CN113037723A - Method and system for data extraction, analysis and verification - Google Patents

Method and system for data extraction, analysis and verification Download PDF

Info

Publication number
CN113037723A
CN113037723A CN202110218901.8A CN202110218901A CN113037723A CN 113037723 A CN113037723 A CN 113037723A CN 202110218901 A CN202110218901 A CN 202110218901A CN 113037723 A CN113037723 A CN 113037723A
Authority
CN
China
Prior art keywords
data
packet
verification
client
protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110218901.8A
Other languages
Chinese (zh)
Other versions
CN113037723B (en
Inventor
邓福彪
陈德海
徐九洲
唐昱杰
刘义正
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Jinmi Network Security Evaluation Technology Co ltd
Original Assignee
Fujian Jinmi Network Security Evaluation Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Jinmi Network Security Evaluation Technology Co ltd filed Critical Fujian Jinmi Network Security Evaluation Technology Co ltd
Priority to CN202110218901.8A priority Critical patent/CN113037723B/en
Publication of CN113037723A publication Critical patent/CN113037723A/en
Application granted granted Critical
Publication of CN113037723B publication Critical patent/CN113037723B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Abstract

The invention provides a method for data extraction, analysis and verification, which comprises the following steps: step S1, firstly, calling and expanding the existing packet capturing tool, and adding a national secret SSL protocol support on the original basis of the packet capturing tool; step S2, by embedding a client module in the packet capturing tool, the data can be obtained by communication between the client and the server while the packet capturing tool obtains the data, and a verification result is obtained; step S3, analyzing the data in the packet capturing tool by extracting the data; step S4, an algorithm verification interface is realized on the analyzed data through a verification module of a third party; step S5, verifying the data analyzed in the packet capturing tool by using the corresponding verification interface; the invention can solve the problem of data analysis safety verification.

Description

Method and system for data extraction, analysis and verification
Technical Field
The invention relates to the technical field of computer data analysis and verification, in particular to a method and a system for extracting, analyzing and verifying data.
Background
And the wireshark packet capture analysis tool can analyze the captured data and manually export the specified data. However, the analysis of the verification data is not satisfactory. First, wireshark does not support stateful SSL protocol resolution. Second, the data required for verification cannot be automatically extracted for the link. Third, virtual https client requests data are not supported. Fourth, it is not possible to verify whether the data meets the safety standards.
Disclosure of Invention
In view of the above, the present invention provides a method for data extraction and parsing verification, which can solve the security verification of data parsing.
The invention is realized by adopting the following method: a method for data extraction, analysis and verification is characterized in that: the method comprises the following steps:
step S1, firstly, calling and expanding the existing packet capturing tool, and adding a national secret SSL protocol support on the original basis of the packet capturing tool;
step S2, by embedding a client module in the packet capturing tool, the data can be obtained by communication between the client and the server while the packet capturing tool obtains the data, and a verification result is obtained;
step S3, analyzing the data in the packet capturing tool by extracting the data;
step S4, an algorithm verification interface is realized on the analyzed data through a verification module of a third party;
and step S5, verifying the data analyzed in the packet capturing tool by using the corresponding verification interface.
Furthermore, a national secret SSL protocol support is added in the existing packet capturing tool, then packet capturing and data capturing are carried out, the protocol type is judged through a packet header protocol field after the data is captured, and the protocol type is judged to be the national secret SSL protocol and other protocols.
Further, the step S2 is further specifically: the method comprises the steps of realizing an https client module, inputting information, sending https request and response, outputting packet capturing acquired data in related data in a packet capturing process to a passive mode for verification, outputting data acquired through communication between the client and a server to original data in an active mode for verification, generating analog data for communication between the client and the server for invalid digital certificate verification, key suite real data decryption verification and disabling a special verification function of a key suite starting verification according to user configuration, and outputting and verifying results to obtain a verification result.
Further, the passive mode is further specifically: the method comprises the steps of firstly, filtering, then, capturing data in a packet, judging protocol types through a packet header protocol field after the data are captured, dividing the protocol types into a national secret SSL protocol and other protocols, retrieving a handshake packet under the condition that the data are the national secret SSL protocol, then, analyzing the handshake packet, analyzing a client side Hello packet, a server side Hello packet, an analyzing digital certificate bag, a server side key exchange packet, a client side key exchange packet and other packets, then, extracting a client side support key suite list from the client side Hello packet, extracting a key suite from the server side Hello packet, lifting a digital certificate from the analyzing digital certificate bag, extracting public key and signature value data from the server side key exchange packet, extracting the public key data from the client side key exchange packet, carrying out data verification after the extraction, verifying the result after the data verification, and then, displaying and outputting the verified result.
Further, the active mode is further specifically: inputting parameters into a client module through parameter configuration to realize simulation of real data communication interaction, performing retrieval mutual authentication, confirming a key suite and an algorithm, generating forbidden key suite request data, sending authentication realization result verification by using an invalid digital certificate through the retrieval mutual authentication, acquiring a ciphertext and a session key through the confirmed key suite and the algorithm to realize decryption verification data, requesting connection by using the forbidden key suite request data to realize verification whether the connection is successful or not, then verifying the result, and displaying and outputting after the result is verified.
Further, the step S3 is further specifically: firstly, analyzing the data of a packet grabber in a memory through a protocol, then analyzing the protocol, in an https recording layer, adding a data packet in addition to a handshake packet, judging and retrieving the handshake packet according to the packet header protocol content type, analyzing the data packet header of the next layer of the handshake packet, obtaining a client Hello packet, a server Hello packet, an analysis digital certificate packet, a server key exchange packet, a client key exchange packet and other packets, and further extracting information such as a key suite, a digital certificate and a random number in the client Hello packet, the server Hello packet, the analysis digital certificate packet, the server key exchange packet, the client key exchange packet and other packets.
Further, the step S4 is further specifically: the algorithm verification interface comprises encryption algorithm verification, digital signature algorithm verification, digital certificate verification and random number verification.
The invention also provides a system for data extraction, analysis and verification, which is characterized in that: the system comprises an adding protocol module, a data acquisition module, an analysis module, a verification interface module and an analysis and verification module; the protocol adding module is used for calling and expanding the existing packet capturing tool at first and adding a national secret SSL protocol support on the original basis of the packet capturing tool; the data acquisition module is used for acquiring data through the communication between the client and the server while acquiring the data through packet capturing by embedding the client module in the packet capturing tool so as to obtain a verification result; the analysis module is used for analyzing the data in the packet capturing tool by extracting the data; the verification interface module is used for realizing an algorithm verification interface for the analyzed data through a verification module of a third party; and the analysis and verification module is used for verifying the data analyzed from the packet capturing tool by using the corresponding verification interface.
Further, the adding a protocol module further specifically includes: the method comprises the steps of adding a Gumiy SSL protocol support in the existing packet capturing tool, capturing data by a packet, judging the protocol type through a packet header protocol field after capturing the data, and judging that the protocol type is a Gumiy SSL protocol and other protocols.
Further, the data obtaining module is further specifically: the method comprises the steps of realizing an https client module, inputting information, sending https request and response, outputting packet capturing acquired data in related data in a packet capturing process to a passive mode for verification, outputting data acquired through communication between the client and a server to original data in an active mode for verification, generating analog data for communication between the client and the server for invalid digital certificate verification, key suite real data decryption verification and disabling a special verification function of a key suite starting verification according to user configuration, and outputting and verifying results to obtain a verification result.
Further, the passive mode is further specifically: the method comprises the steps of firstly, filtering, then, capturing data in a packet, judging protocol types through a packet header protocol field after the data are captured, dividing the protocol types into a national secret SSL protocol and other protocols, retrieving a handshake packet under the condition that the data are the national secret SSL protocol, then, analyzing the handshake packet, analyzing a client side Hello packet, a server side Hello packet, an analyzing digital certificate bag, a server side key exchange packet, a client side key exchange packet and other packets, then, extracting a client side support key suite list from the client side Hello packet, extracting a key suite from the server side Hello packet, lifting a digital certificate from the analyzing digital certificate bag, extracting public key and signature value data from the server side key exchange packet, extracting the public key data from the client side key exchange packet, carrying out data verification after the extraction, verifying the result after the data verification, and then, displaying and outputting the verified result.
Further, the active mode is further specifically: inputting parameters into a client module through parameter configuration to realize simulation of real data communication interaction, performing retrieval mutual authentication, confirming a key suite and an algorithm, generating forbidden key suite request data, sending authentication realization result verification by using an invalid digital certificate through the retrieval mutual authentication, acquiring a ciphertext and a session key through the confirmed key suite and the algorithm to realize decryption verification data, requesting connection by using the forbidden key suite request data to realize verification whether the connection is successful or not, then verifying the result, and displaying and outputting after the result is verified.
Further, the parsing module is further specifically: firstly, analyzing the data of a packet grabber in a memory through a protocol, then analyzing the protocol, in an https recording layer, adding a data packet in addition to a handshake packet, judging and retrieving the handshake packet according to the packet header protocol content type, analyzing the data packet header of the next layer of the handshake packet, obtaining a client Hello packet, a server Hello packet, an analysis digital certificate packet, a server key exchange packet, a client key exchange packet and other packets, and further extracting information such as a key suite, a digital certificate and a random number in the client Hello packet, the server Hello packet, the analysis digital certificate packet, the server key exchange packet, the client key exchange packet and other packets.
Further, the verification interface module is further specifically: the algorithm verification interface comprises encryption algorithm verification, digital signature algorithm verification, digital certificate verification and random number verification.
The invention has the beneficial effects that: the invention provides a method and a system for https protocol analysis and automatic verification. The invention supports the national secret SSL protocol and is beneficial to the capture and analysis of the system data using the national secret SSL protocol. The invention realizes the extraction of the link analysis safety data, and is beneficial to reducing a large amount of data extraction and analysis during the evaluation process of network safety evaluation personnel. The invention integrates the https client function and solves the problem of data verification synchronization. The invention provides a data security verification channel, combines standard and third-party tools, automatically processes and verifies the data, and greatly improves the working efficiency of related users.
Drawings
FIG. 1 is a schematic flow chart of the present invention.
Fig. 2 is a schematic flow chart of the active mode.
Fig. 3 is a schematic flow chart of the passive mode.
FIG. 4 is a block diagram of the system of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, the present invention provides a method for data extraction, analysis and verification, which includes the following steps:
step S1, firstly, calling and expanding the existing packet capturing tool, and adding a national secret SSL protocol support on the original basis of the packet capturing tool;
step S2, by embedding a client module in the packet capturing tool, the data can be obtained by communication between the client and the server while the packet capturing tool obtains the data, and a verification result is obtained;
step S3, analyzing the data in the packet capturing tool by extracting the data;
step S4, an algorithm verification interface is realized on the analyzed data through a verification module of a third party;
and step S5, verifying the data analyzed in the packet capturing tool by using the corresponding verification interface.
The invention is further illustrated by the following example:
a set of verification methods is constructed, and the system comprises an active mode verification mode and a passive mode verification mode, which are shown in detail in fig. 2 and 3. The method mainly comprises the following seven steps, wherein in a passive mode, a client module is not required to be called.
And constructing a set of software system.
And constructing a system framework for coordination work, parameter configuration, initialization and the like among all modules.
And realizing the parsing extension of the packet capturing tool, the national secret ssl protocol.
And realizing the national secret ssl protocol analysis according to the cipher industry standard of the people's republic of China GM/T0024. The specific steps are detailed as shown in the following figure 3, firstly filtering conditions are passed, then data are captured by packet capture, after data are captured, the protocol type is judged by packet header protocol field, the protocol type is divided into a national secret SSL protocol and other protocols, under the condition that the protocol is the national secret SSL protocol, retrieving the handshake package, analyzing the handshake package type to obtain a client Hello package, a server Hello package, an analyzed digital certificate package, a server key exchange package, a client key exchange package and other packages, extracting a client support key suite list from the client Hello package, extracting the key suite from the server Hello package, extracting the digital certificate from the analysis digital certificate package, and extracting a public key and signature value data from the server-side key exchange package, extracting public key data from the client-side key exchange package, verifying the extracted public key data, verifying the result after data verification, and displaying and outputting the verified result.
And implementing the https client module.
The https client module is implemented to input information, send https requests and responses, and output a part of process-related data (including certificates, key suites, random numbers, keys, data plaintext, ciphertext and the like) to data to be verified (i.e., the data to be verified in fig. 1) and another part of the process-related data to raw data of a unique function (i.e., the execution process in fig. 2) in the active mode. According to the user configuration, the client generates simulation data for the special functions of invalid digital certificate verification, key suite real data decryption verification, forbidden key suite starting verification and the like in the bidirectional authentication to communicate with the server, and then outputs and verifies the result to obtain a verification result, which is shown in figure 2 in detail, the parameters are input into the client module through parameter configuration to realize the simulation of real data communication interaction, in performing the retrieval of the mutual authentication, validation of the key set and algorithm and generation of the forbidden key set request data, by retrieving the mutual authentication, the invalid digital certificate can be used for sending the authentication to realize result verification, the cipher text and the session key are obtained by confirming the key suite and the algorithm to realize decryption of verification data, and verifying whether the connection is successful or not by generating the forbidden key suite request data to make the forbidden key suite request connection, and then verifying the result and displaying and outputting the result after verification.
And analyzing, searching and extracting packet capturing data.
Firstly, analyzing the packet data of the grab packet in the memory by a protocol, then analyzing the protocol, in an https recording layer, besides the handshake packet, also having a data packet, judging and searching the handshake packet according to the content type of the packet header, thirdly, analyzing the next layer of data packet header of the handshake packet to obtain a Hello packet, a key exchange packet and the like, and further extracting information of a key suite, a digital certificate, a random number and the like in the packet.
An algorithm verification interface is implemented including, but not limited to, cryptographic algorithm verification, digital signature algorithm verification, digital certificate verification, random number verification, etc. (third party verification modules may also be invoked).
And verifying, analyzing, retrieving and extracting the packet capturing data by using a verification interface to obtain a result.
Displaying the used key suite through an interface; and verifying whether the certificate meets the standard or not through a certificate tool and the like. In the third step, the client has a specific function, and a verification result can be obtained through a series of operations, which is detailed in fig. 2.
Referring to fig. 4, the present invention further provides a system for extracting, analyzing and verifying data, where the system includes an add protocol module, a data obtaining module, an analyzing module, a verification interface module, and an analyzing and verifying module; the protocol adding module is used for calling and expanding the existing packet capturing tool at first and adding a national secret SSL protocol support on the original basis of the packet capturing tool; the data acquisition module is used for acquiring data through the communication between the client and the server while acquiring the data through packet capturing by embedding the client module in the packet capturing tool so as to obtain a verification result; the analysis module is used for analyzing the data in the packet capturing tool by extracting the data; the verification interface module is used for realizing an algorithm verification interface for the analyzed data through a verification module of a third party; and the analysis and verification module is used for verifying the data analyzed from the packet capturing tool by using the corresponding verification interface.
The protocol adding module is further specifically: the method comprises the steps of adding a Gumiy SSL protocol support in the existing packet capturing tool, capturing data by a packet, judging the protocol type through a packet header protocol field after capturing the data, and judging that the protocol type is a Gumiy SSL protocol and other protocols.
The data acquisition module is further specifically: the method comprises the steps of realizing an https client module, inputting information, sending https request and response, outputting packet capturing acquired data in related data in a packet capturing process to a passive mode for verification, outputting data acquired through communication between the client and a server to original data in an active mode for verification, generating analog data for communication between the client and the server for invalid digital certificate verification, key suite real data decryption verification and disabling a special verification function of a key suite starting verification according to user configuration, and outputting and verifying results to obtain a verification result.
The passive mode is further embodied as: the method comprises the steps of firstly, filtering, then, capturing data in a packet, judging protocol types through a packet header protocol field after the data are captured, dividing the protocol types into a national secret SSL protocol and other protocols, retrieving a handshake packet under the condition that the data are the national secret SSL protocol, then, analyzing the handshake packet, analyzing a client side Hello packet, a server side Hello packet, an analyzing digital certificate bag, a server side key exchange packet, a client side key exchange packet and other packets, then, extracting a client side support key suite list from the client side Hello packet, extracting a key suite from the server side Hello packet, lifting a digital certificate from the analyzing digital certificate bag, extracting public key and signature value data from the server side key exchange packet, extracting the public key data from the client side key exchange packet, carrying out data verification after the extraction, verifying the result after the data verification, and then, displaying and outputting the verified result.
The active mode is further specifically: inputting parameters into a client module through parameter configuration to realize simulation of real data communication interaction, performing retrieval mutual authentication, confirming a key suite and an algorithm, generating forbidden key suite request data, sending authentication realization result verification by using an invalid digital certificate through the retrieval mutual authentication, acquiring a ciphertext and a session key through the confirmed key suite and the algorithm to realize decryption verification data, requesting connection by using the forbidden key suite request data to realize verification whether the connection is successful or not, then verifying the result, and displaying and outputting after the result is verified.
The analysis module is further specifically: firstly, analyzing the data of a packet grabber in a memory through a protocol, then analyzing the protocol, in an https recording layer, adding a data packet in addition to a handshake packet, judging and retrieving the handshake packet according to the packet header protocol content type, analyzing the data packet header of the next layer of the handshake packet, obtaining a client Hello packet, a server Hello packet, an analysis digital certificate packet, a server key exchange packet, a client key exchange packet and other packets, and further extracting information such as a key suite, a digital certificate and a random number in the client Hello packet, the server Hello packet, the analysis digital certificate packet, the server key exchange packet, the client key exchange packet and other packets.
The verification interface module is further specifically: the algorithm verification interface comprises encryption algorithm verification, digital signature algorithm verification, digital certificate verification and random number verification.
In a word, the invention firstly calls and expands the existing packet capturing tool by establishing a set of verification method system, and adds the national secret ssl support on the original basis; then embedding a client module, acquiring data by packet capturing and communication between the client and a server, and processing and verifying the data by a corresponding algorithm to obtain a verification result; the system is divided into two modes, wherein the passive verification mode is conventional packet capture analysis, and the active verification mode calls the client module to realize functions which cannot be completed in the passive mode, such as bidirectional authentication invalid digital certificate verification, validity verification of an encryption algorithm and the like.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.

Claims (14)

1. A method for data extraction, analysis and verification is characterized in that: the method comprises the following steps:
step S1, firstly, calling and expanding the existing packet capturing tool, and adding a national secret SSL protocol support on the original basis of the packet capturing tool;
step S2, by embedding a client module in the packet capturing tool, the data can be obtained by communication between the client and the server while the packet capturing tool obtains the data, and a verification result is obtained;
step S3, analyzing the data in the packet capturing tool by extracting the data;
step S4, an algorithm verification interface is realized on the analyzed data through a verification module of a third party;
and step S5, verifying the data analyzed in the packet capturing tool by using the corresponding verification interface.
2. The method of claim 1, wherein the data extraction, analysis and verification method comprises: the step S1 further includes: the method comprises the steps of adding a Gumiy SSL protocol support in the existing packet capturing tool, capturing data by a packet, judging the protocol type through a packet header protocol field after capturing the data, and judging that the protocol type is a Gumiy SSL protocol and other protocols.
3. The method of claim 1, wherein the data extraction, analysis and verification method comprises: the step S2 further includes: the method comprises the steps of realizing an https client module, inputting information, sending https request and response, outputting packet capturing acquired data in related data in a packet capturing process to a passive mode for verification, outputting data acquired through communication between the client and a server to original data in an active mode for verification, generating analog data for communication between the client and the server for invalid digital certificate verification, key suite real data decryption verification and disabling a special verification function of a key suite starting verification according to user configuration, and outputting and verifying results to obtain a verification result.
4. The method of claim 3, wherein the step of data extraction, parsing and verification comprises: the passive mode is further embodied as: the method comprises the steps of firstly, filtering, then, capturing data in a packet, judging protocol types through a packet header protocol field after the data are captured, dividing the protocol types into a national secret SSL protocol and other protocols, retrieving a handshake packet under the condition that the data are the national secret SSL protocol, then, analyzing the handshake packet, analyzing a client side Hello packet, a server side Hello packet, an analyzing digital certificate bag, a server side key exchange packet, a client side key exchange packet and other packets, then, extracting a client side support key suite list from the client side Hello packet, extracting a key suite from the server side Hello packet, lifting a digital certificate from the analyzing digital certificate bag, extracting public key and signature value data from the server side key exchange packet, extracting the public key data from the client side key exchange packet, carrying out data verification after the extraction, verifying the result after the data verification, and then, displaying and outputting the verified result.
5. The method of claim 3, wherein the step of data extraction, parsing and verification comprises: the active mode is further specifically: inputting parameters into a client module through parameter configuration to realize simulation of real data communication interaction, performing retrieval mutual authentication, confirming a key suite and an algorithm, generating forbidden key suite request data, sending authentication realization result verification by using an invalid digital certificate through the retrieval mutual authentication, acquiring a ciphertext and a session key through the confirmed key suite and the algorithm to realize decryption verification data, requesting connection by using the forbidden key suite request data to realize verification whether the connection is successful or not, then verifying the result, and displaying and outputting after the result is verified.
6. The method of claim 1, wherein the data extraction, analysis and verification method comprises: the step S3 further includes: firstly, analyzing the data of a packet grabber in a memory through a protocol, then analyzing the protocol, in an https recording layer, adding a data packet in addition to a handshake packet, judging and retrieving the handshake packet according to the packet header protocol content type, analyzing the data packet header of the next layer of the handshake packet, obtaining a client Hello packet, a server Hello packet, an analysis digital certificate packet, a server key exchange packet, a client key exchange packet and other packets, and further extracting information such as a key suite, a digital certificate and a random number in the client Hello packet, the server Hello packet, the analysis digital certificate packet, the server key exchange packet, the client key exchange packet and other packets.
7. The method of claim 1, wherein the data extraction, analysis and verification method comprises: the step S4 further includes: the algorithm verification interface comprises encryption algorithm verification, digital signature algorithm verification, digital certificate verification and random number verification.
8. A system for data extraction, parsing and verification, characterized by: the system comprises an adding protocol module, a data acquisition module, an analysis module, a verification interface module and an analysis and verification module; the protocol adding module is used for calling and expanding the existing packet capturing tool at first and adding a national secret SSL protocol support on the original basis of the packet capturing tool; the data acquisition module is used for acquiring data through the communication between the client and the server while acquiring the data through packet capturing by embedding the client module in the packet capturing tool so as to obtain a verification result; the analysis module is used for analyzing the data in the packet capturing tool by extracting the data; the verification interface module is used for realizing an algorithm verification interface for the analyzed data through a verification module of a third party; and the analysis and verification module is used for verifying the data analyzed from the packet capturing tool by using the corresponding verification interface.
9. The system of claim 8, wherein the data extraction parsing validation system further comprises: the protocol adding module is further specifically: the method comprises the steps of adding a Gumiy SSL protocol support in the existing packet capturing tool, capturing data by a packet, judging the protocol type through a packet header protocol field after capturing the data, and judging that the protocol type is a Gumiy SSL protocol and other protocols.
10. The system of claim 8, wherein the data extraction parsing validation system further comprises: the data acquisition module is further specifically: the method comprises the steps of realizing an https client module, inputting information, sending https request and response, outputting packet capturing acquired data in related data in a packet capturing process to a passive mode for verification, outputting data acquired through communication between the client and a server to original data in an active mode for verification, generating analog data for communication between the client and the server for invalid digital certificate verification, key suite real data decryption verification and disabling a special verification function of a key suite starting verification according to user configuration, and outputting and verifying results to obtain a verification result.
11. The system of claim 10, wherein: the passive mode is further embodied as: the method comprises the steps of firstly, filtering, then, capturing data in a packet, judging protocol types through a packet header protocol field after the data are captured, dividing the protocol types into a national secret SSL protocol and other protocols, retrieving a handshake packet under the condition that the data are the national secret SSL protocol, then, analyzing the handshake packet, analyzing a client side Hello packet, a server side Hello packet, an analyzing digital certificate bag, a server side key exchange packet, a client side key exchange packet and other packets, then, extracting a client side support key suite list from the client side Hello packet, extracting a key suite from the server side Hello packet, lifting a digital certificate from the analyzing digital certificate bag, extracting public key and signature value data from the server side key exchange packet, extracting the public key data from the client side key exchange packet, carrying out data verification after the extraction, verifying the result after the data verification, and then, displaying and outputting the verified result.
12. The system of claim 10, wherein: the active mode is further specifically: inputting parameters into a client module through parameter configuration to realize simulation of real data communication interaction, performing retrieval mutual authentication, confirming a key suite and an algorithm, generating forbidden key suite request data, sending authentication realization result verification by using an invalid digital certificate through the retrieval mutual authentication, acquiring a ciphertext and a session key through the confirmed key suite and the algorithm to realize decryption verification data, requesting connection by using the forbidden key suite request data to realize verification whether the connection is successful or not, then verifying the result, and displaying and outputting after the result is verified.
13. The system of claim 8, wherein the data extraction parsing validation system further comprises: the analysis module is further specifically: firstly, analyzing the data of a packet grabber in a memory through a protocol, then analyzing the protocol, in an https recording layer, adding a data packet in addition to a handshake packet, judging and retrieving the handshake packet according to the packet header protocol content type, analyzing the data packet header of the next layer of the handshake packet, obtaining a client Hello packet, a server Hello packet, an analysis digital certificate packet, a server key exchange packet, a client key exchange packet and other packets, and further extracting information such as a key suite, a digital certificate and a random number in the client Hello packet, the server Hello packet, the analysis digital certificate packet, the server key exchange packet, the client key exchange packet and other packets.
14. The system of claim 8, wherein the data extraction parsing validation system further comprises: the verification interface module is further specifically: the algorithm verification interface comprises encryption algorithm verification, digital signature algorithm verification, digital certificate verification and random number verification.
CN202110218901.8A 2021-02-26 2021-02-26 Method and system for data extraction, analysis and verification Active CN113037723B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110218901.8A CN113037723B (en) 2021-02-26 2021-02-26 Method and system for data extraction, analysis and verification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110218901.8A CN113037723B (en) 2021-02-26 2021-02-26 Method and system for data extraction, analysis and verification

Publications (2)

Publication Number Publication Date
CN113037723A true CN113037723A (en) 2021-06-25
CN113037723B CN113037723B (en) 2022-10-28

Family

ID=76462429

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110218901.8A Active CN113037723B (en) 2021-02-26 2021-02-26 Method and system for data extraction, analysis and verification

Country Status (1)

Country Link
CN (1) CN113037723B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002102020A1 (en) * 2001-06-08 2002-12-19 Corrent Corporation Transparent ssl proxy
CN102857393A (en) * 2012-09-11 2013-01-02 中国电力科学研究院 Message simulation based non-public cryptographic algorithm SSL (secure sockets layer) VPN (virtual private network) equipment performance testing method
CN105207782A (en) * 2015-11-18 2015-12-30 上海爱数软件有限公司 Identity verification method based on restful framework
US9419942B1 (en) * 2013-06-05 2016-08-16 Palo Alto Networks, Inc. Destination domain extraction for secure protocols
CN106131207A (en) * 2016-08-03 2016-11-16 杭州安恒信息技术有限公司 A kind of method and system bypassing audit HTTPS packet
CN110120960A (en) * 2018-02-05 2019-08-13 上海佰贝科技发展股份有限公司 A kind of webpage redirects jump method and its system
CN111367803A (en) * 2020-03-03 2020-07-03 北京九州云动科技有限公司 Method and system for improving testing efficiency of client software
CN112398654A (en) * 2019-08-13 2021-02-23 腾讯科技(深圳)有限公司 Method, device, equipment and medium for supporting packet grabbing

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002102020A1 (en) * 2001-06-08 2002-12-19 Corrent Corporation Transparent ssl proxy
CN102857393A (en) * 2012-09-11 2013-01-02 中国电力科学研究院 Message simulation based non-public cryptographic algorithm SSL (secure sockets layer) VPN (virtual private network) equipment performance testing method
US9419942B1 (en) * 2013-06-05 2016-08-16 Palo Alto Networks, Inc. Destination domain extraction for secure protocols
CN105207782A (en) * 2015-11-18 2015-12-30 上海爱数软件有限公司 Identity verification method based on restful framework
CN106131207A (en) * 2016-08-03 2016-11-16 杭州安恒信息技术有限公司 A kind of method and system bypassing audit HTTPS packet
CN110120960A (en) * 2018-02-05 2019-08-13 上海佰贝科技发展股份有限公司 A kind of webpage redirects jump method and its system
CN112398654A (en) * 2019-08-13 2021-02-23 腾讯科技(深圳)有限公司 Method, device, equipment and medium for supporting packet grabbing
CN111367803A (en) * 2020-03-03 2020-07-03 北京九州云动科技有限公司 Method and system for improving testing efficiency of client software

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
张立茹等: "基于EAP-TTLS的可信网络接入认证技术", 《计算机与现代化》 *
王艳娜: "利用Ethereal分析SSL安全登录加密机制", 《计算机时代》 *
董海韬等: "适用于网络内容审计的SSL/TLS保密数据高效明文采集方法", 《计算机应用》 *

Also Published As

Publication number Publication date
CN113037723B (en) 2022-10-28

Similar Documents

Publication Publication Date Title
CN112218294B (en) 5G-based access method and system for Internet of things equipment and storage medium
CN106487511B (en) Identity authentication method and device
JP2012530996A (en) Authentication method and system
CN103118022B (en) A kind of without password heterodoxy Sign-On authentication method
CN103812829B (en) A kind of method, remote desktop server and system for improving remote desktop security
CN111181912B (en) Browser identifier processing method and device, electronic equipment and storage medium
CN111314288B (en) Relay processing method, relay processing device, server, and storage medium
CN107124385B (en) Mirror flow-based SSL/TLS protocol plaintext data acquisition method
CN111800378A (en) Login authentication method, device, system and storage medium
CN109614789B (en) Terminal equipment verification method and equipment
CN110691097A (en) Industrial honey pot system based on hpfeeds protocol and working method thereof
CN112995612A (en) Safe access method and system for power video monitoring terminal
CN114401097B (en) HTTPS service flow identification method based on SSL certificate fingerprint
CN113037723B (en) Method and system for data extraction, analysis and verification
CN112749182B (en) Method for accessing Oracle database by proxy, audit terminal, device and computer readable storage medium
CN110858834A (en) User information transmission method, device, system and computer readable storage medium
CN113037480A (en) JSSE-based national secret encryption communication method and device and storage medium
CN105635060B (en) It is a kind of to obtain method, authentication server and the gateway for applying data
CN112511892A (en) Screen sharing method, device, server and storage medium
CN105553983B (en) A kind of web data guard method
US20150281187A1 (en) Key transmitting method and key transmitting system
CN115442074A (en) Data interaction method for iOS mobile terminal and server back-end
CN113726763A (en) Challenge response identity authentication technology based on mobile phone number
CN111984508A (en) Remote log acquisition method based on bastion machine
CN113141375A (en) Network security monitoring method and device, storage medium and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant