CN106453598B - A kind of scan agent method based on http protocol - Google Patents

A kind of scan agent method based on http protocol Download PDF

Info

Publication number
CN106453598B
CN106453598B CN201610954104.5A CN201610954104A CN106453598B CN 106453598 B CN106453598 B CN 106453598B CN 201610954104 A CN201610954104 A CN 201610954104A CN 106453598 B CN106453598 B CN 106453598B
Authority
CN
China
Prior art keywords
web
page
service
cryptographic hash
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610954104.5A
Other languages
Chinese (zh)
Other versions
CN106453598A (en
Inventor
李秋恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Zhidaochuangyu Information Technology Co Ltd
Original Assignee
Chengdu Zhidaochuangyu Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Zhidaochuangyu Information Technology Co Ltd filed Critical Chengdu Zhidaochuangyu Information Technology Co Ltd
Priority to CN201610954104.5A priority Critical patent/CN106453598B/en
Publication of CN106453598A publication Critical patent/CN106453598A/en
Application granted granted Critical
Publication of CN106453598B publication Critical patent/CN106453598B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The scan agent method based on http protocol that the invention discloses a kind of, comprising the following steps: the Web service for building only one page calculates the cryptographic Hash of this Web page;It needs whether anonymous to act on behalf of for identification to record request IP, X-Forwarded-For using the Web service;The proxy requests that destination address is the Web service are generated to the designated port of one section of IP, if requested successfully, the IP and port are agency service;The cryptographic Hash of Web back page is calculated, compared with the cryptographic Hash of the Web page, if cryptographic Hash is inconsistent, agency service has distorted Web page.Direct invisible scanning IP and port, scanning range are wider when present invention scanning;It is compared by the Hash of the server-side page and proxy requests back page, identifies whether agency service distorts content of pages.

Description

A kind of scan agent method based on http protocol
Technical field
The present invention relates to agency service fields, and in particular to a kind of scan agent method based on http protocol.
Background technique
Agency service can improve surfing by caching technology, can be used for hiding the anonymous visit of real IP realization It asks.There are also people to break through some network access limitations or the anti-crawler limitation of website using agency, or even attacks for DDOS It hits.By the proxy explorer to some well known ports, open agency service can be identified, avoid some malicious requests.
Nmap is a network tool for network discovery and security audit, and dbase Nmap is Network The abbreviation of Mapper.Nmap can detecte host, and whether online, open-ended situation, the service type of detecting operation and version are believed Breath, detecting OS Type and device type information.Nmap is in technology realization: specific data packet is sent to port, HTTP data packet such as is sent to 80 ports, after receiving destination port return packet, packet and the fingerprint rule match of Nmap will be returned to, such as Fruit meets some rule, then can prove the open-ended the corresponding service of rule.
Existing scan agent method is identified similar to the service of Nmap, is needed to write and is largely acted on behalf of recognition rule, then Agency service is identified by way of port detects.The shortcomings that this scan agent method, is it is clear that first is that detected port Returned data packet can be arbitrarily modified, it is identified to hide;Second is that because regular limited amount, is identified by regularity and is acted on behalf of Service data is of low quality, can there is the phenomenon that misrecognition;Third is that can not detect whether agency service is anonymity proxy.
Summary of the invention
The scan agent method based on http protocol that technical problem to be solved by the invention is to provide a kind of, by building Whether special proxy requests destination, identification agency are anonymous;By being compared to the Hash for acting on behalf of back page, identification agency's clothes Whether business device distorts webpage.
In order to solve the above technical problems, the technical solution adopted by the present invention is that:
A kind of scan agent method based on http protocol, comprising the following steps:
Step 1: building the Web service of only one page, calculate the cryptographic Hash of this Web page;
Step 2: the Web service of step 1 needs to record request IP, X-Forwarded-For, act on behalf of for identification whether It is anonymous;
Step 3: to the particular port of this section of IP, the proxy requests that destination address is the Web service are generated, if request Success, then the IP and port are agency service;
Step 4: the cryptographic Hash of proxy requests back page is calculated, compared with the cryptographic Hash for the Web page built, if Hash It is worth inconsistent, then illustrates that agency service has distorted Web page.
Further, the particular port is 80 ports.
Compared with prior art, the beneficial effects of the present invention are: 1, scanning direct invisible scanning IP and port when acting on behalf of, sweep It is wider to retouch range.2, by customized Web service journal format, identify whether proxy server and agency service are anonymous. 3, it is compared by the Hash of the server-side page and proxy requests back page, identifies whether agency service distorts content of pages.
Specific embodiment
The method of the present invention is further described below by specific embodiment.
1, Web service end
A simple Web service is realized by one Nginx of installation, and then configuration log records following data:
1) http_x_forwarded_for will record true proxy requests client if it is Transparent Proxy here Address;
2) remote_addr requests the address of web services, if being the ground of proxy server here by agency Location;
3) request, the specific URL of client request;
Client needs subsidiary client ip and Agent IP and port in URL when requesting Web service, if It 3.3.3.3 is that we scan client ip, 8.8.8.8 is the IP of agency service, and 80 be the port of agency service, that request URL suffix are as follows:/proxy? myip=3.3.3.3&proxy=http:8.8.8.8:80.This URL suffix will record at us In the request variable for the WEB service built.
If the value of http_x_forwarded_for is different with the value of remote_addr in web services log, and The value of http_x_forwarded_for is identical with the myip in request, that show that this agency is Transparent Proxy, vicariously Location and be proxy in request variable.
If in web services log the value of http_x_forwarded_for be sky, and the value of remote_addr and Proxy variable in request variable is identical, then illustrates that the agency service is anonymity proxy, agent address is in request proxy。
2, client is scanned
In scanning client, if the agent address to be scanned is 8.8.8.8, proxy port 80 scans the IP of client For 3.3.3.3, the IP of proxy requests destination is 1.1.1.1.Here with GO language as an example, the code of proxy requests such as Under:
C:=new (http.Client)
Req:=request.NewRequest (c)
Req.Proxy=" http: // 8.8.8.8:80 "
Resp, err:=req.Get (" http: // 1.1.1.1/proxy? myip=3.3.3.3&proxy=http: 8.8.8.8:80”)
Resp_hash:=hash (resp)
It is agent address that wherein req.Proxy was specified, which is agent address, is built using this agent address to us Web service end sends the Get request of a HTTP.Resp_hash returns the result cryptographic Hash for what we calculated, this cryptographic Hash Compared by the page cryptographic Hash calculated with server-side, can identify whether agency distorts web site contents.

Claims (2)

1. a kind of scan agent method based on http protocol, which comprises the following steps:
Step 1: building the Web service of only one page, calculate the cryptographic Hash of this Web page;
Step 2: using step 1 Web service need record request IP, X-Forwarded-For, act on behalf of for identification whether It is anonymous;
Step 3: to the particular port of this section of IP, generate the proxy requests that destination address is the Web service, if request at Function, then the IP and port are agency service;
Step 4: the cryptographic Hash of Web back page is calculated, compared with the cryptographic Hash of the Web page, if cryptographic Hash is inconsistent, Agency service has distorted Web page.
2. a kind of scan agent method based on http protocol as described in claim 1, which is characterized in that the particular port For 80 ports.
CN201610954104.5A 2016-10-27 2016-10-27 A kind of scan agent method based on http protocol Active CN106453598B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610954104.5A CN106453598B (en) 2016-10-27 2016-10-27 A kind of scan agent method based on http protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610954104.5A CN106453598B (en) 2016-10-27 2016-10-27 A kind of scan agent method based on http protocol

Publications (2)

Publication Number Publication Date
CN106453598A CN106453598A (en) 2017-02-22
CN106453598B true CN106453598B (en) 2019-03-22

Family

ID=58179224

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610954104.5A Active CN106453598B (en) 2016-10-27 2016-10-27 A kind of scan agent method based on http protocol

Country Status (1)

Country Link
CN (1) CN106453598B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109788050B (en) * 2018-12-29 2021-08-20 奇安信科技集团股份有限公司 Method, system, electronic device and medium for acquiring IP address of source station
CN110290221B (en) * 2019-07-09 2021-07-30 中星科源(北京)信息技术有限公司 Original address transmission method, system, storage medium and processor
CN113794692B (en) * 2021-08-24 2023-06-27 杭州迪普科技股份有限公司 Attack tracing device, method and system and proxy link table learning device and method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626368A (en) * 2008-07-11 2010-01-13 中联绿盟信息技术(北京)有限公司 Device, method and system for preventing web page from being distorted
CN103118033A (en) * 2013-03-04 2013-05-22 星云融创(北京)信息技术有限公司 Method and device for defending user website from being tampered

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7870608B2 (en) * 2004-05-02 2011-01-11 Markmonitor, Inc. Early detection and monitoring of online fraud

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626368A (en) * 2008-07-11 2010-01-13 中联绿盟信息技术(北京)有限公司 Device, method and system for preventing web page from being distorted
CN103118033A (en) * 2013-03-04 2013-05-22 星云融创(北京)信息技术有限公司 Method and device for defending user website from being tampered

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A proxy server by-passing scheme for the chained HTTP proxy networks;Gijeong Kim,Sungwon Lee;《2014 International Conference on Information and Communication Technology Convergence (ICTC)》;20141024;全文
网页防篡改安全研究;杨敏;《中国高新技术企业》;20100901;全文

Also Published As

Publication number Publication date
CN106453598A (en) 2017-02-22

Similar Documents

Publication Publication Date Title
CN107341160B (en) Crawler intercepting method and device
US10110633B2 (en) Method, a device and computer program products for protecting privacy of users from web-trackers
CN102571547B (en) Method and device for controlling hyper text transport protocol (HTTP) traffic
US8245304B1 (en) Autonomous system-based phishing and pharming detection
AU2015409179B2 (en) Machine-driven crowd-disambiguation of data resources
US8533581B2 (en) Optimizing security seals on web pages
Bin et al. A DNS based anti-phishing approach
US7747780B2 (en) Method, system and apparatus for discovering user agent DNS settings
US20080060054A1 (en) Method and system for dns-based anti-pharming
CN107046544B (en) Method and device for identifying illegal access request to website
CN105635064B (en) CSRF attack detection method and device
TWI439091B (en) Network communication system with protecting phishing attacks and method of protecting phishing attacks using the seme
CN107612926B (en) One-sentence speech WebShell interception method based on client recognition
WO2009111224A1 (en) Identification of and countermeasures against forged websites
CN108632221B (en) Method, equipment and system for positioning controlled host in intranet
CN106453598B (en) A kind of scan agent method based on http protocol
CN107528812B (en) Attack detection method and device
Maksutov et al. Detection and prevention of DNS spoofing attacks
Al-kasassbeh et al. Winning tactics with DNS tunnelling
Pellegrino et al. Cashing Out the Great Cannon? On {Browser-Based}{DDoS} Attacks and Economics
US20190268373A1 (en) System, method, apparatus, and computer program product to detect page impersonation in phishing attacks
WO2017080393A1 (en) Method and apparatus for acquiring ip address
CN109660552A (en) A kind of Web defence method combining address jump and WAF technology
CN104158799A (en) HTTP DDOS defense method based on URL dynamic mapping
Born Browser-based covert data exfiltration

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder

Address after: 9/F, Block C, No. 28 Tianfu Avenue North Section, Chengdu High tech Zone, China (Sichuan) Pilot Free Trade Zone, Chengdu City, Sichuan Province, 610000

Patentee after: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 8th Floor, Building 5, No. 801, Middle Section of Tianfu Avenue, High tech Zone, Chengdu City, Sichuan Province, 610000

Patentee before: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder