CN112422569B - System page restoration and visual interaction method - Google Patents
System page restoration and visual interaction method Download PDFInfo
- Publication number
- CN112422569B CN112422569B CN202011302532.2A CN202011302532A CN112422569B CN 112422569 B CN112422569 B CN 112422569B CN 202011302532 A CN202011302532 A CN 202011302532A CN 112422569 B CN112422569 B CN 112422569B
- Authority
- CN
- China
- Prior art keywords
- page
- display
- json
- data
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention discloses a system page restoration and visual interaction method, which comprises the following specific steps: step one, returning visual display of contents in HTML and JSON-like formats; step two, highlighting key data and skipping of clicking data labels; step three, intelligently clicking a generation path in an HTML format and a JSON-like format; and fourthly, generating resources related to the page of the reduction system in the sandbox environment, and constructing the resources used for page display by adopting the sandbox environment for the reduction display of the page. The technology for visually displaying the HTTP event and extracting the highlight data path extracts and highlights key data information through visual processing in the daily safety problem troubleshooting process, provides an HTTP event checking function of information positioning, can help security personnel to more visually list the contents of event structures, data information and the like, and can quickly position the problem reason.
Description
Technical Field
The embodiment of the invention relates to the technical field of HTTP event visualization, data information path extraction, key data highlight positioning and a system page sandbox environment, in particular to a system page restoration and visualization interaction method.
Background
When security personnel view an HTTP event message, they often view the original network traffic data, which is typically presented in large strings of characters. Safety personnel cannot rapidly acquire the key data and position the key data, so that the troubleshooting work is difficult, and the efficiency is extremely low.
When the safety personnel display the page, the safety personnel are limited by the permission or the failure of the running environment or resources, and the style layout of the original page can not be displayed intuitively.
In view of the above, the present invention provides a technology for visually displaying HTTP events and highlighting data path extraction, so that security personnel can more intuitively view event information and quickly troubleshoot the cause of a problem.
Disclosure of Invention
Therefore, the embodiment of the invention provides a system page restoration and visual interaction method, which extracts and highlights key data information through visual processing in the daily security problem troubleshooting process by the provided visual display HTTP event and data path extraction highlighting technology, provides an information positioning HTTP event checking function, can help security personnel to more intuitively list the contents such as event structure, data information and the like, quickly position the problem reason, and solves the problems that in the prior art, HTTP event information is difficult to check and key data positioning is difficult.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions: a system page restoration and visual interaction method comprises the following specific steps:
step one, returning visual display of contents in HTML and JSON-like formats;
step two, highlighting key data and skipping of clicking data labels;
step three, intelligently clicking a generation path in an HTML format and a JSON-like format;
and fourthly, generating resources related to the page of the reduction system in the sandbox environment, and constructing the resources used for page display by adopting the sandbox environment for page reduction display.
Further, in the step one, the HTTP event visualization display specifically includes the following steps:
s1, deserializing HTTP event information, and generating a new data structure according to different positions of RSP-BODY, SET-COOKIE, RSP-HEADER, RSP-RAW, POST, GET, COOKIE, REQ-HEADER and REQ-RAW;
s2, RSP-BODY belongs to the concrete return of the event, and has the formats of HTML, JSON, JSONP and XML;
s3, providing other position information to show key value pair in tabular form.
Furthermore, the iframe technology is packaged and browsed in an HTML format, XSS injection safety check and page jump prohibition functions are performed on a native technology, page content can be restored, JSON, JSONP and XML adopt the display information structured in a Preview mode in a request under a Network column in a browser developer tool, the main principle is that JSONP and XML are firstly converted into a JSON structure, then key value pairs of JSON are recursively traversed, HTML nodes are dynamically generated, and a contraction function is provided.
Further, the key data highlighting technology in the step two specifically comprises the following steps:
s1, specific key data in the event can be found through an external interface or by utilizing the component native capability, and the extracted key data is regularly highlighted under the state of viewing the source code;
and S2, clicking key data label buttons to jump to specific data positions of the page in sequence under the source code viewing state, so as to view key data information in the event.
Further, the intelligent path generation technology in step three specifically comprises the following steps:
s1, when the returned data in the HTML format show a specific page in the iframe, the specific text of the page can be directly clicked, and a detailed selector path is generated through the browser node information;
s2, the returned information in XML, JSON and JSONP formats can directly click a key value to generate a standard JSONPath;
s3, SET-COOKIE, RSP-HEADER and REQ-HEADER display the path generated by clicking the interactive form of the form button in the form of a form;
s4, the HTML format return data supports the source code form to display the content, and when the source code form is displayed, the direct selection of text clicking to generate a path is supported, and the function can be used for generating the path of the page node attribute.
Further, the system page sandbox environment is specifically as follows:
s1, analyzing the content of the target display page, reconstructing resources required by the specific page, and generating a resource list (such as CSS, SVG, image and the like) required by the display service;
s2, establishing a local sandbox environment, dynamically configuring domain name resolution service and HTTP service, rebuilding all resources needed by a target page, and limiting execution of some unsafe codes (such as JavaScript scripts);
s3, access the target page using the browser in the sandbox environment (restricted network), and expose the original content.
The embodiment of the invention has the following advantages:
the technology for visually displaying the HTTP event and extracting the highlight data path extracts and highlights key data information through visual processing in the daily safety problem troubleshooting process, provides an HTTP event checking function of information positioning, can help security personnel to more visually list the contents of event structures, data information and the like, and can quickly position the problem reason.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
The structures, ratios, sizes, and the like shown in the present specification are only used for matching with the contents disclosed in the specification, so as to be understood and read by those skilled in the art, and are not used to limit the conditions that the present invention can be implemented, so that the present invention has no technical significance, and any structural modifications, changes in the ratio relationship, or adjustments of the sizes, without affecting the effects and the achievable by the present invention, should still fall within the range that the technical contents disclosed in the present invention can cover.
FIG. 1 is a flow chart provided by the present invention;
fig. 2 is a schematic diagram of a page restoring sandbox provided by the present invention.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1 and 2, the invention provides a system page restoration and visualization interaction method, which comprises the following specific steps:
step one, visual display of returned content in HTML and JSON-like formats:
s1, deserializing HTTP event information, and generating a new data structure according to different positions of RSP-BODY, SET-COOKIE, RSP-HEADER, RSP-RAW, POST, GET, COOKIE, REQ-HEADER and REQ-RAW;
s2, RSP-BODY belongs to specific return of events and comprises HTML, JSON, JSONP and XML formats, wherein the HTML format packages and browses an iframe technology, XSS injection safety check is carried out on a native technology, a page jump function is prohibited, page content can be restored, the JSON, JSONP and XML formats adopt Preview mode structured display information in a request under a Network column in a browser developer tool, the main principle is that the JSONP and XML are firstly converted into JSON structures, key value pairs of the JSON are traversed recursively, HTML nodes are generated dynamically, and a contraction function is provided;
s3, providing other position information to display key value pair in tabular form;
step two, highlighting the key data and skipping by clicking the data label:
s1, specific key data in the event can be found through an external interface or by utilizing the component native capability, and the extracted key data is regularly highlighted under the state of viewing the source code;
s2, clicking key data label buttons to jump to specific data positions of the page in sequence under the source code checking state, and checking key data information in the event;
step three, intelligently clicking to generate a path in an HTML format and a JSON-like format:
s1, when the returned data in the HTML format show a specific page in the iframe, the specific text of the page can be directly clicked, and a detailed selector path is generated through the browser node information;
s2, the returned information in XML, JSON and JSONP formats can directly click a key value to generate a standard JSONPath;
s3, SET-COOKIE, RSP-HEADER and REQ-HEADER display the path generated by clicking the interactive form of the form button in the form of a form;
s4, the HTML format return data supports the source code form to display the content, and when the content is displayed in the source code form, the content is supported to directly select a text to click to generate a path, and the function can be used for generating a path of the page node attribute;
fourthly, resources related to the page of the reduction system are generated in the sandbox environment, the sandbox environment is adopted, and resources used for page display are constructed and used for page reduction display:
s1, analyzing the content of the target display page, reconstructing resources required by the specific page, and generating a resource list (such as CSS, SVG, image and the like) required by the display service;
s2, establishing a local sandbox environment, dynamically configuring domain name resolution service and HTTP service, rebuilding all resources required by a target page, and limiting some unsafe codes to execute (such as JavaScript scripts);
s3, access the target page using the browser in the sandbox environment (restricted network), and expose the original content.
The technology for visually displaying the HTTP event and extracting the highlight data path extracts and highlights key data information through visual processing in the daily safety problem troubleshooting process, provides an HTTP event checking function of information positioning, can help safety personnel to more visually list the contents of an event structure, data information and the like, and quickly position the problem reason.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.
Claims (4)
1. A system page restoration and visualization interaction method is characterized in that: the method comprises the following specific steps:
step one, returning visual display of contents in HTML and JSON-like formats;
step two, highlighting key data and skipping of clicking data labels:
the key data highlighting technology comprises the following specific steps:
s1, specific key data in the event can be found through an external interface or by utilizing the component native capability, and the extracted key data is regularly highlighted under the state of viewing the source code;
s2, clicking key data label buttons to jump to specific data positions of the page in sequence under the source code checking state, and checking key data information in the event;
step three, intelligently clicking to generate a path in an HTML format and a JSON-like format:
the intelligent path generation technology comprises the following specific steps:
s1, when the returned data in the HTML format show a specific page in the iframe, the specific text of the page can be directly clicked, and a detailed selector path is generated through the browser node information;
s2, the returned information in XML, JSON and JSONP formats can directly click a key value to generate a standard JSONPath;
s3, SET-COOKIE, RSP-HEADER and REQ-HEADER display the path generated by clicking the interactive form of the form button in the form of a form;
s4, the HTML format return data supports the source code form to display the content, and when the content is displayed in the source code form, the content is supported to directly select a text to click to generate a path, and the function can be used for generating a path of the page node attribute;
and fourthly, generating resources related to the page of the reduction system in the sandbox environment, and constructing the resources used for page display by adopting the sandbox environment for page reduction display.
2. The system page restoration and visualization interaction method according to claim 1, wherein: in the first step, the HTTP event visualization display comprises the following specific steps:
s1, deserializing HTTP event information, and generating a new data structure according to different positions of RSP-BODY, SET-COOKIE, RSP-HEADER, RSP-RAW, POST, GET, COOKIE, REQ-HEADER and REQ-RAW;
s2, RSP-BODY belongs to the concrete return of the event, and has the formats of HTML, JSON, JSONP and XML;
s3, providing other position information to show key value pair in tabular form.
3. The system page restoration and visualization interaction method according to claim 2, wherein: the method comprises the steps of packaging and browsing an iframe technology in an HTML format, performing XSS injection safety check and page jump prohibition functions on a native technology, and restoring page content, wherein JSON, JSONP and XML adopt Preview mode structured display information in a request under a Network column in a browser developer tool, and the main principle is that JSONP and XML are firstly converted into a JSON structure, then key value pairs of JSON are recursively traversed, HTML nodes are dynamically generated, and a contraction function is provided.
4. The system page restoration and visualization interaction method according to claim 1, wherein: the system page sandbox environment is specifically as follows:
s1, analyzing the content of the target display page, reconstructing resources required by a specific page, and generating a resource list required by the display service;
s2, establishing a local sandbox environment, dynamically configuring domain name resolution service and HTTP service, and rebuilding all resources required by a target page, wherein execution of some unsafe codes can be limited;
s3, using the browser to access the target page in the sandbox environment and displaying the original content.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011302532.2A CN112422569B (en) | 2020-11-19 | 2020-11-19 | System page restoration and visual interaction method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011302532.2A CN112422569B (en) | 2020-11-19 | 2020-11-19 | System page restoration and visual interaction method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112422569A CN112422569A (en) | 2021-02-26 |
| CN112422569B true CN112422569B (en) | 2022-05-03 |
Family
ID=74773084
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011302532.2A Active CN112422569B (en) | 2020-11-19 | 2020-11-19 | System page restoration and visual interaction method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112422569B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001045069A2 (en) * | 1999-12-17 | 2001-06-21 | Informix Software, Inc. | Web-based instruction |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070150838A1 (en) * | 2005-12-28 | 2007-06-28 | Iewatch Software Llc | Method and System for Finding and Visually Highlighting HTML Code by Directly Clicking in the Web Page |
| CN103530338B (en) * | 2013-10-01 | 2017-02-15 | 北界创想(北京)软件有限公司 | Frame for carrying out page rendering on calculation equipment and page generation method |
| CN104317949B (en) * | 2014-11-06 | 2017-12-08 | 北京德塔普博软件有限公司 | Document snippet method for extracting content, device and system |
| US10210143B2 (en) * | 2015-05-05 | 2019-02-19 | International Business Machines Corporation | Analyzing a click path in a spherical landscape viewport |
| CN106021257B (en) * | 2015-12-31 | 2019-10-18 | 广州华多网络科技有限公司 | A kind of crawler capturing data method, apparatus and system for supporting online programming |
| CN109284455A (en) * | 2018-08-23 | 2019-01-29 | 深圳点猫科技有限公司 | A kind of highlighted method of webpage text based on education operating system and electronic equipment |
-
2020
- 2020-11-19 CN CN202011302532.2A patent/CN112422569B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001045069A2 (en) * | 1999-12-17 | 2001-06-21 | Informix Software, Inc. | Web-based instruction |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112422569A (en) | 2021-02-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101847100B (en) | Method for expanding software application and device | |
| US20170091317A1 (en) | Location correlation between query script and data flow | |
| CN110909279B (en) | Webpage rendering method and device, computer equipment and storage medium | |
| US8086996B2 (en) | Binding an image descriptor of a graphical object to a text descriptor | |
| US20110137909A1 (en) | Location independent execution of user interface operations | |
| CN109144567B (en) | Cross-platform webpage rendering method and device, server and storage medium | |
| CN101246420A (en) | Method and system for multi-language system implementing unified development | |
| US20030023639A1 (en) | Application generator for creating web pages | |
| CN112711418A (en) | Front-end interface layout method and device for multiple components, electronic equipment and storage medium | |
| CN113900636A (en) | Self-service channel business process development system and development method thereof | |
| CN111782213A (en) | Dynamic control page generation system based on DOM | |
| CN112748928A (en) | Rich text data processing method and device, computer equipment and storage medium | |
| CN109240700B (en) | Key code positioning method and system | |
| CN112422569B (en) | System page restoration and visual interaction method | |
| WO2016131308A1 (en) | Control method and apparatus for generating web interface | |
| US10242139B2 (en) | Scheme and design markup language for interoperability of electronic design application tool and browser | |
| CN105930166A (en) | Method based on WEB interface pop-up layers | |
| CN109240664A (en) | A kind of method and terminal acquiring user behavior information | |
| US8452814B1 (en) | Gathering context in action to support in-context localization | |
| CN109062784B (en) | Interface parameter constraint code entry positioning method and system | |
| Yu | Exploration on web testing of website | |
| CN104267954A (en) | Generation method and device for units included in user interface | |
| CN112068826B (en) | Text input control method, system, electronic device and storage medium | |
| CN109062785B (en) | Interface parameter constraint code positioning method and system | |
| Mason et al. | JavaScript |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |