CN106453598B - A kind of scan agent method based on http protocol - Google Patents
A kind of scan agent method based on http protocol Download PDFInfo
- Publication number
- CN106453598B CN106453598B CN201610954104.5A CN201610954104A CN106453598B CN 106453598 B CN106453598 B CN 106453598B CN 201610954104 A CN201610954104 A CN 201610954104A CN 106453598 B CN106453598 B CN 106453598B
- Authority
- CN
- China
- Prior art keywords
- web
- page
- service
- cryptographic hash
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The scan agent method based on http protocol that the invention discloses a kind of, comprising the following steps: the Web service for building only one page calculates the cryptographic Hash of this Web page;It needs whether anonymous to act on behalf of for identification to record request IP, X-Forwarded-For using the Web service;The proxy requests that destination address is the Web service are generated to the designated port of one section of IP, if requested successfully, the IP and port are agency service;The cryptographic Hash of Web back page is calculated, compared with the cryptographic Hash of the Web page, if cryptographic Hash is inconsistent, agency service has distorted Web page.Direct invisible scanning IP and port, scanning range are wider when present invention scanning;It is compared by the Hash of the server-side page and proxy requests back page, identifies whether agency service distorts content of pages.
Description
Technical field
The present invention relates to agency service fields, and in particular to a kind of scan agent method based on http protocol.
Background technique
Agency service can improve surfing by caching technology, can be used for hiding the anonymous visit of real IP realization
It asks.There are also people to break through some network access limitations or the anti-crawler limitation of website using agency, or even attacks for DDOS
It hits.By the proxy explorer to some well known ports, open agency service can be identified, avoid some malicious requests.
Nmap is a network tool for network discovery and security audit, and dbase Nmap is Network
The abbreviation of Mapper.Nmap can detecte host, and whether online, open-ended situation, the service type of detecting operation and version are believed
Breath, detecting OS Type and device type information.Nmap is in technology realization: specific data packet is sent to port,
HTTP data packet such as is sent to 80 ports, after receiving destination port return packet, packet and the fingerprint rule match of Nmap will be returned to, such as
Fruit meets some rule, then can prove the open-ended the corresponding service of rule.
Existing scan agent method is identified similar to the service of Nmap, is needed to write and is largely acted on behalf of recognition rule, then
Agency service is identified by way of port detects.The shortcomings that this scan agent method, is it is clear that first is that detected port
Returned data packet can be arbitrarily modified, it is identified to hide;Second is that because regular limited amount, is identified by regularity and is acted on behalf of
Service data is of low quality, can there is the phenomenon that misrecognition;Third is that can not detect whether agency service is anonymity proxy.
Summary of the invention
The scan agent method based on http protocol that technical problem to be solved by the invention is to provide a kind of, by building
Whether special proxy requests destination, identification agency are anonymous;By being compared to the Hash for acting on behalf of back page, identification agency's clothes
Whether business device distorts webpage.
In order to solve the above technical problems, the technical solution adopted by the present invention is that:
A kind of scan agent method based on http protocol, comprising the following steps:
Step 1: building the Web service of only one page, calculate the cryptographic Hash of this Web page;
Step 2: the Web service of step 1 needs to record request IP, X-Forwarded-For, act on behalf of for identification whether
It is anonymous;
Step 3: to the particular port of this section of IP, the proxy requests that destination address is the Web service are generated, if request
Success, then the IP and port are agency service;
Step 4: the cryptographic Hash of proxy requests back page is calculated, compared with the cryptographic Hash for the Web page built, if Hash
It is worth inconsistent, then illustrates that agency service has distorted Web page.
Further, the particular port is 80 ports.
Compared with prior art, the beneficial effects of the present invention are: 1, scanning direct invisible scanning IP and port when acting on behalf of, sweep
It is wider to retouch range.2, by customized Web service journal format, identify whether proxy server and agency service are anonymous.
3, it is compared by the Hash of the server-side page and proxy requests back page, identifies whether agency service distorts content of pages.
Specific embodiment
The method of the present invention is further described below by specific embodiment.
1, Web service end
A simple Web service is realized by one Nginx of installation, and then configuration log records following data:
1) http_x_forwarded_for will record true proxy requests client if it is Transparent Proxy here
Address;
2) remote_addr requests the address of web services, if being the ground of proxy server here by agency
Location;
3) request, the specific URL of client request;
Client needs subsidiary client ip and Agent IP and port in URL when requesting Web service, if
It 3.3.3.3 is that we scan client ip, 8.8.8.8 is the IP of agency service, and 80 be the port of agency service, that request
URL suffix are as follows:/proxy? myip=3.3.3.3&proxy=http:8.8.8.8:80.This URL suffix will record at us
In the request variable for the WEB service built.
If the value of http_x_forwarded_for is different with the value of remote_addr in web services log, and
The value of http_x_forwarded_for is identical with the myip in request, that show that this agency is Transparent Proxy, vicariously
Location and be proxy in request variable.
If in web services log the value of http_x_forwarded_for be sky, and the value of remote_addr and
Proxy variable in request variable is identical, then illustrates that the agency service is anonymity proxy, agent address is in request
proxy。
2, client is scanned
In scanning client, if the agent address to be scanned is 8.8.8.8, proxy port 80 scans the IP of client
For 3.3.3.3, the IP of proxy requests destination is 1.1.1.1.Here with GO language as an example, the code of proxy requests such as
Under:
C:=new (http.Client)
Req:=request.NewRequest (c)
Req.Proxy=" http: // 8.8.8.8:80 "
Resp, err:=req.Get (" http: // 1.1.1.1/proxy? myip=3.3.3.3&proxy=http:
8.8.8.8:80”)
Resp_hash:=hash (resp)
It is agent address that wherein req.Proxy was specified, which is agent address, is built using this agent address to us
Web service end sends the Get request of a HTTP.Resp_hash returns the result cryptographic Hash for what we calculated, this cryptographic Hash
Compared by the page cryptographic Hash calculated with server-side, can identify whether agency distorts web site contents.
Claims (2)
1. a kind of scan agent method based on http protocol, which comprises the following steps:
Step 1: building the Web service of only one page, calculate the cryptographic Hash of this Web page;
Step 2: using step 1 Web service need record request IP, X-Forwarded-For, act on behalf of for identification whether
It is anonymous;
Step 3: to the particular port of this section of IP, generate the proxy requests that destination address is the Web service, if request at
Function, then the IP and port are agency service;
Step 4: the cryptographic Hash of Web back page is calculated, compared with the cryptographic Hash of the Web page, if cryptographic Hash is inconsistent,
Agency service has distorted Web page.
2. a kind of scan agent method based on http protocol as described in claim 1, which is characterized in that the particular port
For 80 ports.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610954104.5A CN106453598B (en) | 2016-10-27 | 2016-10-27 | A kind of scan agent method based on http protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610954104.5A CN106453598B (en) | 2016-10-27 | 2016-10-27 | A kind of scan agent method based on http protocol |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106453598A CN106453598A (en) | 2017-02-22 |
CN106453598B true CN106453598B (en) | 2019-03-22 |
Family
ID=58179224
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610954104.5A Active CN106453598B (en) | 2016-10-27 | 2016-10-27 | A kind of scan agent method based on http protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106453598B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109788050B (en) * | 2018-12-29 | 2021-08-20 | 奇安信科技集团股份有限公司 | Method, system, electronic device and medium for acquiring IP address of source station |
CN110290221B (en) * | 2019-07-09 | 2021-07-30 | 中星科源(北京)信息技术有限公司 | Original address transmission method, system, storage medium and processor |
CN113794692B (en) * | 2021-08-24 | 2023-06-27 | 杭州迪普科技股份有限公司 | Attack tracing device, method and system and proxy link table learning device and method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101626368A (en) * | 2008-07-11 | 2010-01-13 | 中联绿盟信息技术(北京)有限公司 | Device, method and system for preventing web page from being distorted |
CN103118033A (en) * | 2013-03-04 | 2013-05-22 | 星云融创(北京)信息技术有限公司 | Method and device for defending user website from being tampered |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7870608B2 (en) * | 2004-05-02 | 2011-01-11 | Markmonitor, Inc. | Early detection and monitoring of online fraud |
-
2016
- 2016-10-27 CN CN201610954104.5A patent/CN106453598B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101626368A (en) * | 2008-07-11 | 2010-01-13 | 中联绿盟信息技术(北京)有限公司 | Device, method and system for preventing web page from being distorted |
CN103118033A (en) * | 2013-03-04 | 2013-05-22 | 星云融创(北京)信息技术有限公司 | Method and device for defending user website from being tampered |
Non-Patent Citations (2)
Title |
---|
A proxy server by-passing scheme for the chained HTTP proxy networks;Gijeong Kim,Sungwon Lee;《2014 International Conference on Information and Communication Technology Convergence (ICTC)》;20141024;全文 |
网页防篡改安全研究;杨敏;《中国高新技术企业》;20100901;全文 |
Also Published As
Publication number | Publication date |
---|---|
CN106453598A (en) | 2017-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107341160B (en) | Crawler intercepting method and device | |
US10110633B2 (en) | Method, a device and computer program products for protecting privacy of users from web-trackers | |
CN102571547B (en) | Method and device for controlling hyper text transport protocol (HTTP) traffic | |
US8245304B1 (en) | Autonomous system-based phishing and pharming detection | |
AU2015409179B2 (en) | Machine-driven crowd-disambiguation of data resources | |
US8533581B2 (en) | Optimizing security seals on web pages | |
Bin et al. | A DNS based anti-phishing approach | |
US7747780B2 (en) | Method, system and apparatus for discovering user agent DNS settings | |
US20080060054A1 (en) | Method and system for dns-based anti-pharming | |
CN107046544B (en) | Method and device for identifying illegal access request to website | |
CN105635064B (en) | CSRF attack detection method and device | |
TWI439091B (en) | Network communication system with protecting phishing attacks and method of protecting phishing attacks using the seme | |
CN107612926B (en) | One-sentence speech WebShell interception method based on client recognition | |
WO2009111224A1 (en) | Identification of and countermeasures against forged websites | |
CN108632221B (en) | Method, equipment and system for positioning controlled host in intranet | |
CN106453598B (en) | A kind of scan agent method based on http protocol | |
CN107528812B (en) | Attack detection method and device | |
Maksutov et al. | Detection and prevention of DNS spoofing attacks | |
Al-kasassbeh et al. | Winning tactics with DNS tunnelling | |
Pellegrino et al. | Cashing Out the Great Cannon? On {Browser-Based}{DDoS} Attacks and Economics | |
US20190268373A1 (en) | System, method, apparatus, and computer program product to detect page impersonation in phishing attacks | |
WO2017080393A1 (en) | Method and apparatus for acquiring ip address | |
CN109660552A (en) | A kind of Web defence method combining address jump and WAF technology | |
CN104158799A (en) | HTTP DDOS defense method based on URL dynamic mapping | |
Born | Browser-based covert data exfiltration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder |
Address after: 9/F, Block C, No. 28 Tianfu Avenue North Section, Chengdu High tech Zone, China (Sichuan) Pilot Free Trade Zone, Chengdu City, Sichuan Province, 610000 Patentee after: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. Address before: 8th Floor, Building 5, No. 801, Middle Section of Tianfu Avenue, High tech Zone, Chengdu City, Sichuan Province, 610000 Patentee before: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd. |
|
CP02 | Change in the address of a patent holder |