CN110704816A - Interface cracking recognition method, device, equipment and storage medium - Google Patents
Interface cracking recognition method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN110704816A CN110704816A CN201910937905.4A CN201910937905A CN110704816A CN 110704816 A CN110704816 A CN 110704816A CN 201910937905 A CN201910937905 A CN 201910937905A CN 110704816 A CN110704816 A CN 110704816A
- Authority
- CN
- China
- Prior art keywords
- information
- preset
- script
- interface
- script information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000005336 cracking Methods 0.000 title claims abstract description 77
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000002159 abnormal effect Effects 0.000 claims abstract description 18
- 238000004458 analytical method Methods 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 7
- 238000000605 extraction Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses an interface cracking recognition method, an interface cracking recognition device, interface cracking equipment and a storage medium, wherein the method comprises the following steps: acquiring script information to be identified of a preset access interface in a target website; analyzing the script information to be identified to obtain target identification information in the script information to be identified; acquiring preset script information, and extracting preset identification information of the preset script information; comparing the target identification information with preset identification information; and determining abnormal script information in the script information to be identified according to the comparison result, thereby realizing the identification of interface cracking. According to the invention, the script information of the interface is provided with the preset identification information, the script information provided with the preset identification information is the normal script information, the obtained script information to be recognized is compared with the preset identification information, and the abnormal script information in the script information to be recognized is obtained according to the comparison result, so that the recognition of the interface cracking is realized.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to an interface cracking identification method, apparatus, device, and storage medium.
Background
CAPTCHA (CAPTCHA) is an inverse turing test that is used for human-machine differentiation, blocking machine interaction requests. The traditional identifying code is a character type, and machine recognition is resisted by deforming, distorting and increasing interference on characters in a picture.
With the continuous development of the technology, various cracking modes, such as interface cracking and the like, appear, wherein interface cracking means that an interface program is used for cracking correct key parameters, so that cracking of verification codes is realized.
The interface cracking reversely restores the front-end script language Javascript, and simultaneously generates verification logic according to the parameters, and the interface cracking does not need to interact with a user interface, so the cracking efficiency is very high.
Disclosure of Invention
The invention mainly aims to provide an interface cracking identification method, an interface cracking identification device, interface cracking equipment and a storage medium, and aims to solve the technical problem of accurately identifying the attack mode of interface cracking.
In order to achieve the above object, the present invention provides an interface cracking identification method, which comprises the following steps:
acquiring script information to be identified of a preset access interface in a target website;
analyzing the script information to be identified to obtain target identification information in the script information to be identified;
acquiring preset script information, and extracting preset identification information of the preset script information;
comparing the target identification information with preset identification information;
and determining abnormal script information in the script information to be identified according to the comparison result, thereby realizing the identification of interface cracking.
Preferably, before obtaining the script information to be identified of the preset access interface in the target website, the method further includes:
calling an active detection tool, and sending a data packet to a system management server through the active detection tool;
receiving feedback information of the system management server, and obtaining system type information through the feedback information;
obtaining operation environment information according to the system type information, and configuring a dynamic honeypot strategy through the operation environment information;
correspondingly, the acquiring script information to be identified of the preset access interface in the target website includes:
and acquiring script information to be identified of a preset access interface in the target website through the dynamic honeypot strategy.
Preferably, the analyzing the script information to be recognized to obtain the target identification information in the script information to be recognized includes:
analyzing the script information to be identified;
when the analysis result is obtained, judging whether the preset storage area has identification bit information or not;
when the identification bit information is stored, obtaining the area information of the target identification information according to the identification bit information;
and obtaining target identification information in the script information to be identified according to the region information.
Preferably, before the obtaining of the preset script information and the extracting of the preset identification information of the preset script information, the method further includes:
acquiring historical script information;
splitting the historical script information into a plurality of lexical unit information, and taking the lexical unit information as reference tree node information;
constructing reference tree structure information according to the composition relation of the reference tree node information;
acquiring a preset confusion rule, and traversing the reference tree structure information according to the preset confusion rule to obtain tree node information to be modified;
modifying the tree node information to be modified through the confusion rule to obtain target tree node information;
replacing the tree node information to be modified according to the target tree node information to obtain target tree structure information;
and obtaining preset script information according to the target tree structure information.
Preferably, the obtaining a preset confusion rule, and traversing the reference tree structure information according to the preset confusion rule to obtain tree node information to be modified includes:
acquiring a preset confusion rule, and acquiring data type information of a node to be modified according to the preset confusion rule;
searching corresponding keyword information according to the data type information;
traversing the reference tree structure information according to the keyword information to obtain tree node information to be modified.
Preferably, before comparing the target identification information with preset identification information, the method further includes:
acquiring a first data value range of the target identification information, and searching a corresponding first comparison value in a preset relation mapping table according to the first data value range;
acquiring a second data value range of the preset identification information, and searching a corresponding second comparison value in the preset relation mapping table according to the second data value range;
correspondingly, the comparing the target identification information with preset identification information includes:
and comparing the target identification information with preset identification information according to the first comparison value and the second comparison value.
Preferably, after the abnormal script information in the script information to be identified is determined according to the comparison result, so as to identify interface cracking, the method further includes:
acquiring current script generation event information;
and generating event information according to the current script to update the preset identification information.
In addition, in order to achieve the above object, the present invention further provides an interface cracking recognition apparatus, where the interface cracking recognition apparatus includes:
the acquisition module is used for acquiring script information to be identified of a preset access interface in a target website;
the analysis module is used for analyzing the script information to be identified to obtain target identification information in the script information to be identified;
the extraction module is used for acquiring preset script information and extracting preset identification information of the preset script information;
the comparison module is used for comparing the target identification information with preset identification information;
and the identification module is used for determining abnormal script information in the script information to be identified according to the comparison result so as to realize the identification of interface cracking.
In addition, in order to achieve the above object, the present invention further provides an interface cracking recognition device, where the interface cracking recognition device includes: the interface cracking recognition method comprises a memory, a processor and an interface cracking recognition program which is stored on the memory and can run on the processor, wherein the interface cracking recognition program is configured to realize the steps of the interface cracking recognition method.
In addition, in order to achieve the above object, the present invention further provides a storage medium, where an interface cracking recognition program is stored, and the interface cracking recognition program, when executed by a processor, implements the steps of the interface cracking recognition method described above.
The interface cracking identification method provided by the invention comprises the steps of acquiring script information to be identified of a preset access interface in a target website; analyzing the script information to be identified to obtain target identification information in the script information to be identified; acquiring preset script information, and extracting preset identification information of the preset script information; comparing the target identification information with preset identification information; and determining abnormal script information in the script information to be identified according to the comparison result, thereby realizing the identification of interface cracking. According to the invention, the script information of the interface is provided with the preset identification information, the script information provided with the preset identification information is the normal script information, the obtained script information to be recognized is compared with the preset identification information, and the abnormal script information in the script information to be recognized is obtained according to the comparison result, so that the recognition of the interface cracking is realized.
Drawings
FIG. 1 is a schematic diagram of an apparatus architecture of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart illustrating a first embodiment of an interface cracking identification method according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of the method for identifying cracked interfaces according to the present invention;
FIG. 4 is a schematic flowchart of a third embodiment of an interface cracking identification method according to the present invention;
fig. 5 is a schematic functional block diagram of a first embodiment of the interface cracking recognition apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic device structure diagram of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the apparatus may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may comprise a Display screen (Display), an input unit such as keys, and the optional user interface 1003 may also comprise a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The Memory 1005 may be a Random Access Memory (RAM) or a non-volatile Memory (e.g., a disk Memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration of the apparatus shown in fig. 1 is not intended to be limiting of the apparatus and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include an operating system, a network communication module, a user interface module, and an interface cracking recognition program therein.
In the device shown in fig. 1, the network interface 1004 is mainly used for connecting an external network and performing data communication with other network devices; the user interface 1003 is mainly used for connecting user equipment and performing data communication with the equipment; the device calls the interface cracking recognition program stored in the memory 1005 through the processor 1001, and executes the interface cracking recognition implementation method provided by the embodiment of the invention.
Based on the hardware structure, the embodiment of the interface cracking identification method is provided.
Referring to fig. 2, fig. 2 is a schematic flowchart of a first embodiment of an interface cracking identification method according to the present invention.
In a first embodiment, the interface cracking recognition method includes the following steps:
and step S10, acquiring script information to be identified of a preset access interface in the target website.
It should be noted that, the execution subject of this embodiment is an interface cracking recognition device, and may also be other devices that can implement the same or similar functions.
It can be understood that the script information to be recognized may be script Javascript script information, and may also be script information in other forms, which is not limited in this embodiment, the Javascript script information is taken as an example for explanation, wherein the preset access interface is an interface corresponding to an access resource in an access website, the script information is used for recording operation parameter information of the current website, so as to implement analysis and information acquisition of the website, the currently-operating script information is generally consistent with script information formulated by a website developer, and by judging with the preset script information, it is possible to implement effective recognition on whether the currently-operating script information is normal script information.
And step S20, analyzing the script information to be recognized to obtain the target identification information in the script information to be recognized.
It can be understood that the script information to be identified is a string of code information, and the script information to be identified is analyzed, so that the actual operation parameter information of the currently operated script is obtained, and the effective analysis of the script to be identified is realized.
In this embodiment, the script information that runs normally carries the preset identification information, and the normal script information is identified through the preset identification information, that is, the script information that does not carry the preset identification information is abnormal script information and can be identified as interface-cracked script information, and the script information that carries the preset identification information is normal script information.
It should be noted that the target indication information may be a string of codes or characters, or may also be in the form of other parameters, which is not limited in this embodiment, and in this embodiment, a specific character is taken as an example for illustration, such as a character X or a character Y.
Step S30, acquiring the preset script information, and extracting the preset identification information of the preset script information.
In this embodiment, the preset script information is normal script information formulated by a developer, and can be pre-stored in a preset storage area, the preset storage area is queried, so that the preset script information is obtained, and the script information is identified by the preset script information.
It can be understood that the preset script information can be script information for setting the running of a preset reference interface, and normal script information formulated by a developer is obtained by collecting the script information of the preset reference interface.
Step S40, comparing the target identification information with preset identification information.
In a specific implementation, the target identification information is compared with preset identification information, so as to identify current script information, for example, when the target identification information is obtained as X, and the preset identification information is Y, the X and the Y can be compared to obtain a comparison result, thereby implementing effective analysis on data.
And step S50, determining abnormal script information in the script information to be identified according to the comparison result, thereby realizing the identification of interface cracking.
According to the scheme, the script information to be identified of the preset access interface in the target website is obtained; analyzing the script information to be identified to obtain target identification information in the script information to be identified; acquiring preset script information, and extracting preset identification information of the preset script information; comparing the target identification information with preset identification information; and determining abnormal script information in the script information to be identified according to the comparison result, thereby realizing the identification of interface cracking. According to the invention, the script information of the interface is provided with the preset identification information, the script information provided with the preset identification information is the normal script information, the obtained script information to be recognized is compared with the preset identification information, and the abnormal script information in the script information to be recognized is obtained according to the comparison result, so that the recognition of the interface cracking is realized.
Further, as shown in fig. 3, a second embodiment of the interface cracking recognition method according to the present invention is provided based on the first embodiment, and in this embodiment, before the step S10, the method further includes:
step S101, calling an active detection tool, and sending a data packet to a system management server through the active detection tool.
With the rapid development of computer internet technology, the hidden danger of network security is increasing dramatically, the network security technologies mainly adopted at present include firewall, intrusion detection, data encryption, access control and the like, but the network security technologies all adopt passive defense means, are difficult to cope with complicated and variable hacker attacks, and because interface cracking does not need to interact with users, running data information of interface cracking cannot be obtained more easily.
It should be noted that, in order to establish an effective dynamic honeypot strategy, obtain surrounding environment information, and establish a dynamic honeypot strategy that conforms to the current network conditions through the surrounding environment information, the effectiveness of the dynamic honeypot strategy is ensured, and the dynamic honeypot strategy can better conform to the current network conditions.
And step S102, receiving feedback information of the system management server, and obtaining system type information through the feedback information.
In specific implementation, when a current website has a server-type database of an operating system, a Network scanning and sniffing tool (Nmap) sends data packets to each operating system or server through an active probing tool, the systems feed back system type information and the servers to the Nmap probing tool, and the Nmap probing tool transmits the obtained system type information to a dynamic honeypot server, so that the system operating system type and the service area type in the Network are obtained.
And S103, obtaining operation environment information according to the system type information, and configuring a dynamic honeypot strategy according to the operation environment information.
Accordingly, the step S10 includes:
and step S104, acquiring script information to be identified of a preset access interface in the target website through the dynamic honeypot strategy.
Further, step S20 includes:
analyzing the script information to be identified; when the analysis result is obtained, judging whether the preset storage area has identification bit information or not; when the identification bit information is stored, obtaining the area information of the target identification information according to the identification bit information; and obtaining target identification information in the script information to be identified according to the region information.
It should be noted that, in order to improve the data analysis efficiency, when the identification information is obtained, the identification information can be obtained according to the specific position information by obtaining the specific position information of the identification information, so as to avoid performing scanning analysis on all script information, and achieve the purpose of improving the data analysis efficiency
According to the scheme provided by the embodiment, the current network environment information is acquired, the dynamic honeypot strategy is established according to the current network environment information, and a real or simulated network and service can be adopted to attract hacker attacks according to the dynamic honeypot strategy, so that the attack information of the hacker is collected, and the effective analysis of the currently running script information is realized.
Further, as shown in fig. 4, a third embodiment of the interface cracking recognition method according to the present invention is proposed based on the first embodiment or the second embodiment, in this embodiment, based on the first embodiment, before the step S30, the method further includes:
in step S301, history script information is acquired.
In order to ensure the security of data, the collected preset script information is encrypted in a Javascript confusion mode, so that the difficulty of script identification is increased, wherein the historical script information is script information which is not subjected to Javascript confusion.
Step S302, the historical script information is divided into a plurality of lexical unit information, and the lexical unit information is used as reference tree node information.
In this embodiment, the lexical unit information, i.e., the lexical sign information, is represented by token, and is a product of a lexical analyzer, the text stream is divided into minimum units, an abstract syntax tree, and a product of a syntax analyzer, which is a tree representation of an abstract syntax structure of the source code, and any correct Javascript code can be formed into a syntax tree, and similarly, since the syntax tree represents a logical relationship of each lexical unit information, a Javascript code can be generated by reversing the syntax tree, and only one syntax tree needs to be constructed, any Javascript code can be generated, and a new syntax tree is generated by modifying the syntax tree, and the new syntax tree can correspond to a new Javascript code.
When a section of character string text is read in, the lexical analyzer will break the text into a small unit, for example, the number 1 is a lexical unit, the character string 'abc' is a lexical unit, and the like, and then the syntax analyzer will make up the units into a tree structure, which represents the composition relationship of token, for example, 1+2 will be displayed as an addition tree, the left and right child nodes are token-1 and token-2, respectively, and the middle token represents addition. The compiler converts to intermediate code and finally to machine code according to the generated syntax tree.
Step S303, constructing reference tree structure information according to the composition relation of the reference tree node information.
In this embodiment, taking an example of modifying numbers in a syntax tree into 16-ary, a syntax tree is constructed by calling a function parse, then the syntax tree is traversed by means of treuntransformer, when a node belonging to uglifyjavascript.
Step S304, obtaining a preset confusion rule, and traversing the reference tree structure information according to the preset confusion rule to obtain the tree node information to be modified.
It should be noted that the confusion rule can be designed according to the requirements, such as splitting a character string, splitting an array, adding a waste code, and the like, so as to improve the flexibility of confusion and meet the requirements of different users.
Step S305, modifying the tree node information to be modified through the confusion rule to obtain target tree node information.
And S306, replacing the tree node information to be modified according to the target tree node information to obtain target tree structure information.
And step S307, obtaining preset script information according to the target tree structure information.
It should be noted that the need to generate a new syntax tree structure means that Javascript code different from the source code is generated, but our obfuscation cannot destroy the execution result of the original code, so the obfuscation rule must ensure that the code becomes harder to read without destroying the execution result of the code.
The performance influence can be completely controlled within a reasonable range through a certain rule, and actually, some confusion rules can quicken the execution of codes, such as compression confusion of variable names and attribute names, the file volume can be reduced, such as copying of global variables, searching of scopes can be reduced, and the like. In modern browsers, confusion has less and less impact on the code.
Further, the step S304 includes:
acquiring a preset confusion rule, and acquiring data type information of a node to be modified according to the preset confusion rule; searching corresponding keyword information according to the data type information; traversing the reference tree structure information according to the keyword information to obtain tree node information to be modified.
It should be noted that the keyword information is keyword information indicating a data type, such as value or class, and may also be other keyword information.
Further, before the step S40, the method further includes:
acquiring a first data value range of the target identification information, and searching a corresponding first comparison value in a preset relation mapping table according to the first data value range; and acquiring a second data value range of the preset identification information, and searching a corresponding second comparison value in the preset relation mapping table according to the second data value range.
It should be noted that the preset relationship mapping table includes a corresponding relationship between a data value range and a numerical value, and the corresponding comparison value is obtained by obtaining the data value range and searching the preset relationship mapping table, so as to implement comparison of the identification information.
Correspondingly, the comparing the target identification information with preset identification information includes: and comparing the target identification information with preset identification information according to the first comparison value and the second comparison value.
Further, after the step S50, the method further includes:
acquiring current script generation event information; and generating event information according to the current script to update the preset identification information.
In this embodiment, the preset identification information is not fixed and variable, and can be updated dynamically according to the update synchronization of the event, so as to prevent a hacker from cracking the set identification information, thereby achieving the purpose of improving the network security.
According to the scheme provided by the embodiment, the script information is managed through the syntax tree, the codes in the script information are divided into the tree node information, the tree nodes are modified through modifying the confusion rule, therefore, the encryption of the script information is realized, the safety of network data is improved, and meanwhile, the identification information is generated according to the modified tree nodes, so that the effective identification of the script information is realized.
The invention further provides an interface cracking recognition device.
Referring to fig. 5, fig. 5 is a functional module schematic diagram of the first embodiment of the identification apparatus for interface cracking according to the present invention.
In a first embodiment of the interface cracking recognition apparatus of the present invention, the interface cracking recognition apparatus includes:
the obtaining module 10 is configured to obtain script information to be identified of a preset access interface in a target website.
It can be understood that the script information to be recognized may be script Javascript script information, and may also be script information in other forms, which is not limited in this embodiment, the Javascript script information is taken as an example for explanation, wherein the preset access interface is an interface corresponding to an access resource in an access website, the script information is used for recording operation parameter information of the current website, so as to implement analysis and information acquisition of the website, the currently-operating script information is generally consistent with script information formulated by a website developer, and by judging with the preset script information, it is possible to implement effective recognition on whether the currently-operating script information is normal script information.
And the analysis module 20 is configured to analyze the script information to be identified to obtain target identification information in the script information to be identified.
It can be understood that the script information to be identified is a string of code information, and the script information to be identified is analyzed, so that the actual operation parameter information of the currently operated script is obtained, and the effective analysis of the script to be identified is realized.
In this embodiment, the script information that runs normally carries the preset identification information, and the normal script information is identified through the preset identification information, that is, the script information that does not carry the preset identification information is abnormal script information and can be identified as interface-cracked script information, and the script information that carries the preset identification information is normal script information.
It should be noted that the target indication information may be a string of codes or characters, or may also be in the form of other parameters, which is not limited in this embodiment, and in this embodiment, a specific character is taken as an example for illustration, such as a character X or a character Y.
The extracting module 30 is configured to obtain preset script information, and extract preset identification information of the preset script information.
In this embodiment, the preset script information is normal script information formulated by a developer, and can be pre-stored in a preset storage area, the preset storage area is queried, so that the preset script information is obtained, and the script information is identified by the preset script information.
It can be understood that the preset script information can be script information for setting the running of a preset reference interface, and normal script information formulated by a developer is obtained by collecting the script information of the preset reference interface.
And the comparison module 40 is configured to compare the target identification information with preset identification information.
In a specific implementation, the target identification information is compared with preset identification information, so as to identify current script information, for example, when the target identification information is obtained as X, and the preset identification information is Y, the X and the Y can be compared to obtain a comparison result, thereby implementing effective analysis on data.
And the identification module 50 is configured to determine abnormal script information in the script information to be identified according to the comparison result, so as to identify interface cracking.
According to the scheme, the script information to be identified of the preset access interface in the target website is obtained; analyzing the script information to be identified to obtain target identification information in the script information to be identified; acquiring preset script information, and extracting preset identification information of the preset script information; comparing the target identification information with preset identification information; and determining abnormal script information in the script information to be identified according to the comparison result, thereby realizing the identification of interface cracking. According to the invention, the script information of the interface is provided with the preset identification information, the script information provided with the preset identification information is the normal script information, the obtained script information to be recognized is compared with the preset identification information, and the abnormal script information in the script information to be recognized is obtained according to the comparison result, so that the recognition of the interface cracking is realized.
Since the interface cracking recognition device adopts all the technical schemes of all the embodiments, at least all the beneficial effects brought by the technical schemes of the embodiments are achieved, and the details are not repeated herein.
In addition, the embodiment of the present invention further provides a storage medium, where the storage medium stores an interface-broken recognition program, and the interface-broken recognition program is executed by a processor to perform the steps of the interface-broken recognition method described above.
Since the storage medium adopts all technical solutions of all the embodiments, at least all the beneficial effects brought by the technical solutions of the embodiments are achieved, and no further description is given here.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a computer-readable storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, and includes several instructions for enabling an intelligent terminal (which may be a mobile phone, a computer, a terminal, an air conditioner, or a network terminal) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A recognition method for interface cracking is characterized in that the recognition method for interface cracking comprises the following steps:
acquiring script information to be identified of a preset access interface in a target website;
analyzing the script information to be identified to obtain target identification information in the script information to be identified;
acquiring preset script information, and extracting preset identification information of the preset script information;
comparing the target identification information with preset identification information;
and determining abnormal script information in the script information to be identified according to the comparison result, thereby realizing the identification of interface cracking.
2. The interface cracking recognition method as claimed in claim 1, wherein before obtaining the script information to be recognized of the preset access interface in the target website, the method further comprises:
calling an active detection tool, and sending a data packet to a system management server through the active detection tool;
receiving feedback information of the system management server, and obtaining system type information through the feedback information;
obtaining operation environment information according to the system type information, and configuring a dynamic honeypot strategy through the operation environment information;
correspondingly, the acquiring script information to be identified of the preset access interface in the target website includes:
and acquiring script information to be identified of a preset access interface in the target website through the dynamic honeypot strategy.
3. The interface cracking recognition method according to claim 1, wherein the analyzing the script information to be recognized to obtain the target identification information in the script information to be recognized includes:
analyzing the script information to be identified;
when the analysis result is obtained, judging whether the preset storage area has identification bit information or not;
when the identification bit information is stored, obtaining the area information of the target identification information according to the identification bit information;
and obtaining target identification information in the script information to be identified according to the region information.
4. The interface cracking recognition method according to any one of claims 1 to 3, wherein before the preset script information is obtained and the preset identification information of the preset script information is extracted, the method further comprises:
acquiring historical script information;
splitting the historical script information into a plurality of lexical unit information, and taking the lexical unit information as reference tree node information;
constructing reference tree structure information according to the composition relation of the reference tree node information;
acquiring a preset confusion rule, and traversing the reference tree structure information according to the preset confusion rule to obtain tree node information to be modified;
modifying the tree node information to be modified through the confusion rule to obtain target tree node information;
replacing the tree node information to be modified according to the target tree node information to obtain target tree structure information;
and obtaining preset script information according to the target tree structure information.
5. The interface cracking recognition method of claim 4, wherein the obtaining of the preset confusion rule and traversing the reference tree structure information according to the preset confusion rule to obtain the tree node information to be modified includes:
acquiring a preset confusion rule, and acquiring data type information of a node to be modified according to the preset confusion rule;
searching corresponding keyword information according to the data type information;
traversing the reference tree structure information according to the keyword information to obtain tree node information to be modified.
6. The interface cracking recognition method according to any one of claims 1 to 3, wherein before comparing the target identification information with preset identification information, the method further comprises:
acquiring a first data value range of the target identification information, and searching a corresponding first comparison value in a preset relation mapping table according to the first data value range;
acquiring a second data value range of the preset identification information, and searching a corresponding second comparison value in the preset relation mapping table according to the second data value range;
correspondingly, the comparing the target identification information with preset identification information includes:
and comparing the target identification information with preset identification information according to the first comparison value and the second comparison value.
7. The method for identifying interface cracking according to any one of claims 1 to 3, wherein after the abnormal script information in the script information to be identified is determined according to the comparison result, so as to realize the identification of the interface cracking, the method further comprises:
acquiring current script generation event information;
and generating event information according to the current script to update the preset identification information.
8. An interface cracking recognition device is characterized by comprising:
the acquisition module is used for acquiring script information to be identified of a preset access interface in a target website;
the analysis module is used for analyzing the script information to be identified to obtain target identification information in the script information to be identified;
the extraction module is used for acquiring preset script information and extracting preset identification information of the preset script information;
the comparison module is used for comparing the target identification information with preset identification information;
and the identification module is used for determining abnormal script information in the script information to be identified according to the comparison result so as to realize the identification of interface cracking.
9. An interface cracking recognition device is characterized by comprising: memory, processor and an interface-breaking recognition program stored on the memory and executable on the processor, the interface-breaking recognition program being configured to implement the steps of the interface-breaking recognition method according to any one of claims 1 to 7.
10. A storage medium, characterized in that the storage medium has stored thereon an interface-breaking recognition program, which when executed by a processor implements the steps of the interface-breaking recognition method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910937905.4A CN110704816B (en) | 2019-09-29 | 2019-09-29 | Interface cracking recognition method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910937905.4A CN110704816B (en) | 2019-09-29 | 2019-09-29 | Interface cracking recognition method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110704816A true CN110704816A (en) | 2020-01-17 |
| CN110704816B CN110704816B (en) | 2021-10-22 |
Family
ID=69196394
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910937905.4A Active CN110704816B (en) | 2019-09-29 | 2019-09-29 | Interface cracking recognition method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110704816B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111813682A (en) * | 2020-07-14 | 2020-10-23 | 北京达佳互联信息技术有限公司 | File modification method and device, server, intelligent terminal and storage medium |
| CN111901291A (en) * | 2020-06-03 | 2020-11-06 | 中国科学院信息工程研究所 | Network intrusion detection method and device |
| CN112035373A (en) * | 2020-09-08 | 2020-12-04 | 厦门亿联网络技术股份有限公司 | Method, device, server and medium for testing basic test script |
| CN114499951A (en) * | 2021-12-23 | 2022-05-13 | 奇安盘古(上海)信息技术有限公司 | Identity authentication information cracking method and device and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011227843A (en) * | 2010-04-23 | 2011-11-10 | Nippon Telegr & Teleph Corp <Ntt> | Authentication system, authentication method, and program |
| CN102609655A (en) * | 2012-02-08 | 2012-07-25 | 北京百度网讯科技有限公司 | Method and device for detecting heap-sprayed webpage Trojans |
| CN102957705A (en) * | 2012-11-12 | 2013-03-06 | 杭州迪普科技有限公司 | Webpage tampering protection method and device |
| CN103279710A (en) * | 2013-04-12 | 2013-09-04 | 深圳市易聆科信息技术有限公司 | Method and system for detecting malicious codes of Internet information system |
| CN106096388A (en) * | 2016-05-31 | 2016-11-09 | 北京小米移动软件有限公司 | A kind of code security processing method, device, terminal unit and system |
| CN106971098A (en) * | 2016-10-11 | 2017-07-21 | 阿里巴巴集团控股有限公司 | A kind of anti-method and its device for beating again bag |
| CN108875378A (en) * | 2018-06-12 | 2018-11-23 | 珠海市君天电子科技有限公司 | Script virus detection method, device, electronic equipment and storage medium |
-
2019
- 2019-09-29 CN CN201910937905.4A patent/CN110704816B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011227843A (en) * | 2010-04-23 | 2011-11-10 | Nippon Telegr & Teleph Corp <Ntt> | Authentication system, authentication method, and program |
| CN102609655A (en) * | 2012-02-08 | 2012-07-25 | 北京百度网讯科技有限公司 | Method and device for detecting heap-sprayed webpage Trojans |
| CN102957705A (en) * | 2012-11-12 | 2013-03-06 | 杭州迪普科技有限公司 | Webpage tampering protection method and device |
| CN103279710A (en) * | 2013-04-12 | 2013-09-04 | 深圳市易聆科信息技术有限公司 | Method and system for detecting malicious codes of Internet information system |
| CN106096388A (en) * | 2016-05-31 | 2016-11-09 | 北京小米移动软件有限公司 | A kind of code security processing method, device, terminal unit and system |
| CN106971098A (en) * | 2016-10-11 | 2017-07-21 | 阿里巴巴集团控股有限公司 | A kind of anti-method and its device for beating again bag |
| CN108875378A (en) * | 2018-06-12 | 2018-11-23 | 珠海市君天电子科技有限公司 | Script virus detection method, device, electronic equipment and storage medium |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111901291A (en) * | 2020-06-03 | 2020-11-06 | 中国科学院信息工程研究所 | Network intrusion detection method and device |
| CN111901291B (en) * | 2020-06-03 | 2022-03-22 | 中国科学院信息工程研究所 | Network intrusion detection method and device |
| CN111813682A (en) * | 2020-07-14 | 2020-10-23 | 北京达佳互联信息技术有限公司 | File modification method and device, server, intelligent terminal and storage medium |
| CN112035373A (en) * | 2020-09-08 | 2020-12-04 | 厦门亿联网络技术股份有限公司 | Method, device, server and medium for testing basic test script |
| CN114499951A (en) * | 2021-12-23 | 2022-05-13 | 奇安盘古(上海)信息技术有限公司 | Identity authentication information cracking method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110704816B (en) | 2021-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110704816B (en) | Interface cracking recognition method, device, equipment and storage medium | |
| CN110324311B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| CN109558748B (en) | Data processing method and device, electronic equipment and storage medium | |
| JP2020030866A (en) | Sensitive information processing method, device and server, and security determination system | |
| CN106209488B (en) | Method and device for detecting website attack | |
| RU2726032C2 (en) | Systems and methods for detecting malicious programs with a domain generation algorithm (dga) | |
| CN104834858A (en) | Method for statically detecting malicious code in android APP (Application) | |
| CN111859368A (en) | Weak password generation method, password detection method, device and electronic equipment | |
| CN107145376A (en) | A kind of active defense method and device | |
| CN104980421B (en) | Batch request processing method and system | |
| CN109547426B (en) | Service response method and server | |
| CN110138731B (en) | Network anti-attack method based on big data | |
| CN113190839A (en) | Web attack protection method and system based on SQL injection | |
| CN109413047B (en) | Behavior simulation judgment method, behavior simulation judgment system, server and storage medium | |
| CN112052156B (en) | Fuzzy test method, device and system | |
| CN112182614A (en) | Dynamic Web application protection system | |
| CN113190838A (en) | Web attack behavior detection method and system based on expression | |
| Abaimov et al. | A survey on the application of deep learning for code injection detection | |
| CN112817877B (en) | Abnormal script detection method and device, computer equipment and storage medium | |
| WO2018135964A1 (en) | Method for protecting web applications by automatically generating application models | |
| CN110691090B (en) | Website detection method, device, equipment and storage medium | |
| CN112732693A (en) | Intelligent internet of things data acquisition method, device, equipment and storage medium | |
| CN110457900B (en) | Website monitoring method, device and equipment and readable storage medium | |
| CN109165513B (en) | System configuration information inspection method and device and server | |
| CN110647749A (en) | Second-order SQL injection attack defense method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |