CN110971605B - Method for acquiring pirated game server information by capturing data packet - Google Patents
Method for acquiring pirated game server information by capturing data packet Download PDFInfo
- Publication number
- CN110971605B CN110971605B CN201911231714.2A CN201911231714A CN110971605B CN 110971605 B CN110971605 B CN 110971605B CN 201911231714 A CN201911231714 A CN 201911231714A CN 110971605 B CN110971605 B CN 110971605B
- Authority
- CN
- China
- Prior art keywords
- data packet
- information
- game server
- pirate
- http
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/131—Protocols for games, networked simulations or virtual reality
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for acquiring pirate game server information by capturing a data packet, which comprises the following steps: step S1, capturing the network data packet through the packet capturing program, and filtering the network data packet for the first time to obtain the original data packet interacted with the pirate game server; step S2, sending the original data packet to a reconstruction program in a message queue mode, and carrying out secondary filtering on the original data packet to extract the needed GET and POST information; step S3, the analog pirate logger reconstructs the data packet of the original data packet filtered for the second time to obtain a reconstructed data packet; step S4, the reconstructed data packet interacts with the pirate game server to obtain the information of the pirate game server; the invention can continuously track and collect pirate game server information to obtain pirate evidence.
Description
Technical Field
The invention relates to the technical field of computer communication, in particular to a method for acquiring pirated game server information by capturing a data packet.
Background
At present, the method for capturing the network data packet can only capture a wide range of network data packets, such as a network packet analysis tool wireshake, and related information of the network data packets is difficult to obtain without corresponding processing. Generally, a game company logs in a game by adopting a register, a pirate online game provider simulates and develops the pirate register, and information of a pirate game server is loaded through the pirate register so as to log in a game server of the other party. If a large number of pirate loggers are used by players, loss of the players is brought to companies, and a large amount of loss is caused. The pirate game server: a server of a pirate game provider.
Disclosure of Invention
In order to overcome the above problems, the present invention aims to provide a method for acquiring information of a pirate game server by capturing a data packet, which continuously tracks migration data of a pirate game, and continuously tracks and collects information of the pirate game server to obtain evidence of piracy.
The invention is realized by adopting the following scheme: a method of obtaining pirated game server information by capturing data packets, comprising the steps of:
step S1, capturing the network data packet through the packet capturing program, and filtering the network data packet for the first time to obtain the original data packet interacted with the pirate game server;
step S2, sending the original data packet to a reconstruction program in a message queue mode, and carrying out secondary filtering on the original data packet to extract the needed GET and POST information;
step S3, the analog pirate logger reconstructs the data packet of the original data packet filtered for the second time to obtain a reconstructed data packet;
and step S4, interacting the reconstructed data packet with the pirate game server to obtain the information of the pirate game server.
Further, the step S1 performs a first filtering to obtain an original data packet interacting with the pirate game server, specifically: filtering all process data packets captured by a network card to obtain IP addresses and port numbers interacted with a pirate logger to obtain original data packets, wherein the original data packets contain various different protocol data packets, and also contain resource picture information and invalid TCP three-way handshake; the different protocol data packets comprise ICMP protocol, DNS protocol, ARP protocol and HTTP protocol.
Further, the step S2 performs a second filtering on the original data packet to extract the GET and POST information, which specifically includes: filtering different protocol data packets in an original data packet to obtain an HTTP data packet, wherein the HTTP data packet comprises HTTP request methods of GET, POST, DELETE, HEAD, OPTIONS, PUT and TRACE; and obtaining the whole HTTP stream according to the HTTP data packet, and extracting the HTTP data packet request information of GET and POST.
Further, the reconstructing the data packet in step S3 specifically includes: performing secondary filtering on the original data packet to obtain an HTTP data packet and extracting required GET and POST information; newly creating a new request frame in the HTTP data packet, and filling key field information in the request frame, wherein the key field information comprises: IP address, port number, request header, network protocol, coding format, pirate logger characteristic information and request information data for data packet reconstruction.
Further, the step S4 further specifically includes: and sending the reconstructed data packet to a pirate game server in a request mode of HTTP protocol specification, waiting for receiving the response of the pirate game server, analyzing the corresponding HTTP response after receiving the response of the pirate game server, and when the analysis result is the HTTP status code 200, indicating that the interaction is successful, and extracting RAW data of the response data packet, namely obtaining the information of the pirate game server.
Further, the information of the pirate game server includes an IP address, a port number, game zone service information, and official homepage information.
