CN107948120A - leak detection method and device - Google Patents
leak detection method and device Download PDFInfo
- Publication number
- CN107948120A CN107948120A CN201610890539.8A CN201610890539A CN107948120A CN 107948120 A CN107948120 A CN 107948120A CN 201610890539 A CN201610890539 A CN 201610890539A CN 107948120 A CN107948120 A CN 107948120A
- Authority
- CN
- China
- Prior art keywords
- request message
- server
- field
- message
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a kind of leak detection method and device,The field of JSON forms in first request message is converted into the field step of URL format by increasing during Hole Detection,So as to,Can the existing vulnerability scanners engine based on URL format without modification in the case of,The addition test load in the field of URL format,And the field for adding the URL format after testing load is converted into JSON forms,Generate the second request message,The second request message is sent to server,So that server can identify the second request message,Corresponding second response message of the second request message returned according to server,The first response message with the first request message to be directly sent to server return,It is compared,And combine the loophole in loophole knowledge base and judge preset rules,Obtain Hole Detection result,So as to,Realize the Hole Detection of the automation based on JSON forms,Development cost is saved,And,Improve Hole Detection efficiency.
Description
Technical field
This application involves computer technology, more particularly to a kind of leak detection method and device.
Background technology
JavaScript object notation (JavaScript Object Notation, referred to as:JSON) it is a kind of lightweight
Data interchange format, be easy to people read and write, while be also easy to machine parsing and generation.
Web Hole Detections are the request messages of the browser or user end to server transmission by obtaining web applications,
According to the loophole type to be tested, the corresponding test load of the loophole type is added in request message, load is tested into addition
Request message afterwards is sent to server, and the corresponding response of request message after the addition test load returned according to server disappears
Breath, determines that web is applied and whether there is the corresponding loophole of loophole type;For certain loophole type, if server return adds
Add the corresponding response message of request message after test load different from the response message estimated, then it is assumed that web, which applies to exist, to be somebody's turn to do
The corresponding loophole of loophole type, wherein, the response message estimated refers to that server receives the request for being not added with testing load and disappears
The response message returned after breath.
It is well known that currently used uniform resource locator (Uniform Resoure Locator, abbreviation:URL)
Form is different with JSON forms, as follows:
URL format:Parameter name and parameter value combine for the data of " key1=value1&key2=value2 " style;
JSON forms:Parameter name and parameter value are " { " key1 ":“value1”,“key2”:" value2 " } " number of style
According to combination.
The acquisition request and test load that existing vulnerability scanners engine is generally automated based on URL format
Addition, and thus carry out Hole Detection.But due to that cannot identify JSON forms, there is presently no ripe based on JSON lattice
Formula carries out the scanner engine of Hole Detection.
At present, in webpage (Web) framework, the communication between browser and server more and more uses JSON lattice
Formula, and a vulnerability scanners engine suitable for JSON forms is developed, it is necessary to put into more development cost.So current
One of way is to carry out loophole investigation to the data of JSON forms by artificial mode, so extremely labor intensive.
Therefore, it is badly in need of a kind of method that automatic vulnerability scanning can be carried out to JSON forms now.
The content of the invention
The application provides a kind of leak detection method and device, to solve the inefficient of Hole Detection in the prior art
Problem.
On one side, the application provides a kind of leak detection method, including:
The first request message sent to server is obtained, the field of JSON forms is included in first request message;
The field of the JSON forms is converted into the field of uniform resource position mark URL form;
The addition test load in the field of the URL format;
The field for adding the URL format after testing load is converted into JSON forms, generates the second request message;
Second request message is sent to the server;
Receive the first response message for first request message that the server is sent;
Receive the second response message for second request message that the server is sent;
Preset rules are judged according to first response message, second response message and loophole, obtain loophole inspection
Survey result.
As a kind of achievable mode, first request message and second request message are Hyper text transfer association
Discuss HTTP message.
As a kind of achievable mode, first request message obtained to server transmission, including:
The first request message sent to server is obtained from the daily record of the server.
As a kind of achievable mode, first request message obtained to server transmission, including:
The first request message sent to server is obtained by web proxy;
It is described to send second request message to the server, including:
Second request message is sent to the server by the web proxy.
As a kind of achievable mode, first request message obtained to server transmission, including:
The first request message sent to server is obtained by way of bypass data monitoring.
As a kind of achievable mode, the field by the JSON forms is converted into uniform resource position mark URL lattice
After the field of formula, further include:
Format conversion mark is added in first request message;
It is described that the field for adding the URL format after testing load is converted into JSON forms, the second request message of generation it
Before, further include:
Determine to identify comprising the format conversion in first request message.
As a kind of achievable mode, the first response message, second sound according to second request message
Answer message and loophole judge preset rules obtain Hole Detection as a result, including:
By second response message compared with first response message, and judge default rule with reference to the loophole
Then, Hole Detection result is obtained.
On the other hand, the application provides a kind of Hole Detection device, including:
Acquisition module, for obtaining the first request message sent to server, includes in first request message
The field of JSON forms;
Format conversion module, for the field of the JSON forms to be converted into the word of uniform resource position mark URL form
Section;
Processing module, for the addition test load in the field of the URL format;
The format conversion module, is additionally operable to the field for adding the URL format after testing load being converted into JSON forms,
Generate the second request message;
Sending module, for sending second request message to the server;
Receiving module, the first response message for first request message sent for receiving the server;
Receiving module, the second response for second request message for being additionally operable to receive the server transmission disappear
Breath;
The processing module, is additionally operable to be judged according to first response message, second response message and loophole
Preset rules, obtain Hole Detection result.
As a kind of achievable mode, first request message and second request message are Hyper text transfer association
Discuss HTTP message.
As a kind of achievable mode, the acquisition module is specifically used for obtaining from the daily record of the server to service
The first request message that device is sent.
As a kind of achievable mode, the acquisition module is specifically used for obtaining what is sent to server by web proxy
First request message;The sending module is specifically used for controlling the web proxy to send second request to the server
Message.
As a kind of achievable mode, the acquisition module is specifically used for obtaining to clothes by way of bypass data monitoring
The first request message that business device is sent.
As a kind of achievable mode, the processing module is additionally operable to add format conversion in first request message
Mark;
The processing module is additionally operable to determine to identify comprising the format conversion in first request message.
As a kind of achievable mode, the processing module is specifically used for second response message and first sound
Answer message to be compared, and judge preset rules with reference to the loophole, obtain Hole Detection result.
Another further aspect, the application provide a kind of Hole Detection device, including:
Processor, for obtaining the first request message sent to server, JSON is included in first request message
The field of form;
The processor, is additionally operable to the field of the JSON forms being converted into the word of uniform resource position mark URL form
Section;
The processor, is additionally operable to the addition test load in the field of the URL format;
The processor, is additionally operable to the field for adding the URL format after testing load being converted into JSON forms, generation the
Two request messages;
Transmission interface, the transmission interface are coupled to the processor, the transmission interface, for being sent out to the server
Send second request message;
Receiving interface, the receiving interface are coupled to the processor, the receiving interface, for receiving the server
The first response message for first request message sent, and receive being asked for described second for the server transmission
Seek the second response message of message;
The processor, is additionally operable to be judged according to first response message, second response message and loophole pre-
If regular, Hole Detection result is obtained.
As a kind of achievable mode, the processor is specifically used for obtaining from the daily record of the server to server
The first request message sent.
As a kind of achievable mode, the processor is specifically used for obtaining the to server transmission by web proxy
One request message;
The transmission interface is specifically used for controlling the web proxy to send second request message to the server.
As a kind of achievable mode, the processor is specifically used for obtaining to service by way of bypass data monitoring
The first request message that device is sent.
As a kind of achievable mode, the processor is additionally operable to add format conversion mark in first request message
Know;
The processor is additionally operable to determine to identify comprising the format conversion in first request message.
As a kind of achievable mode, the processor is specifically used for second response message and the described first response
Message is compared, and judges preset rules with reference to the loophole, obtains Hole Detection result.
The leak detection method and device that the application provides, by increasing during Hole Detection by the first request message
The field of middle JSON forms is converted into the field step of URL format, it is thus possible to be swept in the existing loophole based on URL format
In the case of retouching device engine without modification, the addition test load in the field of URL format, and by after addition test load
The field of URL format is converted into JSON forms, generates the second request message, and the second request message is sent to server, so that
The second request message can be identified by obtaining server, corresponding second response message of the second request message returned according to server,
The first response message with the first request message to be directly sent to server return, is compared, and combines loophole knowledge base
In loophole judge preset rules, obtain Hole Detection as a result, so as to, realize the automation based on JSON forms loophole inspection
Survey, saved development cost, also, improve Hole Detection efficiency.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs
Some bright embodiments, for those of ordinary skill in the art, without having to pay creative labor, can be with
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the B/S configuration diagrams of the application;
Fig. 2 is the C/S configuration diagrams of the application;
Fig. 3 is the flow diagram of the application leak detection method embodiment one;
Fig. 4 is the flow diagram of the application leak detection method embodiment two;
Fig. 5 is the structure diagram of one embodiment of the application Hole Detection device;
Fig. 6 is the structure diagram of another embodiment of the application Hole Detection device.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, the technical solution in the embodiment of the present application is carried out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on
Embodiment in the application, those of ordinary skill in the art are obtained every other without making creative work
Embodiment, shall fall in the protection scope of this application.
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During attached drawing, unless otherwise indicated, the same numbers in different attached drawings represent the same or similar key element.Following exemplary embodiment
Described in embodiment do not represent and the consistent all embodiments of the present invention.On the contrary, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects being described in detail in claims, of the invention.
It will be appreciated that described embodiment is only part of the embodiment of the present invention, instead of all the embodiments.Base
Embodiment in the present invention, those of ordinary skill in the art obtained without creative efforts it is all its
Its embodiment, belongs to the scope of protection of the invention.
The term used in embodiments of the present invention is only merely for the purpose of description specific embodiment, and is not intended to be limiting
The present invention.In the embodiment of the present invention and " one kind " of singulative used in the attached claims, " described " and "the"
It is also intended to including most forms, unless context clearly shows that other implications.
It should be appreciated that term "and/or" used herein is only a kind of incidence relation for describing affiliated partner, represent
There may be three kinds of relations, for example, A and/or B, can represent:Individualism A, while there are A and B, individualism B these three
Situation.In addition, character "/" herein, it is a kind of relation of "or" to typically represent forward-backward correlation object.
It will be appreciated that though XXX may be described using term first, second, third, etc. in embodiments of the present invention, but
These XXX should not necessarily be limited by these terms.These terms are only used for XXX being distinguished from each other out.For example, implementation of the present invention is not being departed from
In the case of example scope, the first XXX can also be referred to as the 2nd XXX, and similarly, the 2nd XXX can also be referred to as the first XXX.
Depending on linguistic context, word as used in this " if ", " if " can be construed to " ... when " or
" when ... " or " in response to determining " or " in response to detection ".Similarly, depending on linguistic context, phrase " if it is determined that " or " such as
Fruit detects (condition or event of statement) " " when definite " or " in response to determining " can be construed to or " when detection (is stated
Condition or event) when " or " in response to detect (condition or event of statement) ".
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising, so that commodity or system including a series of elements not only include those key elements, but also including without clear and definite
The other element listed, or further include as this commodity or the intrinsic key element of system.In the feelings not limited more
Under condition, the key element that is limited by sentence "including a ...", it is not excluded that in the commodity including the key element or system also
There are other identical element.
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During attached drawing, unless otherwise indicated, the same numbers in different attached drawings represent the same or similar key element.Following exemplary embodiment
Described in embodiment do not represent and the consistent all embodiments of the present invention.On the contrary, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects being described in detail in claims, of the invention.
The technical solution of the application can be applied to browser/server (Browser/Server, abbreviation:B/S) framework or
Person's client/server (Client/Server, referred to as:C/S) in framework, wherein, B/S frameworks are as shown in Figure 1, Fig. 1 is this Shen
B/S configuration diagrams please, C/S frameworks are as shown in Fig. 2, Fig. 2 is the C/S configuration diagrams of the application.In Fig. 1, browser
Communication between server uses JSON forms, and in fig. 2, the communication between client and server uses JSON forms.
The application cannot be based on JSON forms progress Hole Detection to solve Web leak detection methods of the prior art
The problem of, by increasing the step of converting of URL format and JSON forms during Hole Detection, it is thus possible to existing
Vulnerability scanners engine based on URL format without modification in the case of so that the leak detection method of the application can be realized
Automation Hole Detection based on JSON forms.
The application is applied also directed to the web for needing to use after logging in, and can not obtain visitor by crawler technology
The request message that family end is sent to server web application (such as:The web applications of mobile phone terminal), asked by manually triggering to send
The mode of message is sought, obtains request message.
The technical solution of the application is described in detail with specifically embodiment below.These specific implementations below
Example can be combined with each other, and may be repeated no more for the same or similar concept or process in some embodiments.
Embodiment one
Fig. 3 is the flow diagram of the application leak detection method embodiment one, and the leak detection method of the present embodiment should
For in leakage location, browser/client, different web agent, the first conversion module, leakage to be included in the leakage location
Hole scanner engine and the second conversion module;Wherein, the first conversion module is used to JSON being converted into URL format, the second conversion
Module is used to URL format being converted into JSON forms, and the first conversion module and the second conversion module can be deployed in different web agent
In, can also independently it dispose, in this regard, the application is not restricted;Wherein, vulnerability scanners engine is the loophole based on URL format
Scanner engine, i.e.,:It can only identify the request message of URL format, when being added test load, be carried out based on URL format
Addition;Browser/client and server are communicated based on JSON forms, and the method for the present embodiment is as follows:
S301:Browser/client sends the first request message to different web agent.
Browser/client can be triggered by way of manually triggering and sends the first request message, example to different web agent
Such as;The button shown by the web of the click browser/clients applied, sends the first request to different web agent with triggering and disappears
Breath.
Can also by way of simulation is manually clicked on the button that show of automatically clicking browser/client, with trigger to
Server sends the first request message.
Wherein, the field of JSON forms is included in the first request message.Wherein, JSON format fields are as follows:
{"customerId":"","contactsMobile":"15678167514","contactsName":"
tet","companyName":"123"}。
S302:Different web agent obtains the first request message.
Browser/client is communicated by different web agent with server, that is, browser or client are to service
Device sends message, is required for passing through different web agent alternatively, browser/client receives message from server.Therefore, different web agent can
To obtain the first request message sent to server.
It is alternatively possible to the first request message is obtained by a variety of implementations, in addition to different web agent, such as:Can be with
Obtained by bypass data monitoring or from the daily record of server etc., in this regard, the application is not restricted.
S303:Different web agent sends the first request message to server.
S304:Different web agent receives the first response message for the first request message that server is sent.
Wherein, the first response message is as follows:
S305:Different web agent sends the first request message to the first conversion module.
S306:The field of JSON forms in first request message is converted into the field of URL format by the first conversion module.
Parse the key in JSON forms:Value sequences, by key:Value sequences are reassembled as URL format, so that, realize
The field of JSON forms is converted into the field of URL format.
Such as:Parse the key in JSON forms:Value sequences are:“{“key1”:“value1”,“key2”:
" value2 " } ", then by key:It is " key1=value1&key2=value2 " that value sequences, which are reassembled as URL format,.
Such as:The field that the field of JSON forms in S301 is converted into URL format is as follows:
" customerId=&contactsMobile=15678167514&contactsName=tet& comp
AnyName=123 "
S307:First conversion module to vulnerability scanners engine send format conversion after the first request message.
S308:Vulnerability scanners engine adds test load in the first request message.
Vulnerability scanners engine is added, therefore, by JSON forms when load is tested in addition based on URL format
After field is converted into the field of URL format, you can the addition test load in the field of URL format.
Loophole type includes:SQL injection loophole, order perform loophole, cross-site scripting attack (Cross-site
Scripting, referred to as:XSS) loophole, any file download loophole and file include loophole etc., and every kind of loophole type corresponds to one
Group tests load, one or more test load is included in one group of test load.
For every kind of test-types, corresponding test load is added in the first request message, to test the SQL injection that reports an error
Exemplified by loophole, add a test load, this citing with ", updatexml (1 ,@@version, 1) " as test load,
The url field in the first request message after being added at parameter contactsMobile is as follows:CustomerId=&
ContactsMobile=15678167514, updatexml (1 ,@@version, 1) &co ntactsName=tet&
CompanyName=123
S309:The first request message added after testing load is sent to the second conversion module by vulnerability scanners engine.
S310:The URL format added in the first request message after testing load is converted into JSON by the second conversion module
Form, generates the second request message.
Since the browser/client of the application is communicated based on JSON forms with server, server can only
Identify the message of JSON forms, therefore, it is also desirable to the field of the URL format after addition payload is converted into JSON forms,
Generate the second request message.
The field of JSON forms in second request message is as follows:
{"customerId":"","contactsMobile":"15678167514,updatexml(1,@@v
ersion,1)","contactsName":"tet","companyName":"123"}
S311:Second conversion module sends the second request message to different web agent.
S312:Different web agent sends the second request message to server.
S313:What different web agent reception server was sent is directed to second the second response message of request message.
Specifically, a kind of possible situation A is:Second response message, it is as follows:
Alternatively possible situation B is:Second response message is as follows:
S314:Second response message and the first response message are sent to vulnerability scanners engine by different web agent.
S315:Vulnerability scanners engine judges preset rules according to the first response message, the second response message and loophole,
Determine whether there is loophole.
According to loophole knowledge base, the response message of the second request message and the difference of the first response message asked are contrasted,
Determine that web is applied and whether there is loophole.
According to above example, when the second response is the situation A in S313, it is found that the second response message and the
One response message is different, has SQL error informations in the second response message, i.e.,:ERRO:SELECT DISTINCT JSON.qrid
FROM x2 AS JSON,x2 AS x2 WHERE JSON.contactsMobile IN(1,updatexml(1,@@
Version, 1)) AND JSON.type=" AND JSON.number<=' 10'AND JSON.status=1AND
JSON.type=1:XPATH syntax error:' .16-log', and database version information is included in error message,
I.e.:' .16-log', with reference to loophole knowledge base, loophole is recorded in loophole knowledge base and judges preset rules, such as:For SQL injection
Loophole type, loophole judge that preset rules are:SQL error informations are included in response message, and data are included in error information
Storehouse version information, then judge there are SQL injection loophole, therefore, it is possible to determine that there are SQL injection loophole.
When the second response is the situation B in S313, the second response message is identical with the first response message, it may be considered that
There is no SQL injection loophole.
Only it is to be illustrated so that one is tested load as an example above, for fc-specific test FC type, the survey can be added one by one
The corresponding one group of test load of type is tried, obtains one group of second response message, as long as existing at least in one group of second response message
One different from the first response message, judge preset rules with reference to the loophole in loophole knowledge base, analyze in the specific difference
Hold section, it can be determined that there are the loophole of this kind of fc-specific test FC type.
The field of JSON forms in first request message, is converted into by the present embodiment by increasing during Hole Detection
The field step of URL format, it is thus possible in the existing situation of vulnerability scanners engine without modification based on URL format
Under, the addition test load in the field of URL format, and the field for adding the URL format after testing load is converted into JSON
Form, generates the second request message, the second request message is sent to server, so that server can identify the second request
Message, corresponding second response message of the second request message returned according to server, with directly sending the first request message
The first response message returned to server, is compared, and combines the loophole in loophole knowledge base and judge preset rules, obtains
Hole Detection is as a result, so as to realize the Hole Detection of the automation based on JSON forms, save development cost, also, improve
Hole Detection efficiency.
In the above-described embodiments, involved in each step to format conversion be exemplified below:
In S301, the field comprising JSON forms is as follows in the first request message:
{"customerId":"","contactsMobile":"15678167514",
"contactsName":"tet","companyName":"123"}
In S306, the field of the JSON forms in S301 is converted into the following institute of field of URL format by the first conversion module
Show:
" customerId=&contactsMobile=15678167514&contactsName=tet& comp
AnyName=123 "
In S308, reported an error by test exemplified by SQL injection loophole, add a test load, this citing with ",
Updatexml (1 ,@@version, 1) " is asked as test load, first after the addition of parameter contactsMobile places
Url field in message is as follows:
" customerId=&contactsMobile=15678167514, updatexml (1 ,@@version, 1) &
ContactsName=tet&companyName=123 "
In S310, the URL format added in the first request message after testing load is converted into by the second conversion module
JSON forms, generate the second request message, and the field of the JSON forms included in the second request message is as follows:
"customerId":"","contactsMobile":"15678167514,updatexml(1,@@ve rsion,
1)","contactsName":"tet","companyName":"123"}
Embodiment two
Fig. 4 is the flow diagram of the application leak detection method embodiment two, and embodiment two is different from embodiment one
It is that the mode for obtaining the first response message is that vulnerability scanners engine is obtained by way of not adding load, wherein, with Fig. 3
In identical step, referring to the detailed description of same steps in Fig. 3, repeated no more in Fig. 4, as shown in Figure 4:
S401:Browser/client sends the first request message to different web agent.
S402:Different web agent obtains the first request message.
S403:Different web agent sends the first request message to the first conversion module.
S404:The field of JSON forms in first request message is converted into the field of URL format by the first conversion module.
S405:First conversion module to vulnerability scanners engine send format conversion after the first request message.
S406:Vulnerability scanners engine to the second conversion module send format conversion after the first request message.
Vulnerability scanners engine adds test load not in the first request message.
S407:URL format in first request message is converted into JSON forms by the second conversion module.
S408:Second conversion module sends the first request message of format conversion to different web agent.
S409:Different web agent sends the first request message received from the second conversion module to server.
S410:What different web agent reception server was sent is directed to corresponding first response message of the first request message.
S411:Vulnerability scanners engine adds test load in the first request message.
S412:The first request message added after testing load is sent to the second conversion module by vulnerability scanners engine.
S413:The URL format added in the first request message after testing load is converted into JSON by the second conversion module
Form, generates the second request message.
S414:Second conversion module sends the second request message to different web agent.
S415:Different web agent sends the second request message to server.
S416:What different web agent reception server was sent is directed to corresponding second response message of the second request message.
S417:Second response message and the first response message are sent to vulnerability scanners engine by different web agent.
S418:Vulnerability scanners engine judges preset rules according to the first response message, the second response message and loophole,
Determine whether there is loophole.
Wherein, S406-S410, is not restricted with the execution sequence of S411-S416, may be performed simultaneously, can also first hold
Row S406-S410, then S411-S416 is performed, S411-S416 can also be first carried out, then perform S406-S410;In this regard, the application
It is not restricted.
The present embodiment is similar with the implementing principle and technical effect of the technical solution of embodiment one, and details are not described herein again.
Embodiment three
Embodiment three is on the basis of embodiment one or embodiment two, and further, the first conversion module is into row format
It is additionally included in after conversion in the first request message and adds format conversion mark;Second conversion module is before format conversion is carried out
Further include in definite first request message and identified comprising format conversion.
The present embodiment, is identified by format conversion, is identified and whether has been carried out form turn before test load is added
Change, format conversion again is carried out in order to be tested in addition after load, to ensure being normally carried out for communication.
Example IV
On the basis of the various embodiments described above, the mode for the first request message that client/server is sent is obtained, also
It can be obtained by following several possible implementations:
A kind of possible implementation:The first request message sent to server is obtained from the daily record of server.
Browser or the first all request messages of client transmission can be recorded in the daily record of server, therefore, can
With by obtaining the first request message sent to server from the daily record of server.By being obtained from the daily record of server
During the first request message, the first request message is sent without manually triggering to server.
Alternatively possible implementation:The first request sent to server is obtained by way of bypass data monitoring
Message.
Obtained from by different web agent unlike the first request message sent to server, bypass data is monitored usual
It is the progress bypass data monitoring at router.
The first request message for obtaining and being sent to server can be realized by above-mentioned several possible implementations.
Embodiment five
In the various embodiments described above, the first request message and the second request message are hypertext transfer protocol
(HyperText Transfer Protocol, referred to as:HTTP) message.
Fig. 5 is the structure diagram of one embodiment of the application Hole Detection device, and the device of the present embodiment includes:Obtain mould
Block 501, format conversion module 502, processing module 503, sending module 504 and receiving module 505, wherein, acquisition module 501 is used
In obtaining the first request message to server transmission, the field of JSON forms is included in the first request message;Format conversion mould
Block 502 is used for the field that the field of JSON forms is converted into uniform resource position mark URL form;Processing module 503 is used for
Addition test load in the field of URL format;Format conversion module 502 is additionally operable to that the URL format after testing load will be added
Field is converted into JSON forms, generates the second request message;Sending module 504 is used to send the second request message to server;
Receiving module 505 is used for the first response message for the first request message for receiving server transmission;And receive server hair
The second response message for the second request message sent;Processing module 503 is additionally operable to according to first response message, described
Second response message and loophole judge preset rules, obtain Hole Detection as a result, obtaining Hole Detection result.
Wherein, processing module 503 is specifically used for by second response message compared with first response message,
And judge preset rules with reference to the loophole, obtain Hole Detection result.
The device of the present embodiment, the corresponding technical solution that can be used for performing method shown in embodiment one or embodiment two,
Its implementing principle and technical effect is similar, and details are not described herein again.
Alternatively, in the embodiment shown in fig. 5, acquisition module 501 is specifically used for obtaining from the daily record of server to clothes
The first request message that business device is sent.
Alternatively, in the embodiment shown in fig. 5, acquisition module 501 is specifically used for obtaining to server by web proxy and sends out
The first request message sent;Sending module 504 is specifically used for control web proxy and disappears to server transmission first request
Breath, and send the second request message to server.
Alternatively, in the embodiment shown in fig. 5, acquisition module 501 is specifically used for obtaining by way of bypass data monitoring
It is orientated the first request message that server is sent.
The device of the present embodiment, the corresponding technical solution that can be used for performing method shown in example IV, its realization principle
Similar with technique effect, details are not described herein again.
In the embodiment shown in fig. 5, processing module 503 is additionally operable to add format conversion mark in the first request message;
Processing module 503 is additionally operable to determine to identify comprising format conversion in the first request message.
The device of the present embodiment, the corresponding technical solution that can be used for performing method shown in embodiment three, its realization principle
Similar with technique effect, details are not described herein again.
In the embodiment shown in fig. 5, the first request message and the second request message are that hypertext transfer protocol HTTP disappears
Breath.
The device of the present embodiment, the corresponding technical solution that can be used for performing method shown in embodiment five, its realization principle
Similar with technique effect, details are not described herein again.
Fig. 6 is the structure diagram of another embodiment of the application Hole Detection device, and the device of the present embodiment includes:Processing
Device 601, transmission interface 602 and receiving interface 603, wherein, transmission interface 602 and receiving interface 603 are coupled to processor 601,
Processor 601 is used to obtain the first request message sent to server, and the field of JSON forms is included in the first request message;
Processor 601 is additionally operable to the field of JSON forms being converted into the field of uniform resource position mark URL form;Processor 601 is also
For the addition test load in the field of URL format;Processor 601 is additionally operable to that the URL format after testing load will be added
Field is converted into JSON forms, generates the second request message;602 transmission interface of transmission interface is coupled to processor, transmission interface,
For sending the second request message to server;603 receiving interface of receiving interface is coupled to processor, and receiving interface 603 is used for
The first response message for first request message that the server is sent is received, and receives being directed to for server transmission
Second response message of the second request message;Processor 601 be additionally operable to according to the first response message, second response message with
And loophole judges preset rules, Hole Detection result is obtained.
Wherein, processor 601 is specifically used for by second response message compared with first response message, and
Judge preset rules with reference to the loophole, obtain Hole Detection result.
The device of the present embodiment, the corresponding technical solution that can be used for performing method shown in embodiment one or embodiment two,
Its implementing principle and technical effect is similar, and details are not described herein again.
Alternatively, in the embodiment shown in fig. 6, processor 601 is specifically used for obtaining from the daily record of server to service
The first request message that device is sent.
Alternatively, in the embodiment shown in fig. 6, processor 601 is specifically used for obtaining to server by web proxy and sends
The first request message;Transmission interface 602 is specifically used for controlling the web proxy to send the second request message to server.
Alternatively, in the embodiment shown in fig. 6, processor 601 is specifically used for obtaining by way of bypass data monitoring
The first request message sent to server.
The device of the present embodiment, the corresponding technical solution that can be used for performing method shown in example IV, its realization principle
Similar with technique effect, details are not described herein again.
In the embodiment shown in fig. 6, processor 601 is additionally operable to add format conversion mark in the first request message;Place
Reason device 601 is additionally operable to determine to identify comprising format conversion in the first request message.
The device of the present embodiment, the corresponding technical solution that can be used for performing method shown in embodiment three, its realization principle
Similar with technique effect, details are not described herein again.
The application may also provide a kind of processor readable storage medium, and have program stored therein instruction in the readable storage medium storing program for executing,
The programmed instruction is used to make processor 601 perform all steps in the leak detection method in above-described embodiment one to example IV
Or part steps.Above-mentioned readable storage medium storing program for executing can be by any kind of volatibility or non-volatile memory device or they
Combination realize, as static RAM (SRAM), electrically erasable programmable read-only memory (EEPROM) are erasable
Programmable read only memory (EPROM), programmable read only memory (PROM), read-only storage (ROM), magnetic memory, quick flashing
Memory, disk or CD.
Finally it should be noted that:Various embodiments above is only to illustrate the technical solution of the application, rather than its limitations;To the greatest extent
Pipe is described in detail the application with reference to foregoing embodiments, it will be understood by those of ordinary skill in the art that:Its according to
Can so modify to the technical solution described in foregoing embodiments, either to which part or all technical characteristic into
Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from each embodiment technology of the application
The scope of scheme.
Claims (20)
- A kind of 1. leak detection method, it is characterised in that including:The first request message sent to server is obtained, the field of JSON forms is included in first request message;The field of the JSON forms is converted into the field of uniform resource position mark URL form;The addition test load in the field of the URL format;The field for adding the URL format after testing load is converted into JSON forms, generates the second request message;Second request message is sent to the server;Receive the first response message for first request message that the server is sent;Receive the second response message for second request message that the server is sent;Preset rules are judged according to first response message, second response message and loophole, obtain Hole Detection knot Fruit.
- 2. according to the method described in claim 1, it is characterized in that, first request message and second request message are equal For hypertext transfer protocol HTTP message.
- 3. according to the method described in claim 1, it is characterized in that, it is described obtain to server send the first request message, Including:The first request message sent to server is obtained from the daily record of the server.
- 4. according to the method described in claim 1, it is characterized in that, it is described obtain to server send the first request message, Including:The first request message sent to server is obtained by web proxy;It is described to send second request message to the server, including:Second request message is sent to the server by the web proxy.
- 5. according to the method described in claim 1, it is characterized in that, it is described obtain to server send the first request message, Including:The first request message sent to server is obtained by way of bypass data monitoring.
- 6. according to claim 1-5 any one of them methods, it is characterised in that the field by the JSON forms converts After field for uniform resource position mark URL form, further include:Format conversion mark is added in first request message;It is described that the field for adding the URL format after testing load is converted into JSON forms, before generating the second request message, also Including:Determine to identify comprising the format conversion in first request message.
- 7. according to the method described in claim 1, it is characterized in that, described disappear according to the first of second request message the response Breath, second response message and loophole judge preset rules obtain Hole Detection as a result, including:By second response message compared with first response message, and judge preset rules with reference to the loophole, Obtain Hole Detection result.
- A kind of 8. Hole Detection device, it is characterised in that including:Acquisition module, for obtaining the first request message sent to server, JSON lattice are included in first request message The field of formula;Format conversion module, for the field of the JSON forms to be converted into the field of uniform resource position mark URL form;Processing module, for the addition test load in the field of the URL format;The format conversion module, is additionally operable to the field for adding the URL format after testing load being converted into JSON forms, generates Second request message;Sending module, is additionally operable to send second request message to the server;Receiving module, the first response message for first request message sent for receiving the server;The receiving module, the second response for second request message for being additionally operable to receive the server transmission disappear Breath;The processing module, is additionally operable to be judged according to first response message, second response message and loophole default Rule, obtains Hole Detection result.
- 9. device according to claim 8, it is characterised in that first request message and second request message are equal For hypertext transfer protocol HTTP message.
- 10. device according to claim 8, it is characterised in that the acquisition module is specifically used for from the server The first request message sent to server is obtained in daily record.
- 11. device according to claim 8, it is characterised in that the acquisition module is specifically used for obtaining by web proxy The first request message sent to server;The sending module is specifically used for control web proxy and sends institute to the server State the second request message.
- 12. device according to claim 8, it is characterised in that the acquisition module is specifically used for supervising by bypass data The mode listened obtains the first request message sent to server.
- 13. according to claim 8-12 any one of them devices, it is characterised in that the processing module is additionally operable to described Format conversion mark is added in one request message;The processing module is additionally operable to determine to identify comprising the format conversion in first request message.
- 14. device according to claim 8, it is characterised in that the processing module is specifically used for responding described second Message judges preset rules compared with first response message, and with reference to the loophole, obtains Hole Detection result.
- A kind of 15. Hole Detection device, it is characterised in that including:Processor, for obtaining the first request message sent to server, JSON forms are included in first request message Field;The processor, is additionally operable to the field of the JSON forms being converted into the field of uniform resource position mark URL form;The processor, is additionally operable to the addition test load in the field of the URL format;The processor, is additionally operable to the field for adding the URL format after testing load being converted into JSON forms, generation second please Seek message;Transmission interface, the transmission interface are coupled to the processor, the transmission interface, for sending institute to the server State the second request message;Receiving interface, the receiving interface are coupled to the processor, and the receiving interface, sends for receiving the server The first response message for first request message, and receive that the server sends disappears for the described second request Second response message of breath;The processor, is additionally operable to judge default rule according to first response message, second response message and loophole Then, Hole Detection result is obtained.
- 16. device according to claim 15, it is characterised in that the processor is specifically used for the day from the server The first request message sent to server is obtained in will.
- 17. device according to claim 15, it is characterised in that the processor is specifically used for obtaining by web proxy The first request message sent to server;The transmission interface is specifically used for controlling the web proxy to send second request message to the server.
- 18. device according to claim 15, it is characterised in that the processor is specifically used for monitoring by bypass data Mode obtain to server send the first request message.
- 19. according to claim 15-18 any one of them devices, it is characterised in that the processor is additionally operable to described Format conversion mark is added in one request message;The processor is additionally operable to determine to identify comprising the format conversion in first request message.
- 20. device according to claim 15, it is characterised in that the processor is specifically used for disappearing the described second response Breath judges preset rules compared with first response message, and with reference to the loophole, obtains Hole Detection result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610890539.8A CN107948120B (en) | 2016-10-12 | 2016-10-12 | Vulnerability detection method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610890539.8A CN107948120B (en) | 2016-10-12 | 2016-10-12 | Vulnerability detection method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107948120A true CN107948120A (en) | 2018-04-20 |
CN107948120B CN107948120B (en) | 2020-11-24 |
Family
ID=61928285
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610890539.8A Active CN107948120B (en) | 2016-10-12 | 2016-10-12 | Vulnerability detection method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107948120B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109446819A (en) * | 2018-10-30 | 2019-03-08 | 北京知道创宇信息技术有限公司 | It goes beyond one's commission leak detection method and device |
CN109740355A (en) * | 2019-01-03 | 2019-05-10 | 深圳前海微众银行股份有限公司 | Vulnerability scanning method, server, system and proxy server |
CN109981653A (en) * | 2019-03-28 | 2019-07-05 | 上海中通吉网络技术有限公司 | A kind of web vulnerability scanning method |
CN110401634A (en) * | 2019-06-24 | 2019-11-01 | 北京墨云科技有限公司 | A kind of web application hole detection regulation engine implementation method and terminal |
CN110460612A (en) * | 2019-08-15 | 2019-11-15 | 中国平安财产保险股份有限公司 | Safety detecting method, equipment, storage medium and device |
CN110881043A (en) * | 2019-11-29 | 2020-03-13 | 杭州迪普科技股份有限公司 | Method and device for detecting web server vulnerability |
CN110995684A (en) * | 2019-11-26 | 2020-04-10 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
CN114640530A (en) * | 2022-03-24 | 2022-06-17 | 深信服科技股份有限公司 | Data leakage detection method and device, electronic equipment and readable storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217546A (en) * | 2008-01-18 | 2008-07-09 | 东南大学 | A realization method of high efficiency and secured protocol detecting system to deny the service attacking |
CN101459548A (en) * | 2007-12-14 | 2009-06-17 | 北京启明星辰信息技术股份有限公司 | Script injection attack detection method and system |
CN101471818A (en) * | 2007-12-24 | 2009-07-01 | 北京启明星辰信息技术股份有限公司 | Detection method and system for malevolence injection script web page |
CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
CN102468985A (en) * | 2010-11-01 | 2012-05-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for carrying out penetration test on network safety equipment |
CN102508674A (en) * | 2011-12-02 | 2012-06-20 | 方正国际软件有限公司 | Method based on JSON (javascript serialized object notation) for passing object-oriented parameters and system |
CN103678113A (en) * | 2012-09-04 | 2014-03-26 | 国际商业机器公司 | Self-testing of computer software application, method and system thereof |
CN105049440A (en) * | 2015-08-06 | 2015-11-11 | 福建天晴数码有限公司 | Method and system for detecting cross-site scripting attack injection |
-
2016
- 2016-10-12 CN CN201610890539.8A patent/CN107948120B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101459548A (en) * | 2007-12-14 | 2009-06-17 | 北京启明星辰信息技术股份有限公司 | Script injection attack detection method and system |
CN101471818A (en) * | 2007-12-24 | 2009-07-01 | 北京启明星辰信息技术股份有限公司 | Detection method and system for malevolence injection script web page |
CN101217546A (en) * | 2008-01-18 | 2008-07-09 | 东南大学 | A realization method of high efficiency and secured protocol detecting system to deny the service attacking |
CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
CN102468985A (en) * | 2010-11-01 | 2012-05-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for carrying out penetration test on network safety equipment |
CN102508674A (en) * | 2011-12-02 | 2012-06-20 | 方正国际软件有限公司 | Method based on JSON (javascript serialized object notation) for passing object-oriented parameters and system |
CN103678113A (en) * | 2012-09-04 | 2014-03-26 | 国际商业机器公司 | Self-testing of computer software application, method and system thereof |
CN105049440A (en) * | 2015-08-06 | 2015-11-11 | 福建天晴数码有限公司 | Method and system for detecting cross-site scripting attack injection |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109446819B (en) * | 2018-10-30 | 2020-12-22 | 北京知道创宇信息技术股份有限公司 | Unauthorized vulnerability detection method and device |
CN109446819A (en) * | 2018-10-30 | 2019-03-08 | 北京知道创宇信息技术有限公司 | It goes beyond one's commission leak detection method and device |
CN109740355A (en) * | 2019-01-03 | 2019-05-10 | 深圳前海微众银行股份有限公司 | Vulnerability scanning method, server, system and proxy server |
CN109981653A (en) * | 2019-03-28 | 2019-07-05 | 上海中通吉网络技术有限公司 | A kind of web vulnerability scanning method |
CN109981653B (en) * | 2019-03-28 | 2021-07-23 | 上海中通吉网络技术有限公司 | Web vulnerability scanning method |
CN110401634A (en) * | 2019-06-24 | 2019-11-01 | 北京墨云科技有限公司 | A kind of web application hole detection regulation engine implementation method and terminal |
CN110460612B (en) * | 2019-08-15 | 2022-05-20 | 中国平安财产保险股份有限公司 | Security test method, device, storage medium and apparatus |
CN110460612A (en) * | 2019-08-15 | 2019-11-15 | 中国平安财产保险股份有限公司 | Safety detecting method, equipment, storage medium and device |
CN110995684A (en) * | 2019-11-26 | 2020-04-10 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
CN110995684B (en) * | 2019-11-26 | 2022-06-28 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
CN110881043A (en) * | 2019-11-29 | 2020-03-13 | 杭州迪普科技股份有限公司 | Method and device for detecting web server vulnerability |
CN110881043B (en) * | 2019-11-29 | 2022-07-01 | 杭州迪普科技股份有限公司 | Method and device for detecting web server vulnerability |
CN114640530A (en) * | 2022-03-24 | 2022-06-17 | 深信服科技股份有限公司 | Data leakage detection method and device, electronic equipment and readable storage medium |
CN114640530B (en) * | 2022-03-24 | 2023-12-29 | 深信服科技股份有限公司 | Data leakage detection method and device, electronic equipment and readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107948120B (en) | 2020-11-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107948120A (en) | leak detection method and device | |
US10528454B1 (en) | Intelligent automation of computer software testing log aggregation, analysis, and error remediation | |
CN105099811B (en) | Interface testing method and device | |
US10146676B1 (en) | Multi-version regression tester for source code | |
CN101483514B (en) | Evaluation method for WEB application | |
CN104573520B (en) | The method and apparatus for detecting resident formula cross site scripting loophole | |
CN110083391A (en) | Call request monitoring method, device, equipment and storage medium | |
CN104579830B (en) | service monitoring method and device | |
CN104834588B (en) | The method and apparatus for detecting resident formula cross site scripting loophole | |
JP2007241906A (en) | Web application vulnerability dynamic inspection method and system | |
CN111106983B (en) | Method and device for detecting network connectivity | |
CN103581185A (en) | Cloud searching and killing method, device and system for resisting anti-antivirus test | |
CN106897207A (en) | Ui testing method and apparatus | |
CN104182681B (en) | Hook-based iOS (iPhone operating system) key behavior detection device and detection method thereof | |
Chen et al. | Automatic root cause analysis via large language models for cloud incidents | |
CN108256322A (en) | Safety detecting method, device, computer equipment and storage medium | |
CN112385196A (en) | System and method for reporting computer security incidents | |
US11373004B2 (en) | Report comprising a masked value | |
WO2023144272A1 (en) | Deriving proxy stability without network inspection | |
CN105515909A (en) | Data collection test method and device | |
CN115104336A (en) | Tracking and publishing data for generating analytics | |
CN103577326B (en) | DEBUG method and device | |
US10242199B2 (en) | Application test using attack suggestions | |
Shi et al. | Analysis of web security comprehensive evaluation tools | |
CN111125066B (en) | Method and device for detecting functions of database auditing equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |