CN111898012A - Automatic packet grabbing method for WEB application - Google Patents
Automatic packet grabbing method for WEB application Download PDFInfo
- Publication number
- CN111898012A CN111898012A CN202010718824.8A CN202010718824A CN111898012A CN 111898012 A CN111898012 A CN 111898012A CN 202010718824 A CN202010718824 A CN 202010718824A CN 111898012 A CN111898012 A CN 111898012A
- Authority
- CN
- China
- Prior art keywords
- page
- information
- repeated
- module
- web application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9538—Presentation of query results
Abstract
The invention discloses an automatic packet capturing method for WEB application, which comprises the following steps: the method comprises the steps of determining whether pages are repeated or not by customizing information request data by a user, retrieving page function point information if the pages are not repeated, capturing the request data, arranging information in a directory and corresponding request packets, repeating the steps until information detection completely covers the current page, outputting a result and finishing execution, determining whether a lower page exists or not if the lower page exists if the page is repeated, entering the lower page, continuously determining whether the pages are repeated or not until the information detection completely covers the current page or the retrieval of the page is finished, and outputting the result and finishing execution. By the invention, the test target site is systematically structured and analyzed, so that penetration testers can conveniently and quickly know the structural logic relationship of the whole site and the functional points to be tested, corresponding request data required by the functional points to be tested are provided, and the penetration test efficiency and the test coverage range of the penetration testers are improved.
Description
Technical Field
The invention relates to the technical field of networks, in particular to an automatic packet capturing method for WEB application.
Background
The packet capturing is to perform operations such as interception, retransmission, editing, and unloading on data packets transmitted and received by the network, and is also used for checking network security, performing data interception, and the like. Packet sniffer, also known as sniffer, is a highly threatening passive attack tool with which the state of the network, the data flow and the information transmitted over the network can be monitored. When the information is transmitted on the network in a plaintext form, the information can be attacked by using a network monitoring mode, and the network interface is set in a monitoring mode, so that the continuous information transmitted on the network can be intercepted. In general, all machines on the network can "hear" the traffic passing through, but do not respond to packets that do not belong to them, i.e., one station does not capture data that belong to a different station, but simply ignores it, but if the network interface of a station is in promiscuous mode, it can capture all packets and frames on the network.
With the advent of new internet products, the application of the internet based on the Web environment is becoming more and more widespread, various applications are set up on Web platforms in the process of enterprise informatization, and many businesses rely on the internet, such as online banking, online shopping, online tours, and the like, so that many attackers aiming at bad purposes try to obtain illegal benefits through various means, and the requirements of users on ensuring the Web security are improved while enjoying the convenience of digital informatization. Penetration testing becomes a necessary means of safety detection.
In the information collection phase of penetration testing, the mainstream directory architecture scanning tools, such as: dirsearch, imperial sword scanning and the like, the structure of a page logic architecture cannot be analyzed to obtain systematic structure carding, the position of a functional point in a page cannot be accurately identified, the situation that the page logic architecture is guided to a repeated page for many times exists in the retrieval process, the current page cannot be completely covered by detection, the binding association relationship between the functional point of the page and the requested data information after click loading is lacked, and the pop-up frame behavior in a response result cannot be retrieved and de-duplicated.
Disclosure of Invention
The invention overcomes the defects of the prior art and provides an automatic packet capturing method for WEB application.
In order to achieve the purpose, the invention adopts the technical scheme that: an automatic packet capturing method for WEB application comprises the following steps:
s1, judging whether the page is repeated or not by the user self-defining information request data;
s2: if the page is not repeated, retrieving page function point information, capturing request data, catalog arrangement information and a corresponding request packet, judging whether the next page is repeated or not, if the page is not repeated, retrieving page function point information, capturing request data, catalog arrangement information and a corresponding request packet until information detection completely covers the current page, and outputting a result to finish execution;
s3, if the page is repeated, judging whether the lower layer page exists
S4, if the next page exists, entering the next page, continuing to judge whether the page is repeated or not until the information detection completely covers the current page or the leaf surface retrieval is finished, and outputting the result to finish the execution;
and S5, if the next page does not exist, outputting the result and finishing the execution.
In a preferred embodiment of the invention, the asset management module collects user-defined target request information, analyzes B/S architecture response data, precisely positions page elements, realizes page structure division and function point identification, realizes page hierarchy relation division depending on positioning, integrates and processes division results and identification results through the retrieval module, completes site structure division and corresponding page function point carding, simulates normal access operation behaviors of a user according to the carded page structure and the corresponding page function points, captures request data through the packet capturing module, performs data binding with the corresponding function points or pages, configures retrieval result parameter information through the system configuration module, and outputs and displays retrieval results through the document output module.
In a preferred embodiment of the present invention, the retrieval module is configured to perform structural analysis on the page logic architecture to obtain systematic structural combing, and perform accurate identification on the current page function point.
In a preferred embodiment of the present invention, the packet capturing module is configured to capture data request information and response information of corresponding functions.
In a preferred embodiment of the present invention, the presentation module is configured to present an execution result of the target system, where the execution result includes a logic architecture of the target site and request information of a corresponding function point.
In a preferred embodiment of the present invention, the system configuration module is used for configuring parameter information such as scan parameters, threads, time, and the like.
In a preferred embodiment of the present invention, the document output module is used for standardized output of the document of the search result, and can select the format of the output document.
In a preferred embodiment of the present invention, the asset management module is used for a user to add custom target information, including information such as a target site, an identity credential, and a user agent.
The invention solves the defects in the background technology, and has the following beneficial effects:
(1) by the invention, the test target site is systematically structured and analyzed, so that penetration testers can conveniently and quickly know the structural logic relationship of the whole site and the functional points to be tested, corresponding request data required by the functional points to be tested are provided, and the penetration test efficiency and the test coverage range of the penetration testers are improved.
(2) The division result and the identification result are integrated and processed through the retrieval module, the division of a station structure and the combing of the corresponding page function points are completed, normal access operation behaviors of a user are simulated according to the combed page structure and the corresponding page function points, the position of the function point in the page is accurately identified, the situation that the user is guided to a repeated page for many times in the retrieval process is prevented, the frame popping behavior in the response result is effectively retrieved and deduplicated, and the information obtaining efficiency is improved.
(3) The method comprises the steps of retrieving page function point information, capturing request data, catalog arrangement information and a corresponding request packet, judging whether the next page is repeated or not again, retrieving the page function point information if the page is not repeated, capturing the request data, the catalog arrangement information and the corresponding request packet, and effectively ensuring that the current page is completely covered by detection.
Drawings
The invention is further explained below with reference to the figures and examples;
FIG. 1 is a flow chart of method steps of a preferred embodiment of the present invention;
fig. 2 is a schematic diagram of the data exchange of the preferred embodiment of the present invention.
Detailed Description
The invention will now be described in further detail with reference to the accompanying drawings and examples, which are simplified schematic drawings and illustrate only the basic structure of the invention in a schematic manner, and thus show only the constituents relevant to the invention.
As shown in fig. 1 and fig. 2, an automatic packet capturing method for WEB application includes the following steps:
s1, judging whether the page is repeated or not by the user self-defining information request data;
s2: if the page is not repeated, retrieving page function point information, capturing request data, catalog arrangement information and a corresponding request packet, judging whether the next page is repeated or not, if the page is not repeated, retrieving page function point information, capturing request data, catalog arrangement information and a corresponding request packet until information detection completely covers the current page, and outputting a result to finish execution;
s3, judging whether a lower layer page exists if the page is repeated;
s4, if the next page exists, entering the next page, continuing to judge whether the page is repeated or not until the information detection completely covers the current page or the leaf surface retrieval is finished, and outputting the result to finish the execution;
and S5, if the next page does not exist, outputting the result and finishing the execution.
The method comprises the steps of collecting user-defined target request information through an asset management module, analyzing B/S architecture response data, accurately positioning page elements, realizing page structure division and function point identification, realizing page hierarchical relation division depending on positioning, integrating and processing division results and identification results through a retrieval module, finishing site structure division and corresponding page function point carding, simulating normal access operation behaviors of a user according to the carded page structure and the corresponding page function points, capturing request data through a packet capturing module, performing data binding with the corresponding function points or pages, configuring retrieval result parameter information through a system configuration module, and outputting and displaying retrieval results through a document output module.
The search module is used for carrying out structural analysis on the page logic architecture to obtain systematic structural carding and accurately identifying the current page function point.
According to the sorted page structure and the corresponding page function points, normal access operation behaviors of a user are simulated, the positions of the function points in the page are accurately identified, the situation that the page is guided to a repeated page for many times in the retrieval process is prevented, the frame popping behaviors in the response result are effectively retrieved and deduplicated, and the information obtaining efficiency is improved.
The packet capturing module is used for capturing data request information and response information of corresponding functions, retrieving page function point information, capturing request data, directory arrangement information and corresponding request packets, judging whether the next page is repeated or not again, retrieving page function point information if the page is not repeated, capturing request data, directory arrangement information and corresponding request packets, and effectively ensuring that the current page is completely covered by detection
The system comprises a display module, a system configuration module, a document output module and an asset management module, wherein the display module is used for displaying an execution result of a target system, the execution result comprises a logic architecture of a target site and request information of a corresponding function point, the system configuration module is used for configuring parameter information such as scanning parameters, threads and time, the document output module is used for document standardized output of a retrieval result and can select a format of an output document, and the asset management module is used for a user to add custom target information and comprises information such as the target site, an identity certificate and a user agent.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order, but rather the words are to be construed as names.
Those of ordinary skill in the art will understand that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same. While the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions and scope of the present invention as defined in the appended claims.
Claims (8)
1. An automatic packet grabbing method for WEB application is characterized by comprising the following steps:
s1, judging whether the page is repeated or not by the user self-defining information request data;
s2: if the page is not repeated, retrieving page function point information, capturing request data, catalog arrangement information and a corresponding request packet, judging whether the next page is repeated or not, if the page is not repeated, retrieving page function point information, capturing request data, catalog arrangement information and a corresponding request packet until information detection completely covers the current page, and outputting a result to finish execution;
s3, judging whether a lower layer page exists if the page is repeated;
s4, if the next page exists, entering the next page, continuing to judge whether the page is repeated or not until the information detection completely covers the current page or the leaf surface retrieval is finished, and outputting the result to finish the execution;
and S5, if the next page does not exist, outputting the result and finishing the execution.
2. The automatic WEB application bale catching method according to claim 1, characterized in that: the method comprises the steps of collecting user-defined target request information through an asset management module, analyzing B/S architecture response data, accurately positioning page elements, realizing page structure division and function point identification, realizing page hierarchical relation division depending on positioning, integrating and processing division results and identification results through a retrieval module, finishing site structure division and corresponding page function point carding, simulating normal access operation behaviors of a user according to the carded page structure and the corresponding page function points, capturing request data through a bale capturing module, performing data binding with the corresponding function points or pages, configuring retrieval result parameter information through a system configuration module, selecting a document output format through a document output module, and displaying a retrieval result through a display module.
3. The automatic WEB application bale catching method according to claim 2, characterized in that: the retrieval module is used for carrying out structural analysis on the page logic architecture to obtain systematic structural carding and carrying out accurate identification on the current page function point.
4. The automatic WEB application bale catching method according to claim 2, characterized in that: the packet capturing module is used for capturing data request information and response information of corresponding functions.
5. The automatic WEB application bale catching method according to claim 2, characterized in that: the display module is used for displaying the execution result of the target system, and the execution result comprises the logic architecture of the target site and the request information of the corresponding function point.
6. The automatic WEB application bale catching method according to claim 2, characterized in that: the system configuration module is used for configuring parameter information such as scanning parameters, threads, time and the like.
7. The automatic WEB application bale catching method according to claim 2, characterized in that: the document output module is used for outputting the document standardization of the retrieval result and can select the format of the output document.
8. The automatic WEB application bale catching method according to claim 2, characterized in that: the asset management module is used for adding user-defined target information by a user, and the user-defined target information comprises information such as a target site, an identity certificate and a user agent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010718824.8A CN111898012A (en) | 2020-07-23 | 2020-07-23 | Automatic packet grabbing method for WEB application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010718824.8A CN111898012A (en) | 2020-07-23 | 2020-07-23 | Automatic packet grabbing method for WEB application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111898012A true CN111898012A (en) | 2020-11-06 |
Family
ID=73190681
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010718824.8A Pending CN111898012A (en) | 2020-07-23 | 2020-07-23 | Automatic packet grabbing method for WEB application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111898012A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060294052A1 (en) * | 2005-06-28 | 2006-12-28 | Parashuram Kulkami | Unsupervised, automated web host dynamicity detection, dead link detection and prerequisite page discovery for search indexed web pages |
| JP2009015636A (en) * | 2007-07-05 | 2009-01-22 | Mitsubishi Electric Corp | Device for dynamically detecting duplicate website |
| CN104317948A (en) * | 2014-11-05 | 2015-01-28 | 北京中科辅龙信息技术有限公司 | Page data capturing method and system |
| CN105141647A (en) * | 2014-06-04 | 2015-12-09 | 中国银联股份有限公司 | Method and system for detecting Web application |
| CN107102997A (en) * | 2016-02-22 | 2017-08-29 | 北京国双科技有限公司 | data crawling method and device |
-
2020
- 2020-07-23 CN CN202010718824.8A patent/CN111898012A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060294052A1 (en) * | 2005-06-28 | 2006-12-28 | Parashuram Kulkami | Unsupervised, automated web host dynamicity detection, dead link detection and prerequisite page discovery for search indexed web pages |
| JP2009015636A (en) * | 2007-07-05 | 2009-01-22 | Mitsubishi Electric Corp | Device for dynamically detecting duplicate website |
| CN105141647A (en) * | 2014-06-04 | 2015-12-09 | 中国银联股份有限公司 | Method and system for detecting Web application |
| CN104317948A (en) * | 2014-11-05 | 2015-01-28 | 北京中科辅龙信息技术有限公司 | Page data capturing method and system |
| CN107102997A (en) * | 2016-02-22 | 2017-08-29 | 北京国双科技有限公司 | data crawling method and device |
Non-Patent Citations (4)
| Title |
|---|
| V.A.NARAYANA,P. PREMCHAND,DR. A. GOVARDHAN: "A Novel and Efficient Approach For Near Duplicate Page Detection in Web Crawling", 2009 IEEE INTERNATIONAL ADVANCE COMPUTING CONFERENCE (IACC 2009) * |
| 王强等: "基于渗透测试的跨站脚本漏洞检测方法研究", 计算机技术与发展 * |
| 王祖俪等: "云环境下Web 漏洞检测平台关键技术的研究", 信息技术与信息化 * |
| 贾彦丰: "基于DBSCAN算法的WEB漏洞检测去重方法研究", 中国优秀硕士学位论文全文数据库 (信息科技辑) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112995196B (en) | Method and system for processing situation awareness information in network security level protection | |
| CN101751535B (en) | Data loss protection through application data access classification | |
| US8516586B1 (en) | Classification of unknown computer network traffic | |
| CN104954189A (en) | Automatic server cluster detecting method and system | |
| CN106982194A (en) | Vulnerability scanning method and device | |
| CN106452955B (en) | A kind of detection method and system of abnormal network connection | |
| Lovanshi et al. | Comparative study of digital forensic tools | |
| CN110971579A (en) | Network attack display method and device | |
| CN112104613B (en) | Honey net testing system based on data flow packet analysis and testing method thereof | |
| CN105721406A (en) | Method and device for obtaining IP black list | |
| KR101266930B1 (en) | A visualization system for Forensics audit data | |
| CN110784486A (en) | Industrial vulnerability scanning method and system | |
| US8140671B2 (en) | Apparatus and method for sampling security events based on contents of the security events | |
| CN111865997A (en) | WEB vulnerability detection method, device, equipment and medium based on passive flow | |
| CN111241547B (en) | Method, device and system for detecting override vulnerability | |
| CN108427882B (en) | Android software dynamic analysis detection method based on behavior feature extraction | |
| CN115314271B (en) | Access request detection method, system and computer storage medium | |
| CN111898012A (en) | Automatic packet grabbing method for WEB application | |
| CN111917802B (en) | Intrusion detection rule test platform and test method | |
| TW200924428A (en) | An inside tracing method of the network attacking detection | |
| CN110266562B (en) | Method for automatically detecting identity authentication function of network application system | |
| Fessi et al. | Data collection for information security system | |
| CN110620682A (en) | Resource information acquisition method and device, storage medium and terminal | |
| US20230140706A1 (en) | Pipelined Malware Infrastructure Identification | |
| Singh et al. | Secure clouds forensic investigative architecture for social network cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |