CN110839052A - Internet WEB asset discovery method and device based on HTTP request - Google Patents

Internet WEB asset discovery method and device based on HTTP request Download PDF

Info

Publication number
CN110839052A
CN110839052A CN201810933838.4A CN201810933838A CN110839052A CN 110839052 A CN110839052 A CN 110839052A CN 201810933838 A CN201810933838 A CN 201810933838A CN 110839052 A CN110839052 A CN 110839052A
Authority
CN
China
Prior art keywords
web
request
http request
providing
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810933838.4A
Other languages
Chinese (zh)
Inventor
杨振宇
邓艳梅
蔡少佳
许宁
李爱春
罗倩莹
杨萱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd Guangzhou Branch
Original Assignee
China Telecom Corp Ltd Guangzhou Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd Guangzhou Branch filed Critical China Telecom Corp Ltd Guangzhou Branch
Priority to CN201810933838.4A priority Critical patent/CN110839052A/en
Publication of CN110839052A publication Critical patent/CN110839052A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5009Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]

Abstract

The invention discloses an Internet WEB asset discovery method and a device based on HTTP request, the method is suitable for being executed in test equipment, and at least comprises the following steps: acquiring an HTTP request of a user request webpage, sending the HTTP request to equipment providing web service, and starting timing; if normal response returned by the equipment providing the web service according to the HTTP request is received within set time, judging that the equipment has the corresponding type of web service; if normal response returned by the equipment for providing the web service according to the HTTP request is not received within set time, or abnormal response returned by the equipment for providing the web service according to the HTTP request is received, the equipment is judged to have no web service of a corresponding type, and whether the monitored web server has the web service capable of providing the specified information or not can be judged under the condition that root is not needed by implementing the embodiment of the invention.

Description

Internet WEB asset discovery method and device based on HTTP request
Technical Field
The invention relates to the technical field of port scanning, in particular to a WEB asset discovery method and device based on an HTTP request.
Background
In the conventional SYN scanning, a SYN packet requesting connection is sent to a port of a target host, and if a scanner receives SYN/ACK data fed back from the port corresponding to the target host, it is determined that the port is in an open state, and then RST data is sent to disconnect the port corresponding to the target host. And if the scanner receives the RST data fed back by the port corresponding to the target host, judging that the port is in a closed state.
However, the inventor of the present invention found in the research process that the following technical problems exist in the prior art: root authority is required by using SYN scanning, and in the SYN scanning process, the port corresponding to the scanner and the target host computer is not completely connected, so that whether a web service port capable of providing designated information exists in the target host computer or not can not be judged, and the method has limitation.
Disclosure of Invention
The first embodiment of the invention provides an internet WEB asset discovery method and device based on an HTTP request, which can judge whether a monitored WEB server has a WEB service port capable of providing specified information or not under the permission of no root.
An embodiment of the present invention provides an internet WEB asset discovery method based on an HTTP request, which is suitable for being executed in a test device, and at least includes the following steps:
the method comprises the steps of obtaining an HTTP request of a user request webpage, sending the HTTP request to equipment providing web service, and starting timing;
if a normal response returned by the equipment for providing the web service according to the HTTP request is received within set time, judging that the equipment has the web service of a corresponding type;
if a normal response returned by the equipment for providing the web service according to the HTTP request is not received within a set time, or an abnormal response returned by the equipment for providing the web service according to the HTTP request is received, judging that the equipment does not have the corresponding type of web service.
Further, the test equipment is embedded equipment or intelligent terminal equipment for implementing the method, namely a client, and comprises a notebook computer, a desktop PC, a tablet and a smart phone; the equipment for providing the web service is a web server of each corresponding type.
Further, the equipment for providing the Web service is provided with an IP asset database and a Web asset database; wherein the content of the first and second substances,
the IP asset database is a receipt library formed by collecting ports, services, applications and version types of each IP address and is used for providing a search interface for a client to inquire information;
the Web asset database is used for collecting various types of information of each Web login page, comprises a database formed by collecting middleware, server types and development languages, and is used for providing a search interface for a client to inquire information.
Further, the HTTP request includes the following 8 request methods:
options, which is to return the HTML request method supported by the web server for a specific resource, or the web server sends a test server function;
get, sending request to specific resource, namely requesting to specify page information, and returning to entity body;
post, submitting data to the specified resource to process request, namely submitting form and uploading file, which may result in the establishment of new resource or the modification of original resource;
put, upload its latest content to the appointed resource position, namely replace the content of the appointed file from the data that the customer end transmits to the web server;
head, similar to get request, the response returned has no specific content for obtaining the header;
a Delete request is made to the web server to Delete the resource marked by the request-URL, namely the web server is made to Delete the page;
trace, echoing the requests received by the web server for testing and diagnosis;
the connection can be changed to a proxy server in a pipeline mode in the connection, HTTP/1.1 protocol.
A corresponding second embodiment of the present invention provides an internet WEB asset discovery apparatus based on an HTTP request, which is arranged in a test device, and includes:
the HTTP request initiating module is used for acquiring an HTTP request of a user request webpage, sending the HTTP request to equipment providing web service, and starting timing;
the HTTP response judging module is used for judging that the equipment has the corresponding type of web service if receiving a normal response returned by the equipment for providing the web service according to the HTTP request within set time;
and the HTTP response judging module is further used for judging that the equipment does not have the corresponding type of web service if a normal response returned by the equipment for providing the web service according to the HTTP request is not received within a set time or an abnormal response returned by the equipment for providing the web service according to the HTTP request is received.
Further, the test equipment is embedded equipment or intelligent terminal equipment for implementing the method, namely a client, and comprises a notebook computer, a desktop PC, a tablet and a smart phone; the equipment for providing the web service is a web server of each corresponding type.
Further, the equipment for providing the Web service is provided with an IP asset database and a Web asset database; wherein the content of the first and second substances,
the IP asset database is a receipt library formed by collecting ports, services, applications and version types of each IP address and is used for providing a search interface for a client to inquire information;
the Web asset database is used for collecting various types of information of each Web login page, comprises a database formed by collecting middleware, server types and development languages, and is used for providing a search interface for a client to inquire information.
Further, the HTTP request includes the following 8 request methods:
options, which is to return the HTML request method supported by the web server for a specific resource, or the web server sends a test server function;
get, sending request to specific resource, namely requesting to specify page information, and returning to entity body;
post, submitting data to the specified resource to process request, namely submitting form and uploading file, which may result in the establishment of new resource or the modification of original resource;
put, upload its latest content to the appointed resource position, namely replace the content of the appointed file from the data that the customer end transmits to the web server;
head, similar to get request, the response returned has no specific content for obtaining the header;
a Delete request is made to the web server to Delete the resource marked by the request-URL, namely the web server is made to Delete the page;
trace, echoing the requests received by the web server for testing and diagnosis;
the connection can be changed to a proxy server in a pipeline mode in the connection, HTTP/1.1 protocol.
The embodiment of the invention has the following beneficial effects:
according to the method and the device for discovering the internet WEB assets based on the HTTP request, provided by the embodiment of the invention, the specific HTTP request is sent to the equipment for providing the WEB services, if the corresponding WEB service equipment returns a normal response according to the HTTP request within the preset time, the equipment is judged to have the corresponding type of WEB services, and if the equipment for providing the WEB services does not receive the normal response returned according to the HTTP request or receives the abnormal response returned by the equipment for providing the WEB services according to the HTTP request within the preset time, the equipment is judged not to have the corresponding type of WEB services.
Drawings
Fig. 1 is a flowchart illustrating a method for discovering an internet WEB asset based on an HTTP request according to a first embodiment of the present invention.
Fig. 2 is a schematic connection diagram of an internet WEB asset discovery apparatus based on HTTP request according to a second embodiment of the present invention.
Description of reference numerals: 101. an HTTP request initiation module; 102. and an HTTP response judging module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment:
referring to fig. 1, a method for discovering an internet WEB asset based on an HTTP request according to a first embodiment of the present invention at least includes the following steps:
s101, acquiring an HTTP request of a user request webpage, sending the HTTP request to equipment providing web service, and starting timing;
s102, if a normal response returned by the equipment for providing the web service according to the HTTP request is received within a set time, judging that the equipment has the web service of a corresponding type;
s103, if a normal response returned by the equipment providing the web service according to the HTTP request is not received within a set time, or an abnormal response returned by the equipment providing the web service according to the HTTP request is received, judging that the equipment does not have the corresponding type of web service.
For step S101, the test device is an embedded device or an intelligent terminal device, i.e., a client, that implements the method, and includes a notebook computer, a desktop PC, a tablet, and a smart phone; the equipment for providing the web service is a web server of each corresponding type.
It should be noted that, the test device initiates a corresponding HTTP request according to the type of the web service to be determined, where the HTTP request includes a specific web service information request instruction, and starts timing at the same time.
It should be noted that the device for providing Web services is provided with an IP asset database and a Web asset database; wherein the content of the first and second substances,
the IP asset database is a receipt library formed by collecting ports, services, applications and version types of each IP address and is used for providing a search interface for a client to inquire information;
the Web asset database is used for collecting various types of information of each Web login page, comprises a database formed by collecting middleware, server types and development languages, is used for providing a search interface for a client to inquire information,
further, the HTTP request includes the following 8 request methods:
options, which is to return the HTML request method supported by the web server for a specific resource, or the web server sends a test server function;
get, sending request to specific resource, namely requesting to specify page information, and returning to entity body;
post, submitting data to the specified resource to process request, namely submitting form and uploading file, which may result in the establishment of new resource or the modification of original resource;
put, upload its latest content to the appointed resource position, namely replace the content of the appointed file from the data that the customer end transmits to the web server;
head, similar to get request, the response returned has no specific content for obtaining the header;
a Delete request is made to the web server to Delete the resource marked by the request-URL, namely the web server is made to Delete the page;
trace, echoing the requests received by the web server for testing and diagnosis;
the connection can be changed to a proxy server in a pipeline mode in the connection, HTTP/1.1 protocol.
For step S102 and step S103, if the testing device can realize handshake with the device providing web services for 3 times within a preset time and transmit a specific HTTP request, it is determined that the device has web services of a corresponding type, and if the testing device cannot establish connection with the device providing web services within the preset time, it is determined that the device does not have web services of a corresponding type.
By implementing the first embodiment of the present invention, a specific HTTP request can be sent to a device providing web services, and if a normal response returned by a corresponding web service device according to the HTTP request is received within a preset time, it is determined that the device has web services of a corresponding type, and if a normal response returned by the device providing web services according to the HTTP request is not received within the preset time, or an abnormal response returned by the device providing web services according to the HTTP request is received, it is determined that the device does not have web services of a corresponding type.
Second embodiment:
referring to fig. 2, a corresponding second embodiment of the present invention provides an internet WEB asset discovery apparatus based on HTTP request, including:
the system comprises an HTTP request initiating module 101, a Web service providing module and a Web service setting module, wherein the HTTP request initiating module is used for acquiring an HTTP request of a user request webpage, sending the HTTP request to equipment providing a Web service, and starting timing;
the HTTP response determining module 102 is configured to determine that the device has the corresponding type of web service if a normal response returned by the device providing the web service according to the HTTP request is received within a set time;
the HTTP response determining module 102 is further configured to determine that no corresponding type of web service exists in the device if a normal response returned by the device providing the web service according to the HTTP request is not received within a set time, or an abnormal response returned by the device providing the web service according to the HTTP request is received.
Preferably, the test equipment is embedded equipment or intelligent terminal equipment for implementing the method, namely a client, and comprises a notebook computer, a desktop PC, a tablet and a smart phone; the equipment for providing the web service is a web server of each corresponding type.
It should be noted that, the test device initiates a corresponding HTTP request according to the type of the web service to be determined, where the HTTP request includes a specific web service information request instruction, and starts timing at the same time.
It should be noted that the device for providing Web services is provided with an IP asset database and a Web asset database; wherein the content of the first and second substances,
the IP asset database is a receipt library formed by collecting ports, services, applications and version types of each IP address and is used for providing a search interface for a client to inquire information;
the Web asset database is used for collecting various types of information of each Web login page, comprises a database formed by collecting middleware, server types and development languages, is used for providing a search interface for a client to inquire information,
further, the HTTP request includes the following 8 request methods:
options, which is to return the HTML request method supported by the web server for a specific resource, or the web server sends a test server function;
get, sending request to specific resource, namely requesting to specify page information, and returning to entity body;
post, submitting data to the specified resource to process request, namely submitting form and uploading file, which may result in the establishment of new resource or the modification of original resource;
put, upload its latest content to the appointed resource position, namely replace the content of the appointed file from the data that the customer end transmits to the web server;
head, similar to get request, the response returned has no specific content for obtaining the header;
a Delete request is made to the web server to Delete the resource marked by the request-URL, namely the web server is made to Delete the page;
trace, echoing the requests received by the web server for testing and diagnosis;
the connection can be changed to a proxy server in a pipeline mode in the connection, HTTP/1.1 protocol.
Specifically, if the test device can realize handshake with the device providing web services for 3 times within a preset time and transmit a specific HTTP request, it is determined that the device has web services of a corresponding type, and if the test device cannot establish connection with the device providing web services within the preset time, it is determined that the device does not have web services of a corresponding type.
By implementing the second embodiment of the present invention, the method for discovering internet WEB assets based on HTTP requests according to the first embodiment of the present invention can be executed, so as to determine whether a WEB server to be monitored has a WEB service port capable of providing specified information without root authority.
The foregoing is a preferred embodiment of the present invention, and it should be noted that it would be apparent to those skilled in the art that various modifications and enhancements can be made without departing from the principles of the invention, and such modifications and enhancements are also considered to be within the scope of the invention.

Claims (8)

1. An internet WEB asset discovery method based on an HTTP request, adapted to be executed in a test device, comprising at least the steps of:
the method comprises the steps of obtaining an HTTP request of a user request webpage, sending the HTTP request to equipment providing web service, and starting timing;
if a normal response returned by the equipment for providing the web service according to the HTTP request is received within set time, judging that the equipment has the web service of a corresponding type;
if a normal response returned by the equipment for providing the web service according to the HTTP request is not received within a set time, or an abnormal response returned by the equipment for providing the web service according to the HTTP request is received, judging that the equipment does not have the corresponding type of web service.
2. The method for discovering internet WEB assets based on HTTP request as recited in claim 1, wherein the testing device is an embedded device or an intelligent terminal device (client) for implementing the method, and includes a notebook computer, a desktop PC, a tablet and a smart phone; the equipment for providing the web service is a web server of each corresponding type.
3. The method of claim 1 in which the device providing WEB services is provided with an IP asset database and a WEB asset database; wherein the content of the first and second substances,
the IP asset database is a receipt library formed by collecting ports, services, applications and version types of each IP address and is used for providing a search interface for a client to inquire information;
the Web asset database is used for collecting various types of information of each Web login page, comprises a database formed by collecting middleware, server types and development languages, and is used for providing a search interface for a client to inquire information.
4. The method of claim 1 in which the HTTP request includes 8 request methods:
options, which is to return the HTML request method supported by the web server for a specific resource, or the web server sends a test server function;
get, sending request to specific resource, namely requesting to specify page information, and returning to entity body;
post, submitting data to the specified resource to process request, namely submitting form and uploading file, which may result in the establishment of new resource or the modification of original resource;
put, upload its latest content to the appointed resource position, namely replace the content of the appointed file from the data that the customer end transmits to the web server;
head, similar to get request, the response returned has no specific content for obtaining the header;
a Delete request is made to the web server to Delete the resource marked by the request-URL, namely the web server is made to Delete the page;
trace, echoing the requests received by the web server for testing and diagnosis;
the connection can be changed to a proxy server in a pipeline mode in the connection, HTTP/1.1 protocol.
5. An internet WEB asset discovery device based on an HTTP request is arranged in a test device, and includes:
the HTTP request initiating module is used for acquiring an HTTP request of a user request webpage, sending the HTTP request to equipment providing web service, and starting timing;
the HTTP response judging module is used for judging that the equipment has the corresponding type of web service if receiving a normal response returned by the equipment for providing the web service according to the HTTP request within set time;
the HTTP response determining module is further configured to determine that no corresponding type of web service exists in the device if a normal response returned by the device providing the web service according to the HTTP request is not received within a set time, or an abnormal response returned by the device providing the web service according to the HTTP request is received.
6. The device for discovering internet WEB assets based on HTTP request as recited in claim 5, wherein the testing device is an embedded device or an intelligent terminal device (client) for implementing the method, and includes a notebook computer, a desktop PC, a tablet and a smart phone; the equipment for providing the web service is a web server of each corresponding type.
7. The apparatus for discovering internet WEB assets based on HTTP request as recited in claim 5, wherein the device providing WEB services is provided with an IP asset database and a WEB asset database; wherein the content of the first and second substances,
the IP asset database is a receipt library formed by collecting ports, services, applications and version types of each IP address and is used for providing a search interface for a client to inquire information;
the Web asset database is used for collecting various types of information of each Web login page, comprises a database formed by collecting middleware, server types and development languages, and is used for providing a search interface for a client to inquire information.
8. An apparatus for discovering internet WEB assets based on HTTP request as claimed in claim 5, wherein the HTTP request includes the following 8 request methods:
options, which is to return the HTML request method supported by the web server for a specific resource, or the web server sends a test server function;
get, sending request to specific resource, namely requesting to specify page information, and returning to entity body;
post, submitting data to the specified resource to process request, namely submitting form and uploading file, which may result in the establishment of new resource or the modification of original resource;
put, upload its latest content to the appointed resource position, namely replace the content of the appointed file from the data that the customer end transmits to the web server;
head, similar to get request, the response returned has no specific content for obtaining the header;
a Delete request is made to the web server to Delete the resource marked by the request-URL, namely the web server is made to Delete the page;
trace, echoing the requests received by the web server for testing and diagnosis;
the connection can be changed to a proxy server in a pipeline mode in the connection, HTTP/1.1 protocol.
CN201810933838.4A 2018-08-16 2018-08-16 Internet WEB asset discovery method and device based on HTTP request Pending CN110839052A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810933838.4A CN110839052A (en) 2018-08-16 2018-08-16 Internet WEB asset discovery method and device based on HTTP request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810933838.4A CN110839052A (en) 2018-08-16 2018-08-16 Internet WEB asset discovery method and device based on HTTP request

Publications (1)

Publication Number Publication Date
CN110839052A true CN110839052A (en) 2020-02-25

Family

ID=69573251

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810933838.4A Pending CN110839052A (en) 2018-08-16 2018-08-16 Internet WEB asset discovery method and device based on HTTP request

Country Status (1)

Country Link
CN (1) CN110839052A (en)

Similar Documents

Publication Publication Date Title
US10778554B2 (en) Latency measurement in resource requests
CN109067914B (en) web service proxy method, device, equipment and storage medium
CN110365793B (en) Illegal external connection monitoring method, device and system and storage medium
US9253065B2 (en) Latency measurement in resource requests
US8572691B2 (en) Selecting a web service from a service registry based on audit and compliance qualities
WO2017190641A1 (en) Crawler interception method and device, server terminal and computer readable medium
US11316948B2 (en) Exit node benchmark feature
US20100229045A1 (en) Computer Method and Apparatus Providing Invocation of Device-Specific Application Through a Generic HTTP Link
JP2009116630A (en) Web-screen sharing system, web-screen sharing terminal, and sharing program thereof
US9166945B1 (en) Content provided DNS resolution validation and use
CN107463453B (en) Method, device, equipment and storage medium for communication between different applications of same terminal
KR101455625B1 (en) Method for enriching content of a web page with presence information
CN111368173A (en) File transmission method and device, electronic equipment and readable storage medium
CN111711533B (en) Fault diagnosis method, fault diagnosis device, electronic device and storage medium
CN104378435A (en) Method for transmitting file between browser of computing device and mobile terminal
CN112261111A (en) Method and system for realizing cross-domain access of browser in application program
JP2011043924A (en) Web action history acquisition system, web action history acquisition method, gateway device and program
CN114285668B (en) Gate testing method and device, storage medium and electronic equipment
EP2916514A2 (en) A method for processing URL and an associated server and a non-transitory computer readable storage medium
CN110839052A (en) Internet WEB asset discovery method and device based on HTTP request
CN113285920B (en) Service access method, device, equipment and storage medium
CN105915639B (en) Page access method and device
Sengupta et al. Web Privacy By Design: Evaluating Cross-layer Interactions of QUIC, DNS and H/3
CN114915565A (en) Method and system for debugging network
WO2011157183A2 (en) Investigation method and system for web application hosting

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200225