CN110888795A - Method for acquiring APP security evaluation data - Google Patents
Method for acquiring APP security evaluation data Download PDFInfo
- Publication number
- CN110888795A CN110888795A CN201811054410.9A CN201811054410A CN110888795A CN 110888795 A CN110888795 A CN 110888795A CN 201811054410 A CN201811054410 A CN 201811054410A CN 110888795 A CN110888795 A CN 110888795A
- Authority
- CN
- China
- Prior art keywords
- app
- packet capturing
- packet
- server
- task
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Abstract
The invention discloses a method for acquiring APP security evaluation data, which comprises the following steps: s1, setting a server as a packet capturing host, and pointing a network of mobile communication equipment (mobile phone) where an APP to be detected is located to the server through a configured proxy gateway; s2, the server sends a packet capturing starting instruction, a user operates the APP to be detected on the mobile communication equipment (mobile phone) to generate a corresponding data packet, and the server performs a packet capturing task on the data packet until the data packet is completed. According to the method, the client/cloud side is set through the network agent to perform packet capturing processing on the data (IP) packet of the request response initiated by the APP on the mobile communication equipment, the whole obtaining method is simple to operate, a user can complete a task in a few minutes, and the data packet captured by the client side has great significance for APP safety assessment performed in the later period.
Description
Technical Field
The invention relates to the technical field of APP safety of mobile communication equipment, in particular to a method for acquiring APP safety evaluation data.
Background
With the popularization and application of mobile communication equipment (mobile phones, tablet computers, smart watches and the like), various applications (application programs) are rapidly developed, the behaviors of fund payment, payment and the like through a mobile phone APP connection network become the daily consumption line, the network security is gradually paid attention to people, the APP security is an important part of the network security of the mobile communication equipment, each portal platform can make corresponding security assessment when releasing the APP, most of the existing assessment modes are based on anti-coding compilation or mobile operating system simulator and other technologies to acquire the APP and then make security detection assessment, some APPs may adopt HOOK technologies or illegal agents to hide certain illegal operations, and the existing assessment data has larger error.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides an acquisition method of APP security assessment data, which provides high-reliability data for later-stage APP security assessment.
The technical scheme adopted by the invention for solving the technical problems is as follows: an APP safety evaluation data acquisition method comprises the following steps:
s1, setting a server as a packet capturing host, and wirelessly connecting a network of mobile communication equipment (mobile phone) where an APP to be detected is located with the server through a configuration proxy gateway or a local area network (WiFi) mode, wherein the server is communicated with a service network of the APP to be detected;
s2, the server sends a packet capturing starting instruction, a user operates the APP to be detected on the mobile communication equipment (mobile phone) to access the Internet to generate a corresponding data packet, and the server performs a packet capturing task on the data packet until the data packet is completed.
Wherein, the server is provided with a packet capturing data processing system operated by WEB service.
As a further aspect of the present invention, the specific operation of S2 is as follows:
s2.1, a user logs in a packet capturing data processing system of the WEB service of the server through the Internet, the user selects an APP to be evaluated from an APP list input in advance by the packet capturing data processing system or directly inputs APP information to be evaluated in the packet capturing data processing system, wherein the input information comprises the name (non-essential content) of the APP and/or the original download address of the APP;
s2.2, the packet capturing data processing system generates a two-dimensional code of the APP information to be evaluated according to a user request;
s2.3, a user operates mobile communication equipment (mobile phone) to scan the two-dimensional code, a link page of a server for a packet capturing task of the APP to be detected is opened, and the link page comprises an instruction confirmation frame for starting the start of the packet capturing task and finishing the packet capturing task;
s2.4, the user operates the mobile communication equipment (mobile phone) to click an instruction confirmation box for starting the packet capturing task, and a packet capturing starting instruction is sent to a packet capturing server;
s2.5, analyzing a packet capturing start instruction of a user by a packet capturing data processing system, acquiring a current IP address of an APP (mobile communication device) to be evaluated, and marking an address variable as IPx;
s2.6, the server/packet capturing data processing system initiates network transmission information interception, and meanwhile, a user operates the APP to be detected on the mobile communication equipment (mobile phone) to access the proxy network and uses various functions of the APP to be detected; the packet capturing data processing system records all data packets initiated from IPx or with IPx as a target address until a user clicks an instruction confirmation box for finishing a packet capturing task to finish the APP content detection process;
and S2.7, the server/packet capturing data processing system acquires the ending instruction and stops the packet capturing task of IPx.
As a further scheme of the present invention, in step S2.6, the packet capturing data processing system records all data packets initiated from IPx or addressed to IPx, and unpacks the data packets layer by layer according to a network protocol; the packet capturing service reserves internet protocol data packets such as http, https, ftp and the like, and the data packets are recorded as Package.
As a further scheme of the invention, the method also comprises the following steps:
s2.6.1, the packet capturing data processing system analyzes the Package and obtains a service address defined in the protocol and a hyperlink included in the http/https protocol; the address and the hyperlink are stored to an audit task list TaskX of the APP to be evaluated;
as a further scheme of the invention, the method also comprises the following steps:
s2.8, the packet capturing data processing system cleans tasks of non-APP content according to the APP address rule, and the cleaned task list is marked as TaskX 2;
and S3, the packet capturing data processing system takes the task list TaskX2 as a web crawler task, crawls corresponding content of the APP layer by layer, and finally takes the corresponding content as security assessment data.
As a further scheme of the invention, the method also comprises the following steps: in step S2, when the server performs the packet capturing task, the server filters the data packet according to the following rules: and the user inputs the regular expression of the rear-end address of the appointed APP access on line, and the server/packet capturing data processing system judges whether the data packet needs to be stored or discarded according to the regular expression.
The invention has the beneficial effects that: the method is characterized in that the client/cloud is set through the network agent to perform packet capturing processing on a data (IP) packet which is initiated by the APP and requested to respond on the mobile communication equipment, the whole obtaining method is simple to operate, a user can complete a task in a few minutes, the data packet captured by the client is completely generated by the user operating the APP, error information generated by the agent is avoided, the access information of the APP is completely reflected, and the method has great significance for APP safety evaluation in the later period.
Drawings
FIG. 1 is a schematic diagram of the working principle of the present invention;
FIG. 2 is a work flow diagram of an embodiment of the present invention;
fig. 3 is an interface diagram for generating an APP trigger for detecting and providing mobile phone two-dimensional code scanning by the packet capture data processing system of the present invention.
Fig. 4 a-4 c are operation interface diagrams of the mobile communication device for APP detection according to the present invention.
FIG. 5 is an APP scan configuration and scan status interface diagram for the packet capture data processing system of the present invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings.
As shown in fig. 1 to 5, a method for acquiring APP security evaluation data includes the following steps:
s1, setting a server as a packet capturing host, and wirelessly connecting a network of mobile communication equipment (mobile phone) where an APP to be detected is located with the server through a configuration proxy gateway or a local area network (WiFi) mode, wherein the server is communicated with a service network of the APP to be detected, and the server is provided with a packet capturing data processing system which operates through WEB service;
and S2.1, logging in a packet capturing data processing system of the WEB service of the server by a user through the Internet, wherein the packet capturing data processing system is a system formed by processing information by using a computer. Processing and sorting the packet capturing data information through a packet capturing data processing system, calculating to obtain various analysis indexes, and converting the analysis indexes into an information form which is easily accepted by people; a user selects an APP to be evaluated from an APP list input in advance by the packet capturing data processing system or directly inputs APP information to be evaluated in the packet capturing data processing system, wherein the input information comprises an APP name (non-essential content) and an original download address of the APP (as shown in FIG. 5);
s2.2, the packet capturing data processing system generates a two-dimensional code (shown in figure 3) of the APP information to be evaluated according to a user request;
s2.3, a user operates the mobile communication equipment (mobile phone) to scan the two-dimensional code, and opens a link page (shown in figure 4 a) of a server for a packet capturing task of the APP to be detected, wherein the link page comprises an instruction confirmation frame for starting the start of the packet capturing task and finishing the packet capturing task;
s2.4, the user operates the mobile communication equipment (mobile phone) to click an instruction confirmation box for starting the packet capturing task, and a packet capturing starting instruction is sent to a packet capturing server (as shown in figure 4 b);
s2.5, analyzing a packet capturing start instruction of a user by a packet capturing data processing system, acquiring a current IP address of an APP (mobile communication device) to be evaluated, and marking an address variable as IPx;
s2.6, the server initiates network transmission information interception;
s2.7, operating the APP to be detected on the mobile communication equipment (mobile phone) by a user to access the proxy network and using various functions of the APP to be detected;
s2.8, the packet capturing data processing system records all data packets initiated from IPx or with IPx as a target address, the packet capturing action is started synchronously from the step S2.6, and the data packets are unpacked layer by layer according to a network protocol; the packet capturing service reserves internet protocol data packets such as http, https, ftp and the like, and the data packets are recorded as Package;
s2.9, the packet capturing data processing system analyzes the Package and acquires a service address defined in the protocol and a hyperlink included in the http/https protocol; the address and the hyperlink are stored to an APP audit task list TaskX to be evaluated;
s2.10, the user clicks an instruction confirmation box for finishing the packet capturing task to finish the APP content detection process (as shown in FIG. 4 c);
s2.11, the packet capturing data processing system acquires an ending instruction and stops the packet capturing task of IPx;
s2.12, the packet capturing data processing system cleans tasks of non-APP content according to an APP address rule, and a task list after cleaning is marked as TaskX 2;
and S3, the packet capturing data processing system takes the task list TaskX2 as a web crawler task, and crawls the corresponding content of the APP layer by layer.
The above description is only a preferred embodiment of the present invention, and the scope of the present invention should not be limited thereby, and all the simple equivalent changes and modifications made in the claims and the description of the present invention are within the scope of the present invention.
Claims (7)
1. A method for acquiring APP security assessment data is characterized by comprising the following steps:
s1, setting a server as a packet capturing host, and wirelessly connecting a network of mobile communication equipment where an APP to be detected is located with the server through a configuration proxy gateway or in a local area network manner, wherein the server is communicated with a service network of the APP to be detected;
s2, the server sends a packet capturing starting instruction, the user operates the APP to be detected on the mobile communication equipment to access the Internet to generate a corresponding data packet, and the server performs a packet capturing task on the data packet until the data packet is completed.
2. The method for acquiring APP security evaluation data according to claim 1, wherein the operation of step S2 is as follows:
s2.1, a user logs in a packet capturing data processing system of the WEB service of the server through the Internet, and selects an APP to be evaluated from an APP list input in advance by the packet capturing data processing system or directly inputs APP information to be evaluated in the packet capturing data processing system;
s2.2, the packet capturing data processing system generates a two-dimensional code of the APP information to be evaluated according to a user request;
s2.3, the user operates the mobile communication equipment to scan the two-dimensional code, a link page of a server for a task of packet capturing of the APP to be detected is opened, and the link page comprises an instruction confirmation frame for starting the start of the packet capturing task and finishing the packet capturing task;
s2.4, the user operates the mobile communication equipment to click an instruction confirmation box for starting the packet capturing task, and a packet capturing starting instruction is sent to a packet capturing server;
s2.5, analyzing a user packet capturing start instruction by a packet capturing data processing system, acquiring a current IP address of an APP to be evaluated, and marking an address variable as IPx;
s2.6, the server initiates network transmission information interception, and meanwhile, the user operates the APP to be detected on the mobile communication equipment to access the proxy network and uses various functions of the APP to be detected; the packet capturing data processing system records all data packets initiated from IPx or with IPx as a target address until a user clicks an instruction confirmation box for finishing a packet capturing task to finish the APP content detection process;
and S2.7, the server acquires the ending instruction and stops the IPx packet capturing task.
3. The method for acquiring APP security evaluation data according to claim 2, wherein in step S2.1, the entered APP information to be evaluated includes an original download address of the APP.
4. The method for acquiring APP security evaluation data according to claim 2, wherein in step S2.6, the packet capturing data processing system records all data packets originating from IPx or having a destination address of IPx, and unpacks the data packets layer by layer according to a network protocol; the packet capturing service reserves internet protocol data packets such as http, https, ftp and the like, and the data packets are recorded as Package.
5. The method for acquiring APP security assessment data according to claim 4, wherein S2.6.1. the packet capturing data processing system analyzes the Package and acquires a service address defined in the protocol and a hyperlink included in the http/https protocol; and the address and the hyperlink are saved to an audit task list TaskX of the APP to be evaluated.
6. The method for obtaining APP security assessment data according to claim 2 or 4, further comprising:
s2.8, the packet capturing data processing system cleans tasks of non-APP content according to the APP address rule, and the cleaned task list is marked as TaskX 2;
and S3, the packet capturing data processing system takes the task list TaskX2 as a web crawler task, and crawls the corresponding content of the APP layer by layer.
7. The method for acquiring APP security evaluation data according to claim 1, wherein in step S2, when the server performs a packet capturing task, the server filters the packet according to rules, where the rules for filtering the packet are: and the user inputs the regular expression of the rear-end address of the appointed APP access on line, and the server judges whether the data packet needs to be stored or discarded according to the regular expression.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811054410.9A CN110888795B (en) | 2018-09-11 | 2018-09-11 | APP security evaluation data acquisition method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811054410.9A CN110888795B (en) | 2018-09-11 | 2018-09-11 | APP security evaluation data acquisition method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110888795A true CN110888795A (en) | 2020-03-17 |
CN110888795B CN110888795B (en) | 2023-10-20 |
Family
ID=69745380
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811054410.9A Active CN110888795B (en) | 2018-09-11 | 2018-09-11 | APP security evaluation data acquisition method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110888795B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112311602A (en) * | 2020-10-30 | 2021-02-02 | 上海中通吉网络技术有限公司 | Data packet capturing processing method, device and equipment |
CN112532734A (en) * | 2020-12-02 | 2021-03-19 | 建信金融科技有限责任公司 | Message sensitive information detection method and device |
CN114254717A (en) * | 2020-09-24 | 2022-03-29 | 航天信息股份有限公司 | Electronic invoice storage method, device, medium and equipment |
CN114584546A (en) * | 2022-03-07 | 2022-06-03 | 南京厚建软件有限责任公司 | Method and system for capturing and storing App data packet |
CN114650168A (en) * | 2022-02-14 | 2022-06-21 | 麒麟软件有限公司 | Application program security testing method |
CN115002203A (en) * | 2021-03-02 | 2022-09-02 | 京东科技信息技术有限公司 | Data packet capturing method, device, equipment and computer readable medium |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009225089A (en) * | 2008-03-17 | 2009-10-01 | Murata Mach Ltd | Communication device and method of capturing packet |
CN102186117A (en) * | 2011-03-30 | 2011-09-14 | 深圳市同洲电子股份有限公司 | Network state judgment method and digital television terminal |
CN102761456A (en) * | 2011-04-29 | 2012-10-31 | 腾讯科技(深圳)有限公司 | Method, device and system for acquiring performance parameters of browser of mobile terminal |
CN103401857A (en) * | 2013-07-26 | 2013-11-20 | 北京奇虎科技有限公司 | Interactive method and system of two-dimension code information, client and server |
US20140187190A1 (en) * | 2012-12-31 | 2014-07-03 | Motorola Solutions, Inc. | Method and apparatus for receiving a data stream during an incident |
CN104023213A (en) * | 2014-06-23 | 2014-09-03 | 浙江宇视科技有限公司 | Interactive service method and system based on two-dimension code |
CN104092811A (en) * | 2013-07-09 | 2014-10-08 | 腾讯科技(深圳)有限公司 | Mobile terminal information download method, system, terminal device and server |
CN104601570A (en) * | 2015-01-13 | 2015-05-06 | 国家电网公司 | Network security monitoring method based on bypass monitoring and software packet capturing technology |
CN106713059A (en) * | 2015-11-16 | 2017-05-24 | 任子行网络技术股份有限公司 | HTTP-based news APP data acquisition method and system |
CN106845236A (en) * | 2017-01-18 | 2017-06-13 | 东南大学 | A kind of application program various dimensions privacy leakage detection method and system for iOS platforms |
CN107239697A (en) * | 2017-06-27 | 2017-10-10 | 四维创智(北京)科技发展有限公司 | A kind of server end scan method based on mobile flow |
CN108154026A (en) * | 2017-12-28 | 2018-06-12 | 成都卫士通信息产业股份有限公司 | Safety communicating method and system of the Root without intrusion are exempted from based on android system |
US10038603B1 (en) * | 2016-02-23 | 2018-07-31 | Area 1 Security, Inc. | Packet capture collection tasking system |
-
2018
- 2018-09-11 CN CN201811054410.9A patent/CN110888795B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009225089A (en) * | 2008-03-17 | 2009-10-01 | Murata Mach Ltd | Communication device and method of capturing packet |
CN102186117A (en) * | 2011-03-30 | 2011-09-14 | 深圳市同洲电子股份有限公司 | Network state judgment method and digital television terminal |
CN102761456A (en) * | 2011-04-29 | 2012-10-31 | 腾讯科技(深圳)有限公司 | Method, device and system for acquiring performance parameters of browser of mobile terminal |
US20140187190A1 (en) * | 2012-12-31 | 2014-07-03 | Motorola Solutions, Inc. | Method and apparatus for receiving a data stream during an incident |
CN104092811A (en) * | 2013-07-09 | 2014-10-08 | 腾讯科技(深圳)有限公司 | Mobile terminal information download method, system, terminal device and server |
CN103401857A (en) * | 2013-07-26 | 2013-11-20 | 北京奇虎科技有限公司 | Interactive method and system of two-dimension code information, client and server |
CN104023213A (en) * | 2014-06-23 | 2014-09-03 | 浙江宇视科技有限公司 | Interactive service method and system based on two-dimension code |
CN104601570A (en) * | 2015-01-13 | 2015-05-06 | 国家电网公司 | Network security monitoring method based on bypass monitoring and software packet capturing technology |
CN106713059A (en) * | 2015-11-16 | 2017-05-24 | 任子行网络技术股份有限公司 | HTTP-based news APP data acquisition method and system |
US10038603B1 (en) * | 2016-02-23 | 2018-07-31 | Area 1 Security, Inc. | Packet capture collection tasking system |
CN106845236A (en) * | 2017-01-18 | 2017-06-13 | 东南大学 | A kind of application program various dimensions privacy leakage detection method and system for iOS platforms |
CN107239697A (en) * | 2017-06-27 | 2017-10-10 | 四维创智(北京)科技发展有限公司 | A kind of server end scan method based on mobile flow |
CN108154026A (en) * | 2017-12-28 | 2018-06-12 | 成都卫士通信息产业股份有限公司 | Safety communicating method and system of the Root without intrusion are exempted from based on android system |
Non-Patent Citations (3)
Title |
---|
LI XIAOPENG等: "Safety Detection Method of Android App Based on Drozer", 《2018 INTERNATIONAL CONFERENCE ON SMART GRID AND ELECTRICAL AUTOMATION (ICSGEA)》, pages 170 - 172 * |
仇宇琛: "Web安全评估及渗透测试研究", 《中国优秀硕士学位论文全文数据库 (信息科技辑)》, no. 12, pages 139 - 92 * |
吴寅鹤: "iOS平台应用程序的安全性研究", 《中国优秀硕士学位论文全文数据库 (信息科技辑)》, no. 10, pages 138 - 44 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114254717A (en) * | 2020-09-24 | 2022-03-29 | 航天信息股份有限公司 | Electronic invoice storage method, device, medium and equipment |
CN112311602A (en) * | 2020-10-30 | 2021-02-02 | 上海中通吉网络技术有限公司 | Data packet capturing processing method, device and equipment |
CN112532734A (en) * | 2020-12-02 | 2021-03-19 | 建信金融科技有限责任公司 | Message sensitive information detection method and device |
CN112532734B (en) * | 2020-12-02 | 2023-11-21 | 建信金融科技有限责任公司 | Method and device for detecting message sensitive information |
CN115002203A (en) * | 2021-03-02 | 2022-09-02 | 京东科技信息技术有限公司 | Data packet capturing method, device, equipment and computer readable medium |
CN114650168A (en) * | 2022-02-14 | 2022-06-21 | 麒麟软件有限公司 | Application program security testing method |
CN114584546A (en) * | 2022-03-07 | 2022-06-03 | 南京厚建软件有限责任公司 | Method and system for capturing and storing App data packet |
Also Published As
Publication number | Publication date |
---|---|
CN110888795B (en) | 2023-10-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110888795A (en) | Method for acquiring APP security evaluation data | |
CN104601641A (en) | Application link sharing method, device and system | |
CN108846657A (en) | A kind of method and relevant apparatus of Electronic Transfer | |
CN105160522A (en) | Virtual resource transfer method, related device and system | |
CN102055813A (en) | Access controlling method for network application and device thereof | |
CN103489105A (en) | System and method for building mobile application store | |
CN110503559B (en) | Block chain-based clearing method, device, equipment and computer storage medium | |
CN103825783A (en) | Test method and device | |
CN110493074B (en) | Method and system for testing server and client | |
CN112600631B (en) | WiFi signal stability automatic test method and related components thereof | |
CN103581881B (en) | Comprehensive number-obtaining device as well as system and method for obtaining cell phone number of user on network side | |
CN111047147B (en) | Automatic business process acquisition method and intelligent terminal | |
CN102035847B (en) | User access behavior processing method and system and client | |
CN110888613A (en) | Printing method, printing device, printing system and electronic equipment | |
CN105530137A (en) | Traffic data analysis method and traffic data analysis system | |
CN112073512B (en) | Data processing method and device | |
CN113037744A (en) | Interactive safety event script arranging and disposing method and device | |
CN105809504A (en) | Application store system for constructing rapid storage data | |
CN113822036B (en) | Privacy policy content generation method and device and electronic equipment | |
KR101392624B1 (en) | Mobile forensics method based on network communication | |
CN105227644A (en) | Item file generation method and device | |
CN115729547A (en) | Method, system and device for processing buried point data, storage medium and electronic equipment | |
CN106790322B (en) | Cache strategy forming method and device | |
CN104734914A (en) | Method, device and system used for monitoring network | |
KR20130022397A (en) | System and method for waste disposal application of internet communication apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |