CN106357670A - Simulator-based android application server side Web vulnerability detection method - Google Patents
Simulator-based android application server side Web vulnerability detection method Download PDFInfo
- Publication number
- CN106357670A CN106357670A CN201610901415.5A CN201610901415A CN106357670A CN 106357670 A CN106357670 A CN 106357670A CN 201610901415 A CN201610901415 A CN 201610901415A CN 106357670 A CN106357670 A CN 106357670A
- Authority
- CN
- China
- Prior art keywords
- simulator
- app
- apk
- arixtra
- service end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The invention discloses a simulator-based android application server side Web vulnerability detection method, comprising the following steps of: starting a vulnerability detection agent module, starting an android simulator and configuring a network; composing an APK (Android Package) Monitor module, connecting the android simulator and monitoring a directory; installing files to batches of or single android application by virtue of a Python script; when the APK Monitor monitors an APK file in the directory, installing the file automatically by virtue of an ADB (Android Debug Bridge) command; capturing all requirements of an APP (application) for a server side by virtue of agency of the vulnerability detection agent module; performing, by the vulnerability detection agent module, vulnerability detection on the captured requirements; uninstalling the APP after completion of execution of the APK Monitor, and continuously monitoring an appointed directory; and outputting a detection result by the vulnerability detection agent module. By use of the method disclosed by the invention, Web vulnerabilities of an android APP server side can be detected fully automatically, and meanwhile batch detection is supported without manual intervention, and automatic detection of all APPs of a certain android APP market is supported to obtain an analysis statistical result.
Description
Technical field
The present invention relates to the neck such as simulated operation ARIXTRA applied using ARIXTRA simulator, adb command operation, Hole Detection
Domain is and in particular to a kind of ARIXTRA application service end web leak detection method based on simulator.
Background technology
Different ARIXTRA app provides different functions, promotes the development of mobile Internet, and let us life is more convenient, but
App widely use and leak that itself exists equally brings threat to our movable livings, personal secrets.App substitutes
Website realizes the service that we obtain usually through the mode accessing web application day, its rear end actual in the way of client
Communicated with service end, to carry out the transmission of data.
In traditional safety detection to the request of app service end, most by the way of static analysis, by reverse
App carries out mainly comprising the shelling of app, reverse to obtain the source code of app, then pass through canonical coupling, code static analysis with
The modes such as track find the different requests done in app, and the url extracting request is individually detected.Traditional Static Detection needs
First app is carried out inversely just to carry out next step to obtain app source code, and app more important greatly all app can be carried out reinforcing,
Shell adding, which results in app and sometimes inversely cannot obtain source code, or reverse difficulty is too high, if as technology less than
Situations such as position, just cannot obtain source code, also just have no way of carrying out the detection of next step.Inversely after success, need to carry out the generation of static state
Code examination & verification and analysis, extract all requests to service end in app, and this needs substantial amounts of experience and energy to put into, and takes time and effort.
In addition, in a lot of app, the url for the request of service end is by way of the splicing of parameter, needs
The trend of code to be followed the tracks of goes the value obtaining corresponding parameter just can complete the splicing to url, and even some parameters are according to reality
Border running environment and enter Mobile state reading it is impossible to by tracking code and obtain, the request which results in extraction is probably
Incomplete, cause Detection results problematic.Some app can comprise some invalid url, and these url actual please not by app
Ask, also may can extract these service ends url by the way of traditional, and spend detection resource to go to detect, cause detection money
The waste in source.
ARIXTRA simulator: be one and may operate in the virtual unit on computer.Android simulator can not require the use of
Physical equipment gets final product preview, exploitation and test android application program.
Adb: full name is android debug bridge, plays the effect of debugging bridge.By adb, can be in eclipse
Middle convenience debugs android program by ddms.
Apk:apk is the abbreviation of androidpackage, i.e. android installation kit (apk).
Content of the invention
The technical problem to be solved is to provide a kind of ARIXTRA application service end web leak inspection based on simulator
Survey method, triggers simulated operation by simulator, and calls adb to carry out associative operation by script automatization, it is to avoid artificial
Participate in, also enable Hole Detection.
For solving above-mentioned technical problem, the technical solution used in the present invention is:
A kind of ARIXTRA application service end web leak detection method based on simulator, comprises the following steps:
Step 1: start Hole Detection proxy module, start ARIXTRA simulator Configuration network;
Step 2: write apk monitor module, connect ARIXTRA simulator monitored directory, described apk monitor mould
Block uses python script, and assigned catalogue is carried out with newly-increased file monitor;
Step 3: by python script by batch or single ARIXTRA application installation file, that is, apk file download is to finger
Determine catalogue;
Step 4:apk monitor monitors the apk file under catalogue, is installed automatically by adb order, and time
Go through the function to execute app for the activity triggering app;
Step 5: all requests to service end for the app are captured by the agency of Hole Detection proxy module;
Step 6: Hole Detection proxy module carries out Hole Detection to the request of capture;
Step 7:apk monitor unloads app after the completion of execution, is further continued for monitoring assigned catalogue;
Step 8: Hole Detection proxy module output Hole Detection result.
Further, described in step 4 traversal activity is functional come the institute to trigger app, particularly as follows: decompression
Apk file, obtains androidmanifest.xml file, all of by the content obtaining that reads node in this xml document
Activity, then executes command statement by adb and is triggered.
Further, described step 5, particularly as follows: first root ARIXTRA simulator, is installed the app with agent functionality, then is touched
Send out each activity process, if the corresponding functional packet of the activity being triggered contains the request to service end, then all
Capture proxied.
Further, described installation has the app of agent functionality particularly as follows: using proxydroid or passing through setting
Wifi agent arranges the global network agency of simulator.
Further, described step 6 is particularly as follows: asked the complete network to service end capturing using burpsuite
Derivation enters scanning device and carries out Hole Detection.
Compared with prior art, the invention has the beneficial effects as follows:
1st, the present invention by a kind of simple mode realize full-automatic detect to ARIXTRA app service end web leak, with
When support batch detection and without manual intervention, support automatically to detect all app in certain ARIXTRA app market, thus
Go out analytic statisticss result.
2nd, present invention deployment simple single personal computer can achieve large batch of detection it is not necessary to actual purchase Android device,
With low cost, deployment is simple.
3rd, the present invention maximizes favourable factors and minimizes unfavourable ones, and realizes avoiding the shelling needing in traditional app detection to overcome by cleverly framework
Require high processing mode etc. technological means, left-hand seat is simple.
Brief description
Fig. 1 is the ARIXTRA application service end web leak detection method process schematic based on simulator for the present invention.
Specific embodiment
The present invention is further detailed explanation with reference to the accompanying drawings and detailed description.As shown in figure 1, processing stream
Journey includes: 1) starts Hole Detection proxy module, starts ARIXTRA simulator Configuration network;2) write apk monitor module,
Connect ARIXTRA simulator monitored directory, described apk monitor module uses python script, and assigned catalogue is increased newly
File monitor;3) pass through python script by batch or single ARIXTRA application installation file, that is, apk file download is to specified mesh
Record;4) apk monitor monitors the apk file under catalogue, is installed automatically by adb order, and travels through triggering app
The function to execute app for the activity;5) ask the visitor in capture the institute to service end for the app by the agency of Hole Detection proxy module
Ask;6) Hole Detection proxy module carries out Hole Detection to the request of capture;7) apk monitor unloads after the completion of execution
App, is further continued for monitoring assigned catalogue;8) Hole Detection proxy module output Hole Detection result.
Realize installing and uninstalling of app
Particular by adb order elder generation connect simulator, such as " adb connect simulator ip ", then app is installed, such as
" adb wait-for-device install apk file ", then unload app, such as " adb wait-for-device
Uninstall pkg bag name (pkg bag name can read androidmanifest.xml file and obtain) ".
Traversal activity is functional come the institute to trigger app
Each apk file is exactly a compressed package in fact, can directly decompress, and obtains androidmanifest.xml literary composition
Part, by reading the content of node in this xml document, obtains all of activity, executes command statement by adb and is touched
Send out and (require each app must comprise this document in ARIXTRA app development specifications it is also necessary to register all in this document
activity).As adb wait-for-device shell am start n pkg_name/activity.
By setting agency's capture app all of service end request
First root ARIXTRA simulator, installs related app or arranges the complete of simulator by arranging the modes such as wifi agent
Office network is acted on behalf of, and then triggers the process of each activity again, if corresponding functional packet contains the request to service end, that
All capture proxied.
Realize Hole Detection
Using burpsuite or other scanning devices, directly the complete network request to service end of capture is imported
Scanning device carries out Hole Detection, is wherein preferred with the scanning device supporting command calls to execute task, it is possible to achieve full-automatic unmanned
The Hole Detection that work participates in.
Claims (5)
1. a kind of ARIXTRA application service end web leak detection method based on simulator is it is characterised in that comprise the following steps:
Step 1: start Hole Detection proxy module, start ARIXTRA simulator Configuration network;
Step 2: write apk monitor module, connect ARIXTRA simulator monitored directory, described apk monitor module makes
Use python script, assigned catalogue is carried out with newly-increased file monitor;
Step 3: by python script by batch or single ARIXTRA application installation file, that is, apk file download is to specified mesh
Record;
Step 4:apk monitor monitors the apk file under catalogue, is installed automatically by adb order, and travels through tactile
Send out the function to execute app for the activity of app;
Step 5: all requests to service end for the app are captured by the agency of Hole Detection proxy module;
Step 6: Hole Detection proxy module carries out Hole Detection to the request of capture;
Step 7:apk monitor unloads app after the completion of execution, is further continued for monitoring assigned catalogue;
Step 8: Hole Detection proxy module output Hole Detection result.
2. the ARIXTRA application service end web leak detection method based on simulator as claimed in claim 1 it is characterised in that
Traversal activity described in step 4 is functional come the institute to trigger app, particularly as follows: decompression apk file, obtains
Androidmanifest.xml file, by all of activity of content obtaining reading node in this xml document, then
Execute command statement by adb to be triggered.
3. the ARIXTRA application service end web leak detection method based on simulator as claimed in claim 1 or 2, its feature exists
In described step 5, particularly as follows: first root ARIXTRA simulator, is installed the app with agent functionality, then triggered each activity
Process, if the corresponding functional packet of the activity being triggered contains the request to service end, then all capture proxied.
4. the ARIXTRA application service end web leak detection method based on simulator as claimed in claim 3 it is characterised in that
Described installation has the app of agent functionality particularly as follows: arranging simulator using proxydroid or by arranging wifi agent
Global network agency.
5. the ARIXTRA application service end web leak detection method based on simulator as claimed in claim 4 it is characterised in that
Described step 6 is leaked particularly as follows: the complete network request to service end capturing is imported scanning device using burpsuite
Hole is detected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610901415.5A CN106357670A (en) | 2016-10-17 | 2016-10-17 | Simulator-based android application server side Web vulnerability detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610901415.5A CN106357670A (en) | 2016-10-17 | 2016-10-17 | Simulator-based android application server side Web vulnerability detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106357670A true CN106357670A (en) | 2017-01-25 |
Family
ID=57865925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610901415.5A Pending CN106357670A (en) | 2016-10-17 | 2016-10-17 | Simulator-based android application server side Web vulnerability detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106357670A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107239697A (en) * | 2017-06-27 | 2017-10-10 | 四维创智(北京)科技发展有限公司 | A kind of server end scan method based on mobile flow |
| CN107301346A (en) * | 2017-05-23 | 2017-10-27 | 成都联宇云安科技有限公司 | One kind realizes Android device APP fast and safely detection methods using white list mechanism |
| CN107729749A (en) * | 2017-09-30 | 2018-02-23 | 北京梆梆安全科技有限公司 | With reference to system information and the Android simulator detection method and device of ardware feature |
| CN107729750A (en) * | 2017-09-30 | 2018-02-23 | 北京梆梆安全科技有限公司 | With reference to configuration information and the Android simulator detection method and device of ardware feature |
| CN108875368A (en) * | 2017-05-10 | 2018-11-23 | 北京金山云网络技术有限公司 | A kind of safety detection method, apparatus and system |
| CN108959935A (en) * | 2018-06-25 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of loophole plug-in unit batch execution method and device |
| CN109918122A (en) * | 2019-03-06 | 2019-06-21 | Oppo广东移动通信有限公司 | White list maintaining method, device and terminal device |
| CN110990221A (en) * | 2019-11-26 | 2020-04-10 | 武汉大学 | Kernel LKM-based Android platform malicious software automatic detection method and system |
| CN112099840A (en) * | 2020-08-28 | 2020-12-18 | 广州掌淘网络科技有限公司 | Method and device for extracting features in application package |
| CN115277202A (en) * | 2022-07-28 | 2022-11-01 | 四川封面传媒科技有限责任公司 | Automatic data acquisition system and method for android APP |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102541729A (en) * | 2010-12-31 | 2012-07-04 | 航空工业信息中心 | Detection device and method for security vulnerability of software |
| CN103207969A (en) * | 2013-04-12 | 2013-07-17 | 百度在线网络技术(北京)有限公司 | Device and method for detecting Android malware |
| US20130212484A1 (en) * | 2012-02-15 | 2013-08-15 | Mobilespan Inc. | Presenting execution of a remote application in a mobile device native format |
| CN105512045A (en) * | 2015-12-24 | 2016-04-20 | 珠海市君天电子科技有限公司 | Application program testing method and device and testing equipment |
| CN105740144A (en) * | 2016-01-27 | 2016-07-06 | 浪潮(北京)电子信息产业有限公司 | Automated testing method and system for Android mobile Terminal |
| CN105787364A (en) * | 2014-12-23 | 2016-07-20 | 深圳市腾讯计算机系统有限公司 | Automated testing method, device and system for task |
-
2016
- 2016-10-17 CN CN201610901415.5A patent/CN106357670A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102541729A (en) * | 2010-12-31 | 2012-07-04 | 航空工业信息中心 | Detection device and method for security vulnerability of software |
| US20130212484A1 (en) * | 2012-02-15 | 2013-08-15 | Mobilespan Inc. | Presenting execution of a remote application in a mobile device native format |
| CN103207969A (en) * | 2013-04-12 | 2013-07-17 | 百度在线网络技术(北京)有限公司 | Device and method for detecting Android malware |
| CN105787364A (en) * | 2014-12-23 | 2016-07-20 | 深圳市腾讯计算机系统有限公司 | Automated testing method, device and system for task |
| CN105512045A (en) * | 2015-12-24 | 2016-04-20 | 珠海市君天电子科技有限公司 | Application program testing method and device and testing equipment |
| CN105740144A (en) * | 2016-01-27 | 2016-07-06 | 浪潮(北京)电子信息产业有限公司 | Automated testing method and system for Android mobile Terminal |
Non-Patent Citations (2)
| Title |
|---|
| RIUSKSK: "android沙盘原理与实现,https://security.tencent.com/index.php/blog/msg/7", 《腾讯安全应急响应中心》 * |
| TRACY_梓朋: "安卓恶意代码分析工具详解(一)—MobSF,http://purpleroc.com/MD/2016-08-31@Android%20Malware%20Analysis%20Tool(1)--MobSF.html", 《TRACY、BLOG》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108875368A (en) * | 2017-05-10 | 2018-11-23 | 北京金山云网络技术有限公司 | A kind of safety detection method, apparatus and system |
| CN107301346A (en) * | 2017-05-23 | 2017-10-27 | 成都联宇云安科技有限公司 | One kind realizes Android device APP fast and safely detection methods using white list mechanism |
| CN107239697A (en) * | 2017-06-27 | 2017-10-10 | 四维创智(北京)科技发展有限公司 | A kind of server end scan method based on mobile flow |
| CN107729749A (en) * | 2017-09-30 | 2018-02-23 | 北京梆梆安全科技有限公司 | With reference to system information and the Android simulator detection method and device of ardware feature |
| CN107729750A (en) * | 2017-09-30 | 2018-02-23 | 北京梆梆安全科技有限公司 | With reference to configuration information and the Android simulator detection method and device of ardware feature |
| CN108959935A (en) * | 2018-06-25 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of loophole plug-in unit batch execution method and device |
| CN108959935B (en) * | 2018-06-25 | 2021-08-20 | 郑州云海信息技术有限公司 | Method and device for batch execution of bug plug-ins |
| CN109918122A (en) * | 2019-03-06 | 2019-06-21 | Oppo广东移动通信有限公司 | White list maintaining method, device and terminal device |
| CN110990221A (en) * | 2019-11-26 | 2020-04-10 | 武汉大学 | Kernel LKM-based Android platform malicious software automatic detection method and system |
| CN112099840A (en) * | 2020-08-28 | 2020-12-18 | 广州掌淘网络科技有限公司 | Method and device for extracting features in application package |
| CN115277202A (en) * | 2022-07-28 | 2022-11-01 | 四川封面传媒科技有限责任公司 | Automatic data acquisition system and method for android APP |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106357670A (en) | Simulator-based android application server side Web vulnerability detection method | |
| US9021443B1 (en) | Test automation API for host devices | |
| US20160306737A1 (en) | Automated error checking system for a software application and method therefor | |
| US10698797B2 (en) | Mobile application program testing method, server, terminal, and storage medium | |
| US9378122B2 (en) | Adopting an existing automation script to a new framework | |
| US20130047036A1 (en) | Self validating applications | |
| Rais et al. | JTAG-based PLC memory acquisition framework for industrial control systems | |
| CN111382048B (en) | Management method and device for mobile equipment on true machine test platform | |
| CN104331662A (en) | Method and device for detecting Android malicious application | |
| CN109683997B (en) | Method for accessing application program interface through sandbox, sandbox and sandbox equipment | |
| CN110825985B (en) | Data acquisition system, method, device, control equipment and proxy equipment | |
| CN104809057A (en) | Application test system, application test method and storage medium | |
| CN112860645A (en) | Processing method and device for offline compressed file, computer equipment and medium | |
| CN108572892B (en) | PowerPC multi-core processor-based offline test method and device | |
| CN105117340A (en) | URL (Uniform Resource Locator) detection method and device used for quality evaluation of iOS browser application | |
| CN107957939B (en) | Webpage interaction interface testing method and system | |
| CN110727575B (en) | Information processing method, system, device and storage medium | |
| CN104036193A (en) | Local cross-domain vulnerability detection method and device for application program | |
| WO2019237239A1 (en) | Data test method and apparatus, device/terminal/server and computer readable storage medium | |
| US9304891B1 (en) | Load-test generator | |
| CN111597557A (en) | Malicious application detection method, system, device, equipment and storage medium | |
| CN115604256A (en) | Mobile phone APP evidence obtaining method and system based on source data simulation and storage medium | |
| CN112882897A (en) | Abnormal scene processing method and device, electronic equipment and storage medium | |
| CN111061627B (en) | Webpage embedding method and device, electronic equipment and storage medium | |
| CN114385258A (en) | Automatic testing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170125 |
|
| RJ01 | Rejection of invention patent application after publication |