CN106998335B - Vulnerability detection method, gateway equipment, browser and system - Google Patents
Vulnerability detection method, gateway equipment, browser and system Download PDFInfo
- Publication number
- CN106998335B CN106998335B CN201710442960.7A CN201710442960A CN106998335B CN 106998335 B CN106998335 B CN 106998335B CN 201710442960 A CN201710442960 A CN 201710442960A CN 106998335 B CN106998335 B CN 106998335B
- Authority
- CN
- China
- Prior art keywords
- browser
- vulnerability
- detection
- information
- http request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The embodiment of the invention discloses a vulnerability detection method and gateway equipment. The browser and the system, the computer device and the readable storage medium are used for realizing vulnerability detection of the browser on one side of the intranet so as to reduce security risks. The method provided by the embodiment of the invention comprises the following steps: acquiring HTTP request information issued by a browser; feeding back HTTP response information to the browser according to the HTTP request information, so that the browser performs vulnerability detection by using a detection script in the HTTP response information, and returning a detection result to the gateway equipment; receiving a detection result returned by the browser; judging whether the browser has a bug or not according to the detection result; and if so, intercepting the HTTP request information.
Description
Technical Field
The present invention relates to communications technologies, and in particular, to a vulnerability detection method, a gateway device, a browser, a system, a computer device, and a readable storage medium.
Background
Currently, the target of hacking includes not only a server but also a client. For client-side attacks, vulnerability exploitation of browsers is an important intrusion means, and although manufacturers continuously strive to introduce new, better-performing and more secure Web browsers, such as the Chrome of Google, the attacks and vulnerabilities of Web browsers are still not perfect.
In practical applications, the security of Chrome or IE browsers without Flash plug-ins installed may be better than that of a browser with high security, which means that the existing browser mainly has higher vulnerability than plug-ins issued to browsers, and the existing browsers integrate complex plug-ins such as ActiveX plug-ins, Flash Player plug-ins, Java virtual machine plug-ins, Adobe Reader plug-ins, and the like, and although these plug-ins can enhance the functions of browsers, such as image processing, user-friendly interfaces, various animations, and the like, these plug-ins may contain additional defects and vulnerabilities, and instead, the security risk of clients may be increased.
In the existing scheme, vulnerability detection aiming at a browser can only be performed locally through security software of a client, and remote batch detection cannot be performed, which depends on the security consciousness of a user of each client, the user with high security consciousness can regularly repair and update the browser or a browser plug-in of the client, and the functions and configuration security settings of the browser can be limited, such as automatic operation of a Java applet, JavaScript, VBScript and ActiveX is prohibited, so that the security of the client is improved. However, not all users of the client have high security awareness, and the network administrator can only perform detection one by one to ensure the security of the browser of the internal user, which is inefficient.
Disclosure of Invention
The embodiment of the invention provides a vulnerability detection method, gateway equipment, a browser, a system, a computer device and a readable storage medium, which are used for realizing vulnerability detection on the browser on one side of a gateway intranet so as to reduce the security risk of the browser and a terminal where the browser is located by improving the security performance of the browser, and meanwhile, an intranet network administrator does not need to detect the browser one by one, thereby being beneficial to improving the working efficiency of an internal network administrator.
In view of this, the present invention provides a vulnerability detection method applied to a gateway device, which may include:
acquiring HTTP request information issued by a browser;
feeding back HTTP response information to the browser according to the HTTP request information, so that the browser performs vulnerability detection by using a detection script in the HTTP response information, and returning a detection result to the gateway equipment;
receiving a detection result returned by the browser;
judging whether the browser has a bug or not according to the detection result;
and if so, intercepting the HTTP request information.
Further, before feeding back HTTP response information to the browser according to the HTTP request information, the method further includes:
according to the HTTP request information, detecting whether the browser passes safety authentication within a preset time length before the current time by using authentication equipment;
if not, triggering the step of feeding back HTTP response information to the browser according to the HTTP request information.
Further, the method further comprises:
and if the browser is judged to have no leak or pass the security authentication according to the detection result, recording the authentication passing state of the browser.
Further, before feeding back HTTP response information to the browser according to the HTTP request information, the method further includes:
detecting whether the terminal where the browser is located passes identity authentication or not by using authentication equipment according to the HTTP request information;
if yes, triggering a step of feeding back HTTP response information to the browser according to the HTTP request information;
if not, triggering the step of intercepting the HTTP request information.
Further, the gateway device includes an authentication device.
Further, the method further comprises:
and if the browser is judged to have the bug according to the detection result, sending bug information to the browser so that the browser prompts a user according to the bug information.
The second aspect of the present invention provides a vulnerability detection method, which is applied to a browser, and may include:
issuing HTTP request information to enable the gateway equipment to feed back HTTP response information to the browser according to the HTTP request information;
receiving HTTP response information fed back by the gateway equipment;
detecting the vulnerability by using a detection script in the HTTP response information to obtain a detection result;
and returning the detection result to the gateway equipment.
Further, after the detection result is returned to the gateway device, the method further includes:
receiving vulnerability information sent by gateway equipment;
and prompting the user according to the vulnerability information.
Further, after the vulnerability detection is performed by using the detection script in the HTTP response information and the detection result is obtained, the method further includes:
and if the browser is judged to have the vulnerability according to the detection result, prompting vulnerability information to the user.
A third aspect of the present invention provides a gateway device, which may include:
the acquisition unit is used for acquiring HTTP request information issued by the browser;
the feedback unit is used for feeding back HTTP response information to the browser according to the HTTP request information, so that the browser performs vulnerability detection by using the detection script in the HTTP response information and returns a detection result to the gateway equipment;
the receiving unit is used for receiving a detection result returned by the browser;
the judging unit is used for judging whether the browser has a bug or not according to the detection result;
and the interception unit is used for intercepting the HTTP request information when judging that the browser has a bug according to the detection result.
Further, the gateway device further includes:
the first detection unit is used for detecting whether the browser passes the safety certification within a preset time before the current time by using the certification equipment according to the HTTP request information;
and the first triggering unit is used for triggering the feedback unit to feed back HTTP response information to the browser according to the HTTP request information when the browser passes the security authentication.
Further, the gateway device further includes:
and the recording unit is used for recording the authentication passing state of the browser when judging that the browser has no leak or passes the security authentication according to the detection result.
Further, the gateway device further includes:
the second detection unit is used for detecting whether the terminal where the browser is located passes the identity authentication or not by using the authentication equipment according to the HTTP request information;
the second triggering unit is used for triggering the feedback unit to feed back HTTP response information to the browser according to the HTTP request information when the terminal passes the identity authentication;
and the third triggering unit is used for triggering the interception unit to intercept the HTTP request information when the terminal fails the identity authentication.
Further, the gateway device includes an authentication device.
Further, the gateway device further includes:
and the sending unit is used for sending the vulnerability information to the browser when judging that the vulnerability exists in the browser according to the detection result so that the browser can prompt the user according to the vulnerability information.
A fourth aspect of the present invention provides a browser, which may include:
the issuing unit is used for issuing HTTP request information so that the gateway equipment feeds back HTTP response information to the browser according to the HTTP request information;
the first receiving unit is used for receiving HTTP response information fed back by the gateway equipment;
the detection unit is used for detecting the vulnerability by using the detection script in the HTTP response information to obtain a detection result;
and the return unit is used for returning the detection result to the gateway equipment.
Further, the browser further comprises:
the second receiving unit is used for receiving the vulnerability information sent by the gateway equipment;
and the first prompting unit is used for prompting the user according to the vulnerability information.
Further, the browser further comprises:
and the second prompting unit is used for prompting the vulnerability information of the user when judging that the vulnerability exists in the browser according to the detection result.
A fifth aspect of the present invention provides a vulnerability detection system, which may include the gateway device provided in the third aspect of the present invention and the browser provided in the fourth aspect of the present invention.
A sixth aspect of the present invention provides a computer apparatus comprising a processor configured to implement the following steps when executing a computer program stored in a memory:
acquiring HTTP request information issued by a browser;
feeding back HTTP response information to the browser according to the HTTP request information, so that the browser performs vulnerability detection by using a detection script in the HTTP response information, and returning a detection result to the gateway equipment;
receiving a detection result returned by the browser;
judging whether the browser has a bug or not according to the detection result;
and if so, intercepting the HTTP request information.
A seventh aspect of the invention provides a computer apparatus comprising a processor configured to implement the following steps when executing a computer program stored in a memory:
issuing HTTP request information to enable the gateway equipment to feed back HTTP response information to the browser according to the HTTP request information;
receiving HTTP response information fed back by the gateway equipment;
detecting the vulnerability by using a detection script in the HTTP response information to obtain a detection result;
and returning the detection result to the gateway equipment.
An eighth aspect of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, causes the processor to perform the steps of:
acquiring HTTP request information issued by a browser;
feeding back HTTP response information to the browser according to the HTTP request information, so that the browser performs vulnerability detection by using a detection script in the HTTP response information, and returning a detection result to the gateway equipment;
receiving a detection result returned by the browser;
judging whether the browser has a bug or not according to the detection result;
and if so, intercepting the HTTP request information.
A ninth aspect of the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, causes the processor to perform the steps of:
issuing HTTP request information to enable the gateway equipment to feed back HTTP response information to the browser according to the HTTP request information;
receiving HTTP response information fed back by the gateway equipment;
detecting the vulnerability by using a detection script in the HTTP response information to obtain a detection result;
and returning the detection result to the gateway equipment.
According to the technical scheme, the embodiment of the invention has the following advantages:
the invention provides a vulnerability detection method, wherein a gateway device can feed back HTTP response information to a browser by acquiring HTTP request information issued by the browser, the HTTP response information carries a detection script, so that the browser can detect the vulnerability of the browser according to the detection script and can return the detection result to the gateway device, when the gateway device judges that the browser has the vulnerability according to the detection result, the HTTP request information can be intercepted, and the HTTP request information can not reach a server, namely, the access of the browser to an internet page is prevented. Therefore, by detecting the vulnerability of the browser, the security risk of the browser and the terminal where the browser is located can be reduced by improving the security performance of the browser, and meanwhile, because the intranet network administrator does not need to detect the browser one by one, the work efficiency of the internal network administrator is improved.
Drawings
FIG. 1 is a schematic diagram of an embodiment of a vulnerability detection method in an embodiment of the present invention;
FIG. 2 is a schematic diagram of another exemplary embodiment of a vulnerability detection method in the embodiment of the present invention;
FIG. 3 is a diagram of another exemplary embodiment of a vulnerability detection method in the embodiment of the present invention;
FIG. 4 is a schematic diagram of another exemplary embodiment of a vulnerability detection method in the embodiment of the present invention;
fig. 5 is a schematic diagram of an embodiment of a gateway device in an embodiment of the present invention;
fig. 6 is a schematic diagram of another embodiment of a gateway device in the embodiment of the present invention;
fig. 7 is a schematic diagram of another embodiment of a gateway device in the embodiment of the present invention;
FIG. 8 is a diagram of an embodiment of a browser in accordance with an embodiment of the present invention;
FIG. 9 is a diagram of another embodiment of a browser in accordance with the present invention;
fig. 10 is a schematic diagram of another embodiment of a browser according to the embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a vulnerability detection method, gateway equipment, a browser, a system, a computer device and a readable storage medium, which are used for realizing vulnerability detection on the browser on one side of a gateway intranet so as to reduce the security risk of the browser and a terminal where the browser is located by improving the security performance of the browser, and meanwhile, an intranet network administrator does not need to detect the browser one by one, thereby being beneficial to improving the working efficiency of an internal network administrator.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Generally, browser scripts are written in a format using a particular descriptive language. Since the browser script can not only reduce the scale of the web page and improve the speed of web page browsing, but also enrich the representation of the web page, such as animation, sound, etc., various browser scripts are widely used in the design of web pages at present. The browser script is generally written by JavaScript, does not need to be compiled by compiling software, and can be directly interpreted and executed by an interpreter.
However, due to limitations of the programmer's ability, experience, and security techniques at the time, if the program design is not well considered, an unpredictable error, i.e., a browser bug, will be caused when the program encounters a problem that seems reasonable but cannot be handled in practice. The error is analyzed by a hacker, a malicious webpage can be generated by using a browser script, and once a user accesses the malicious webpage, a system of the user of the browser is attacked.
In order to solve the above problems, in this document, through the mutual cooperation between the gateway device and the browser, the vulnerability of the browser can be detected, so that when the vulnerability exists in the browser, the browser can be prevented from accessing the internet webpage, and the security risk of the browser and the terminal where the browser is located is reduced. The gateway device may also be an inter-network connector, a protocol converter, and a computer system or device providing data conversion service among multiple networks, that is, a device through which data is "negotiated" when going from one network to another network.
For convenience of understanding, the following interactively describes a specific process in the embodiment of the present invention, referring to fig. 1, an embodiment of a vulnerability detection method in the embodiment of the present invention includes:
101. the browser issues HTTP request information;
generally, a browser serving as a client may be installed on a terminal, and when the browser accesses an internet webpage, HTTP request information for any webpage passes through a gateway device, and then the HTTP request information is forwarded to a server by the gateway device, so that the browser can jump to the internet webpage corresponding to the HTTP request information from a current page.
In this embodiment, when a user needs to access an internet webpage through a browser, the browser may issue HTTP request information.
Specifically, the HTTP request information may be HTTP request information for accessing a web page, and the HTTP request information may include an access path, where the access path may include, but is not limited to, a web address of the web page, such as "HTTP:// www.xxx.com/".
Further, the HTTP request information may further include an IP address of the terminal where the browser is located, that is, an identity code of the terminal where the browser is located, so that the terminal where the browser is located may be effectively distinguished according to the IP address in the HTTP request information under the condition that the gateway device manages a plurality of terminals, and security authentication of the browser in the corresponding terminal is implemented. Meanwhile, a plurality of browsers such as a 360-degree browser and a dog searching browser can be installed on one terminal, if all browsers on the same terminal send out HTTP request information in different time periods, the same IP addresses are carried in the HTTP request information, and therefore the gateway equipment can determine the plurality of browsers belonging to the same terminal, and further can comprehensively evaluate the security risks of the terminals where the plurality of browsers are located through the leak conditions of the plurality of browsers, and the security protection of the plurality of browsers and the terminals where the plurality of browsers are located is enhanced.
It should be understood that, in this embodiment, in addition to the contents described above, in practical applications, the contents in the HTTP request information may also include other types of information, such as a type information of the browser that issued the HTTP request information, where the type information may indicate whether the browser that issued the HTTP request information is a 360 browser, a dog search browser, or another type of browser, and is not limited herein.
102. The gateway equipment feeds back HTTP response information to the browser according to the HTTP request information;
in this embodiment, in order to enhance the security performance of the browser and reduce the security risk of the browser and the terminal where the browser is located due to a browser bug, when a user needs to access an internet webpage through the browser, the browser may issue HTTP request information, but when the HTTP request information passes through the gateway device, the gateway device may acquire the HTTP request information and temporarily not forward the HTTP request information, so as to acquire in advance a detection result of whether the browser has a bug according to the HTTP request information.
Further, after acquiring HTTP request information sent by the browser, the gateway device may feed back HTTP response information to the browser according to the HTTP request information, so that the browser may perform vulnerability detection according to a detection script in the HTTP response information, and may return a detection result to the gateway device.
Specifically, the gateway device may store a detection script, and the detection script is obtained by analyzing a corresponding vulnerability of the browser and then processing the vulnerability by a worker, and may be continuously adjusted and updated to detect vulnerabilities of different types of browsers, and may prevent a user from installing outdated, unnecessary, and even problematic patches on the browser for the detected vulnerabilities of the browser. After acquiring the HTTP request information issued by the browser, the gateway device may acquire a detection script for the browser, encapsulate the detection script in HTTP response information for the HTTP request information, and then feed back the HTTP response information to the browser.
It can be understood that the detection script in this embodiment may be a common detection script, that is, in the case of HTTP request information sent by different browsers, the same detection script may be packaged in corresponding HTTP response information to have greater adaptability, and since the detection script has common singleness, a certain difficulty is brought to forgery of the detection script. In practical application, however, for specific requirements of different browsers, a detection script matched with the type of the corresponding browser may be encapsulated in the corresponding HTTP response information to implement targeted detection on the corresponding browser, and at the same time, it is also beneficial to reduce the difficulty in tampering the detection script, that is, it is necessary to tamper the detection scripts corresponding to multiple types of browsers. For the above two cases, the setting can be performed according to actual needs, and the specific details are not limited herein.
It should be noted that, in this embodiment, one or more detection scripts may be carried in the HTTP response message, that is, one detection script may be used to detect multiple browser vulnerabilities, or one detection script may be used to detect one browser vulnerability so as to perform corresponding detection on different browser vulnerabilities.
103. The browser performs vulnerability detection by using a detection script in the HTTP response information to obtain a detection result;
in this embodiment, the browser may receive HTTP response information fed back by the gateway device, and may perform vulnerability detection by using a detection script in the HTTP response information to obtain a detection result.
Specifically, after the browser receives the HTTP response message fed back by the gateway device, the browser may extract the detection script in the HTTP response message by analyzing the HTTP response message, at this time, the browser may load the detection script, may inject a detection script for detecting a leak of the browser from the current page, and may perform leak detection on the browser by executing the detection script, so as to obtain a detection result of whether the browser itself has a leak.
104. The browser returns a detection result to the gateway equipment;
in this embodiment, the browser performs vulnerability detection by using the detection script in the HTTP response information, and after obtaining the detection result, may return the detection result to the gateway device.
105. The gateway equipment judges whether the browser has a bug according to the detection result, if so, the step 106 is executed, and if not, the step 107 is executed;
in this embodiment, after the browser returns the detection result to the gateway device, the gateway device may receive the detection result, and may determine whether the browser has a bug according to the detection result.
Specifically, after the browser performs vulnerability detection on the browser by using the detection script, one of the detection results of the vulnerability of the browser and the vulnerability of the browser can be obtained, the browser can send the corresponding detection result to the gateway device, and the gateway device can judge whether the vulnerability of the browser exists or not by analyzing the detection result and can execute corresponding operation according to the judgment result.
It can be understood that, in this embodiment, the gateway device determines whether the browser has a bug according to the detection result, that is, performs security authentication on the browser, if it is determined that the browser has a bug, it is determined that the browser fails the security authentication by default, and if it is determined that the browser does not have a bug, it is determined that the browser passes the security authentication by default.
106. The gateway equipment intercepts HTTP request information;
in this embodiment, if the gateway device determines that the browser has a bug according to the detection result, the gateway device may intercept HTTP request information sent by the browser.
Specifically, if the gateway device determines that the browser has a leak, it means that a malicious attack may be applied to the browser or a terminal where the browser is located when a user accesses an internet webpage using the browser, and in order to avoid such a situation, the gateway device may intercept the HTTP request information, that is, the HTTP request information is not forwarded to the server, so that the browser cannot be redirected to the internet page corresponding to the HTTP request information, that is, the browser cannot normally use internet resources, thereby achieving the purpose of protecting the browser and the terminal where the browser is located.
107. The gateway device forwards the HTTP request message to the server.
In this embodiment, if the gateway device determines that the browser does not have a bug according to the detection result, the gateway device may forward the HTTP request information to the server.
Specifically, if the gateway device determines that the browser has a bug, which means that the user has a high possibility of security access when accessing the internet web page using the browser, the gateway device may forward HTTP request information issued by the browser to the server, so that the server may provide the internet web page corresponding to the HTTP request information after receiving the HTTP request information, and the browser may redirect the internet web page corresponding to the HTTP request information, such as a web page with a website address of "HTTP:// www.xxx.com/", to implement the access of the user to the internet web page through the browser.
In this embodiment, the gateway device may feed back HTTP response information to the browser by obtaining the HTTP request information issued by the browser, where the HTTP response information carries a detection script, so that the browser may perform vulnerability detection on itself according to the detection script, and may return a detection result to the gateway device, so that when the gateway device determines that the browser has a vulnerability according to the detection result, the HTTP request information may be intercepted, and the HTTP request information may not reach the server, that is, access to an internet page by the browser is prevented. Therefore, by detecting the vulnerability of the browser, the security risk of the browser and the terminal where the browser is located can be reduced by improving the security performance of the browser, and meanwhile, because the intranet network administrator does not need to detect the browser one by one, the work efficiency of the internal network administrator is improved.
It can be understood that, in this embodiment, in order to prevent frequent detection of a browser vulnerability when multiple HTTP requests are issued by a browser, repeated security authentication may not be performed within an effective time when the browser passes one security authentication, and this case is specifically described below:
referring to fig. 2, another embodiment of the vulnerability detection method in the embodiment of the present invention includes:
step 201 in this embodiment is the same as step 101 in the embodiment shown in fig. 1, and is not described here again.
202. The gateway device detects whether the browser passes the safety authentication within a preset time before the current time by using the authentication device according to the HTTP request information, if not, the step 203 is executed, and if not, the step 208 is executed;
in this embodiment, after acquiring the HTTP request information issued by the browser, the gateway device may detect, according to the HTTP request information, whether the browser passes the security authentication within a preset time period before the current time by using the authentication device.
Specifically, after acquiring HTTP request information issued by a browser, a gateway device may send the HTTP request information to an authentication device, where the authentication device may determine a terminal where the browser is located, that is, an IP address and type information of the browser, from the HTTP request information, and may specifically determine a certain browser of a certain terminal, such as a B browser of an a terminal, according to the IP address and the type information of the browser, after determining the specific browser, the authentication device may search a historical authentication record of a B browser of the a terminal from the gateway device, and may detect whether the B browser of the a terminal passes security authentication within a preset time period before the current time by using time information and authentication result information in the searched historical authentication record. It can be understood that, in this embodiment, the historical authentication record may also be stored in the authentication device, that is, the gateway device forwards the historical authentication record to the authentication device and stores the historical authentication record, which is not limited herein.
In practical application, the authentication device may preset a preset time period, such as to stipulate that security authentication may not need to be performed again within 24 hours after one security authentication is passed, for example, if it is determined in the historical authentication record that the browser has issued the first HTTP request message at point 9 and has not been intercepted, but to the server, it can be determined that the browser passes the secure authentication when it issues the first HTTP request message at point 9, and can confirm that the browser does not need security authentication by default within 24 hours after 9 o' clock, when the browser issues a second HTTP request message at 14, the authentication device may detect whether the browser passes the security authentication within a preset time period before the current time, as can be seen from the above, the browser passes the security authentication within 24 hours between 14 points.
It should be noted that, in this embodiment, the authentication device and the gateway device may be separate devices, that is, two products are independent from each other, but may be in communication connection to implement interaction of related information, and in addition, in an actual application, the authentication device and the gateway device may also be the same device, that is, the gateway device may include the authentication device, and the authentication device is a functional module of the gateway device, which is not limited herein.
Steps 203 to 205 in this embodiment are the same as steps 102 to 104 in the embodiment shown in fig. 1, and are not repeated here.
206. The gateway device judges whether the browser has a bug according to the detection result, if so, the step 207 is executed, and if not, the step 208 is executed;
steps 206 to 208 in this embodiment are the same as steps 105 to 107 in the embodiment shown in fig. 1, and are not repeated here.
In step 208 of this embodiment, if the relevant device detects that the browser passes the security authentication within the preset time before the current time by using the authentication device according to the HTTP request information, it may be assumed that there is no vulnerability in the browser, and the gateway device may also forward the HTTP request information to the server, so as to implement the use of the internet resource by the browser.
209. And recording the authentication passing state of the browser.
In this embodiment, if the gateway device determines that the browser passes the security authentication within the preset time before the current time by using the authentication device, or determines that the browser does not have a bug according to the detection result, the gateway device may record the authentication passing state of the browser.
Specifically, the authentication passing state in this embodiment indicates that the browser is relatively safe at this time, there is no vulnerability or the browser has passed the security authentication within a preset time period before the current time, and the gateway device may also record the current time when recording the authentication passing state of the browser. If the authentication passing state of the browser is recorded under the condition that the browser does not have a vulnerability, the gateway device can also record the effective duration of the authentication passing state at the same time, namely within the preset duration after the browser is judged to have no vulnerability currently, when the browser sends out HTTP request information again, the gateway device defaults to the condition that the browser does not have a vulnerability, and HTTP response information carrying a detection script does not need to be fed back to the browser; if the authentication passing state of the browser is recorded under the condition that the browser passes the security authentication within the preset time before the current time, the gateway device can record the current time, wherein on one hand, if the current time is 18 points, within 12 hours before the 18 points, for example, 10 points, the browser passes the security authentication, that is, the gateway device judges that the browser does not have a leak, the situation means that the current time is between 10 points and 22 points, when the browser sends out the HTTP request information again, the gateway device does not need to feed back the HTTP response information carrying the detection script to the browser, on the other hand, because the 18-point browser sends out the HTTP request information again, the situation means that the time length for detecting the leak of the browser does not need to be extended, that is, between 10 points and 6 points of the next day, the gateway device defaults to the browser without a leak.
It should be noted that, in this embodiment, the description content of the authentication passing status is only an example, and in practical application, other content may also be included, for example, a case of recording an authentication failure of a browser, and the specific content is not limited herein.
It is understood that step 209 in this embodiment may be executed before step 208, or may be executed simultaneously with step 208, as long as it is determined that the browser passes the security authentication within a preset time period before the current time, or it is determined that there is no vulnerability in the browser according to the detection result, which is not limited herein.
Further, based on the description of the embodiment shown in fig. 1, in practical applications, such as a company network, in order to protect an intranet environment of the company from being invaded by hackers, a company administrator may set at the gateway device, and limit the internet surfing behavior of a part of employees through identity authentication, that is, when a user is not authenticated to surf the internet, the gateway device may force the user to log in to a specific site, and the user may freely access services therein, but when the user needs to use other information in the internet, the user must authenticate at a portal site, and only after the authentication is passed, the internet resources may be used. Based on this situation, identity authentication may be added in this embodiment to enhance the security of the intranet environment in a form of double verification, which is specifically described below:
referring to fig. 3, another embodiment of the vulnerability detection method in the embodiment of the present invention includes:
step 301 in this embodiment is the same as step 101 in the embodiment shown in fig. 1, and is not described here again.
302. The gateway device detects whether the terminal where the browser is located passes identity authentication or not by using the authentication device according to the HTTP request information, if so, the step 303 is executed, and if not, the step 307 is executed;
in this embodiment, after acquiring the HTTP request information issued by the browser, the gateway device may detect, according to the HTTP request information, whether the terminal where the browser is located passes the identity authentication by using the authentication device.
Specifically, after acquiring HTTP request information issued by the browser, the gateway device may send the HTTP request information to the authentication device, and the authentication device may determine, from the HTTP request information, a terminal where the browser is located, that is, an IP address, and the authentication device may check, according to the IP address, whether the terminal where the browser is located passes through identity authentication, that is, whether the terminal where the browser is located has a right to use internet resources. In practical application, when a user accesses an internet webpage with permission limitation through a browser, the browser redirects to an identity authentication page, that is, the user needs to input a user name and a login password of a terminal where the browser is located, so that when the user name and the login password are correct, the terminal where the browser is located can be determined to pass identity authentication, and the user can use internet resources through the browser. Therefore, under the condition that the terminal where the browser is located passes the identity authentication, the invasion of the intranet environment caused by the vulnerability of the browser can be possibly utilized by accessing the internet resources, otherwise, the browser cannot use the internet resources, and the invasion means of utilizing the vulnerability of the browser is prevented on one side of the browser. Therefore, the gateway device can perform identity authentication on the terminal where the browser is located by using the authentication device to determine whether to subsequently return HTTP response information carrying the detection script to the browser or not, so as to perform vulnerability detection on the browser, thereby achieving the possibility of preventing vulnerability utilization of the browser.
It should be noted that, in this embodiment, the authentication device and the gateway device may be separate devices, that is, two products are independent from each other, but may be in communication connection to implement interaction of related information, and in addition, in an actual application, the authentication device and the gateway device may also be the same device, that is, the gateway device may include the authentication device, and the authentication device is a functional module of the gateway device, which is not limited herein.
Steps 303 to 305 in this embodiment are the same as steps 102 to 104 in the embodiment shown in fig. 1, and are not repeated here.
306. The gateway device judges whether the browser has a bug according to the detection result, if so, the step 307 is executed, and if not, the step 308 is executed;
steps 306 to 308 in this embodiment are the same as steps 105 to 107 in the embodiment shown in fig. 1, and are not repeated here.
In step 307 of this embodiment, if the gateway device detects, according to the HTTP request information, that the terminal where the browser is located does not pass the identity authentication by using the authentication device, which means that the user cannot access the internet through the browser, the gateway device may also intercept the HTTP request information (fig. 3 shows the user for clarity, and the intention is not marked), so that the browser cannot be redirected to an internet page corresponding to the HTTP request information, and the purpose of preventing the user from communicating to the outside through the browser is achieved.
It should be noted that, based on the descriptions of the embodiment shown in fig. 2 and the embodiment shown in fig. 3, in practical applications, the embodiment shown in fig. 2 and the embodiment shown in fig. 3 may also be used in combination, for example, after the identity authentication is performed on the terminal where the browser is located, whether the browser passes the security authentication within a preset time period before the current time is detected, and then related operations of whether vulnerability detection is performed are performed, and the same contents may be referred to each other, and are not described herein again.
It can be understood that, in order to assist a user in repairing a browser vulnerability to improve the security of the browser, a prompt of vulnerability information of the browser may be performed on a user of a terminal where the browser is located, which is exemplified based on the embodiment shown in fig. 2, and the following specific description is provided:
referring to fig. 4, another embodiment of the vulnerability detection method in the embodiment of the present invention includes:
step 401 in this embodiment is the same as step 201 in the embodiment shown in fig. 2, and is not described here again.
402. The gateway device detects whether the browser passes the safety authentication within a preset time length before the current time by using the authentication device according to the HTTP request information, if not, the step 403 is executed, and if so, the step 410 is executed;
steps 402 to 405 in this embodiment are the same as steps 202 to 205 in the embodiment shown in fig. 2, and are not described again here.
406. The gateway device judges whether the browser has a bug according to the detection result, if so, step 407 is executed, and if not, step 410 is executed;
steps 406 to 407 in this embodiment are the same as steps 206 to 207 in the embodiment shown in fig. 2, and are not described again here.
408. The gateway equipment sends the vulnerability information to the browser;
in this embodiment, if the gateway device determines that the browser has a bug according to the detection result, the bug information may be sent to the browser.
Specifically, because there may be no plug-in for prompting the vulnerability information of the user in the detection script, the browser cannot directly perform corresponding prompt on the user when judging that the vulnerability exists in the browser, and then the gateway device may send the vulnerability information to the browser, where the vulnerability information may include which vulnerabilities exist in the browser, the severity level of the corresponding vulnerabilities, and a repair scheme of the corresponding vulnerabilities, so as to provide more effective information to the user of the terminal where the browser is located, and thus the vulnerability of the browser can be repaired in time.
It should be noted that, in addition to the contents described above, in an actual application, the vulnerability information in this embodiment may also include other information, such as a specific location of the vulnerability, and the details are not limited herein.
It is understood that step 408 in this embodiment may be executed before step 407, or may be executed simultaneously with step 407, as long as it is executed after it is determined that the browser has a vulnerability, and the specific implementation is not limited herein.
409. The browser prompts the user according to the vulnerability information;
in this embodiment, the information about the vulnerability of the gateway device is sent to the browser, and the browser can receive the vulnerability information and prompt the user according to the vulnerability information.
Specifically, after receiving the vulnerability information, the browser can be redirected to a prompt page, and corresponding vulnerability information can be displayed on the prompt page so as to prompt a user to repair the vulnerability of the browser in time according to a suggested repair scheme, so that the use safety of the browser is improved.
Further, in this embodiment, if the user selects to repair the browser bug, the terminal where the browser is located may be directly switched to a specific repair page from the prompt page of the browser, so as to facilitate the completion of the repair work of the user on the browser.
Steps 410 to 411 in this embodiment are the same as steps 208 to 209 in the embodiment shown in fig. 2, and are not described again here.
It can be understood that based on the description of the embodiment shown in fig. 4, in practical application, if there may be a plug-in used for prompting the user about the vulnerability information in the detection script, the browser may directly prompt the user about the vulnerability information when determining that there is a vulnerability in the browser itself, after judging that the browser has the bug, the browser can be directly redirected to a prompt page on which corresponding bug information can be displayed, to prompt the user to repair the browser vulnerability in time according to the suggested repair scheme, compared with the embodiment shown in fig. 4, the gateway device only needs to intercept or forward the HTTP request information according to the detection result after receiving the detection result, the method and the system prevent the browser from using the internet resources or allow the browser to use the internet, are favorable for reducing the workload of the gateway equipment and improve the working efficiency.
In the above description of the vulnerability detection method in the embodiment of the present invention, the gateway device and the browser in the embodiment of the present invention are described below respectively, please refer to fig. 5, where an embodiment of the gateway device in the embodiment of the present invention includes:
an obtaining unit 501, configured to obtain HTTP request information issued by a browser;
the feedback unit 502 is configured to feed back HTTP response information to the browser according to the HTTP request information, so that the browser performs vulnerability detection by using a detection script in the HTTP response information, and returns a detection result to the gateway device;
a receiving unit 503, configured to receive a detection result returned by the browser;
a judging unit 504, configured to judge whether a vulnerability exists in the browser according to the detection result;
and the intercepting unit 505 is configured to intercept HTTP request information when it is determined that the browser has a bug according to the detection result.
Referring to fig. 6, another embodiment of the gateway device in the embodiment of the present invention includes:
the unit 601 in this embodiment is the same as the unit 501 in the embodiment shown in fig. 5, and is not described here again.
A first detecting unit 602, configured to detect, according to the HTTP request information, whether the browser passes security authentication within a preset duration before a current time by using an authentication device;
the unit 603 in this embodiment is the same as the unit 502 in the embodiment shown in fig. 5, and is not described here again.
And a first triggering unit 604, configured to trigger the feedback unit to feed back HTTP response information to the browser according to the HTTP request information when the browser passes the security authentication.
The unit 605 in this embodiment is the same as the unit 503 in the embodiment shown in fig. 5, the unit 606 is the same as the unit 504 in the embodiment shown in fig. 5, and the unit 607 is the same as the unit 505 in the embodiment shown in fig. 5, which are not repeated herein.
And the recording unit 608 is configured to record an authentication passing state of the browser when it is determined that the browser has no bug or passes the security authentication according to the detection result.
The sending unit 609 is configured to send vulnerability information to the browser when it is determined that the vulnerability exists in the browser according to the detection result, so that the browser prompts the user according to the vulnerability information.
Referring to fig. 7, another embodiment of the gateway device in the embodiment of the present invention includes:
the unit 701 in this embodiment is the same as the unit 501 in the embodiment shown in fig. 5, and is not described here again.
A second detecting unit 702, configured to detect, according to the HTTP request information, whether a terminal where the browser is located passes identity authentication by using the authentication device;
the unit 703 in this embodiment is the same as the unit 502 in the embodiment shown in fig. 5, and is not described here again.
The second triggering unit 704 is configured to trigger the feedback unit to feed back HTTP response information to the browser according to the HTTP request information when the terminal passes the identity authentication;
A third triggering unit 708, configured to trigger the intercepting unit to intercept the HTTP request information when the terminal fails the identity authentication.
Referring to fig. 8, an embodiment of a browser according to the present invention includes:
an issuing unit 801, configured to issue HTTP request information, so that the gateway device feeds back HTTP response information to the browser according to the HTTP request information;
a first receiving unit 802, configured to receive HTTP response information fed back by a gateway device;
the detection unit 803 is configured to perform vulnerability detection by using a detection script in the HTTP response information to obtain a detection result;
a returning unit 804, configured to return the detection result to the gateway device.
Referring to fig. 9, another embodiment of a browser according to the present invention includes:
A second receiving unit 905, configured to receive vulnerability information sent by a gateway device;
a first prompting unit 906, configured to prompt the user according to the vulnerability information.
Referring to fig. 10, another embodiment of a browser according to the present invention includes:
And a second prompting unit 1005, configured to prompt the user of vulnerability information when it is determined that the browser has a vulnerability according to the detection result.
The invention also provides a vulnerability detection system, which can comprise the gateway device and the browser described in the above embodiment, through the mutual cooperation of the gateway device and the browser, the gateway device can feed back a detection script to the browser to detect the vulnerability of the browser, when the browser has a vulnerability, the browser can be prevented from using internet resources, otherwise, the normal use of the browser can be realized, the same beneficial effects can refer to the contents described in the above embodiment, and the details are not repeated here.
The above describes the gateway device and the browser in the embodiment of the present invention from the perspective of the modular functional entity, and the following describes the computer apparatus in the embodiment of the present invention from the perspective of hardware processing:
the computer device is used for realizing the function of one side of the gateway equipment, and one embodiment of the computer device in the embodiment of the invention comprises the following steps:
a processor and a memory;
the memory is used for storing the computer program, and the processor is used for realizing the following steps when executing the computer program stored in the memory:
acquiring HTTP request information issued by a browser;
feeding back HTTP response information to the browser according to the HTTP request information, so that the browser performs vulnerability detection by using a detection script in the HTTP response information, and returning a detection result to the gateway equipment;
receiving a detection result returned by the browser;
judging whether the browser has a bug or not according to the detection result;
and if so, intercepting the HTTP request information.
In some embodiments of the present invention, the processor may be further configured to:
according to the HTTP request information, detecting whether the browser passes safety authentication within a preset time length before the current time by using authentication equipment;
if not, triggering the step of feeding back HTTP response information to the browser according to the HTTP request information.
In some embodiments of the present invention, the processor may be further configured to:
detecting whether the terminal where the browser is located passes identity authentication or not by using authentication equipment according to the HTTP request information;
if yes, triggering a step of feeding back HTTP response information to the browser according to the HTTP request information;
if not, triggering the step of intercepting the HTTP request information.
In some embodiments of the present invention, the processor may be further configured to:
and if the browser is judged to have no leak or pass the security authentication according to the detection result, recording the authentication passing state of the browser.
In some embodiments of the present invention, the processor may be further configured to:
and if the browser is judged to have the bug according to the detection result, sending bug information to the browser so that the browser prompts a user according to the bug information.
The computer device is used for realizing the functions of one side of the browser, and another embodiment of the computer device in the embodiment of the invention comprises the following steps:
a processor and a memory;
the memory is used for storing the computer program, and the processor is used for realizing the following steps when executing the computer program stored in the memory:
issuing HTTP request information to enable the gateway equipment to feed back HTTP response information to the browser according to the HTTP request information;
receiving HTTP response information fed back by the gateway equipment;
detecting the vulnerability by using a detection script in the HTTP response information to obtain a detection result;
and returning the detection result to the gateway equipment.
In some embodiments of the present invention, the processor may be further configured to:
receiving vulnerability information sent by gateway equipment;
and prompting the user according to the vulnerability information.
In some embodiments of the present invention, the processor may be further configured to:
and if the browser is judged to have the vulnerability according to the detection result, prompting vulnerability information to the user.
It should be understood that, no matter on the gateway device side or the browser side, when the processor in the computer apparatus described above executes the computer program, the functions of each unit in the corresponding apparatus embodiments may also be implemented, and thus, no further description is provided herein. Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory and executed by the processor to implement the invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program in the gateway device/browser. For example, the computer program may be divided into units in the above-described gateway device, and each unit may implement specific functions as described above for the corresponding gateway device.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing equipment. The computer device may include, but is not limited to, a processor, a memory. It will be appreciated by those skilled in the art that the processor, memory are merely examples of a computer apparatus and are not meant to be limiting, and that more or fewer components may be included, or certain components may be combined, or different components may be included, for example, the computer apparatus may also include input output devices, network access devices, buses, etc.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like which is the control center for the computer device and which connects the various parts of the overall computer device using various interfaces and lines.
The memory may be used to store the computer programs and/or modules, and the processor may implement various functions of the computer device by running or executing the computer programs and/or modules stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the terminal, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The present invention also provides a computer-readable storage medium for implementing a gateway device-side function, having a computer program stored thereon, which, when executed by a processor, the processor is operable to perform the steps of:
acquiring HTTP request information issued by a browser;
feeding back HTTP response information to the browser according to the HTTP request information, so that the browser performs vulnerability detection by using a detection script in the HTTP response information, and returning a detection result to the gateway equipment;
receiving a detection result returned by the browser;
judging whether the browser has a bug or not according to the detection result;
and if so, intercepting the HTTP request information.
In some embodiments of the invention, the computer program stored on the computer-readable storage medium, when executed by the processor, may be specifically configured to perform the steps of:
according to the HTTP request information, detecting whether the browser passes safety authentication within a preset time length before the current time by using authentication equipment;
if not, triggering the step of feeding back HTTP response information to the browser according to the HTTP request information.
In some embodiments of the invention, the computer program stored on the computer-readable storage medium, when executed by the processor, may be specifically configured to perform the steps of:
detecting whether the terminal where the browser is located passes identity authentication or not by using authentication equipment according to the HTTP request information;
if yes, triggering a step of feeding back HTTP response information to the browser according to the HTTP request information;
if not, triggering the step of intercepting the HTTP request information.
In some embodiments of the invention, the computer program stored on the computer-readable storage medium, when executed by the processor, may be specifically configured to perform the steps of:
and if the browser is judged to have no leak or pass the security authentication according to the detection result, recording the authentication passing state of the browser.
In some embodiments of the invention, the computer program stored on the computer-readable storage medium, when executed by the processor, may be specifically configured to perform the steps of:
and if the browser is judged to have the bug according to the detection result, sending bug information to the browser so that the browser prompts a user according to the bug information.
The present invention also provides another computer-readable storage medium for implementing a browser-side function, having a computer program stored thereon, which, when executed by a processor, the processor is operable to perform the steps of:
issuing HTTP request information to enable the gateway equipment to feed back HTTP response information to the browser according to the HTTP request information;
receiving HTTP response information fed back by the gateway equipment;
detecting the vulnerability by using a detection script in the HTTP response information to obtain a detection result;
and returning the detection result to the gateway equipment.
In some embodiments of the invention, the computer program stored on the computer-readable storage medium, when executed by the processor, may be specifically configured to perform the steps of:
receiving vulnerability information sent by gateway equipment;
and prompting the user according to the vulnerability information.
In some embodiments of the invention, the computer program stored on the computer-readable storage medium, when executed by the processor, may be specifically configured to perform the steps of:
and if the browser is judged to have the vulnerability according to the detection result, prompting vulnerability information to the user.
It will be appreciated that the integrated units, if implemented as software functional units and sold or used as a stand-alone product, may be stored in a corresponding one of the computer readable storage media. Based on such understanding, all or part of the flow of the method according to the above embodiments may be implemented by a computer program, which may be stored in a computer-readable storage medium and used by a processor to implement the steps of the above embodiments of the method. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (23)
1. A vulnerability detection method is applied to gateway equipment and is characterized by comprising the following steps:
acquiring HTTP request information issued by a browser;
feeding back HTTP response information to the browser according to the HTTP request information, wherein the HTTP response information is packaged with a detection script matched with the type of the browser, so that the browser performs vulnerability detection by using the detection script in the HTTP response information and returns a detection result to the gateway equipment;
receiving a detection result returned by the browser;
judging whether the browser has a bug or not according to the detection result;
and if so, intercepting the HTTP request information.
2. The vulnerability detection method of claim 1, wherein before feeding back HTTP response information to the browser according to the HTTP request information, the method further comprises:
according to the HTTP request information, detecting whether the browser passes safety authentication within a preset time length before the current time by using authentication equipment;
if not, triggering the step of feeding back HTTP response information to the browser according to the HTTP request information.
3. The vulnerability detection method of claim 2, wherein the method further comprises:
and if the browser is judged to have no loophole or the security authentication is passed according to the detection result, recording the authentication passing state of the browser.
4. The vulnerability detection method of claim 1, wherein before feeding back HTTP response information to the browser according to the HTTP request information, the method further comprises:
detecting whether the terminal where the browser is located passes identity authentication or not by using authentication equipment according to the HTTP request information;
if yes, triggering the step of feeding back HTTP response information to the browser according to the HTTP request information;
if not, triggering the step of intercepting the HTTP request information.
5. The vulnerability detection method of any of claims 2 to 4, wherein the gateway device comprises the authentication device.
6. The vulnerability detection method of any of claims 1-4, wherein the method further comprises:
and if the browser is judged to have the bug according to the detection result, sending bug information to the browser so that the browser prompts a user according to the bug information.
7. A vulnerability detection method is applied to a browser and is characterized by comprising the following steps:
issuing HTTP request information to enable gateway equipment to feed back HTTP response information to the browser according to the HTTP request information, wherein the HTTP response information is packaged with a detection script matched with the type of the browser;
receiving the HTTP response information fed back by the gateway equipment;
detecting the vulnerability by using the detection script in the HTTP response information to obtain a detection result;
and returning the detection result to the gateway equipment.
8. The vulnerability detection method of claim 7, wherein after the returning the detection results to the gateway device, the method further comprises:
receiving vulnerability information sent by the gateway equipment;
and prompting the user according to the vulnerability information.
9. The vulnerability detection method according to claim 7, wherein after the vulnerability detection is performed by using the detection script in the HTTP response information to obtain a detection result, the method further comprises:
and if the browser is judged to have the vulnerability according to the detection result, prompting vulnerability information to the user.
10. A gateway device, comprising:
the acquisition unit is used for acquiring HTTP request information issued by the browser;
the feedback unit is used for feeding back HTTP response information to the browser according to the HTTP request information, and the HTTP response information is packaged with a detection script matched with the type of the browser, so that the browser performs vulnerability detection by using the detection script in the HTTP response information and returns a detection result to the gateway equipment;
the receiving unit is used for receiving a detection result returned by the browser;
the judging unit is used for judging whether the browser has a bug or not according to the detection result;
and the interception unit is used for intercepting the HTTP request information when the browser is judged to have a bug according to the detection result.
11. The gateway device of claim 10, further comprising:
the first detection unit is used for detecting whether the browser passes the safety authentication within a preset time before the current time by using authentication equipment according to the HTTP request information;
and the first triggering unit is used for triggering the feedback unit to feed back HTTP response information to the browser according to the HTTP request information when the browser passes the security authentication.
12. The gateway device of claim 11, further comprising:
and the recording unit is used for recording the authentication passing state of the browser when the browser is judged to have no loophole or the security authentication passes according to the detection result.
13. The gateway device of claim 10, further comprising:
the second detection unit is used for detecting whether the terminal where the browser is located passes identity authentication or not by using authentication equipment according to the HTTP request information;
the second triggering unit is used for triggering the feedback unit to feed back HTTP response information to the browser according to the HTTP request information when the terminal passes the identity authentication;
and the third triggering unit is used for triggering the intercepting unit to intercept the HTTP request information when the terminal fails the identity authentication.
14. The gateway device according to any of claims 11 to 13, characterized in that the gateway device comprises the authentication device.
15. The gateway device according to any one of claims 10 to 13, characterized in that the gateway device further comprises:
and the sending unit is used for sending vulnerability information to the browser when judging that the browser has the vulnerability according to the detection result so that the browser prompts a user according to the vulnerability information.
16. A browser, comprising:
the issuing unit is used for issuing HTTP request information so that the gateway equipment feeds back HTTP response information to the browser according to the HTTP request information, and the HTTP response information is packaged with a detection script matched with the type of the browser;
a first receiving unit, configured to receive the HTTP response information fed back by the gateway device;
the detection unit is used for detecting the vulnerability by using the detection script in the HTTP response information to obtain a detection result;
and the return unit is used for returning the detection result to the gateway equipment.
17. The browser according to claim 16, wherein the browser further comprises:
the second receiving unit is used for receiving the vulnerability information sent by the gateway equipment;
and the first prompting unit is used for prompting the user according to the vulnerability information.
18. The browser according to claim 16, wherein the browser further comprises:
and the second prompting unit is used for prompting the vulnerability information of the user when the browser is judged to have the vulnerability according to the detection result.
19. A vulnerability detection system comprising a gateway device according to any of claims 10 to 15 and a browser according to any of claims 16 to 18.
20. A computer device, characterized by: the computer arrangement comprises a processor for implementing the steps of the vulnerability detection method according to any of claims 1 to 6 when executing a computer program stored in a memory.
21. A computer device, characterized by: the computer arrangement comprises a processor for implementing the steps of the vulnerability detection method according to any of claims 7 to 9 when executing a computer program stored in a memory.
22. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program, when being executed by a processor, carries out the steps of the vulnerability detection method according to any of claims 1 to 6.
23. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program, when being executed by a processor, carries out the steps of the vulnerability detection method according to any of claims 7 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710442960.7A CN106998335B (en) | 2017-06-13 | 2017-06-13 | Vulnerability detection method, gateway equipment, browser and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710442960.7A CN106998335B (en) | 2017-06-13 | 2017-06-13 | Vulnerability detection method, gateway equipment, browser and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106998335A CN106998335A (en) | 2017-08-01 |
| CN106998335B true CN106998335B (en) | 2020-09-18 |
Family
ID=59436208
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710442960.7A Active CN106998335B (en) | 2017-06-13 | 2017-06-13 | Vulnerability detection method, gateway equipment, browser and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106998335B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107832617B (en) * | 2017-09-15 | 2021-03-30 | 北京知道未来信息技术有限公司 | Black box detection method and device for PHP code execution vulnerability |
| CN108769070A (en) * | 2018-06-30 | 2018-11-06 | 平安科技(深圳)有限公司 | One kind is gone beyond one's commission leak detection method and device |
| CN108933794B (en) * | 2018-08-22 | 2021-08-10 | 广州视源电子科技股份有限公司 | Method, device, equipment and server for joining enterprise policy |
| CN111049783A (en) * | 2018-10-12 | 2020-04-21 | 北京奇虎科技有限公司 | Network attack detection method, device, equipment and storage medium |
| CN109889514A (en) * | 2019-02-03 | 2019-06-14 | 郭丽 | A kind of certification scan method and web application scanning system |
| CN111740992B (en) * | 2020-06-19 | 2022-08-30 | 北京字节跳动网络技术有限公司 | Website security vulnerability detection method, device, medium and electronic equipment |
| CN114884730B (en) * | 2022-05-07 | 2023-12-29 | 深信服科技股份有限公司 | Request detection method, device, equipment and readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350053A (en) * | 2007-10-15 | 2009-01-21 | 北京瑞星国际软件有限公司 | Method and apparatus for preventing web page browser from being used by leak |
| CN104735092A (en) * | 2015-04-22 | 2015-06-24 | 北京瑞星信息技术有限公司 | Method and device for detecting web vulnerability |
| CN105574416A (en) * | 2015-12-16 | 2016-05-11 | 北京神州绿盟信息安全科技股份有限公司 | Detection method and device of browser bug |
| CN105991554A (en) * | 2015-02-04 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and equipment |
| CN106339309A (en) * | 2015-07-14 | 2017-01-18 | 腾讯科技(深圳)有限公司 | Application program test method, client side and system |
| US9588636B1 (en) * | 2013-12-17 | 2017-03-07 | Google Inc. | Exit full screen mode of a web browser on content-based event |
| CN106485152A (en) * | 2016-09-30 | 2017-03-08 | 北京奇虎科技有限公司 | Leak detection method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160381061A1 (en) * | 2015-06-28 | 2016-12-29 | Check Point Software Technologies Ltd. | Proxy for mitigation of attacks exploiting misconfigured or compromised web servers |
-
2017
- 2017-06-13 CN CN201710442960.7A patent/CN106998335B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350053A (en) * | 2007-10-15 | 2009-01-21 | 北京瑞星国际软件有限公司 | Method and apparatus for preventing web page browser from being used by leak |
| US9588636B1 (en) * | 2013-12-17 | 2017-03-07 | Google Inc. | Exit full screen mode of a web browser on content-based event |
| CN105991554A (en) * | 2015-02-04 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and equipment |
| CN104735092A (en) * | 2015-04-22 | 2015-06-24 | 北京瑞星信息技术有限公司 | Method and device for detecting web vulnerability |
| CN106339309A (en) * | 2015-07-14 | 2017-01-18 | 腾讯科技(深圳)有限公司 | Application program test method, client side and system |
| CN105574416A (en) * | 2015-12-16 | 2016-05-11 | 北京神州绿盟信息安全科技股份有限公司 | Detection method and device of browser bug |
| CN106485152A (en) * | 2016-09-30 | 2017-03-08 | 北京奇虎科技有限公司 | Leak detection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106998335A (en) | 2017-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106998335B (en) | Vulnerability detection method, gateway equipment, browser and system | |
| US11606374B2 (en) | Analyzing client application behavior to detect anomalies and prevent access | |
| Wurzinger et al. | SWAP: Mitigating XSS attacks using a reverse proxy | |
| US10826872B2 (en) | Security policy for browser extensions | |
| US8850526B2 (en) | Online protection of information and resources | |
| US9769155B2 (en) | Login method and apparatus, and open platform system | |
| US7877795B2 (en) | Methods, systems, and computer program products for automatically configuring firewalls | |
| US9071600B2 (en) | Phishing and online fraud prevention | |
| US9021586B2 (en) | Apparatus and methods for preventing cross-site request forgery | |
| CN108259514B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| WO2009111224A1 (en) | Identification of and countermeasures against forged websites | |
| Sood et al. | Drive-by download attacks: A comparative study | |
| US20160359904A1 (en) | Method and system for detection of headless browser bots | |
| CN108768960B (en) | Virus detection method, device, storage medium and computer equipment | |
| US20190222587A1 (en) | System and method for detection of attacks in a computer network using deception elements | |
| US11706251B2 (en) | Simulating user interactions for malware analysis | |
| CN110968872A (en) | File vulnerability detection processing method and device, electronic equipment and storage medium | |
| Praitheeshan et al. | Attainable hacks on Keystore files in Ethereum wallets—A systematic analysis | |
| US10474810B2 (en) | Controlling access to web resources | |
| Satish et al. | Web browser security: different attacks detection and prevention techniques | |
| CN108268774B (en) | Method and device for judging attack request | |
| Duraisamy et al. | A server side solution for protection of web applications from cross-site scripting attacks | |
| Zammouri et al. | SafeBrowse: A new tool for strengthening and monitoring the security configuration of web browsers | |
| US11874924B2 (en) | Malicious JS detection based on automated user interaction emulation | |
| US20230244787A1 (en) | System and method for detecting exploit including shellcode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |