN.
The foregoing is merely preferred embodiments of the present invention, are not intended to limit embodiments of the present invention and protection model
It encloses, to those skilled in the art, should can appreciate that all with made by description of the invention and diagramatic content
Equivalent replacement and obviously change obtained scheme, should all be included within the scope of the present invention.
Claims (10)
1. a kind of application data interception system, which is characterized in that including client and server-side, the client and the service
The long-range connection in end;
The client includes:
Applying unit is associated with the application program for exporting corresponding to the application program setting in a client
Application data;
Agent unit, connects the applying unit, and the agent unit is used to obtain pre-set data from the server-side
Intercept rule;
Driving unit, is separately connected the applying unit and the agent unit, and the driving unit obtains the data interception
Rule, and the application data that the applying unit exports are intercepted according to the data interception rule, the driving
Unit is based on Windows system filter stage and is set;
The application data intercepted are sent to the agent unit by the driving unit, and are forwarded through the agent unit
To the server-side;
The driving unit is preformed bsp driver in the client;
The agent unit is the machine agency pre-generated in the client.
2. applying data interception system as described in claim 1, which is characterized in that the driving unit is ALE driving unit.
3. applying data interception system as described in claim 1, which is characterized in that the application data include:
Formulate the connection of the process of the application program;And/or
Save the storage address of the relevant data of the application program.
4. applying data interception system as described in claim 1, which is characterized in that the agent unit obtains the institute intercepted
It states using after data, the application data is packaged and are transmitted to the server-side.
5. applying data interception system as described in claim 1, which is characterized in that the server-side is based on Secure Socket Layer
Virtual Private Network server.
6. a kind of apply data interception method, which is characterized in that including client and server-side, the client and the service
The long-range connection in end, further includes:
Step S1, use one are set to the applying unit in the client, and output is associated with an application in the client
The application data of program;
Step S2, use one are set to the agent unit in the client, obtain the preset data interception rule of the server-side
Then;
Step S3, use one are set to the driving unit in the client, according to the data interception rule to the application
The application data of unit output are intercepted, and the application data intercepted are sent to the agent unit;
Step S4, the agent unit is by the application data forwarding intercepted to the server-side;
The driving unit is based on Windows system filter stage and is set;
The driving unit is preformed bsp driver in the client;
The agent unit is the machine agency pre-generated in the client.
7. applying data interception method as claimed in claim 6, which is characterized in that the driving unit is ALE driving unit.
8. applying data interception method as claimed in claim 6, which is characterized in that the application data include:
Formulate the connection of the process of the application program;And/or
Save the storage address of the relevant data of the application program.
9. applying data interception method as claimed in claim 6, which is characterized in that in the step S4, the agent unit
After obtaining the application data intercepted, the application data are packaged and are transmitted to the server-side.
10. applying data interception method as claimed in claim 6, which is characterized in that the server-side is based on safe socket
The server of the Virtual Private Network of layer.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610147276.1A CN105656943B (en) | 2016-03-15 | 2016-03-15 | A kind of application data interception system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610147276.1A CN105656943B (en) | 2016-03-15 | 2016-03-15 | A kind of application data interception system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105656943A CN105656943A (en) | 2016-06-08 |
CN105656943B true CN105656943B (en) | 2019-07-05 |
Family
ID=56493750
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610147276.1A Active CN105656943B (en) | 2016-03-15 | 2016-03-15 | A kind of application data interception system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105656943B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106453309B (en) * | 2016-10-11 | 2020-04-17 | 北京天融信网络安全技术有限公司 | Security audit method and PC terminal |
CN106713355B (en) * | 2017-01-23 | 2020-02-21 | 绿网天下(福建)网络科技股份有限公司 | Network filtering method based on PC (personal computer) terminal and client PC |
CN106936846A (en) * | 2017-04-10 | 2017-07-07 | 北京明朝万达科技股份有限公司 | A kind of method for network access control and device based on WFP platforms |
CN109088844B (en) * | 2017-06-13 | 2021-03-19 | 腾讯科技(深圳)有限公司 | Information interception method, terminal, server and system |
CN108566358B (en) * | 2017-12-22 | 2021-03-26 | 广州赛意信息科技股份有限公司 | iOS system network communication interception method and system based on iPhone mobile phone |
CN109587269A (en) * | 2018-12-27 | 2019-04-05 | 迅雷计算机(深圳)有限公司 | A kind of hold-up interception method, unit, system and the storage medium of downloading behavior |
CN110120895B (en) * | 2019-04-11 | 2023-01-17 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for testing communication of mobile terminal |
CN112491927B (en) * | 2020-12-15 | 2022-12-02 | 厦门市美亚柏科信息股份有限公司 | Method and system for bypassing network port shielding |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101636998A (en) * | 2006-08-03 | 2010-01-27 | 思杰系统有限公司 | Systems and methods for application based interception ssi/vpn traffic |
CN102195972A (en) * | 2011-03-24 | 2011-09-21 | 北京思创银联科技股份有限公司 | Method for intercepting network data by using WFP (Windows Filter Platform) |
CN103840994A (en) * | 2012-11-23 | 2014-06-04 | 华耀(中国)科技有限公司 | System and method for user side to access intranet through VPN |
CN104683295A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Data packet filtering rule configuration method, device and system |
CN105337831A (en) * | 2014-08-08 | 2016-02-17 | 华为技术有限公司 | Virtual private network implementation method and client device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7920478B2 (en) * | 2008-05-08 | 2011-04-05 | Nortel Networks Limited | Network-aware adapter for applications |
-
2016
- 2016-03-15 CN CN201610147276.1A patent/CN105656943B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101636998A (en) * | 2006-08-03 | 2010-01-27 | 思杰系统有限公司 | Systems and methods for application based interception ssi/vpn traffic |
CN102195972A (en) * | 2011-03-24 | 2011-09-21 | 北京思创银联科技股份有限公司 | Method for intercepting network data by using WFP (Windows Filter Platform) |
CN103840994A (en) * | 2012-11-23 | 2014-06-04 | 华耀(中国)科技有限公司 | System and method for user side to access intranet through VPN |
CN104683295A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Data packet filtering rule configuration method, device and system |
CN105337831A (en) * | 2014-08-08 | 2016-02-17 | 华为技术有限公司 | Virtual private network implementation method and client device |
Also Published As
Publication number | Publication date |
---|---|
CN105656943A (en) | 2016-06-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105656943B (en) | A kind of application data interception system and method | |
CN106941480B (en) | Security management method and security management system | |
US10341296B2 (en) | Firewall configured with dynamic collaboration from network services in a virtual network environment | |
EP3143745B1 (en) | Connecting public cloud with private network resources | |
CN108370340A (en) | Virtual private networks tunnel in the mixing cloud environment of dynamic definition | |
TWI434564B (en) | Enabling secure remote assistance using a terminal services gateway | |
US20160219019A1 (en) | Communication tunneling in application container environments | |
CN102761534B (en) | Realize the method and apparatus of media access control layer Transparent Proxy | |
WO2013133975A1 (en) | Offline provisioning of virtual machines | |
CN104010001B (en) | In mobile terminal, the method and system connecting communication is carried out in similar networking request | |
CN110808871A (en) | Method and system for identifying data sessions at a VPN gateway | |
US11996977B2 (en) | System and method for automated information technology services management | |
KR102017038B1 (en) | An access control system for web applications | |
CN106470191A (en) | Filter system, the method and device of HTTPS transferring content | |
CN102420837B (en) | NDIS (Network Driver Interface Standard)-based method and system | |
CN108762893A (en) | A kind of method, apparatus and storage medium of browser connection Docker containers | |
CN107613036A (en) | Realize the method and system of HTTPS Transparent Proxies | |
CN103873491A (en) | VPN safe browser system and setting method | |
CN103384246B (en) | Safety supervision system login assistant method | |
CN103685536A (en) | Monopolized type virtual desktop management method | |
CN106533880A (en) | Method and apparatus for erecting VPN service on cloud server | |
CN116915852B (en) | Transparent proxy method and system for linux application program | |
WO2018046985A1 (en) | Techniques for policy-controlled analytic data collection in large-scale systems | |
WO2014120179A1 (en) | Remote client application | |
CN105516256A (en) | Batch command operation method and device of Linux host |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |