CN113114681B - Test message processing method, device, computer system and readable storage medium - Google Patents

Test message processing method, device, computer system and readable storage medium Download PDF

Info

Publication number
CN113114681B
CN113114681B CN202110397703.2A CN202110397703A CN113114681B CN 113114681 B CN113114681 B CN 113114681B CN 202110397703 A CN202110397703 A CN 202110397703A CN 113114681 B CN113114681 B CN 113114681B
Authority
CN
China
Prior art keywords
service message
encrypted
message
decryption function
test
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110397703.2A
Other languages
Chinese (zh)
Other versions
CN113114681A (en
Inventor
金驰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110397703.2A priority Critical patent/CN113114681B/en
Publication of CN113114681A publication Critical patent/CN113114681A/en
Application granted granted Critical
Publication of CN113114681B publication Critical patent/CN113114681B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present disclosure provides a test packet processing method, which can be used in the fields of computer technology, information security technology or other fields. Wherein, the method comprises the following steps: receiving an encrypted service message intercepted by an application server, wherein the encrypted service message is a service message sent to a tested server after being encrypted by a tested application program; determining attribute identification information of the encrypted service message according to the encrypted service message; determining a target decryption function corresponding to the attribute identification information from the encryption and decryption function set based on the attribute identification information of the encrypted service message; and decrypting the encrypted service message by using the target decryption function to generate a plaintext service message for testing the application program. The disclosure also provides a test message processing apparatus, a computer system, a readable storage medium, and a computer program product.