The invention has the beneficial effects that: 1. helping the company to collect pirated game information and obtaining evidence. 2. The obtained key information helps operators to continuously track pirated game migration data and track the pirated game migration data continuously. 3. The automatic analysis is achieved by adopting a message queue mode, the operation is convenient, and the labor and time costs are reduced.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention.
Fig. 2 is a schematic flow diagram of the interaction in the method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
The method includes the steps of firstly simulating a traditional packet capturing tool to capture a network data packet, conducting coarse filtering on the network data packet to obtain an original data packet interacted with a pirate game server, then sending the original data packet to a data packet reconstruction program in a message queue mode, conducting fine filtering on the original data packet, extracting needed GET and POST information, and then constructing the data packet by a register to be interacted with the pirate game server to obtain related pirate game server region service information.
Referring to fig. 1 and 2, a method for acquiring pirate game server information by capturing data packets according to the present invention includes the following steps:
step S1, capturing the network data packet through the packet capturing program, namely automatically starting the pirate logger and the self packet capturing program to monitor the data packet; carrying out first filtering on the network data packet to obtain an original data packet interacted with a pirate game server;
in step S1, the first filtering is performed to obtain an original data packet interacting with the pirate game server, specifically: filtering all process data packets captured by a network card to obtain IP addresses and port numbers interacted with a pirate logger to obtain original data packets, wherein the original data packets contain various different protocol data packets, and also contain resource picture information and invalid TCP three-way handshake; the different protocol data packets comprise ICMP protocol, DNS protocol, ARP protocol and HTTP protocol.
Step S2, sending the original data packet to a reconstruction program in a message queue mode, and carrying out secondary filtering on the original data packet to extract the needed GET and POST information;
step S2 is to perform the second filtering on the original data packet to extract the GET and POST information required, which specifically includes: filtering different protocol data packets in an original data packet to obtain an HTTP data packet, wherein the HTTP data packet comprises HTTP request methods of GET, POST, DELETE, HEAD, OPTIONS, PUT and TRACE; and obtaining the whole HTTP stream according to the HTTP data packet, and extracting the HTTP data packet request information of GET and POST.
Step S3, the analog pirate logger reconstructs the data packet of the original data packet filtered for the second time to obtain a reconstructed data packet; the simulated pirate logger comprises the following components: some pirate loggers will extract the local configuration information and send to their own pirate game server for verification, and the method of simulating it also fills the package during analysis.
In step S3, the packet reconstruction is specifically performed by: performing secondary filtering on the original data packet to obtain an HTTP data packet and extracting required GET and POST information; newly creating a new request frame in the HTTP data packet, and filling key field information in the request frame, wherein the key field information comprises: the method comprises the steps of reconstructing a data packet by using an IP address, a port number, a request header, a network protocol, a coding format, piracy logger characteristic information (the piracy logger characteristic information is local configuration information of a piracy logger) and request information data.
And step S4, interacting the reconstructed data packet with the pirate game server to obtain the information of the pirate game server.
The step S4 further includes: sending the reconstructed data packet to a pirate game server in a request mode of HTTP protocol specification, waiting for receiving a response of the pirate game server, analyzing a corresponding HTTP response after receiving the response of the pirate game server, and when the analysis result is an HTTP status code 200, indicating that the interaction is successful, and extracting RAW data (RAW data, namely image data) of the response data packet, namely obtaining the information of the pirate game server; and storing the information of the pirate game server; the information of the pirate game server includes an IP address, a port number, game zone service information, and official homepage information.
In a word, the invention can continuously track the migration data of the pirated game, continuously track and collect the information of the pirated game server and obtain the pirated evidence.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.
Claims (5)
1. A method of obtaining pirated game server information by capturing data packets, characterized by: the method comprises the following steps:
step S1, capturing the network data packet through the packet capturing program, and filtering the network data packet for the first time to obtain the original data packet interacted with the pirate game server;
step S2, sending the original data packet to a reconstruction program in a message queue mode, and carrying out secondary filtering on the original data packet to extract the needed GET and POST information;
step S3, the analog pirate logger reconstructs the data packet of the original data packet filtered for the second time to obtain a reconstructed data packet;
step S4, the reconstructed data packet interacts with the pirate game server to obtain the information of the pirate game server; the step S4 further includes: and sending the reconstructed data packet to a pirate game server in a request mode of HTTP protocol specification, waiting for receiving the response of the pirate game server, analyzing the corresponding HTTP response after receiving the response of the pirate game server, and when the analysis result is the HTTP status code 200, indicating that the interaction is successful, and extracting RAW data of the response data packet, namely obtaining the information of the pirate game server.
2. The method of claim 1, wherein the method comprises capturing data packets to obtain pirated game server information, the method comprising: in step S1, the first filtering is performed to obtain an original data packet interacting with the pirate game server, specifically: filtering all process data packets captured by a network card to obtain IP addresses and port numbers interacted with a pirate logger to obtain original data packets, wherein the original data packets contain various different protocol data packets, and also contain resource picture information and invalid TCP three-way handshake; the different protocol data packets comprise ICMP protocol, DNS protocol, ARP protocol and HTTP protocol.
3. A method of obtaining pirated game server information by capturing data packets according to claim 2, wherein: step S2 is to perform the second filtering on the original data packet to extract the GET and POST information required, which specifically includes: filtering different protocol data packets in an original data packet to obtain an HTTP data packet, wherein the HTTP data packet comprises HTTP request methods of GET, POST, DELETE, HEAD, OPTIONS, PUT and TRACE; and obtaining the whole HTTP stream according to the HTTP data packet, and extracting the HTTP data packet request information of GET and POST.
4. A method of obtaining pirated game server information by capturing data packets according to claim 3, wherein: in step S3, the packet reconstruction is specifically performed by: performing secondary filtering on the original data packet to obtain an HTTP data packet and extracting required GET and POST information; newly creating a new request frame in the HTTP data packet, and filling key field information in the request frame, wherein the key field information comprises: IP address, port number, request header, network protocol, encoding format, and request information data for packet reconstruction.
5. The method of claim 1, wherein the method comprises capturing data packets to obtain pirated game server information, the method comprising: the information of the pirate game server includes an IP address, a port number, game zone service information, and official homepage information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911231714.2A CN110971605B (en) | 2019-12-05 | 2019-12-05 | Method for acquiring pirated game server information by capturing data packet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911231714.2A CN110971605B (en) | 2019-12-05 | 2019-12-05 | Method for acquiring pirated game server information by capturing data packet |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110971605A CN110971605A (en) | 2020-04-07 |
| CN110971605B true CN110971605B (en) | 2022-03-08 |
Family
ID=70033046
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911231714.2A Active CN110971605B (en) | 2019-12-05 | 2019-12-05 | Method for acquiring pirated game server information by capturing data packet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110971605B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113411222B (en) * | 2021-08-02 | 2021-11-19 | 广州市刑事科学技术研究所 | Memory, APP server host address analysis method, device and equipment |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729542A (en) * | 2009-11-26 | 2010-06-09 | 上海大学 | Multi-protocol information resolving system based on network packet |
| CN102710603A (en) * | 2012-05-02 | 2012-10-03 | 华为技术有限公司 | Method, terminal, and server for generating media information and AHS (adaptive HTTP streaming) system |
| CN103440454A (en) * | 2013-08-01 | 2013-12-11 | 上海交通大学 | Search engine keyword-based active honeypot detection method |
| CN103618720A (en) * | 2013-11-29 | 2014-03-05 | 华中科技大学 | Method and system for Trojan network communication detecting and evidence obtaining |
| CN104199921A (en) * | 2014-08-30 | 2014-12-10 | 深圳市云来网络科技有限公司 | Copy-preventing tracking method for web application and copy-preventing webpage tracking device |
| CN104486320A (en) * | 2014-12-10 | 2015-04-01 | 国家电网公司 | Intranet sensitive information disclosure evidence collection system and method based on honeynet technology |
| CN105187393A (en) * | 2015-08-10 | 2015-12-23 | 济南大学 | Mobile terminal malicious software network behavior reconstruction method and system thereof |
| CN106131093A (en) * | 2016-09-07 | 2016-11-16 | 四川秘无痕信息安全技术有限责任公司 | A kind of method carrying out verifying evidence obtaining for email login information |
| CN108023767A (en) * | 2017-11-29 | 2018-05-11 | 四川无声信息技术有限公司 | Internet behavior method for tracing, device and server |
| CN109446086A (en) * | 2018-10-29 | 2019-03-08 | 北京酷我科技有限公司 | A kind of method of App inside packet capturing |
| CN110368695A (en) * | 2019-08-19 | 2019-10-25 | 福建天晴在线互动科技有限公司 | A kind of plug-in detection method of game based on HTTP flow URI feature |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8661496B2 (en) * | 2002-12-10 | 2014-02-25 | Ol2, Inc. | System for combining a plurality of views of real-time streaming interactive video |
| US8832772B2 (en) * | 2002-12-10 | 2014-09-09 | Ol2, Inc. | System for combining recorded application state with application streaming interactive video output |
-
2019
- 2019-12-05 CN CN201911231714.2A patent/CN110971605B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729542A (en) * | 2009-11-26 | 2010-06-09 | 上海大学 | Multi-protocol information resolving system based on network packet |
| CN102710603A (en) * | 2012-05-02 | 2012-10-03 | 华为技术有限公司 | Method, terminal, and server for generating media information and AHS (adaptive HTTP streaming) system |
| CN103440454A (en) * | 2013-08-01 | 2013-12-11 | 上海交通大学 | Search engine keyword-based active honeypot detection method |
| CN103618720A (en) * | 2013-11-29 | 2014-03-05 | 华中科技大学 | Method and system for Trojan network communication detecting and evidence obtaining |
| CN104199921A (en) * | 2014-08-30 | 2014-12-10 | 深圳市云来网络科技有限公司 | Copy-preventing tracking method for web application and copy-preventing webpage tracking device |
| CN104486320A (en) * | 2014-12-10 | 2015-04-01 | 国家电网公司 | Intranet sensitive information disclosure evidence collection system and method based on honeynet technology |
| CN105187393A (en) * | 2015-08-10 | 2015-12-23 | 济南大学 | Mobile terminal malicious software network behavior reconstruction method and system thereof |
| CN106131093A (en) * | 2016-09-07 | 2016-11-16 | 四川秘无痕信息安全技术有限责任公司 | A kind of method carrying out verifying evidence obtaining for email login information |
| CN108023767A (en) * | 2017-11-29 | 2018-05-11 | 四川无声信息技术有限公司 | Internet behavior method for tracing, device and server |
| CN109446086A (en) * | 2018-10-29 | 2019-03-08 | 北京酷我科技有限公司 | A kind of method of App inside packet capturing |
| CN110368695A (en) * | 2019-08-19 | 2019-10-25 | 福建天晴在线互动科技有限公司 | A kind of plug-in detection method of game based on HTTP flow URI feature |
Non-Patent Citations (1)
| Title |
|---|
| 基础篇-爬虫基本原理;xuzhougeng;《https://www.jianshu.com/p/bdd32a23986d》;20170423;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110971605A (en) | 2020-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107666619B (en) | Live data transmission method, device, electronic equipment, server and storage medium | |
| CN110149361B (en) | Internet business operation process backtracking method, system and device | |
| CN105930363B (en) | HTML5 webpage-based user behavior analysis method and device | |
| CN101605348B (en) | Data service simulation method and application system | |
| CN107018001B (en) | Application fault positioning method and device | |
| CN110781433A (en) | Data type determination method and device, storage medium and electronic device | |
| CN104639903B (en) | The live wireless video monitoring system of mobile terminal barcode scanning | |
| CN106559289A (en) | The concurrent testing method and device of SSLVPN gateways | |
| CN106535240B (en) | Mobile APP centralized performance analysis method based on cloud platform | |
| CN112988608B (en) | Data testing method and device, computer equipment and storage medium | |
| JP2019524029A (en) | Video service quality evaluation method and apparatus | |
| WO2022116811A1 (en) | Method and device for predicting definition of video having encrypted traffic | |
| CN108366046A (en) | A kind of emulation test method and its system of video surveillance platform | |
| CN110971605B (en) | Method for acquiring pirated game server information by capturing data packet | |
| CN107256276A (en) | A kind of mobile App content safeties acquisition methods and equipment based on cloud platform | |
| CN111327636B (en) | S7-300PLC private protocol reverse method relating to network security | |
| CN107040504A (en) | Method of testing and device | |
| CN107566513A (en) | Test equipment DOS environmental data collecting methods and system | |
| CN108696713A (en) | Safety detecting method, device and the test equipment of code stream | |
| CN107454080A (en) | One kind is based on internet data security method and system | |
| CN113965551A (en) | Method, device and system for testing streaming media scene and storage medium | |
| CN107835190A (en) | A kind of malice SP orders check method | |
| CN113032255A (en) | Response noise recognition method, model, electronic device, and computer storage medium | |
| CN116155761A (en) | Network testing method, network testing device, electronic equipment and readable storage medium | |
| CN113438503A (en) | Video file restoration method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |