CN110309648A - A kind of web monitor method and terminal - Google Patents
A kind of web monitor method and terminal Download PDFInfo
- Publication number
- CN110309648A CN110309648A CN201810227710.6A CN201810227710A CN110309648A CN 110309648 A CN110309648 A CN 110309648A CN 201810227710 A CN201810227710 A CN 201810227710A CN 110309648 A CN110309648 A CN 110309648A
- Authority
- CN
- China
- Prior art keywords
- webpage
- related information
- path
- file
- screenshot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Abstract
The present invention provides a kind of web monitor method, and method includes: S1: load webpage;S2: the corresponding html file of DOM object on current web page is obtained, html file is stored in preset file;S3: according to html file, the webpage obtained in html file jumps path;S4: jumping path according to webpage, load webpage, carries out screenshot to webpage, and the picture webpage corresponding with webpage after screenshot is jumped path and is associated, obtains related information, saves related information in file;S5: repeating step S2 to S4, until all webpages jump the equal loaded of the corresponding webpage in path;S6: according to preset first related information set, successively judge whether the webpage in related information all in the file jumps the corresponding webpage in path under attack.The present invention can find out webpage under attack in time, solve user's existing safety issue during accessing webpage.
Description
Technical field
The present invention relates to monitoring technology field more particularly to a kind of web monitor methods and terminal.
Background technique
In webpage, there can be the problem of XSS script (cross-sitescripting, XSS, cross site scripting) injection, lead
Cause illegally to be inserted into some advertisements etc and webpage will receive the malicious attack of criminal, and this situation is frequent
Occur when user of service is less at dead of night, the variation at interface alarm or can not be noticeable, Yong Hu in time
Accessing webpage, there are safety issues in the process, and there is no corresponding solutions in the prior art.
Summary of the invention
The technical problems to be solved by the present invention are: the present invention provides a kind of web monitor method and terminal, Neng Gouyou
Effect is monitored webpage, finds out webpage under attack in time, solves user's existing safety during accessing webpage
Property problem.
In order to solve the above-mentioned technical problems, the present invention provides a kind of web monitor methods, comprising the following steps:
S1: load webpage;
S2: the corresponding html file of DOM object on current web page is obtained, and the html file is stored in preset text
In part folder;
S3: according to the html file, the webpage obtained in html file jumps path;
S4: jumping path according to webpage, load webpage, carries out screenshot to the webpage, and by the picture and net after screenshot
The corresponding webpage of page jumps path and is associated, and obtains related information, saves the related information in the file;
S5: repeating step S2 to S4, until all webpages jump the equal loaded of the corresponding webpage in path;
S6: according to preset first related information set, successively judge in related information all in the file
Whether webpage jumps the corresponding webpage in path under attack.
The present invention also provides a kind of web monitor terminal, including memory, processor and storage are on a memory and can
The computer program run on a processor, the processor perform the steps of when executing described program
S1: load webpage;
S2: the corresponding html file of DOM object on current web page is obtained, and the html file is stored in preset text
In part folder;
S3: according to the html file, the webpage obtained in html file jumps path;
S4: jumping path according to webpage, load webpage, carries out screenshot to the webpage, and by the picture and net after screenshot
The corresponding webpage of page jumps path and is associated, and obtains related information, saves the related information in the file;
S5: repeating step S2 to S4, until all webpages jump the equal loaded of the corresponding webpage in path;
S6: according to preset first related information set, successively judge in related information all in the file
Whether webpage jumps the corresponding webpage in path under attack.
The invention has the benefit that
The present invention provides a kind of web monitor method and terminals, and it is corresponding to have loaded DOM object on webpage by acquisition
Html file jumps path according to webpage so that the webpage obtained in html file jumps path, loads corresponding webpage, and
Screenshot is carried out to webpage, the picture after screenshot is jumped into path with corresponding webpage and is associated, related information is obtained;According to pre-
If the first related information set, judge whether the corresponding webpage of related information under attack.The present invention passes through the above method, energy
It is enough that security monitoring is carried out to the corresponding webpages of DOM that can be clicked all under webpage to be detected, especially by related information
Webpage jump the screenshot picture in path He the webpage, compare, can effectively judge with preset first related information set
Whether the webpage is under attack;The present invention can find out webpage under attack in time, solve user in access webpage process
Present in safety issue.
Detailed description of the invention
Fig. 1 is the key step schematic diagram according to a kind of web monitor method of the embodiment of the present invention;
Fig. 2 is the structural schematic diagram according to a kind of web monitor terminal of the embodiment of the present invention;
Label declaration:
1, memory;2, processor.
Specific embodiment
To explain the technical content, the achieved purpose and the effect of the present invention in detail, below in conjunction with embodiment and cooperate attached
Figure is explained in detail.
The technical concept of most critical of the present invention are as follows: the corresponding html file of DOM object on webpage has been loaded by obtaining, from
And it obtains the webpage in html file and jumps path;Path is jumped according to webpage, corresponding webpage is loaded, after webpage capture
Picture jumps path with webpage and is associated, and obtains related information;According to default first related information set, related information is judged
Whether corresponding webpage is under attack.
Name is explained: DOM object (DOM-DocumentObjectModel) is a set of Web standard of W3C international organization.
It defines a set of attribute, method and the event of access html document object.
Fig. 1 is please referred to, the present invention provides a kind of web monitor methods, comprising the following steps:
S1: load webpage;
S2: the corresponding html file of DOM object on current web page is obtained, and the html file is stored in preset text
In part folder;
S3: according to the html file, the webpage obtained in html file jumps path;
S4: jumping path according to webpage, load webpage, carries out screenshot to the webpage, and by the picture and net after screenshot
The corresponding webpage of page jumps path and is associated, and obtains related information, saves the related information in the file;
S5: repeating step S2 to S4, until all webpages jump the equal loaded of the corresponding webpage in path;
S6: according to preset first related information set, successively judge in related information all in the file
Whether webpage jumps the corresponding webpage in path under attack.
As can be seen from the above description, having loaded on webpage DOM pairs by obtaining the present invention provides a kind of web monitor method
As corresponding html file, so that the webpage obtained in html file jumps path, path is jumped according to webpage, is loaded corresponding
Webpage, and screenshot is carried out to webpage, the picture after screenshot is jumped into path with corresponding webpage and is associated, association letter is obtained
Breath;According to preset first related information set, judge whether the corresponding webpage of related information is under attack.The present invention passes through upper
Method is stated, security monitoring can be carried out to the corresponding webpages of DOM that can be clicked all under webpage to be detected, especially by pass
Webpage in connection information jumps the screenshot picture in path He the webpage, compares with preset first related information set, can
Effectively judge whether the webpage is under attack;The present invention can find out webpage under attack in time, solve user and accessing
Existing safety issue during webpage.
Further, the S1 specifically:
Webpage to be monitored is loaded, screenshot is carried out to webpage, the first picture is obtained, by first picture and the webpage
Corresponding webpage jumps path and is associated, and obtains the first related information, stores the first related information in the file.
As can be seen from the above description, by the above method, in addition to that can be clicked to all under webpage to be monitored
The corresponding webpage of DOM object is monitored, additionally it is possible to carry out effective monitoring to webpage to be monitored itself.
Further, the S2 specifically:
Pass through UI tool, the network request of simulation browser;
Obtain the HTML hypertext stream that server is returned according to the network request;
According to HTML hypertext stream, html file is obtained;
The html file is stored in the file.
As can be seen from the above description, can rapidly obtain corresponding html file from webpage by the above method.
Further, the S4 specifically:
Path is jumped according to webpage, loads webpage;
Judge whether the webpage had loaded within a preset time;
If so, thening follow the steps S5;
If it is not, then to the webpage carry out screenshot, and by the picture webpage corresponding with webpage after screenshot jump path into
Row association, obtains related information, saves the related information after preset file, executes step S5.
As can be seen from the above description, can be improved the efficiency of webpage detection by the above method, judge in time webpage whether by
To attack, reduces user and access webpage under attack and bring loss.
It is further, described to judge whether the webpage had loaded within a preset time specifically:
The corresponding html file of webpage currently loaded is calculated, the first html file is obtained;
The cryptographic Hash for calculating first html file, obtains the first cryptographic Hash;
The corresponding cryptographic Hash of all html files in the file is calculated separately, Hash value list is obtained;
Judge in the Hash value list with the presence or absence of first cryptographic Hash, and if it exists, then the webpage is in the time
Inside loaded;Otherwise, which does not load within the time.
Wherein, preset time is that detection starts the time needed for terminating this process to detection, can be according to actually detected feelings
Condition is adjusted;Preferably, preset time is 1 minute.
As can be seen from the above description, effectively can effectively be judged whether webpage has loaded by the above method, improve
The accuracy of Data Detection.
Further, the preset first related information set specifically:
In the case where webpage and corresponding server are not affected by attack condition, step S1 to S5 is executed, and according to institute in file
Some related informations obtain the first related information set.
As can be seen from the above description, by the above method, can accurate judgement webpage it is whether under attack, to remind in time
User.
It is further, described to judge whether webpage is under attack specifically:
S61: according to related information all in file, the second related information set is obtained;Related information includes webpage
Jump the screenshot picture in path and corresponding webpage;
S62: a related information in the second related information set is successively obtained, the first webpage in related information is obtained
Jump path and corresponding first screenshot picture;
S63: judge that the related information in the first related information set jumps path with the presence or absence of first webpage;
S64: if it does not exist, then it is under attack to judge that first webpage jumps the corresponding webpage in path;
S65: if it exists, then obtaining in the first related information set and to jump the corresponding related information in path with the first webpage,
Obtain the second related information;The similarity of the second screenshot picture in the first screenshot picture and second related information is calculated,
The first similarity is obtained, if first similarity is greater than preset similarity threshold, judges that first webpage jumps road
The corresponding webpage of diameter is not under attack;Otherwise, it is under attack to judge that first webpage jumps the corresponding webpage in path;
S66: repeating step S62 to S65, until all related informations in the second related information set are corresponding
Webpage it is whether under attack judgement finish until.
As can be seen from the above description, by the above method, can accurate judgement webpage it is whether under attack, improve data and sentence
Disconnected accuracy.
Referring to figure 2., it the present invention provides a kind of web monitor terminal, including memory 1, processor 2 and is stored in
On reservoir 1 and the computer program that can run on processor 2, the processor 2 perform the steps of when executing described program
S1: load webpage;
S2: the corresponding html file of DOM object on current web page is obtained, and the html file is stored in preset text
In part folder;
S3: according to the html file, the webpage obtained in html file jumps path;
S4: jumping path according to webpage, load webpage, carries out screenshot to the webpage, and by the picture and net after screenshot
The corresponding webpage of page jumps path and is associated, and obtains related information, saves the related information in the file;
S5: repeating step S2 to S4, until all webpages jump the equal loaded of the corresponding webpage in path;
S6: according to preset first related information set, successively judge in related information all in the file
Whether webpage jumps the corresponding webpage in path under attack.
Further, a kind of web monitor terminal, the S1 specifically:
Webpage to be monitored is loaded, screenshot is carried out to webpage, the first picture is obtained, by first picture and the webpage
Corresponding webpage jumps path and is associated, and obtains the first related information, stores the first related information in the file.
Further, a kind of web monitor terminal, the S2 specifically:
Pass through UI tool, the network request of simulation browser;
Obtain the HTML hypertext stream that server is returned according to the network request;
According to HTML hypertext stream, html file is obtained;
The html file is stored in the file.
Further, a kind of web monitor terminal, the S4 specifically:
Path is jumped according to webpage, loads webpage;
Judge whether the webpage had loaded within a preset time;
If so, thening follow the steps S5;
If it is not, then to the webpage carry out screenshot, and by the picture webpage corresponding with webpage after screenshot jump path into
Row association, obtains related information, saves the related information after preset file, executes step S5.
Further, a kind of web monitor terminal, it is described to judge the webpage within a preset time whether
It loaded specifically:
The corresponding html file of webpage currently loaded is calculated, the first html file is obtained;
The cryptographic Hash for calculating first html file, obtains the first cryptographic Hash;
The corresponding cryptographic Hash of all html files in the file is calculated separately, Hash value list is obtained;
Judge in the Hash value list with the presence or absence of first cryptographic Hash, and if it exists, then the webpage is in the time
Inside loaded;Otherwise, which does not load within the time.
Further, a kind of web monitor terminal, the preset first related information set specifically:
In the case where webpage and corresponding server are not affected by attack condition, step S1 to S5 is executed, and according to institute in file
Some related informations obtain the first related information set.
Further, a kind of web monitor terminal, it is described to judge whether webpage is under attack specifically:
S61: according to related information all in file, the second related information set is obtained;Related information includes webpage
Jump the screenshot picture in path and corresponding webpage;
S62: a related information in the second related information set is successively obtained, the first webpage in related information is obtained
Jump path and corresponding first screenshot picture;
S63: judge that the related information in the first related information set jumps path with the presence or absence of first webpage;
S64: if it does not exist, then it is under attack to judge that first webpage jumps the corresponding webpage in path;
S65: if it exists, then obtaining in the first related information set and to jump the corresponding related information in path with the first webpage,
Obtain the second related information;The similarity of the second screenshot picture in the first screenshot picture and second related information is calculated,
The first similarity is obtained, if first similarity is greater than preset similarity threshold, judges that first webpage jumps road
The corresponding webpage of diameter is not under attack;Otherwise, it is under attack to judge that first webpage jumps the corresponding webpage in path;
S66: repeating step S62 to S65, until all related informations in the second related information set are corresponding
Webpage it is whether under attack judgement finish until.
Please refer to Fig. 1, the embodiment of the present invention one are as follows:
The present invention provides a kind of web monitor methods, comprising the following steps:
S1: load webpage;
The S1 specifically:
Webpage to be monitored is loaded, screenshot is carried out to webpage, the first picture is obtained, by first picture and the webpage
Corresponding webpage jumps path and is associated, and obtains the first related information, stores the first related information in the file.
S2: the corresponding html file of DOM object on current web page is obtained, and the html file is stored in preset text
In part folder;
The S2 specifically:
Pass through UI tool, the network request of simulation browser;
Obtain the HTML hypertext stream that server is returned according to the network request;
According to HTML hypertext stream, html file is obtained;
The html file is stored in the file.
Wherein, the HTML hypertext stream is the corresponding binary stream of HTML hypertext.
S3: according to the html file, the webpage obtained in html file jumps path;
S4: jumping path according to webpage, load webpage, carries out screenshot to the webpage, and by the picture and net after screenshot
The corresponding webpage of page jumps path and is associated, and obtains related information, saves the related information in the file;
The S4 specifically:
Path is jumped according to webpage, loads webpage;
Judge whether the webpage had loaded within a preset time;
If so, thening follow the steps S5;
If it is not, then to the webpage carry out screenshot, and by the picture webpage corresponding with webpage after screenshot jump path into
Row association, obtains related information, saves the related information after preset file, executes step S5.
It is wherein, described to judge whether the webpage had loaded within a preset time specifically:
The corresponding html file of webpage currently loaded is calculated, the first html file is obtained;
The cryptographic Hash for calculating first html file, obtains the first cryptographic Hash;
The corresponding cryptographic Hash of all html files in the file is calculated separately, Hash value list is obtained;
Judge in the Hash value list with the presence or absence of first cryptographic Hash, and if it exists, then the webpage is in the time
Inside loaded;Otherwise, which does not load within the time.
S5: repeating step S2 to S4, until all webpages jump the equal loaded of the corresponding webpage in path;
S6: according to preset first related information set, successively judge in related information all in the file
Whether webpage jumps the corresponding webpage in path under attack;
Wherein, the preset first related information set specifically:
In the case where webpage and corresponding server are not affected by attack condition, step S1 to S5 is executed, and according to institute in file
Some related informations obtain the first related information set.
It is wherein, described to judge whether webpage is under attack specifically:
S61: according to related information all in file, the second related information set is obtained;Related information includes webpage
Jump the screenshot picture in path and corresponding webpage;
S62: a related information in the second related information set is successively obtained, the first webpage in related information is obtained
Jump path and corresponding first screenshot picture;
S63: judge that the related information in the first related information set jumps path with the presence or absence of first webpage;
S64: if it does not exist, then it is under attack to judge that first webpage jumps the corresponding webpage in path;
S65: if it exists, then obtaining in the first related information set and to jump the corresponding related information in path with the first webpage,
Obtain the second related information;The similarity of the second screenshot picture in the first screenshot picture and second related information is calculated,
The first similarity is obtained, if first similarity is greater than preset similarity threshold, judges that first webpage jumps road
The corresponding webpage of diameter is not under attack;Otherwise, it is under attack to judge that first webpage jumps the corresponding webpage in path;
S66: repeating step S62 to S65, until all related informations in the second related information set are corresponding
Webpage it is whether under attack judgement finish until.
Referring to figure 2., the embodiment of the present invention two are as follows:
The present invention provides a kind of web monitor terminal, including memory, processor and storage are on a memory and can be
The computer program run on processor, the processor perform the steps of when executing described program
S1: load webpage;
The S1 specifically:
Webpage to be monitored is loaded, screenshot is carried out to webpage, the first picture is obtained, by first picture and the webpage
Corresponding webpage jumps path and is associated, and obtains the first related information, stores the first related information in the file.
S2: the corresponding html file of DOM object on current web page is obtained, and the html file is stored in preset text
In part folder;
The S2 specifically:
Pass through UI tool, the network request of simulation browser;
Obtain the HTML hypertext stream that server is returned according to the network request;
According to HTML hypertext stream, html file is obtained;
The html file is stored in the file.
S3: according to the html file, the webpage obtained in html file jumps path;
S4: jumping path according to webpage, load webpage, carries out screenshot to the webpage, and by the picture and net after screenshot
The corresponding webpage of page jumps path and is associated, and obtains related information, saves the related information in the file;
The S4 specifically:
Path is jumped according to webpage, loads webpage;
Judge whether the webpage had loaded within a preset time;
If so, thening follow the steps S5;
If it is not, then to the webpage carry out screenshot, and by the picture webpage corresponding with webpage after screenshot jump path into
Row association, obtains related information, saves the related information after preset file, executes step S5.
It is wherein, described to judge whether the webpage had loaded within a preset time specifically:
The corresponding html file of webpage currently loaded is calculated, the first html file is obtained;
The cryptographic Hash for calculating first html file, obtains the first cryptographic Hash;
The corresponding cryptographic Hash of all html files in the file is calculated separately, Hash value list is obtained;
Judge in the Hash value list with the presence or absence of first cryptographic Hash, and if it exists, then the webpage is in the time
Inside loaded;Otherwise, which does not load within the time.
S5: repeating step S2 to S4, until all webpages jump the equal loaded of the corresponding webpage in path;
S6: according to preset first related information set, successively judge in related information all in the file
Whether webpage jumps the corresponding webpage in path under attack;
Wherein, the preset first related information set specifically:
In the case where webpage and corresponding server are not affected by attack condition, step S1 to S5 is executed, and according to institute in file
Some related informations obtain the first related information set.
It is wherein, described to judge whether webpage is under attack specifically:
S61: according to related information all in file, the second related information set is obtained;Related information includes webpage
Jump the screenshot picture in path and corresponding webpage;
S62: a related information in the second related information set is successively obtained, the first webpage in related information is obtained
Jump path and corresponding first screenshot picture;
S63: judge that the related information in the first related information set jumps path with the presence or absence of first webpage;
S64: if it does not exist, then it is under attack to judge that first webpage jumps the corresponding webpage in path;
S65: if it exists, then obtaining in the first related information set and to jump the corresponding related information in path with the first webpage,
Obtain the second related information;The similarity of the second screenshot picture in the first screenshot picture and second related information is calculated,
The first similarity is obtained, if first similarity is greater than preset similarity threshold, judges that first webpage jumps road
The corresponding webpage of diameter is not under attack;Otherwise, it is under attack to judge that first webpage jumps the corresponding webpage in path;
S66: repeating step S62 to S65, until all related informations in the second related information set are corresponding
Webpage it is whether under attack judgement finish until.
The embodiment of the present invention three are as follows:
1, preset platform is initialized, obtains the network address for needing to monitor;
2, steps are as follows for execution:
2.1, the website for needing to verify is opened;
2.2, judge whether page load is completed: it is no, wait page load to complete;It is then to jump to 2.3 execution;
2.3, path is jumped using the corresponding webpage of the network address and creates temp directory as title;
2.4, the interface screenshot of webpage webpage corresponding with webpage is jumped path to be associated, obtain related information and incited somebody to action
Related information saving is into temp directory;
2.5, the DOM code of current web page is scanned, obtains html file and (DOM code scanning: is automated by UI
Tool, the network request of simulation browser, by the request, server can return to the hypertext stream of HTML, by this hypertext
Stream is got in memory, and local html file is saved by way of file stream, and storage is in the file.);
2.6, screening is filtered to current DOM code, filters out the control that can be clicked, by the corresponding net of control
Page, which jumps path and is stored in the array of path, to be gone (how to screen and judge to be clicked: reading 2.5 behaviour by way of file stream
Make the html file that generates, convection current carries out reading line by line, pass through by<a>,<button>,<input>deng the support side onclick
The block of the label package of method, i.e., judge ' </ ' character of ending, to the interim array of form of this block key/value
Storage, key indicate line number where control, and value indicates the text of control block;How to get control path: being automated by UI
Tool calls browser to open html file, navigates to corresponding control according to the key/value in interim array, calls the side JS
Method obtains father node, obtains the father node for all storing him with variable every time, repeatedly calls, until the top mark that father node is HTML
Variable, is then stitched together by label, and the character string of splicing is converted into the form of Xpath, saves into file.);
2.7, webpage is taken out from the array of path and jump path, carry out skip operation;
2.8, by the scanning to the page, determine whether the page had already appeared and can not continue to jump behaviour
Make to determine whether recurrence terminates: it is no, then jump to 2.2 execution;It is then to jump to 2.9 execution.(how to judge that the page occurred: logical
It UI automation tools is crossed when to page scan, gets the DOM code and url for changing the page, and saved in 2.5 steps
DOM document code is compared, and instruction page occurred if just the same;It is true by 2.6 identical control sweeping schemes
Determine the control whether page can also be clicked, terminate if it is empty recurrence of then making an inventory, if being not sky, calls click method behaviour
Make control, determines that recurrence terminates if the page exists into next page.);
2.9, judge whether all completed by recurrence in the array of path, it is no, jump to 2.10 execution;It is then to jump to 3 and hold
Row;
2.10, recursive path proposing next need since the array of path carries out skip operation and continues to execute
2.2;
3, judge whether operation is to execute for the first time by catalogue, be then to be stored the file as template, and delete
Except the file in file, all processes of the wheel terminate, and waiting is executed since 1 next time;It is no, then jump to 4 execution.
4, the steps included are as follows:
4.1, it takes out after executing for the first time, stores related information in a template, obtain the first related information set;
4.2, related information is successively taken from the file, as the second related information, and by the second related information
Screenshot picture is compared with the screenshot picture of the corresponding related information in the first related information set (by technology by two
Figure is converted into the picture flow object of two base64, obtains the frame height of each pixel and the color value of RGB in flow object, deposit
In two arrays;Comparison is extracted to the identical position of array, is stored in result with "true" and "false" to record comparison result
In array, it is divided by by taking out the length of number and entire array of "true", obtains similarity.Judge whether similarity is higher than
85%, it is higher than then essentially identical, lower than then not identical, records result.);
4.3, judge whether consistent: it is no, then jump to 4.4 execution;It is to jump to 4.5 execution;
4.4, to screenshot picture, same node point information is not recorded, and is exported the corresponding webpage of screenshot picture and attacked
It hits;
4.5, it exports the corresponding webpage of screenshot picture and is not affected by attack, and judge whether all screenshot pictures have compared
At: it is no, then jump to 4.1 execution;It is then to terminate to jump to 5 execution;
5, integrated results export test report;
6, completion is executed.
In conclusion having loaded on webpage DOM pairs by obtaining the present invention provides a kind of web monitor method and terminal
As corresponding html file, so that the webpage obtained in html file jumps path, path is jumped according to webpage, is loaded corresponding
Webpage, and screenshot is carried out to webpage, the picture after screenshot is jumped into path with corresponding webpage and is associated, association letter is obtained
Breath;According to preset first related information set, judge whether the corresponding webpage of related information is under attack.The present invention passes through upper
Method is stated, security monitoring can be carried out to the corresponding webpages of DOM that can be clicked all under webpage to be detected, especially by pass
Webpage in connection information jumps the screenshot picture in path He the webpage, compares with preset first related information set, can
Effectively judge whether the webpage is under attack;The present invention can find out webpage under attack in time, solve user and accessing
Existing safety issue during webpage.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalents made by bright specification and accompanying drawing content are applied directly or indirectly in other relevant technical fields, similarly
It is included within the scope of the present invention.
Claims (10)
1. a kind of web monitor method, which comprises the following steps:
S1: load webpage;
S2: the corresponding html file of DOM object on current web page is obtained, and the html file is stored in preset file
In;
S3: according to the html file, the webpage obtained in html file jumps path;
S4: jumping path according to webpage, load webpage, carries out screenshot to the webpage, and by the picture and webpage pair after screenshot
The webpage answered jumps path and is associated, and obtains related information, saves the related information in the file;
S5: repeating step S2 to S4, until all webpages jump the equal loaded of the corresponding webpage in path;
S6: according to preset first related information set, successively judge the webpage in related information all in the file
Whether under attack jump the corresponding webpage in path.
2. a kind of web monitor method according to claim 1, which is characterized in that the S1 specifically:
Webpage to be monitored is loaded, screenshot is carried out to webpage, obtains the first picture, first picture is corresponding with the webpage
Webpage jump path and be associated, obtain the first related information, store the first related information in the file.
3. a kind of web monitor method according to claim 1, which is characterized in that the S2 specifically:
Pass through UI tool, the network request of simulation browser;
Obtain the HTML hypertext stream that server is returned according to the network request;
According to HTML hypertext stream, html file is obtained;
The html file is stored in the file.
4. a kind of web monitor method according to claim 1, which is characterized in that the S4 specifically:
Path is jumped according to webpage, loads webpage;
Judge whether the webpage had loaded within a preset time;
If so, thening follow the steps S5;
If it is not, then carrying out screenshot to the webpage, and the picture webpage corresponding with webpage after screenshot is jumped into path and is closed
Connection, obtains related information, saves the related information after preset file, executes step S5.
5. a kind of web monitor method according to claim 4, which is characterized in that the judgement webpage is when default
It is interior whether to have loaded specifically:
The corresponding html file of webpage currently loaded is calculated, the first html file is obtained;
The cryptographic Hash for calculating first html file, obtains the first cryptographic Hash;
The corresponding cryptographic Hash of all html files in the file is calculated separately, Hash value list is obtained;
Judge in the Hash value list with the presence or absence of first cryptographic Hash, and if it exists, then the webpage within the time
It loaded;Otherwise, which does not load within the time.
6. a kind of web monitor method according to claim 1, which is characterized in that the preset first related information collection
It closes specifically:
In the case where webpage and corresponding server are not affected by attack condition, step S1 to S5 is executed, and according to all in file
Related information obtains the first related information set.
7. a kind of web monitor method according to claim 1, which is characterized in that described to judge whether webpage is under attack
Specifically:
S61: according to related information all in file, the second related information set is obtained;Related information includes that webpage jumps
The screenshot picture of path and corresponding webpage;
S62: successively obtaining a related information in the second related information set, and the first webpage obtained in related information jumps
Path and corresponding first screenshot picture;
S63: judge that the related information in the first related information set jumps path with the presence or absence of first webpage;
S64: if it does not exist, then it is under attack to judge that first webpage jumps the corresponding webpage in path;
S65: it if it exists, then obtains in the first related information set and to jump the corresponding related information in path with the first webpage, obtain
Second related information;The similarity for calculating the second screenshot picture in the first screenshot picture and second related information, obtains
First similarity judges that first webpage jumps path pair if first similarity is greater than preset similarity threshold
The webpage answered is not under attack;Otherwise, it is under attack to judge that first webpage jumps the corresponding webpage in path;
S66: repeating step S62 to S65, until the corresponding net of all related informations in the second related information set
Page whether it is under attack judgement finish until.
8. a kind of web monitor terminal, can run on a memory and on a processor including memory, processor and storage
Computer program, which is characterized in that the processor performs the steps of when executing described program
S1: load webpage;
S2: the corresponding html file of DOM object on current web page is obtained, and the html file is stored in preset file
In;
S3: according to the html file, the webpage obtained in html file jumps path;
S4: jumping path according to webpage, load webpage, carries out screenshot to the webpage, and by the picture and webpage pair after screenshot
The webpage answered jumps path and is associated, and obtains related information, saves the related information in the file;
S5: repeating step S2 to S4, until all webpages jump the equal loaded of the corresponding webpage in path;
S6: according to preset first related information set, successively judge the webpage in related information all in the file
Whether under attack jump the corresponding webpage in path.
9. a kind of web monitor terminal according to claim 8, which is characterized in that the S1 specifically:
Webpage to be monitored is loaded, screenshot is carried out to webpage, obtains the first picture, first picture is corresponding with the webpage
Webpage jump path and be associated, obtain the first related information, store the first related information in the file.
10. a kind of web monitor terminal according to claim 9, which is characterized in that the S2 specifically:
Pass through UI tool, the network request of simulation browser;
Obtain the HTML hypertext stream that server is returned according to the network request;
According to HTML hypertext stream, html file is obtained;
The html file is stored in the file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810227710.6A CN110309648A (en) | 2018-03-20 | 2018-03-20 | A kind of web monitor method and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810227710.6A CN110309648A (en) | 2018-03-20 | 2018-03-20 | A kind of web monitor method and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110309648A true CN110309648A (en) | 2019-10-08 |
Family
ID=68073537
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810227710.6A Withdrawn CN110309648A (en) | 2018-03-20 | 2018-03-20 | A kind of web monitor method and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110309648A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110737861A (en) * | 2019-10-24 | 2020-01-31 | 北京锐安科技有限公司 | webpage data processing method, device, equipment and storage medium |
| CN113656000A (en) * | 2021-08-11 | 2021-11-16 | 北京达佳互联信息技术有限公司 | Webpage processing method and device |
| CN113723980A (en) * | 2020-05-26 | 2021-11-30 | 北京达佳互联信息技术有限公司 | Method and device for detecting advertisement landing page, electronic equipment and storage medium |
-
2018
- 2018-03-20 CN CN201810227710.6A patent/CN110309648A/en not_active Withdrawn
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110737861A (en) * | 2019-10-24 | 2020-01-31 | 北京锐安科技有限公司 | webpage data processing method, device, equipment and storage medium |
| CN113723980A (en) * | 2020-05-26 | 2021-11-30 | 北京达佳互联信息技术有限公司 | Method and device for detecting advertisement landing page, electronic equipment and storage medium |
| CN113656000A (en) * | 2021-08-11 | 2021-11-16 | 北京达佳互联信息技术有限公司 | Webpage processing method and device |
| CN113656000B (en) * | 2021-08-11 | 2024-01-09 | 北京达佳互联信息技术有限公司 | Webpage processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106503134B (en) | Browser jumps to the method for data synchronization and device of application program | |
| EP3726410B1 (en) | Interpretation device, interpretation method and interpretation program | |
| CN104049986B (en) | plug-in loading method and device | |
| US8296722B2 (en) | Crawling of object model using transformation graph | |
| US20180041530A1 (en) | Method and system for detecting malicious web addresses | |
| CN105528295B (en) | Mobile applications anomaly detection method and device | |
| CN109376291B (en) | Website fingerprint information scanning method and device based on web crawler | |
| CN110309648A (en) | A kind of web monitor method and terminal | |
| CN101490685A (en) | A method for increasing the security level of a user machine browsing web pages | |
| CN106126747A (en) | Data capture method based on reptile and device | |
| CN108632219B (en) | Website vulnerability detection method, detection server, system and storage medium | |
| CN111552633A (en) | Interface abnormal call testing method and device, computer equipment and storage medium | |
| CN105607799B (en) | Data processing method and device | |
| CN110147327B (en) | Multi-granularity-based web automatic test management method | |
| CN102662840A (en) | Automatic detecting system and method for extension behavior of Firefox browser | |
| CN114528457A (en) | Web fingerprint detection method and related equipment | |
| CN107103243B (en) | Vulnerability detection method and device | |
| CN106845248A (en) | A kind of XSS leak detection methods based on state transition graph | |
| CN107180194B (en) | Method and device for vulnerability detection based on visual analysis system | |
| CN107526833B (en) | URL management method and system | |
| CN103544288A (en) | Browser webpage loading control method and device | |
| CN109240664A (en) | A kind of method and terminal acquiring user behavior information | |
| CN111125704B (en) | Webpage Trojan horse recognition method and system | |
| CN108282478A (en) | A kind of WEB site safeties detection method, device and computer-readable medium | |
| CN107026854A (en) | Validating vulnerability method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20191008 |
|
| WW01 | Invention patent application withdrawn after publication |