CN110555179A - Dynamic website script evidence obtaining method, terminal equipment and storage medium - Google Patents
Dynamic website script evidence obtaining method, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN110555179A CN110555179A CN201910835016.7A CN201910835016A CN110555179A CN 110555179 A CN110555179 A CN 110555179A CN 201910835016 A CN201910835016 A CN 201910835016A CN 110555179 A CN110555179 A CN 110555179A
- Authority
- CN
- China
- Prior art keywords
- webpage
- interface
- page
- calling
- script
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
- G06F16/972—Access to data in other repository systems, e.g. legacy data or dynamic Web page generation
Abstract
The invention relates to a dynamic website script evidence obtaining method, terminal equipment and a storage medium, wherein the method comprises the following steps: starting a browser and connecting the development tool protocol interface address of each webpage; setting a page cookie; newly creating a blank page; starting a page notification function; starting network tracking and network event distribution functions; opening a webpage to be proved; after the webpage is loaded, calling an interface to execute a javascript script to enable the webpage to roll to the bottom, and loading all webpage resources; tracking the webpage resource loading progress through an interface, and storing the webpage after the webpage resource is completely loaded; saving all resource files of the webpage; saving the whole webpage into a picture; and judging whether a next page exists or not, if not, ending, and if so, clicking a next page button to enter the next page. The invention obtains the page screenshot by calling the interface and the script and simulating the browser, thereby achieving the method for obtaining the evidence of the target website.
Description
Technical Field
the invention relates to the field of website forensics, in particular to a dynamic website script forensics method, terminal equipment and a storage medium.
background
With the rapid development of internet application technology, the internet is filled with various harmful information, including intellectual property right infringement, pornography, gambling and other related information, and how to obtain evidence of the internet information is the difficulty of computer crime evidence obtaining. The internet evidence obtaining is obviously different from the traditional computer evidence obtaining, and the traditional computer evidence obtaining mainly deducts computers and related media related to crimes and analyzes related data to obtain the process of related evidence. However, with the development of cloud computing technology, servers, media and the like of the related websites are related cloud hosts, and evidence obtaining cannot be performed in a manner of obtaining an entity machine, so that evidence is easily lost, the evidence obtaining difficulty is caused, and how to quickly obtain the evidence in an internet manner is a problem to be mainly solved.
At present, a method for obtaining evidence of a remote website mainly obtains a page, a server port and a page source code of a target website in a mode of simulating browser access, captures a corresponding page, calculates and obtains a hash value of the page to ensure the originality of the evidence, and performs computer operation video recording on the whole evidence obtaining process to ensure the legal compliance of the evidence.
however, the forensics method is more suitable for static pages or some dynamically loaded pages, wherein the method for obtaining forensics of screenshots of a large number of types of pages cannot be carried out, for example, the URLs of some website pages are the same, but the jump of the pages is controlled by a script mode, so that when the screenshot of the page is obtained through the URL, only the first page can be obtained, other hidden pages cannot be obtained, and the problem needs to be solved through related technical means.
Disclosure of Invention
In order to solve the above problems, the present invention provides a dynamic website script forensics method, a terminal device and a storage medium.
The specific scheme is as follows:
A dynamic website script forensics method comprises the following steps:
S1: starting a browser and acquiring a development tool protocol interface address of each webpage in the browser;
s2: connecting the interface address, and establishing a message receiving and sending channel between the application program and the browser;
S3: calling an interface to set page cookies to realize the website login effect;
S4: newly creating a blank page;
S5: calling an interface to start a page notification function;
s6: calling an interface to start a network tracking and network event distribution function;
S7: calling an interface to open a webpage to be forensics;
s8: after the webpage is loaded, calling an interface to execute a javascript script to enable the webpage to roll to the bottom, and loading all webpage resources;
s9: tracking the webpage resource loading progress through an interface, and storing the webpage after the webpage resource is completely loaded;
s10: calling an interface to store all resource files of the webpage;
S11: calling an interface to store the whole webpage into a picture;
S12: calling the interface to execute javascript script detection to judge whether a next page exists, if not, ending, and if so, entering S13;
S13: the interface is called to execute javascript to click the next page button to enter the next page, returning to S8.
Further, the browser is a chrome browser, is started through a chrome, exe-remote-debug-port, and acquires the development tool protocol interface address of each webpage through http:// localhost: 9000.
Further, all resource files of the web page include page files, pictures, JavaScript script files, and fonts.
further, in step S12, it is detected whether there is a javascript script of the next page as follows:
Further, the javascript script for the next page entered in step S13 is as follows:
a dynamic website script forensics terminal device comprises a processor, a memory and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the method of the embodiment of the invention.
a computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to an embodiment of the invention as described above.
According to the technical scheme, the real link of the dynamic website is obtained by calling each interface and the execution script in the development tool protocol so as to obtain the real page, and then the page screenshot is obtained in a browser simulation mode so as to achieve the purpose of obtaining evidence of the target website.
drawings
fig. 1 is a flowchart illustrating a first embodiment of the present invention.
Detailed Description
to further illustrate the various embodiments, the invention provides the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the embodiments. Those skilled in the art will appreciate still other possible embodiments and advantages of the present invention with reference to these figures.
The invention will now be further described with reference to the accompanying drawings and detailed description.
The first embodiment is as follows:
The embodiment of the invention provides a dynamic website script evidence obtaining method, which is described by taking a Chrome browser as an example and also comprises a browser of a Chrome browser kernel, and the method can be applied to other browsers, and the browsers which support the calling operation of a development tool protocol interface of a webpage can be realized by adopting similar methods, such as a 360 browser, a QQ browser and the like.
as shown in fig. 1, the method comprises the steps of:
Step 1, a Chrome browser provides a remote debugging interface parameter (-remote-debug-port) and a development tool protocol support, a development tool protocol interface address of each webpage can be obtained through http:// localhost after the Chrome browser is started by using the Chrome, exe-remote-debug-port 9000, sending and receiving of Chrome messages can be realized after the protocol interface addresses are connected by using websockets, calling of an interface is realized by sending a message in a JSON format to the Chrome browser, wherein a metal field designates an interface name to be called, a params field transmits a parameter for calling the interface, and JSON contents are as follows:
{"method":"Network.setCookies","params":{"cookies":[]}}
And 2, calling a network.
Step 3, calling http:// localhost:9000/json/new to newly create a blank page.
and 4, calling a Page enable interface to start a page notification function.
and 5, calling a network.
And 6, calling a page.
And 7, after the loading of the main frame of the webpage is finished, executing a javascript script through a runtime.
The JS script content of the scrolling page is as follows: scrollto (0,1024).
and 8, tracking the loading progress of the webpage resources through a network.
And 9, calling a network. getresponsebody interface to store all resource files of the webpage, including page files, pictures, JavaScript script files, fonts and the like.
and step 10, calling a page.
And 11, calling a Runtime. evaluation interface to execute a javascript script to detect whether a next page exists, if not, ending, and if so, entering the step 12.
In this embodiment, whether the javascript script of the next page exists is detected as follows:
And step 12, calling a runtime and update interface to execute a javascript script to click a next page button to turn pages and jumping to the step 7 when a next page is detected.
in this embodiment, the javascript script for the next page is as follows:
The embodiment of the invention discloses a method for obtaining evidence of a target website by obtaining a real link of a dynamic website by calling each interface and an execution script in a development tool protocol to obtain a real page and then obtaining a page screenshot in a browser simulation mode.
Example two:
the invention also provides dynamic website script forensics terminal equipment which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the method embodiment of the first embodiment of the invention.
further, as an executable scheme, the dynamic website script forensics terminal device may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The dynamic website script forensics terminal device can include, but is not limited to, a processor and a memory. It is understood by those skilled in the art that the above-mentioned composition structure of the dynamic website script forensics terminal device is only an example of the dynamic website script forensics terminal device, and does not constitute a limitation on the dynamic website script forensics terminal device, and may include more or less components than the above, or combine some components, or different components, for example, the dynamic website script forensics terminal device may further include an input/output device, a network access device, a bus, and the like, which is not limited in this embodiment of the present invention.
Further, as an executable solution, the processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, and the like. The general processor may be a microprocessor or the processor may be any conventional processor, and the processor is a control center of the dynamic website script forensics terminal device, and various interfaces and lines are used to connect various parts of the entire dynamic website script forensics terminal device.
the memory can be used for storing the computer program and/or the module, and the processor realizes various functions of the dynamic website script forensics terminal equipment by running or executing the computer program and/or the module stored in the memory and calling data stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system and an application program required by at least one function; the storage data area may store data created according to the use of the mobile phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The invention also provides a computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned method of an embodiment of the invention.
The module/unit integrated by the dynamic website script evidence-obtaining terminal device can be stored in a computer readable storage medium if the module/unit is realized in the form of a software functional unit and sold or used as an independent product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-only Memory (ROM ), Random Access Memory (RAM), software distribution medium, and the like.
while the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (7)
1. A dynamic website script forensics method is characterized by comprising the following steps:
S1: starting a browser and acquiring a development tool protocol interface address of each webpage in the browser;
S2: connecting the interface address, and establishing a message receiving and sending channel between the application program and the browser;
S3: calling an interface to set page cookies to realize the website login effect;
S4: newly creating a blank page;
s5: calling an interface to start a page notification function;
s6: calling an interface to start a network tracking and network event distribution function;
S7: calling an interface to open a webpage to be forensics;
S8: after the webpage is loaded, calling an interface to execute a javascript script to enable the webpage to roll to the bottom, and loading all webpage resources;
S9: tracking the webpage resource loading progress through an interface, and storing the webpage after the webpage resource is completely loaded;
s10: calling an interface to store all resource files of the webpage;
s11: calling an interface to store the whole webpage into a picture;
s12: calling the interface to execute javascript script detection to judge whether a next page exists, if not, ending, and if so, entering S13;
S13: the interface is called to execute javascript to click the next page button to enter the next page, returning to S8.
2. The dynamic website scripting forensics method of claim 1, wherein: the browser is a chrome browser, is started through a chrome, exe-remote-debug-port and 9000, and acquires the development tool protocol interface address of each webpage through http:// localhost:// 9000.
3. The dynamic website scripting forensics method of claim 1, wherein: all resource files of the web page include page files, pictures, JavaScript files and fonts.
4. The dynamic website scripting forensics method of claim 1, wherein: in step S12, it is detected whether there is a javascript script of the next page as follows:
5. the dynamic website scripting forensics method of claim 1, wherein: the javascript script for the next page entered in step S13 is as follows:
6. A dynamic website script evidence obtaining terminal device is characterized in that: comprising a processor, a memory and a computer program stored in the memory and running on the processor, the processor implementing the steps of the method according to any of claims 1 to 5 when executing the computer program.
7. a computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910835016.7A CN110555179A (en) | 2019-09-05 | 2019-09-05 | Dynamic website script evidence obtaining method, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910835016.7A CN110555179A (en) | 2019-09-05 | 2019-09-05 | Dynamic website script evidence obtaining method, terminal equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110555179A true CN110555179A (en) | 2019-12-10 |
Family
ID=68739044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910835016.7A Pending CN110555179A (en) | 2019-09-05 | 2019-09-05 | Dynamic website script evidence obtaining method, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110555179A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111881384A (en) * | 2020-07-02 | 2020-11-03 | 北京华赛在线科技有限公司 | Illegal external connection evidence obtaining method, system and storage medium |
| CN112241502A (en) * | 2020-10-16 | 2021-01-19 | 北京字节跳动网络技术有限公司 | Page loading detection method and device |
| CN113805984A (en) * | 2021-08-05 | 2021-12-17 | 厦门市美亚柏科信息股份有限公司 | Dynamic webpage screenshot method, terminal equipment and storage medium |
| CN114257408A (en) * | 2021-11-18 | 2022-03-29 | 珠海金智维信息科技有限公司 | Network space data acquisition method, system and medium |
| CN115982499A (en) * | 2022-12-27 | 2023-04-18 | 中国电子产业工程有限公司 | Page storage method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103473245A (en) * | 2012-06-08 | 2013-12-25 | 金峰顺泰知识产权有限公司 | Webpage evidence saving method and system |
| US20140283084A1 (en) * | 2013-03-12 | 2014-09-18 | Wins Technet Co., Ltd | Automatic malignant code collecting system |
| CN104199962A (en) * | 2014-09-19 | 2014-12-10 | 合肥工业大学 | Trusted webpage forensics system and trusted webpage forensics method based on three-layer trusted webpage forensic model |
| KR101485128B1 (en) * | 2013-09-27 | 2015-01-28 | 김병호 | Method and system for collecting evidence of unlawfulness literary works |
| CN107943997A (en) * | 2017-12-05 | 2018-04-20 | 厦门市美亚柏科信息股份有限公司 | A kind of remote website evidence collecting method, terminal device and storage medium based on Google's browser |
-
2019
- 2019-09-05 CN CN201910835016.7A patent/CN110555179A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103473245A (en) * | 2012-06-08 | 2013-12-25 | 金峰顺泰知识产权有限公司 | Webpage evidence saving method and system |
| US20140283084A1 (en) * | 2013-03-12 | 2014-09-18 | Wins Technet Co., Ltd | Automatic malignant code collecting system |
| KR101485128B1 (en) * | 2013-09-27 | 2015-01-28 | 김병호 | Method and system for collecting evidence of unlawfulness literary works |
| CN104199962A (en) * | 2014-09-19 | 2014-12-10 | 合肥工业大学 | Trusted webpage forensics system and trusted webpage forensics method based on three-layer trusted webpage forensic model |
| CN107943997A (en) * | 2017-12-05 | 2018-04-20 | 厦门市美亚柏科信息股份有限公司 | A kind of remote website evidence collecting method, terminal device and storage medium based on Google's browser |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111881384A (en) * | 2020-07-02 | 2020-11-03 | 北京华赛在线科技有限公司 | Illegal external connection evidence obtaining method, system and storage medium |
| CN111881384B (en) * | 2020-07-02 | 2023-05-26 | 北京华赛在线科技有限公司 | Evidence obtaining method, system and storage medium for illegal external connection |
| CN112241502A (en) * | 2020-10-16 | 2021-01-19 | 北京字节跳动网络技术有限公司 | Page loading detection method and device |
| CN113805984A (en) * | 2021-08-05 | 2021-12-17 | 厦门市美亚柏科信息股份有限公司 | Dynamic webpage screenshot method, terminal equipment and storage medium |
| CN113805984B (en) * | 2021-08-05 | 2024-02-06 | 厦门市美亚柏科信息股份有限公司 | Dynamic webpage screenshot method, terminal equipment and storage medium |
| CN114257408A (en) * | 2021-11-18 | 2022-03-29 | 珠海金智维信息科技有限公司 | Network space data acquisition method, system and medium |
| CN115982499A (en) * | 2022-12-27 | 2023-04-18 | 中国电子产业工程有限公司 | Page storage method, device, equipment and storage medium |
| CN115982499B (en) * | 2022-12-27 | 2024-04-05 | 中国电子产业工程有限公司 | Page storage method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110555179A (en) | Dynamic website script evidence obtaining method, terminal equipment and storage medium | |
| JP6214547B2 (en) | Measuring the rendering time of a web page | |
| CN108880921B (en) | Webpage monitoring method and device, storage medium and server | |
| WO2016173200A1 (en) | Malicious website detection method and system | |
| CN107943997B (en) | Remote website evidence obtaining method based on Google browser, terminal device and storage medium | |
| JP5982586B2 (en) | Resource calls for hybrid applications | |
| US10212179B2 (en) | Method and system for checking security of URL for mobile terminal | |
| JP6110950B2 (en) | Web page with on-board hardware functions | |
| US9471701B2 (en) | Methods and systems for secure in-network insertion of web content and web services | |
| CN107291759B (en) | Method and device for processing browser page resources | |
| US20170032494A1 (en) | Methods for displaying a webpage fragment on a desktop and systems for taking a snapshot of webpage fragment for displaying on a desktop | |
| CN112637361B (en) | Page proxy method, device, electronic equipment and storage medium | |
| CN107807934B (en) | Page display method and device and computing equipment | |
| EP3528474B1 (en) | Webpage advertisement anti-shielding methods and content distribution network | |
| EP3306510B1 (en) | Threat detection method and apparatus, and network system | |
| CN111431767A (en) | Multi-browser resource synchronization method and device, computer equipment and storage medium | |
| CN110806913A (en) | Webpage screenshot method, device and equipment | |
| US20140157104A1 (en) | Dynamic sharing and updating of a web page | |
| JP6505849B2 (en) | Generation of element identifier | |
| CN111046308A (en) | Page loading method and device | |
| CN112672187B (en) | Page generation method and device, computer equipment and readable storage medium | |
| CN111444448B (en) | Data processing method, server and system | |
| CN110457632B (en) | Webpage loading processing method and device | |
| CN112800311A (en) | Browser page data acquisition method, terminal device and storage medium | |
| CN112307386A (en) | Information monitoring method, system, electronic device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191210 |