Description

Test message processing method, device, computer system and readable storage medium
Technical Field
The present disclosure relates to the field of computer technologies and information security technologies, and in particular, to a method and an apparatus for processing a test packet, a computer system, a readable storage medium, and a computer program product.
Background
Various Applications (APP) are installed on the terminal device, for example, a mobile banking APP, a shopping APP, a game APP or a reading APP, and the like, so that convenient services are provided for people in various aspects of leisure, traveling, entertainment and the like.
With the development of internet technology, network security becomes a key point. In order to protect the service function of the application program, a message encryption means is usually adopted, that is, a message sent by the application program is encrypted to prevent malicious tampering of the message, so that the security of the service of the application program is improved.
In implementing the disclosed concept, the inventors found that there are at least the following problems in the related art: encrypting the message will result in the inability to use traditional testing methods to perform security testing on the application.
Disclosure of Invention
In view of the above, the present disclosure provides a method, an apparatus, a computer system, a readable storage medium, and a computer program product for processing a test packet.
One aspect of the present disclosure provides a method for processing a test packet, including:
receiving an encrypted service message intercepted by an application server, wherein the encrypted service message is a service message sent to a tested server after being encrypted by a tested application program;
determining attribute identification information of the encrypted service message according to the encrypted service message;
determining a target decryption function corresponding to the attribute identification information from the encryption and decryption function set based on the attribute identification information of the encrypted service message; and
and decrypting the encrypted service message by using the target decryption function to generate a plaintext service message for testing the application program.
According to the embodiment of the present disclosure, the method for processing the test packet further includes:
and sending the plaintext service message to the application server so that the application server generates a test load message based on the plaintext service message.
According to the embodiment of the present disclosure, the method for processing the test packet further includes:
receiving a test load message sent by an application server;
determining a target encryption function corresponding to the attribute identification information from the encryption and decryption function set based on the attribute identification information of the encrypted service message;
encrypting the test load message by using a target encryption function to generate an encrypted test message;
sending the encrypted test message to an application server so that the application server can send the encrypted test message to a tested server; and the application server receives the test result sent by the tested server.
According to the embodiment of the present disclosure, before decrypting the encrypted service packet by using the target decryption function and generating the plaintext service packet, the method further includes:
and calling a target decryption function by injecting binary codes.
According to the embodiment of the present disclosure, the method for processing the test packet further includes:
and acquiring the encryption and decryption function set of the tested application program by using program instrumentation technology.
According to the embodiment of the present disclosure, determining, based on the attribute identification information of the encrypted service packet, a target decryption function corresponding to the attribute identification information from the encryption and decryption function set includes:
determining attribute information of a target decryption function corresponding to the attribute identification information based on the attribute identification information of the encrypted service message, wherein the attribute information of the target decryption function comprises one or more of information of the class to which the target decryption function belongs, calling format information and parameter format information; and
and determining the target decryption function from the encryption and decryption function set based on the attribute information of the target decryption function.
According to an embodiment of the present disclosure, wherein the attribute identification information includes field name information.
Another aspect of the present disclosure provides a test packet processing apparatus, including:
the receiving module is used for receiving the encrypted service message intercepted by the application server, wherein the encrypted service message is a service message sent to the tested server after being encrypted by the tested application program;
the first determining module is used for determining the attribute identification information of the encrypted service message according to the encrypted service message;
the second determining module is used for determining a target decryption function corresponding to the attribute identification information from the encryption and decryption function set based on the attribute identification information of the encrypted service message; and
and the plaintext service message generation module is used for decrypting the encrypted service message by using the target decryption function to generate a plaintext service message for testing the application program.
Yet another aspect of the present disclosure provides a computer system comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the test message processing method described above.
Yet another aspect of the present disclosure provides a computer-readable storage medium having stored thereon executable instructions, which when executed by a processor, cause the processor to implement the test packet processing method described above.
Yet another aspect of the present disclosure provides a computer program product comprising a computer program comprising computer executable instructions for implementing the test message processing method described above when executed.
According to the embodiment of the disclosure, the encrypted service message intercepted by the application server is received, wherein the encrypted service message is a service message sent to the tested server after being encrypted by the tested application program; determining attribute identification information of the encrypted service message according to the encrypted service message; determining a target decryption function corresponding to the attribute identification information from the encryption and decryption function set based on the attribute identification information of the encrypted service message; and decrypting the encrypted service message by using the target decryption function to generate a plaintext service message for testing the application program. Therefore, the problem that the service safety performance of the encrypted application program cannot be tested or only a single certain encryption algorithm can be tested in the prior art is at least partially solved; and furthermore, the technical effects that additional modification or branch addition is not needed to be carried out on the source code in the tested application program, and the method is not limited to a certain single encryption function or encryption algorithm, and is wide in application range and high in testing efficiency are achieved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an exemplary system architecture to which the test message processing method and apparatus of the present disclosure may be applied;
FIG. 2 schematically illustrates a flow diagram of a test message processing method according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a system diagram of a test message processing method according to another embodiment of the present disclosure;
FIG. 4 is a signaling diagram schematically illustrating a test message processing method according to another embodiment of the present disclosure;
FIG. 5 schematically shows a block diagram of a test message handling apparatus according to an embodiment of the disclosure; and
FIG. 6 schematically shows a block diagram of a computer system for a test message processing method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The service security aiming at the modification of the service message is a main security problem faced by various application programs (APP) at present, and a hacker or a lawless person can execute malicious instructions or suffer from service functions when tampering and replaying the service message due to the lack of verification aiming at the data security and the legality of the service message by the service background server. For the above problems, the conventional method is that before the service development is completed, a security tester tests and verifies the service security of the application program through penetration test, and verifies the security through a means of simulating hacker attacks.
However, with the development of the technology, part of the APPs protect the service functions by means of message encryption, and by encrypting the service messages, the service messages are prevented from being identified and tampered by hackers on the web level. The method for encrypting the service message protects the security of the background service to a certain extent when the method is just appeared, but the limitation of the technology is gradually exposed along with the time, which causes the more serious security problem of the APP.
On one hand, as the current method for encrypting the service message needs to be realized locally in the APP, a hacker can obtain an encryption key in the APP, so that the method for encrypting the service message loses effectiveness in many scenes; on the other hand, since the APP is encrypted in the development stage, the security tester cannot verify whether the background service has a leak through the conventional permeability test means, which results in a problem that the security tester cannot find the leak when the background service is used by a hacker.
The embodiment of the disclosure provides a test message processing method. The method comprises the following steps: receiving an encrypted service message intercepted by an application server, wherein the encrypted service message is a service message sent to a tested server after being encrypted by a tested application program; determining attribute identification information of the encrypted service message according to the encrypted service message; determining a target decryption function corresponding to the attribute identification information from an encryption and decryption function set based on the attribute identification information of the encrypted service message; and decrypting the encrypted service message by using the target decryption function to generate a plaintext service message for testing the application program.
According to the embodiment of the disclosure, under the condition that the service message is encrypted, the encrypted service message sent by the tested application program to the tested server is intercepted and decrypted by the test message processing method, and the decryption of the encrypted service message can be realized on the basis of not modifying the original development flow and codes, so that the effects of being suitable for various encryption methods and having wide application range are achieved.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which the test message processing methods and apparatus may be applied, according to an embodiment of the disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include tested terminal devices 101, 102, 103, a network 104, an application server 105, and a tested server 106. The network 104 is used to provide a medium for communication links between the terminal devices under test 101, 102, 103 and the application server 105, and between the application server 105 and the server under test 106. Network 104 may include various connection types, such as wired and/or wireless communication links, and so forth.
The user may use the tested terminal devices 101, 102, 103 to interact with the application server 105 via the network 104 to receive or send messages or the like. The tested terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as a shopping-type application, a web browser application, a search-type application, an instant messaging utility, a mailbox client, and/or social platform software, etc. (by way of example only).
The tested terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The application server 105 may be a server providing various services, such as a background management server (for example only) providing support for a user to use a website browsed by the tested terminal devices 101, 102, 103. The background management server may analyze and process the received messages such as the user request, and feed back the processing result (for example, a webpage, information, or data obtained or generated according to the user request) to the tested terminal device.
The tested server 105 may be a server providing various services, such as a background management server (for example only) providing support for a website browsed by a user using the tested terminal device 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (for example, a webpage, information, or data obtained or generated according to the user request) to the tested terminal device.
It should be understood that the number of terminal devices under test, networks, application servers, and servers under test in fig. 1 are merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
It should be noted that the test packet processing method, the test packet processing apparatus, the computer system, the computer readable storage medium, and the computer program product of the present disclosure may be used in the field of computer technology and the field of information security technology, and may also be used in any field other than the field of computer technology and the field of information security technology.
Fig. 2 schematically shows a flow chart of a test message processing method according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S201 to S204.
In operation S201, an encrypted service packet intercepted by the application server is received, where the encrypted service packet is a service packet sent to the tested server after being encrypted by the tested application program.
According to the embodiment of the disclosure, the application program to be tested can be a shopping application program, a game application program, a bank application program and the like installed on an electronic device such as a mobile phone, a computer, a virtualizer and the like.
According to an embodiment of the present disclosure, the application under test may be an application that is tested before online operation after development; but is not limited to this, and may be an application program that performs a test after a certain period of online operation.
According to the embodiment of the disclosure, the encrypted service message is a service message obtained after the tested application program executes operation based on the instruction of the user or the tested person and encrypted by using an encryption function. In the actual online running process, the application program sends the encrypted service message to the server so that the server can perform subsequent background service operation.
According to the embodiment of the disclosure, the application server can be used for intercepting the encrypted service message sent to the tested server by the tested application program. In the embodiment of the present disclosure, the interception operation may be performed by an interception tool installed on the application server, and the interception operation may be completed by the interception tool that can implement the interception operation, which is not described herein again.
In operation S202, attribute identification information of the encrypted service packet is determined according to the encrypted service packet.
In operation S203, a target decryption function corresponding to the attribute identification information is determined from the encryption and decryption function set based on the attribute identification information of the encrypted service packet.
According to the embodiment of the disclosure, the attribute identification information of the encrypted service message can be obtained by encrypting the service message, the attribute identification information is the only identification information of the encrypted service message, and the target decryption function corresponding to the attribute identification information of the encrypted service message can be determined by the attribute identification information of the encrypted service message.
In operation S204, the encrypted service packet is decrypted by using the target decryption function, and a plaintext service packet for testing the application program is generated.
According to the embodiment of the disclosure, the plaintext service message is generated after the encrypted service message is decrypted. And then, various penetration tests such as modification, replay and the like can be carried out on the plaintext service message, and the service safety performance test of the tested application program is realized.
By adopting the test message processing method of the embodiment of the disclosure, only the attribute identification information of the encrypted service message needs to be determined, and the target decryption function is determined from the encryption and decryption function set based on the attribute identification information. The source code in the tested application program does not need to be modified additionally or added with branches, and the method is not limited to a certain single encryption function or encryption algorithm, and is wide in application range and large in application range.
The method shown in fig. 2 is further described below with reference to specific embodiments.
According to the embodiment of the disclosure, the test message processing method can be applied to the terminal device installed with the tested application program. The target decryption function of the tested application program can be called by injecting binary codes. And decrypting the encrypted service message by using the target decryption function to generate a plaintext service message.
According to the embodiment of the disclosure, only the calling of the target decryption function is realized in a manner of injecting the binary code, and the source code of the tested application program is not modified, so that the execution of the method in the tested application program is not influenced.
According to the embodiment of the disclosure, the encryption and decryption function set of the tested application program can be obtained through program instrumentation technology. For example, an instrumentation probe is deployed on the application under test, and an instrumentation script is run in the application under test by an additional process or the like when the application under test is started.
According to the embodiment of the disclosure, a program instrumentation technology is utilized to obtain an encryption and decryption function set, wherein the encryption and decryption function set is a function set of all encryption algorithms and decryption algorithms of an application program to be tested. In an embodiment of the present disclosure, the target decryption function may be determined from the set of encryption decryption functions based on the attribute identification information.
For example, determining attribute information of a target decryption function corresponding to the attribute identification information based on the attribute identification information of the encrypted service packet, wherein the attribute information of the target decryption function includes one or more of information of a class to which the target decryption function belongs, calling format information and parameter format information; and determining the target decryption function from the encryption and decryption function set based on the attribute information of the target decryption function.
According to an embodiment of the present disclosure, the parameter format information may include one or more of parameter name information, parameter type information, and parameter return value information.
The method for determining the target decryption function is not limited to the function adopted by a single certain encryption technology, is applicable to various encryption technologies, and has wide application range and good application effect.
It should be noted that, according to the attribute identification information of the encrypted service packet, a target encryption function may also be determined from the encryption/decryption function set. The attribute information of the target encryption function also comprises one or more of class information, calling format information and parameter format information of the target encryption function. The specific determination mode and the implementation effect of the target encryption function are similar to those of the target decryption function, and are not described herein again.
According to other embodiments of the present disclosure, the target encryption function or the target decryption function may also be determined by using instrumentation logs; recording information such as execution time, function parameter values, function return values and the like of the functions in the instrumentation logs; the determination result is predicted based on the information described in the instrumentation log.
However, determining a target encryption function or a target decryption function in a manner specific to the instrumentation log cannot be applied to various encryption algorithms, and furthermore, cannot be guaranteed in terms of accuracy; furthermore, it may require multiple iterative processes to determine, which is inefficient.
According to an embodiment of the present disclosure, wherein the attribute identification information includes field name information.
According to the embodiment of the present disclosure, the encrypted service packet attribute identification information is not limited to a field name, and may also be a packet ID (identity verification code, unique identifier of a packet) or field data type information. As long as the service message can be identified under the condition of being encrypted, and the target encryption function or the target decryption function corresponding to the service message can be determined based on the information, which is not described herein again.
According to an embodiment of the present disclosure, the test packet processing method may further include the following operations. For example, the plaintext service message is sent to the application server, so that the application server generates the test payload message based on the plaintext service message.
According to the embodiment of the disclosure, the test load can be added on the basis of the plaintext service message through the modes of machine learning or rule presetting, and the test load message can be generated aiming at the plaintext service message automatically.
According to the test payload message generation method of the embodiment of the present disclosure, the test scenario may cover attack manners including XSS (Cross-Site Scripting), SQL (Structured Query Language), override, command execution, replay, and the like.
According to an embodiment of the present disclosure, the test packet processing method may further include the following operations. For example, receiving a test payload message sent by an application server; determining a target encryption function corresponding to the attribute identification information from the encryption and decryption function set based on the attribute identification information of the encrypted service message; encrypting the test load message by using a target encryption function to generate an encrypted test message; and sending the encrypted test message to the application server so that the application server sends the encrypted test message to the tested server, and receiving the test result sent by the tested server by the application server.
According to the embodiment of the disclosure, a target encryption function is determined from the encryption and decryption function set through the attribute identification information, the test load message is encrypted by using the target encryption function to generate an encrypted test message, and the complete processing flow of decryption of the encrypted service message of the tested application program, generation of the test load and re-encryption is completed. By applying the test message processing method of the embodiment of the disclosure, test coverage can be realized for various penetration tests based on message tampering and replay under the condition that the source code of the application program is not modified, and a comprehensive penetration test effect is realized.
According to the embodiment of the disclosure, whether a security vulnerability exists can be detected based on the response condition of the tested server to the encrypted test message. And finally, after the test is finished, summarizing and sorting the results with the holes to generate a safety test report.
The method shown in fig. 2 is further described with reference to fig. 3-4 in conjunction with specific embodiments.
Fig. 3 schematically illustrates a system diagram of a test message processing method according to another embodiment of the present disclosure.
As shown in fig. 3, the test packet processing method provided in the embodiment of the present invention is an APP encryption service function security test method based on instrumentation. The test message processing method provided by the embodiment of the disclosure can be completed by the combined action of the safety test subsystem 303 and the instrumentation analysis subsystem 302; wherein the security testing subsystem 303 may be installed in the application server 304 and the instrumentation analysis subsystem 302 may be installed in the terminal device 301 in which the application under test is installed.
When a security tester performs a security test, the instrumentation analysis subsystem 302 deployed on the terminal device 301 performs instrumentation monitoring by using the encryption and decryption function set specified in the APP. For decrypting encrypted messages, for encrypting test messages.
More specifically, after deployment of the instrumentation analysis subsystem 302 on the terminal device 301 is completed, by inserting a custom monitoring and analysis code into the APP memory space when the APP code is loaded, by means of a reverse approach, source codes of the APP, such as smal, java, or native, are obtained, and by combining with contents, such as a field name of an encrypted service packet, attribute information of a target encryption function or a target decryption function to be called, such as information, such as a class, a calling format, a parameter format, and the like, of the encryption and decryption function is automatically determined; in addition, the instrumentation analysis subsystem 302 completes the call of the target decryption function or the target encryption function by injecting the binary code into the APP memory, including reducing the encrypted service packet to a plaintext service packet, or encrypting the test load packet to an encrypted test packet.
The security testing subsystem 303 deployed on the application server 304 may be responsible for intercepting communication data between the tested APP and the tested server 305, such as an encrypted service packet; sending the intercepted encrypted service message to an instrumentation analysis subsystem 302 of the terminal device 301; automatically generating a safety test load according to the plaintext service message, and combining the test load with the plaintext service message to generate a test load message; sending the test load message to the instrumentation analysis subsystem 302 of the terminal device 301, so that the instrumentation analysis subsystem 302 encrypts the test load message to generate an encrypted test message; receiving an encrypted test message sent by an instrumentation analysis subsystem 302 on a terminal device 301; and sends the encrypted test message to the tested server 305 and receives the result returned by the tested server 305.
Fig. 4 schematically shows a signaling diagram of a test message processing method according to another embodiment of the present disclosure.
As shown in fig. 4, the test packet processing method includes operations S401 to S413.
In operation S401, a set of encryption and decryption functions is acquired.
Deploying an instrumentation analysis subsystem on terminal equipment provided with an APP to be tested, running an instrumentation script in the APP to be tested in a mode of adding a process and the like during the running of the APP when the APP is started, analyzing a source code of the APP to be tested, and acquiring source codes of the APP, such as smali, java or native and the like, namely an encryption and decryption function set through a reverse means; it should be noted that after the instrumentation probe is deployed on the terminal device, the safety tester may perform a background service safety test operation.
In operation S402, a security testing subsystem deployed in an application server intercepts an encrypted service packet transmitted to a tested server by a tested APP.
In operation S403, the security testing subsystem in the application server sends the intercepted encrypted service packet to the instrumentation analysis subsystem.
In operation S404, the instrumentation analysis subsystem analyzes the encrypted service packet and determines attribute identification information, such as field name, of the encrypted service packet.
In operation S405, the instrumentation analysis subsystem automatically determines attribute information, such as a class, a calling format, and a parameter format, to which the encryption/decryption function needs to be called, by using information, such as a field name of the encrypted service packet, and determines the target decryption function.
In operation S406, a target decryption function in the tested APP is called by injecting a binary code, so as to decrypt the encrypted service packet, and obtain a plaintext service packet.
In operation S407, the plaintext service packet is sent to the security testing subsystem.
In operation S408, the security testing subsystem automatically performs attack load on the plaintext service packet by means of machine learning or predetermined rules, and generates a test load packet; the test scenario covers a series of security-related attack methods including XSS, SQL injection, override, command execution, replay and the like.
In operation S409, the safety testing subsystem is used to send the test load message to the instrumentation analysis subsystem.
In operation S410, an encrypted test message is generated by calling a target encryption function.
In operation S411, the instrumentation analysis subsystem sends the encrypted test message to the application server.
In operation S412, the encrypted test message is transmitted to the tested application server via the application server.
In operation S413, a test result transmitted by the application server under test is received.
The test result is obtained by the tested application server performing background service operation based on the encrypted test message. The application server can judge whether the bug exists according to the test result and store the test result; and storing and classifying the test result which is confirmed to be the bug, and generating a safety test report after the test is finished.
In summary, with the test packet processing method provided by the embodiment of the present disclosure, on one hand, the original development process does not need to be modified, and is transparent to developers. The development personnel are not required to perform additional modification or branch addition on the APP source code, the development cost is not increased, and the efficiency is ensured; on the other hand, the method is not limited to a single encryption method and is suitable for encryption algorithms such as various symmetric, asymmetric, international standards, national cryptographic standards and the like; on the other hand, the comprehensive penetration test effect can be realized, and the test coverage can be realized for various penetration tests based on message tampering and replay.
Fig. 5 schematically shows a block diagram of a test message handling apparatus according to an embodiment of the present disclosure.
As shown in fig. 5, the test packet processing apparatus 500 includes a receiving module 501, a first determining module 502, a second determining module 503, and a plaintext service packet generating module 504.
A receiving module 501, configured to receive an encrypted service packet intercepted by an application server, where the encrypted service packet is a service packet sent to a tested server after being encrypted by a tested application program;
a first determining module 502, configured to determine attribute identification information of an encrypted service packet according to the encrypted service packet;
a second determining module 503, configured to determine, based on the attribute identification information of the encrypted service packet, a target decryption function corresponding to the attribute identification information from the encryption and decryption function set; and
the plaintext service packet generating module 504 is configured to decrypt the encrypted service packet by using the target decryption function, and generate a plaintext service packet for testing the application.
By adopting the test message processing method of the embodiment of the disclosure, only the attribute identification information of the encrypted service message needs to be determined, and the target decryption function is determined from the encryption and decryption function set based on the attribute identification information. The source code in the tested application program does not need to be modified additionally or added with branches, and the method is not limited to a certain single encryption function or encryption algorithm, and is wide in application range and large in application range.
According to the embodiment of the present disclosure, the test packet processing apparatus 500 further includes a test payload packet generating module.
And the test load message generating module is used for sending the plaintext service message to the application server so that the application server can generate the test load message based on the plaintext service message.
According to the embodiment of the disclosure, the test message processing device further comprises a test load message receiving module, a third determining module, an encrypted test message generating module and a sending module.
The test load message receiving module is used for receiving the test load message sent by the application server;
a third determining module, configured to determine, based on the attribute identification information of the encrypted service packet, a target encryption function corresponding to the attribute identification information from the encryption/decryption function set;
the encrypted test message generation module is used for encrypting the test load message by using a target encryption function to generate an encrypted test message; and
and the sending module is used for sending the encrypted test message to the application server so that the application server can send the encrypted test message to the tested server, and the application server receives the test result sent by the tested server.
According to the embodiment of the disclosure, before decrypting the encrypted service message by using the target decryption function and generating the plaintext service message, the test message processing apparatus further includes a calling module.
And the calling module is used for calling the target decryption function in a mode of injecting binary codes.
According to the embodiment of the present disclosure, the test packet processing apparatus further includes an obtaining module.
And the acquisition module is used for acquiring the encryption and decryption function set of the tested application program by using the program instrumentation technology.
According to an embodiment of the present disclosure, wherein the second determination module includes a first determination unit and a second determination unit.
The first determining unit is used for determining attribute information of a target decryption function corresponding to the attribute identification information based on the attribute identification information of the encrypted service message, wherein the attribute information of the target decryption function comprises one or more of information of a class to which the target decryption function belongs, calling format information and parameter format information; and
and a second determining unit configured to determine the target decryption function from the set of encryption and decryption functions based on the attribute information of the target decryption function.
According to an embodiment of the present disclosure, wherein the attribute identification information includes field name information.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the receiving module 501, the first determining module 502, the second determining module 503, and the plaintext service packet generating module 504 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to the embodiment of the present disclosure, at least one of the receiving module 501, the first determining module 502, the second determining module 503 and the plaintext service packet generating module 504 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementation manners of software, hardware and firmware, or implemented by any suitable combination of any of the three. Alternatively, at least one of the receiving module 501, the first determining module 502, the second determining module 503, and the plaintext service message generating module 504 may be at least partially implemented as a computer program module, and when the computer program module is executed, the corresponding function may be executed.
It should be noted that the test packet processing apparatus part in the embodiment of the present disclosure corresponds to the test packet processing method part in the embodiment of the present disclosure, and the description of the test packet processing apparatus part specifically refers to the test packet processing method part, which is not described herein again.
Fig. 6 schematically shows a block diagram of a computer system suitable for implementing the above described method according to an embodiment of the present disclosure. The computer system illustrated in FIG. 6 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 6, a computer system 600 according to an embodiment of the present disclosure includes a processor 601, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. Processor 601 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 601 may also include onboard memory for caching purposes. Processor 601 may include a single processing unit or multiple processing units for performing different actions of a method flow according to embodiments of the disclosure.
In the RAM 603, various programs and data necessary for the operation of the system 600 are stored. The processor 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. The processor 601 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 602 and/or RAM 603. It is to be noted that the programs may also be stored in one or more memories other than the ROM 602 and RAM 603. The processor 601 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, system 600 may also include an input/output (I/O) interface 605, input/output (I/O) interface 605 also connected to bus 604. The system 600 may also include one or more of the following components connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program, when executed by the processor 601, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 602 and/or RAM 603 described above and/or one or more memories other than the ROM 602 and RAM 603.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by the embodiments of the present disclosure, when the computer program product is run on an electronic device, the program code being configured to cause the electronic device to implement the test message processing method provided by the embodiments of the present disclosure.
The computer program, when executed by the processor 601, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of signals over a network medium, downloaded and installed via the communication section 609, and/or installed from a removable medium 611. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the disclosure, and these alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (10)

1. A test message processing method comprises the following steps:
receiving an encrypted service message intercepted by an application server, wherein the encrypted service message is a service message sent to a tested server after being encrypted by a tested application program;
determining attribute identification information of the encrypted service message according to the encrypted service message;
determining a target decryption function corresponding to the attribute identification information from an encryption and decryption function set based on the attribute identification information of the encrypted service message; and
and decrypting the encrypted service message by using the target decryption function to generate a plaintext service message for testing the application program.
2. The method of claim 1, further comprising:
and sending the plaintext service message to the application server so that the application server can generate a test load message based on the plaintext service message.
3. The method of claim 2, further comprising:
receiving the test load message sent by the application server;
determining a target encryption function corresponding to the attribute identification information from the encryption and decryption function set based on the attribute identification information of the encrypted service message;
encrypting the test load message by using the target encryption function to generate an encrypted test message; and
sending the encrypted test message to the application server so that the application server can send the encrypted test message to the tested server; and the application server receives the test result sent by the tested server.
4. The method according to claim 1, wherein before decrypting the encrypted service packet by using the target decryption function to generate a plaintext service packet, the method further comprises:
and calling the target decryption function by injecting binary codes.
5. The method of claim 1, further comprising:
and acquiring the encryption and decryption function set of the tested application program by using program instrumentation technology.
6. The method according to claim 1, wherein the determining, based on the attribute identification information of the encrypted service packet, a target decryption function corresponding to the attribute identification information from a set of encryption decryption functions comprises:
determining attribute information of a target decryption function corresponding to the attribute identification information based on the attribute identification information of the encrypted service message, wherein the attribute information of the target decryption function comprises one or more of information of the type of the target decryption function, calling format information and parameter format information; and
and determining the target decryption function from the encryption and decryption function set based on the attribute information of the target decryption function.
7. The method of claim 1, wherein the attribute identification information includes field name information.
8. A test message processing apparatus comprising:
the receiving module is used for receiving an encrypted service message intercepted by the application server, wherein the encrypted service message is a service message sent to the tested server after being encrypted by the tested application program;
the first determining module is used for determining the attribute identification information of the encrypted service message according to the encrypted service message;
a second determining module, configured to determine, based on the attribute identification information of the encrypted service packet, a target decryption function corresponding to the attribute identification information from an encryption decryption function set; and
and the plaintext service message generation module is used for decrypting the encrypted service message by using the target decryption function to generate a plaintext service message for testing the application program.
9. A computer system, comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-7.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 7.
CN202110397703.2A 2021-04-13 2021-04-13 Test message processing method, device, computer system and readable storage medium Active CN113114681B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110397703.2A CN113114681B (en) 2021-04-13 2021-04-13 Test message processing method, device, computer system and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110397703.2A CN113114681B (en) 2021-04-13 2021-04-13 Test message processing method, device, computer system and readable storage medium

Publications (2)

Publication Number Publication Date
CN113114681A CN113114681A (en) 2021-07-13
CN113114681B true CN113114681B (en) 2022-09-06

Family

ID=76716835

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110397703.2A Active CN113114681B (en) 2021-04-13 2021-04-13 Test message processing method, device, computer system and readable storage medium

Country Status (1)

Country Link
CN (1) CN113114681B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726781B (en) * 2021-08-31 2023-05-16 平安养老保险股份有限公司 Message information processing method, device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414242A (en) * 2019-08-02 2019-11-05 中国工商银行股份有限公司 For detecting the method, apparatus, equipment and medium of service logic loophole
CN111182025A (en) * 2019-11-26 2020-05-19 腾讯科技(深圳)有限公司 Message processing method, device, server and storage medium
CN111414305A (en) * 2020-03-18 2020-07-14 中国工商银行股份有限公司 Test method, test device, test apparatus, and medium
CN111858375A (en) * 2020-07-28 2020-10-30 中国工商银行股份有限公司 Software testing method, device, electronic equipment and medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8386768B2 (en) * 2006-02-08 2013-02-26 Safenet, Inc. High performance data encryption server and method for transparently encrypting/decrypting data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414242A (en) * 2019-08-02 2019-11-05 中国工商银行股份有限公司 For detecting the method, apparatus, equipment and medium of service logic loophole
CN111182025A (en) * 2019-11-26 2020-05-19 腾讯科技(深圳)有限公司 Message processing method, device, server and storage medium
CN111414305A (en) * 2020-03-18 2020-07-14 中国工商银行股份有限公司 Test method, test device, test apparatus, and medium
CN111858375A (en) * 2020-07-28 2020-10-30 中国工商银行股份有限公司 Software testing method, device, electronic equipment and medium

Also Published As

Publication number Publication date
CN113114681A (en) 2021-07-13

Similar Documents

Publication Publication Date Title
US11960605B2 (en) Dynamic analysis techniques for applications
US11720666B2 (en) Application-level sandboxing on devices
US11604878B2 (en) Dynamic analysis techniques for applications
US9576147B1 (en) Security policy application through data tagging
Neugschwandtner et al. A View to a Kill:{WebView} Exploitation
Canfora et al. Composition-malware: building android malware at run time
CN109960903A (en) A kind of method, apparatus, electronic equipment and storage medium that application is reinforced
CN111163095B (en) Network attack analysis method, network attack analysis device, computing device, and medium
Liu et al. On manually reverse engineering communication protocols of linux-based iot systems
US11444970B2 (en) Dynamic security test system
Alrawi et al. The betrayal at cloud city: An empirical analysis of {Cloud-Based} mobile backends
US11595436B2 (en) Rule-based dynamic security test system
Wong et al. On the security of containers: Threat modeling, attack analysis, and mitigation strategies
CN113114681B (en) Test message processing method, device, computer system and readable storage medium
Vella et al. Volatile memory-centric investigation of SMS-hijacked phones: a Pushbullet case study
Kulkarni et al. Open source android vulnerability detection tools: a survey
CN113162937A (en) Application safety automatic detection method, system, electronic equipment and storage medium
Ahmed Rumee et al. Droidtest: Testing android applications for leakage of private information
US11138319B2 (en) Light-weight context tracking and repair for preventing integrity and confidentiality violations
US11689551B2 (en) Automatic identification of applications that circumvent permissions and/or obfuscate data flows
CN114491489A (en) Request response method and device, electronic equipment and storage medium
Park et al. Multiple Device Login Attacks and Countermeasures of Mobile VoIP Apps on Android.
CN112995170A (en) Method, device and system for protecting website user information
US20230362187A1 (en) Event and rule-based dynamic security test system
Kuzmenko (in-) privacy in mobile apps. Customer opportunities

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant