CN110888795B - APP security evaluation data acquisition method - Google Patents
APP security evaluation data acquisition method Download PDFInfo
- Publication number
- CN110888795B CN110888795B CN201811054410.9A CN201811054410A CN110888795B CN 110888795 B CN110888795 B CN 110888795B CN 201811054410 A CN201811054410 A CN 201811054410A CN 110888795 B CN110888795 B CN 110888795B
- Authority
- CN
- China
- Prior art keywords
- app
- packet
- task
- server
- processing system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Abstract
The invention discloses an APP security evaluation data acquisition method, which comprises the following steps: s1, setting a server as a packet capturing host, and directing a network of mobile communication equipment (mobile phone) where an APP to be detected is located to the server through a configuration proxy gateway; s2, the server sends a packet grabbing start instruction, a user operates an APP to be detected on the mobile communication equipment (mobile phone) to generate a corresponding data packet, and the server grabs the data packet until the data packet is ended. According to the method, the client/cloud end is set through the network proxy to grasp the data (IP) packet of the request response initiated by the APP on the mobile communication equipment, the whole acquisition method is simple to operate, a user can finish tasks only by taking a few minutes, and the data packet grasped by the client has great significance for APP security assessment carried out later.
Description
Technical Field
The invention relates to the technical field of APP security of mobile communication equipment, in particular to a method for acquiring APP security evaluation data.
Background
Along with popularization and application of mobile communication equipment (mobile phones, tablet computers, intelligent watches and the like), various APP (application programs) are rapidly developed, fund payment, payment and other actions are performed through a mobile phone APP connection network, network security is gradually valued by people, the APP security is an important ring of mobile communication equipment network security, corresponding security evaluation can be performed by each portal platform when the APP is pushed out, most of current evaluation modes are based on decompilation or based on technologies such as a mobile operation system simulator for collecting data of the APP and then performing security detection evaluation, but some APP can use a HOOK technology or illegal agents to conceal certain illegal operations, and the current evaluation data has larger error.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides an APP security evaluation data acquisition method, which provides highly reliable data for APP security evaluation performed later.
The technical scheme adopted for solving the technical problems is as follows: an APP security evaluation data acquisition method comprises the following steps:
s1, setting a server as a packet capturing host, and connecting a network of mobile communication equipment (mobile phone) where an APP to be detected is located with the server in a wireless manner through a configuration proxy gateway or a local area network (WiFi) mode, wherein the server is communicated with a service network of the APP to be detected;
s2, the server sends a packet grabbing start instruction, a user operates an APP to be detected on mobile communication equipment (mobile phone) to access the Internet, a corresponding data packet is generated, and the server grabs the data packet until the data packet is ended.
The server is provided with a packet capturing data processing system running through WEB service.
As a further scheme of the invention, the specific operation of S2 is as follows:
s2.1, a user logs in a packet capturing data processing system of WEB service of the server through the Internet (Internet), and selects an APP to be evaluated in an APP list which is input in advance by the packet capturing data processing system or directly inputs APP information to be evaluated in the packet capturing data processing system, wherein the input information comprises the name (unnecessary content) of the APP and/or the original download address of the APP;
s2.2, the packet grabbing data processing system generates a two-dimensional code of the APP information to be evaluated according to a user request;
s2.3, a user operates mobile communication equipment (mobile phone) to scan the two-dimensional code, a link page of a task of capturing packets of the APP to be detected of a server is opened, and the link page comprises an instruction confirmation frame for starting the task of capturing packets and ending the task of capturing packets;
s2.4, a user operates a mobile communication device (mobile phone) to click an instruction confirmation frame for starting a packet capturing task, and a packet capturing starting instruction is sent to a packet capturing server;
s2.5, analyzing a user packet capturing start instruction by the packet capturing data processing system, acquiring the current IP address of the APP (mobile communication equipment) to be evaluated, and marking the address variable as IPx;
s2.6, the server/packet-grabbing data processing system initiates network transmission information interception, and simultaneously a user operates an APP to be detected on mobile communication equipment (mobile phone) to access the proxy network and uses various functions of the APP to be detected; the packet capturing data processing system records all data packets initiated from the IPx or with the target address of the IPx until a user clicks an instruction confirmation box for ending the packet capturing task to end the APP content detection process;
s2.7, the server/packet capturing data processing system acquires an end instruction and stops the packet capturing task of the IPx.
As a further scheme of the present invention, in step S2.6, the packet-grabbing data processing system records all data packets initiated from IPx or having destination addresses of IPx, and unpacks the data packets layer by layer according to a network protocol; the packet grabbing service reserves internet protocol data packets such as http, https, ftp and the like, and the data packets are recorded as a Package.
As a further scheme of the invention, the invention further comprises the following steps:
s2.6.1, the packet-grabbing data processing system analyzes the Package and acquires a service address defined in a protocol and hyperlinks included in an http/https protocol; the address and the hyperlink are stored in an audit task list (TaskX) of the APP to be evaluated;
as a further scheme of the invention, the invention further comprises the following steps:
s2.8, cleaning tasks of non-APP content by the packet grabbing data processing system according to an APP address rule, wherein a task list after cleaning is marked as a task X2;
s3, the packet capturing data processing system takes a task list task X2 as a web crawler task, climbs the corresponding content of the APP layer by layer, and finally takes the task list task X2 as security evaluation data.
As a further scheme of the invention, the invention further comprises the following steps: in step S2, when the server performs the packet capturing task, the server filters the data packet according to the rule, where the data packet filtering rule is: the user inputs a regular expression specifying the back end address accessed by the APP online, and the server/packet-grabbing data processing system judges whether the data packet needs to be stored or discarded according to the regular expression.
The beneficial effects of the invention are as follows: according to the method, the client/cloud end is set through the network proxy to grasp the data (IP) packet of the request response initiated by the APP on the mobile communication equipment, the whole acquisition method is simple to operate, a user can finish tasks only by taking a few minutes, the data packet grasped by the client is completely generated by the user operating the APP, error information generated by the proxy is avoided, access information of the APP is completely reflected, and the method has great significance in APP security assessment carried out later.
Drawings
FIG. 1 is a schematic diagram of the working principle of the present invention;
FIG. 2 is a workflow diagram of an embodiment of the present invention;
fig. 3 a-3 c are operation interface diagrams of the APP probe mobile communication device of the present invention.
FIG. 4 is an APP scan configuration and scan case interface diagram for a packet-grabbing data processing system of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1 to 4, a method for acquiring APP security assessment data includes the following steps:
s1, setting a server as a packet capturing host, and wirelessly connecting a network of mobile communication equipment (mobile phone) where an APP to be detected is located with the server through a configuration proxy gateway or a local area network (WiFi) mode, wherein the server is communicated with a service network of the APP to be detected, and a packet capturing data processing system running through WEB service is arranged on the server;
s2.1, a user logs in a packet capturing data processing system of the WEB service of the server through the Internet (Internet), wherein the packet capturing data processing system is a system formed by processing information by using a computer. Processing and arranging the packet capturing data information through a packet capturing data processing system, calculating to obtain various analysis indexes, and converting the analysis indexes into an information form which is easy to be accepted by people; the user selects the APP to be evaluated in an APP list which is input in advance by the packet capturing data processing system or directly inputs the APP information to be evaluated in the packet capturing data processing system, wherein the input information comprises an APP name (optional content) and an original download address of the APP (as shown in fig. 4);
s2.2, the packet grabbing data processing system generates a two-dimensional code of the APP information to be evaluated according to a user request;
s2.3, a user operates mobile communication equipment (mobile phone) to scan the two-dimensional code, a link page (shown in figure 3 a) of a task of capturing packets about the APP to be detected of a server is opened, and the link page comprises an instruction confirmation frame for starting the task of capturing packets and ending the task of capturing packets;
s2.4, the user operates the mobile communication equipment (mobile phone) to click an instruction confirmation frame for starting a packet capturing task, and a packet capturing starting instruction is sent to a packet capturing server (shown in figure 3 b);
s2.5, analyzing a user packet capturing start instruction by the packet capturing data processing system, acquiring the current IP address of the APP (mobile communication equipment) to be evaluated, and marking the address variable as IPx;
s2.6, the server initiates interception of network transmission information;
s2.7, a user operates an APP to be detected on mobile communication equipment (mobile phone) to access the proxy network and uses various functions of the APP to be detected;
s2.8, the packet capturing data processing system records all data packets initiated from IPx or with the target address of IPx, and the packet capturing action starts from step S2.6 synchronously and unpacks the data packets layer by layer according to a network protocol; the packet grabbing service reserves internet protocol data packets such as http, https, ftp and the like, and the data packets are recorded as Package;
s2.9, the packet-grabbing data processing system analyzes the Package and acquires a service address defined in a protocol and hyperlinks included in an http/https protocol; the address and the hyperlink are stored in an APP audit task list (TaskX) to be evaluated;
s2.10, the user clicks an instruction confirmation box for ending the packet grabbing task to end the APP content detection process (shown in FIG. 3 c);
s2.11, acquiring an ending instruction by the packet capturing data processing system, and stopping the packet capturing task of the IPx;
s2.12, cleaning tasks of non-APP content by the packet grabbing data processing system according to an APP address rule, wherein a task list after cleaning is marked as a task X2;
s3, taking a task list TaskX2 as a web crawler task by the packet grabbing data processing system, and crawling the corresponding content of the APP layer by layer.
The foregoing description is only illustrative of the preferred embodiments of the present invention and is not intended to limit the scope of the invention, i.e., the invention is not limited to the specific embodiments described herein, but is to be accorded the full scope of the claims.
Claims (5)
1. The APP security evaluation data acquisition method is characterized by comprising the following steps:
s1, setting a server as a packet capturing host, and connecting a network of mobile communication equipment where an APP to be detected is located with the server in a wireless manner through a configuration proxy gateway or a local area network mode, wherein the server is communicated with a service network of the APP to be detected;
s2.1, a user logs in a packet capturing data processing system of the WEB service of the server through the Internet, and the user selects an APP to be evaluated in an APP list which is input in advance by the packet capturing data processing system or directly inputs APP information to be evaluated in the packet capturing data processing system;
s2.2, the packet grabbing data processing system generates a two-dimensional code of the APP information to be evaluated according to a user request;
s2.3, a user operates the mobile communication equipment to scan the two-dimensional code, a link page of a task of capturing packets of the APP to be detected of a server is opened, and the link page comprises an instruction confirmation frame for starting the task of capturing packets and ending the task of capturing packets;
s2.4, the user operates the mobile communication equipment to click an instruction confirmation frame for starting a packet grabbing task, and a packet grabbing starting instruction is sent to a packet grabbing server;
s2.5, analyzing a user packet capturing start instruction by the packet capturing data processing system, acquiring the current IP address of the APP to be evaluated, and marking the address variable as IPx;
s2.6, the server initiates network transmission information interception, and simultaneously a user operates an APP to be detected on the mobile communication equipment to access the proxy network and uses various functions of the APP to be detected; the packet capturing data processing system records all data packets initiated from the IPx or with the target address of the IPx until a user clicks an instruction confirmation box for ending the packet capturing task to end the APP content detection process;
s2.7, the server acquires an ending instruction and stops the packet grabbing task of the IPx;
s2.8, cleaning tasks of non-APP content by the packet grabbing data processing system according to an APP address rule, wherein a task list after cleaning is marked as a task X2;
s3, the packet capturing data processing system takes a task list task X2 as a web crawler task, climbs the corresponding content of the APP layer by layer, and finally takes the task list task X2 as security evaluation data.
2. The method according to claim 1, wherein in step S2.1, the entering of the APP information to be evaluated includes an original download address of the APP.
3. The method for acquiring APP security assessment data according to claim 1, wherein in step S2.6, the packet-grabbing data processing system records all data packets initiated from IPx or addressed to IPx, and unpacks the data packets layer by layer according to a network protocol; the grab service reserves http, https, and ftp internet protocol packets, which are recorded as packages.
4. A method for obtaining APP security assessment data according to claim 3, wherein the s2.6.1 packet-grabbing data processing system analyzes the Package and obtains a service address defined in the protocol and a hyperlink included in the http/https protocol; the address and hyperlink are saved to an audit task list, taskX, of the APP to be evaluated.
5. The method for obtaining APP security assessment data according to claim 1, wherein in steps S2.5-S2.6, the server filters the data packet according to a rule when performing the packet capturing task, and the data packet filtering rule is: the user inputs a regular expression specifying the back end address accessed by the APP online, and the server judges whether the data packet needs to be stored or discarded according to the regular expression.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811054410.9A CN110888795B (en) | 2018-09-11 | 2018-09-11 | APP security evaluation data acquisition method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811054410.9A CN110888795B (en) | 2018-09-11 | 2018-09-11 | APP security evaluation data acquisition method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110888795A CN110888795A (en) | 2020-03-17 |
| CN110888795B true CN110888795B (en) | 2023-10-20 |
Family
ID=69745380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811054410.9A Active CN110888795B (en) | 2018-09-11 | 2018-09-11 | APP security evaluation data acquisition method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110888795B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114254717A (en) * | 2020-09-24 | 2022-03-29 | 航天信息股份有限公司 | Electronic invoice storage method, device, medium and equipment |
| CN112311602A (en) * | 2020-10-30 | 2021-02-02 | 上海中通吉网络技术有限公司 | Data packet capturing processing method, device and equipment |
| CN112532734B (en) * | 2020-12-02 | 2023-11-21 | 建信金融科技有限责任公司 | Method and device for detecting message sensitive information |
| CN115002203A (en) * | 2021-03-02 | 2022-09-02 | 京东科技信息技术有限公司 | Data packet capturing method, device, equipment and computer readable medium |
| CN114650168A (en) * | 2022-02-14 | 2022-06-21 | 麒麟软件有限公司 | Application program security testing method |
| CN114584546A (en) * | 2022-03-07 | 2022-06-03 | 南京厚建软件有限责任公司 | Method and system for capturing and storing App data packet |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009225089A (en) * | 2008-03-17 | 2009-10-01 | Murata Mach Ltd | Communication device and method of capturing packet |
| CN102186117A (en) * | 2011-03-30 | 2011-09-14 | 深圳市同洲电子股份有限公司 | Network state judgment method and digital television terminal |
| CN102761456A (en) * | 2011-04-29 | 2012-10-31 | 腾讯科技(深圳)有限公司 | Method, device and system for acquiring performance parameters of browser of mobile terminal |
| CN103401857A (en) * | 2013-07-26 | 2013-11-20 | 北京奇虎科技有限公司 | Interactive method and system of two-dimension code information, client and server |
| CN104023213A (en) * | 2014-06-23 | 2014-09-03 | 浙江宇视科技有限公司 | Interactive service method and system based on two-dimension code |
| CN104092811A (en) * | 2013-07-09 | 2014-10-08 | 腾讯科技(深圳)有限公司 | Mobile terminal information download method, system, terminal device and server |
| CN104601570A (en) * | 2015-01-13 | 2015-05-06 | 国家电网公司 | Network security monitoring method based on bypass monitoring and software packet capturing technology |
| CN106713059A (en) * | 2015-11-16 | 2017-05-24 | 任子行网络技术股份有限公司 | HTTP-based news APP data acquisition method and system |
| CN106845236A (en) * | 2017-01-18 | 2017-06-13 | 东南大学 | A kind of application program various dimensions privacy leakage detection method and system for iOS platforms |
| CN107239697A (en) * | 2017-06-27 | 2017-10-10 | 四维创智(北京)科技发展有限公司 | A kind of server end scan method based on mobile flow |
| CN108154026A (en) * | 2017-12-28 | 2018-06-12 | 成都卫士通信息产业股份有限公司 | Safety communicating method and system of the Root without intrusion are exempted from based on android system |
| US10038603B1 (en) * | 2016-02-23 | 2018-07-31 | Area 1 Security, Inc. | Packet capture collection tasking system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9226124B2 (en) * | 2012-12-31 | 2015-12-29 | Motorola Solutions, Inc. | Method and apparatus for receiving a data stream during an incident |
-
2018
- 2018-09-11 CN CN201811054410.9A patent/CN110888795B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009225089A (en) * | 2008-03-17 | 2009-10-01 | Murata Mach Ltd | Communication device and method of capturing packet |
| CN102186117A (en) * | 2011-03-30 | 2011-09-14 | 深圳市同洲电子股份有限公司 | Network state judgment method and digital television terminal |
| CN102761456A (en) * | 2011-04-29 | 2012-10-31 | 腾讯科技(深圳)有限公司 | Method, device and system for acquiring performance parameters of browser of mobile terminal |
| CN104092811A (en) * | 2013-07-09 | 2014-10-08 | 腾讯科技(深圳)有限公司 | Mobile terminal information download method, system, terminal device and server |
| CN103401857A (en) * | 2013-07-26 | 2013-11-20 | 北京奇虎科技有限公司 | Interactive method and system of two-dimension code information, client and server |
| CN104023213A (en) * | 2014-06-23 | 2014-09-03 | 浙江宇视科技有限公司 | Interactive service method and system based on two-dimension code |
| CN104601570A (en) * | 2015-01-13 | 2015-05-06 | 国家电网公司 | Network security monitoring method based on bypass monitoring and software packet capturing technology |
| CN106713059A (en) * | 2015-11-16 | 2017-05-24 | 任子行网络技术股份有限公司 | HTTP-based news APP data acquisition method and system |
| US10038603B1 (en) * | 2016-02-23 | 2018-07-31 | Area 1 Security, Inc. | Packet capture collection tasking system |
| CN106845236A (en) * | 2017-01-18 | 2017-06-13 | 东南大学 | A kind of application program various dimensions privacy leakage detection method and system for iOS platforms |
| CN107239697A (en) * | 2017-06-27 | 2017-10-10 | 四维创智(北京)科技发展有限公司 | A kind of server end scan method based on mobile flow |
| CN108154026A (en) * | 2017-12-28 | 2018-06-12 | 成都卫士通信息产业股份有限公司 | Safety communicating method and system of the Root without intrusion are exempted from based on android system |
Non-Patent Citations (3)
| Title |
|---|
| iOS平台应用程序的安全性研究;吴寅鹤;《中国优秀硕士学位论文全文数据库 (信息科技辑)》(第10期);I138-44 * |
| Safety Detection Method of Android App Based on Drozer;Li Xiaopeng等;《2018 International Conference on Smart Grid and Electrical Automation (ICSGEA)》;170-172 * |
| Web安全评估及渗透测试研究;仇宇琛;《中国优秀硕士学位论文全文数据库 (信息科技辑)》(第12期);I139-92 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110888795A (en) | 2020-03-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110888795B (en) | APP security evaluation data acquisition method | |
| CN105025081B (en) | Monitor the method for mobile device used | |
| CN103269479B (en) | A kind of call bill processing method, device and system | |
| CN106254436B (en) | Remote debugging method, related equipment and system | |
| CN102055813A (en) | Access controlling method for network application and device thereof | |
| CN106302445B (en) | Method and apparatus for handling request | |
| CN108345543B (en) | Data processing method, device, equipment and storage medium | |
| CN104601641A (en) | Application link sharing method, device and system | |
| CN101651707A (en) | Method for automatically acquiring user behavior log of network | |
| FI2976869T3 (en) | Redirecting a client device from a first gateway to a second gateway for accessing a network node function | |
| CN103825783A (en) | Test method and device | |
| CN101119512B (en) | System and method for work treatment using mobile equipment | |
| CN103905399A (en) | Account registration management method and apparatus | |
| CN103581881B (en) | Comprehensive number-obtaining device as well as system and method for obtaining cell phone number of user on network side | |
| CN107463657A (en) | File operation method and terminal | |
| CN102420837A (en) | NDIS (Network Driver Interface Standard)-based method and system | |
| CN103324673A (en) | Method for acquiring internet user behavior data | |
| CN107291211A (en) | The electric quantity consumption of application program determines method and device | |
| CN103368783A (en) | Method, system and equipment for network communication process monitoring | |
| CN105227644A (en) | Item file generation method and device | |
| CN104734914A (en) | Method, device and system used for monitoring network | |
| CN107018164B (en) | Service processing method and device | |
| CN101102218A (en) | Device for mobile phone network management complaint flow processing system | |
| KR20130022397A (en) | System and method for waste disposal application of internet communication apparatus | |
| JP2004164288A (en) | Information processor, information processing support device, user information management device and information processing support system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |