The content of the invention
The application provides Pages Security detection method, device and equipment, to solve to excavate in the prior art
The problem of ability of web front-end leak or sensitive information.
According to the first aspect of the embodiment of the present application, there is provided a kind of Pages Security detection method, methods described
Including:
Before loading page, the default safety detection framework based on Hook is injected to the page to be loaded,
The safety detection framework includes the script that body to be measured is written over and detected;
The body to be measured treated by the safety detection framework in loading page is written over;
Obtained by the body to be measured after rewriting and the tune of body to be measured operationally is monitored by the body to be measured after rewriteeing
Use information;
Judge whether the body to be measured is safe based on the recalls information using the safety detection framework.
According to the second aspect of the embodiment of the present application, there is provided a kind of Pages Security detection means, described device
Including:
Framework injection module, for before loading page, being based on to the page to be loaded injection is default
Hook safety detection framework, the safety detection framework include the pin that body to be measured is written over and detected
This;
Rewriting module, the body to be measured for being treated by the safety detection framework in loading page carry out weight
Write;
Information monitoring module, believe for monitoring the calling of body to be measured operationally by the body to be measured after rewriting
Breath;
Analysis module, for being based on using the safety detection framework described in recalls information judgement
Whether body to be measured is safe.
According to the third aspect of the embodiment of the present application, there is provided a kind of computer equipment, including:
Processor;For storing the memory of the processor-executable instruction;
Wherein, the processor is configured as:
Before loading page, the default safety detection framework based on Hook is injected to the page to be loaded,
The safety detection framework includes the script that body to be measured is written over and detected;
The body to be measured treated by the safety detection framework in loading page is written over;
Obtained by the body to be measured after rewriting and the tune of body to be measured operationally is monitored by the body to be measured after rewriteeing
Use information;
Judge whether the body to be measured is safe based on the recalls information using the safety detection framework.
During using the embodiment of the present application Pages Security detection method, device and equipment, by page to be loaded
The safety detection framework based on Hook is injected in face, is rewritten using safety detection framework in the page to be loaded
Body to be measured, and the recalls information of body to be measured operationally is monitored by the body to be measured after rewriting, and according to tune
Judge whether body to be measured is safe with information, safety when realizing that code is run by Hook so as to realize is examined
Survey, so as to improve the ability for excavating web front-end leak and sensitive information.
It should be appreciated that the general description and following detailed description of the above are only exemplary and explanatory
, the disclosure can not be limited.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following retouches
State when being related to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.
Embodiment described in following exemplary embodiment does not represent all embodiment party consistent with the disclosure
Formula.On the contrary, they are only and some aspects phase one being described in detail in such as appended claims, the disclosure
The example of the apparatus and method of cause.
It is only merely for the purpose of description specific embodiment in the term that the disclosure uses, and is not intended to be limiting this
It is open." one kind " of singulative used in disclosure and the accompanying claims book, " described " and
"the" is also intended to including most forms, unless context clearly shows that other implications.It is also understood that
Term "and/or" used herein refer to and comprising the associated list items purposes of one or more it is any or
It is possible to combine.
It will be appreciated that though various letters may be described using term first, second, third, etc. in the disclosure
Breath, but these information should not necessarily be limited by these terms.These terms are only used for same type of information area each other
Separate.For example, without departing from the scope of this disclosure, the first information can also be referred to as the second information,
Similarly, the second information can also be referred to as the first information.Depending on linguistic context, word as used in this
" if " can be construed to " ... when " or " when ... when " or " in response to determine ".
With the development of information technology, network gradually penetrates into the every field of society, people either live,
Work or amusement all be unable to do without network, so the network environment for having a safe and healthy stabilization is extremely important
's.Web applications enter a brand-new stage, and the mobilism and Real-Time Sharing of content, which allow, stops harmful content
Become more complicated with Malware, the attack that web site is subjected to is also more and more.Web attacks can be black
Visitor completes to attack by changing url, including obtains site databases content, obtains server root authority,
Steal user data etc..Common web attack types such as web leaks, sensitive data etc..Web leaks lead to
Refer to the leak on procedure site, it may be possible to due to written in code person when writing code inconsiderate congruence
Reason and caused by leak, common web leaks have SQL injection, cross-site scripting attack (XSS), upload
Leak etc..If website has web leaks and utilized by hacker attacker, attacker can be the ability to easily control whole
Individual website, and Website server authority is obtained, control whole server.
Therefore, carrying out web safety detections, particularly web front-end safety detection, just seem more and more important.
Need to parse the code of functions/object to be measured in the page using whitepack detection in conventional art, work as code
Leak or sensitive information can not be effectively found when more complicated, and black box depends on test case, because test is used
The imperfection of example, cause test not comprehensive, excavate the ability of web front-end leak or sensitive information.
The defects of in order to avoid excavating the ability of web front-end leak or sensitive information, the application provide a kind of
Pages Security detection method, by injecting the safety detection framework based on Hook to the page to be loaded, utilize peace
Full detection framework rewrites the body to be measured in the page to be loaded, and body to be measured is monitored, when execution body to be measured
When, the recalls information of body to be measured operationally can be monitored by the body to be measured after rewriting, and believe according to calling
Breath judges whether body to be measured is safe, and safety detection is carried out when code is run by Hook so as to realize, so as to
Improve the ability for excavating web front-end leak and sensitive information.
As shown in figure 1, Fig. 1 is one embodiment flow chart of the application Pages Security detection method, the party
Method can be applied on a computing device, comprise the following steps 101 to step 104:
In a step 101, before loading page, the default peace based on Hook is injected to the page to be loaded
Full detection framework, the safety detection framework include the script that body to be measured is written over and detected.
In a step 102, the body to be measured treated by the safety detection framework in loading page is written over.
In step 103, the recalls information of body to be measured operationally is monitored by the body to be measured after rewriting.
At step 104, the body to be measured is judged based on the recalls information using the safety detection framework
It is whether safe.
In the embodiment of the present application, computer equipment can be the various electronic equipments that can run web applications,
Electronic equipment can be smart mobile phone, tablet PC, PDA (Personal Digital Assistant, individual
Digital assistants), PC etc. there is the electronic equipments of web applications.
Body to be measured is the side for needing to detect in webpage.For example, body to be measured can be the interface of object to be measured,
It can be function to be measured, can also be the attribute of object to be measured., can in an optional implementation
To pre-set a watch-list, include in watch-list it is all be likely to occur safety problem function/
Object.Further, the functions/object in watch-list can be determined according to web attack types.For example,
Attribute of overall situation function, global object's interface, some object etc. can be included in watch-list.
Opportunity for injecting safety detection framework, before step 101 is defined to loading page by the application,
So as to realize before the other Javascript codes of the page are not carried out, the safety inspection based on Hook is injected
Framework is surveyed, so as to other Javascript code detections.Wherein, JavaScript is that one kind belongs to network
Script.Due to that can be able to be then page loading with loading page when page loading environment meets
When condition meets and before loading page, step 101 is performed.It can connect that page loading environment, which meets,
Receive page load request.It is understood that it can be noted every time before loading page to the page to be loaded
Enter the default safety detection framework based on Hook, to carry out safety detection.
Safety detection framework based on Hook is properly termed as Hook frameworks again, and Hook frameworks are used to treat
Body is surveyed to be written over and detect.
Wherein, Hook technologies are also known as Hook Technique, hook technology, are windows messaging processors
One platform of system.Hook can be intercepted and captured with the various event messages in monitoring system or process and be sent to target
The message of window is simultaneously handled.The application rewrites body to be measured by Hook technologies and it is run with realizing
Monitoring.Safety detection framework based on Hook can include the pin that body to be measured is written over and detected
This, as a kind of preferred embodiment, script can be Javascript scripts.
In an optional implementation, it can be injected and preset to the page to be loaded by browser plug-in
The safety detection framework based on Hook.It is for instance possible to use chrome browser plug-ins are to be loaded
The page injects the default safety detection framework based on Hook.
It can be seen that easily realized by way of browser plug-in injects framework to the page to be loaded.
Because safety detection framework includes script that body to be measured is written over and detected, therefore to be loaded
After page injection safety detection framework, the body to be measured that needs detect can be carried out using safety detection framework
Rewrite and monitor.
Wherein, in Java, subclass can inherit the method in parent, without writing identical again
Method.But subclass is not intended to the method for intactly inheriting parent sometimes, but thought of as certain modification,
This just needs the rewriting using method.The present embodiment passes through the rewriting to body to be measured, in order to increases
The calling detection method of the body to be measured, can get corresponding recalls information when being called every time so as to body to be measured.
Recalls information can be call parameters/calling data etc. caused by calling.
For example, when body to be measured is overall situation function, weight can be carried out to overall situation function by safety detection framework
Write, so as to obtain the recalls information of the function operationally by the overall situation function after rewriting, so as to
Realize and the function of the overall situation is linked up with.
And for example, can be by safety detection framework to specifying object when body to be measured is global object's interface
Interface is written over, so as to obtain the recalls information of the interface operationally by the interface after rewriting, from
And realize to calling the interface to be monitored.
And for example, when body to be measured is localStorage getItem function and setItem functions, Ke Yitong
GetItem functions and setItem functions that safety detection framework rewrites localStorage are crossed, so as to pass through
The getItem functions and setItem function pairs of localStorage after rewriting is locally stored and is monitored.
And for example, when body to be measured is XML Http Request.prototype open function and send functions,
XML Http Request.prototype open functions and send can be rewritten by safety detection framework
Function, realize the monitoring that data are sent and received to Asynchronous Request.
In an optional implementation, the body to be measured includes the attribute of object to be tested, described logical
The body to be measured that the safety detection framework is treated in loading page is crossed to be written over, including:The safety inspection
Survey framework by call object to be tested in the page to be loaded getter functions and setter functions to rewrite
State the attribute of object to be tested.The body to be measured by after rewriting monitors the calling of body to be measured operationally
Information, including:Obtained by the attribute of the object to be tested after rewriting when the attribute is read or changed
Recalls information.
It can be seen that can by calling getter functions and setter functions to rewrite the attribute of object, so as to
The attribute of object is read or gets recalls information when changing.
In an optional implementation, safety detection framework can be by calling document's
Getter functions and setter functions, can be with to rewrite document getter functions and setter functions
It is monitored by the reading of the document of rewriting getter functions and setter function pairs cookie.
In an optional implementation, safety detection framework can be by calling window getter
Function and setter functions, to rewrite window getter functions and setter functions, pass through rewriting
Window getter functions and setter functions monitors some global variable and read in which place
And modification, it can detect whether some key messages are compromised.
On step 104, after monitoring obtains recalls information, body to be measured can be judged according to recalls information
It is whether safe.As one of which judgment mode, it can be determined that with the presence or absence of default quick in recalls information
Keyword is felt, if in the presence of judging that the body to be measured is dangerous.For example, in being monitored to cookie, pass through
Whether the cookie values for judging to read are crucial session session, so as to judge whether danger.Again
Such as, when being monitored to global variable, the position that specified global variable is read out and changed can be monitored
Put, so as to detect whether some key messages are compromised.And for example, can for the monitoring being locally stored
To be locally stored by having detected whether that sensitive data is written into judge whether safety.And for example, for different
The monitoring of request is walked, can be by detecting in recalls information whether contain the information not desensitized to judge whether
Safety.
It is described to be based on the calling letter using the safety detection framework in an optional implementation
Breath judges whether the body to be measured is safe, including:Obtained by the safety detection framework and call body to be measured
Called side, according to the called side and the recalls information judge the body to be measured whether safety.
In this embodiment it is possible to the mode in inter-trust domain or untrusted domain is set to carry out security judgement.It is logical
Allocating stack can be printed by crossing safety detection framework, so that it is determined that calling the called side of body to be measured, judge to adjust
With side whether in default inter-trust domain or untrusted domain, when called side is in untrusted domain or not in inter-trust domain
When, it is possible to determine that current function/object there may be safety problem.
In an optional implementation, the prison to jsonp can also be realized by safety detection framework
Control, the new script elements that the createElement functions by rewriteeing document are created, so
The getter functions and setter functions of script elements are rewritten afterwards, and rewrite the return letter of jsonp in connection
Number, to realize to the cross-domain monitoring for calling transmission data.
Further, methods described also includes:Testing result is output to console (console), with
Just user checks testing result.
Corresponding with the embodiment of the application Pages Security detection method, present invention also provides Pages Security
The embodiment of detection means and computer equipment.
The embodiment of the application Pages Security detection means, which can be applied, is being provided with the various calculating of browser
On machine equipment, for example, the computer equipment can include mobile phone, tablet personal computer, PC etc..Wherein, fill
Putting embodiment can be realized by software, can also be realized by way of hardware or software and hardware combining.
It is by computer equipment where it as the device on a logical meaning exemplified by implemented in software
Corresponding computer program instructions in nonvolatile memory 220 are read internal memory 230 by processor 210
What middle operation was formed.For hardware view, as shown in Fig. 2 being the application Pages Security detection means
A kind of hardware structure diagram of place computer equipment, except the processor 210 shown in Fig. 2, internal memory 230,
Outside network interface 240 and nonvolatile memory 220, the computer in embodiment where device
Equipment can also include other hardware, no longer show one by one in Fig. 2 generally according to the actual functional capability of the equipment
Go out.
Referring to Fig. 3, for one embodiment block diagram of the application Pages Security detection means:
The device includes:Framework injection module 310, rewriting module 320, information monitoring module 330 and peace
Full judge module 340.
Wherein, framework injection module 310, for before loading page, being injected to the page to be loaded pre-
If the safety detection framework based on Hook, the safety detection framework include body to be measured is written over
With the script of detection.
Rewriting module 320, enter for treating the body to be measured in loading page by the safety detection framework
Row is rewritten.
Information monitoring module 330, for monitoring the tune of body to be measured operationally by the body to be measured after rewriting
Use information.
Analysis module 340, for being judged using the safety detection framework based on the recalls information
Whether the body to be measured is safe.
In an optional implementation, the framework injection module includes:
Framework injects submodule, for before loading page, by browser plug-in to the page to be loaded
Inject the default safety detection framework based on Hook.
It is the interface of the body to be measured including object to be tested, to be tested in an optional implementation
Function, object to be tested attribute in one or more, the script is Javascript scripts.
In an optional implementation, the body to be measured includes the attribute of object to be tested, described heavy
Writing module includes:
Submodule is rewritten, for the safety detection framework by calling object to be tested in the page to be loaded
Getter functions and setter functions to rewrite the attribute of the object to be tested.
Described information monitoring modular includes:
Information monitoring submodule, read for obtaining the attribute by the attribute of the object to be tested after rewriting
Recalls information when taking or changing.
In an optional implementation, the analysis module, including:
Analysis submodule, the called side of body to be measured is called for being obtained by the safety detection framework,
Judge whether the body to be measured is safe according to the called side and the recalls information.
Based on this, the application also provides a kind of computer equipment, including:
Processor;For storing the memory of the processor-executable instruction;
Wherein, the processor is configured as:
Before loading page, the default safety detection framework based on Hook is injected to the page to be loaded,
The safety detection framework includes the script that body to be measured is written over and detected.
The body to be measured treated by the safety detection framework in loading page is written over.
Obtained by the body to be measured after rewriting and the tune of body to be measured operationally is monitored by the body to be measured after rewriteeing
Use information.
Judge whether the body to be measured is safe based on the recalls information using the safety detection framework.
The function of unit and the implementation process of effect specifically refer to corresponding in the above method in said apparatus
The implementation process of step, will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is joined
See the part explanation of embodiment of the method.Device embodiment described above is only schematical,
The wherein described unit illustrated as separating component can be or may not be it is physically separate, make
It can be for the part that unit is shown or may not be physical location, you can with positioned at a place,
Or it can also be distributed on multiple NEs.Can select according to the actual needs part therein or
Person's whole module realizes the purpose of application scheme.Those of ordinary skill in the art are not paying creativeness
In the case of work, you can to understand and implement.
As seen from the above-described embodiment, by injecting the safety detection framework based on Hook to the page to be loaded,
The body to be measured in the page to be loaded is rewritten using safety detection framework, and is monitored by the body to be measured after rewriting
The recalls information of body to be measured operationally, and judge whether body to be measured is safe according to recalls information, so as to real
Safety detection when now realizing that code is run by Hook, web front-end leak and quick is excavated so as to improve
Feel the ability of information.
Those skilled in the art will readily occur to this after considering specification and putting into practice invention disclosed herein
Other embodiments of application.The application is intended to any modification, purposes or the adaptability of the application
Change, these modifications, purposes or adaptations follow the general principle of the application and including this Shens
Please undocumented common knowledge or conventional techniques in the art.Description and embodiments only by
It is considered as exemplary, the true scope of the application and spirit are pointed out by following claim.
It should be appreciated that the application be not limited to be described above and be shown in the drawings it is accurate
Structure, and various modifications and changes can be being carried out without departing from the scope.Scope of the present application is only by institute
Attached claim limits.