Disclosure of Invention
In view of the foregoing drawbacks, the present invention provides an interactive protocol inversion method, system, storage medium and computer device thereof, which improve the success rate and efficiency of protocol inversion.
In order to achieve the above object, the present invention provides a method for inverting an interactive protocol, comprising the steps of:
acquiring a data packet sent by a client;
detecting whether an interactive network environment exists between the client and the server;
if the network environment exists, carrying out region division on the data packet according to a preset reference rule, and sequentially changing the data blocks corresponding to each region to respectively generate a plurality of corresponding changed data packets;
and analyzing the field information of the corresponding data block according to the response generated after the server receives the change data packet.
Optionally, the obtaining the data packet sent by the client specifically includes:
and acquiring the data packet sent by the client in a packet capturing mode.
Optionally, the step of detecting whether an interactive network environment exists between the client and the server specifically includes:
and detecting whether the server generates a response after receiving the data packet sent by the client, wherein if the server generates the response, the interactive network environment exists.
Optionally, if the network environment exists, the step of performing area division on the data packet according to a preset reference rule, and sequentially changing the data blocks corresponding to each area to generate a plurality of corresponding changed data packets specifically includes:
dividing the data packet into a plurality of regions according to the reference rule;
acquiring at least one change data corresponding to each region;
and sequentially replacing the data blocks of each region of the data packet with the corresponding change data so as to respectively generate a plurality of corresponding change data packets.
Optionally, the step of obtaining at least one change data corresponding to each of the areas includes:
and extracting at least one change data configured in the corresponding area from a preset database.
Optionally, the step of sequentially replacing the data blocks of each region of the data packet with the corresponding change data to generate a plurality of corresponding change data packets respectively specifically includes:
and respectively constructing the change data packets corresponding to the replaced areas according to the areas where the data blocks which are replaced in sequence are located.
Optionally, the step of analyzing the field information of the corresponding data block according to the response generated by the server after receiving the change data packet specifically includes:
detecting a response return state and/or response content of the server after receiving the change data packet;
and analyzing the field information of the data block replaced by the change data packet according to the response return state and/or the response content.
Optionally, after the step of analyzing the field information of the corresponding data block according to the response generated by the server after receiving the change data packet, the method further includes:
and identifying the protocol content of the data packet according to the field information of each data block of the data packet.
Also provided is a system for interactive protocol reversal, comprising:
the acquisition unit is used for acquiring a data packet sent by a client;
the interaction detection unit is used for detecting whether an interactive network environment exists between the client and the server;
the division changing unit is used for carrying out region division on the data packets according to a preset reference rule and sequentially changing the data blocks corresponding to the regions to respectively generate a plurality of corresponding changed data packets if the network environment exists;
and the response analysis unit is used for analyzing the field information of the corresponding data block according to the response generated after the server receives the change data packet.
Optionally, the obtaining unit is specifically configured to:
and acquiring the data packet sent by the client in a packet capturing mode.
Optionally, the interaction detection unit is specifically configured to:
and detecting whether the server generates a response after receiving the data packet sent by the client, wherein if the server generates the response, the interactive network environment exists.
Optionally, the partition changing unit specifically includes:
a dividing subunit, configured to divide the data packet into a plurality of regions according to the reference rule;
a data acquiring subunit, configured to acquire at least one change data corresponding to each of the areas;
and the data replacement subunit is configured to sequentially replace the data blocks of each region of the data packet with the corresponding change data, so as to generate a plurality of corresponding change data packets respectively.
Optionally, the data obtaining subunit is specifically configured to:
and extracting at least one change data configured in the corresponding area from a preset database.
Optionally, the data replacement subunit is specifically configured to:
and respectively constructing the change data packets corresponding to the replaced areas according to the areas where the data blocks which are replaced in sequence are located.
Optionally, the response analysis unit specifically includes:
the response detection subunit is used for detecting the response return state and/or the response content of the server after receiving the change data packet;
and the data analysis subunit is used for analyzing the field information of the data block replaced by the change data packet according to the response return state and/or the response content.
Optionally, the method further includes:
and the protocol identification unit is used for identifying the protocol content of the data packet according to the field information of each data block of the data packet.
In addition, a storage medium and a computer device are provided, the storage medium storing a computer program for executing the above interactive protocol inversion method.
The computer device comprises a storage medium, a processor and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the method for reversing the interactive protocol described above when executing the computer program.
The method and the system for the interactive protocol reverse direction acquire a data packet sent by a client; detecting whether an interactive network environment exists between the client and the server; if the network environment exists, carrying out region division on the data packet according to a preset reference rule, and sequentially changing the data blocks corresponding to each region to respectively generate a plurality of corresponding changed data packets; and analyzing the field information of the corresponding data block according to the response generated after the server receives the change data packet. Therefore, the invention interacts with the client/server using the protocol in the reverse process, carries out protocol reverse through the interaction result, improves the reverse accuracy, and can verify the reverse result in real time in the reverse process.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be noted that references in the specification to "one embodiment," "an example embodiment," etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not intended to refer to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to effect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
Moreover, where certain terms are used throughout the description and following claims to refer to particular components or features, those skilled in the art will understand that manufacturers may refer to a component or feature by different names or terms. This specification and the claims that follow do not intend to distinguish between components or features that differ in name but not function. In the following description and in the claims, the terms "include" and "comprise" are used in an open-ended fashion, and thus should be interpreted to mean "include, but not limited to. In addition, the term "connected" as used herein includes any direct and indirect electrical connection. Indirect electrical connection means include connection by other means.
Fig. 1 illustrates a method for reversing an interactive protocol provided in an embodiment of the present invention, including:
step S101: acquiring a data packet sent by a client; the data packet is the protocol to be reversed. In a specific implementation, the step S101 includes: and acquiring the data packet sent by the client in a packet capturing mode. Firstly, acquiring specific protocol content to be reversed in a packet capturing mode; for example, for an unknown network protocol, the client sends packet a as follows:
3366000800081001000000000100000052000000000203000000ff000000651002030000001d6f30466e5876726b326b525a53734a4e4e7047326b63496e4f5a4b3100000000000000000000000100000000。
step S102: and detecting whether an interactive network environment exists between the client and the server. Optionally, step S102 includes: and detecting whether the server generates a response after receiving the data packet sent by the client, wherein if the server generates the response, the interactive network environment exists. For example, the data packet a is sent from the client to the server, and if the server receives the data packet a at this time, a response is generated to confirm that an interactive network environment exists between the client and the server; sending a data packet A in a data packet constructing mode, observing whether a server responds, and if the server responds, judging that an interactive network environment exists and performing subsequent work; in specific implementation, after the server receives the data packet a, the data packet B responded by the server is:
336600080008100201000000010000003000000010021048614a41394858517638476b5556573800000004000000000061c1d9b1276ba954cb3d4b438e236251。
step S103: and if the network environment exists, performing region division on the data packet according to a preset reference rule, and sequentially changing the data blocks corresponding to each region to respectively generate a plurality of corresponding changed data packets. The reference rule comprises a protocol segmentation rule for a data packet and a prediction type of a corresponding area; and the reference rule can be configured according to a preset reference data packet.
Step S104: and analyzing the field information of the corresponding data block according to the response generated after the server receives the change data packet. Analyzing and deducing field information of the replaced data block by an interaction result generated by the server after the data packet is changed; the field information comprises information such as protocol format, specific semantics and value range. That is, the embodiment interacts with the client/server using the protocol in the reverse process, and the protocol is reversed through the interaction result, so that the reverse accuracy is improved, and the reverse result can be verified in real time in the reverse process.
Referring to fig. 2, in an embodiment, step S103 specifically includes:
step S1031: and dividing the data packet into a plurality of areas according to the reference rule. When the method is concretely implemented, the protocol content of the data packet is divided into a plurality of specific areas; each region contains a block of data, i.e., the packet is divided into blocks of data.
Step S1032: and acquiring at least one piece of change data corresponding to each area.
Optionally, step S1032 specifically includes: and extracting at least one change data configured in the corresponding area from a preset database. The database stores the change data aiming at any specific area of the data packet in advance, and the step preferentially extracts the change data different from the data block from the database; for the change of the data block on the specific area, the changed new data packet can be analyzed out the corresponding type information in the subsequent interaction with the server.
Step S1033: and sequentially replacing the data blocks of each region of the data packet with the corresponding change data so as to respectively generate a plurality of corresponding change data packets. Namely, aiming at each area, the original data block is replaced by other data; after the data block of each region is replaced, a corresponding change data packet can be constructed and generated, so that if the data packet is divided into 5 regions, at least 5 change data packets can be constructed.
Optionally, step S1033 specifically includes: and respectively constructing change data packets corresponding to the replaced areas according to the areas where the data blocks which are sequentially replaced are located. If the header 336600 of the above-mentioned packet a is changed to 000000, the reconstructed packet a1 is:
0000000800081001000000000100000052000000000203000000ff000000651002030000001d6f30466e5876726b326b525a53734a4e4e7047326b63496e4f5a4b3100000000000000000000000100000000。
referring to fig. 3, in an embodiment, step S104 specifically includes:
s1041: and detecting the response return state and/or response content of the server after receiving the change data packet. That is, the client transmits a change packet in which the specific area is changed to the server, and detects a feedback situation of the server, such as whether or not a response is generated, what kind of response is generated, and the like.
S1042: and analyzing the field information of the data block replaced by the change data packet according to the response return state and/or the response content. According to the situation that the constructed change data packet with the replaced specific area is fed back on the server, field information represented by the data block of the area, such as information of a protocol format, specific semantics, a value range and the like, is analyzed.
The data blocks in different areas are respectively provided with specific analysis and judgment rules; for example, after the constructed packet a1 is sent to the server, it is found that the server does not respond to the request when the server result is obtained; it can be determined 336600 to be a defined field for the protocol because the protocol is fixed to begin with 336600 and if not 336600, the server will not respond. For another example, the 0065 position in the data packet a can be determined by finding that the server will only respond to a value range 0063 and 0066 after checking the response of the server after changing data for many times, and then can infer the data of the part as a variable identification field of the protocol, whose range is 0036 and 0065. And after the data is changed, the changed data packet is retransmitted, and in specific implementation, the specific semantics, namely type information, of the currently changed data area can be analyzed and judged according to the matching information configured by the reference rule. The response analysis process can be processed manually or automatically.
Optionally, after step S104, the method further includes: and identifying the protocol content of the data packet according to the field information of each data block of the data packet. After the content of each area of the data packet is identified, the complete protocol content of the data packet can be analyzed according to all the field information.
Fig. 4 shows a system 100 for interactive protocol inversion according to an embodiment of the present invention, which includes an obtaining unit 10, an interaction detecting unit 20, a partition changing unit 30, and a response analyzing unit 40, where:
the acquiring unit 10 is configured to acquire a data packet sent by a client; the interaction detection unit 20 is configured to detect whether an interactable network environment exists between the client and the server; the partition changing unit 30 is configured to, if the network environment exists, perform area partition on the data packets according to a preset reference rule, and sequentially change data blocks corresponding to each area to generate a plurality of corresponding changed data packets; the response analysis unit 40 is configured to analyze the field information of the corresponding data block according to a response generated by the server after receiving the change data packet.
Analyzing and deducing field information of the replaced data block by an interaction result generated by the server after the data packet is changed; the field information comprises information such as protocol format, specific semantics and value range. That is, the embodiment interacts with the client/server using the protocol in the reverse process, and the protocol is reversed through the interaction result, so that the reverse accuracy is improved, and the reverse result can be verified in real time in the reverse process.
The embodiment provides an interactive protocol reverse mode, which is characterized in that the protocol reverse mode is interacted with a client/server using the protocol in a reverse process, the protocol reverse can be manually/automatically performed through an interaction result, the reverse accuracy is improved, and the reverse result can be verified in real time in the reverse process.
Optionally, the obtaining unit 10 is specifically configured to: and acquiring the data packet sent by the client in a packet capturing mode.
Optionally, the interaction detecting unit 20 is specifically configured to: and detecting whether the server generates a response after receiving the data packet sent by the client, wherein if the server generates the response, the interactive network environment exists.
Referring to fig. 5, in one embodiment, the partition changing unit 30 includes a partition subunit 301, a data acquiring subunit 302, and a data replacing subunit 303, where:
the dividing unit 301 is configured to divide the data packet into a plurality of regions according to the reference rule; the data acquiring subunit 302 is configured to acquire at least one change data corresponding to each of the areas; the data replacing subunit 303 is configured to sequentially replace the data blocks of each area of the data packet with the corresponding change data, so as to generate a plurality of corresponding change data packets respectively.
Optionally, the data obtaining subunit 302 is specifically configured to: and extracting at least one change data configured in the corresponding area from a preset database.
Optionally, the data replacing subunit 303 is specifically configured to: and respectively constructing the change data packets corresponding to the replaced areas according to the areas where the data blocks which are replaced in sequence are located.
Referring to fig. 6, in an alternative embodiment, the response analyzing unit 40 includes a response detecting subunit 401 and a data analyzing subunit 402, wherein:
the response detection subunit 401 is configured to detect a response return state and/or response content of the server after receiving the change data packet; the data analysis subunit 402 is configured to analyze, according to the response return status and/or the response content, field information of the data block replaced by the change data packet.
Optionally, the apparatus further includes a protocol identification unit, configured to identify protocol content of the data packet according to the field information of each data block of the data packet.
The present invention also provides a storage medium for storing a computer program for the method of interactive protocol reversion as described in fig. 1-3. Such as computer program instructions, which when executed by a computer, may invoke or otherwise provide methods and/or techniques in accordance with the present application through the operation of the computer. Program instructions which invoke the methods of the present application may be stored on fixed or removable storage media and/or transmitted via a data stream over a broadcast or other signal-bearing medium and/or stored on a storage medium of a computer device operating in accordance with the program instructions. Here, according to an embodiment of the present application, a computer device including a system for interactive protocol reversal as shown in fig. 4 preferably includes a storage medium for storing a computer program and a processor for executing the computer program, wherein when the computer program is executed by the processor, the computer device is triggered to execute a method and/or a technical solution according to the foregoing embodiments.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, implemented using Application Specific Integrated Circuits (ASICs), general purpose computers or any other similar hardware devices. In one embodiment, the software programs of the present application may be executed by a processor to implement the above steps or functions. Likewise, the software programs (including associated data structures) of the present application may be stored in a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. Additionally, some of the steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
The method according to the invention can be implemented on a computer as a computer-implemented method, or in dedicated hardware, or in a combination of both. Executable code for the method according to the invention or parts thereof may be stored on a computer program product. Examples of computer program products include memory devices, optical storage devices, integrated circuits, servers, online software, and so forth. Preferably, the computer program product comprises non-transitory program code means stored on a computer readable medium for performing the method according to the invention when said program product is executed on a computer.
In a preferred embodiment, the computer program comprises computer program code means adapted to perform all the steps of the method according to the invention when the computer program is run on a computer. Preferably, the computer program is embodied on a computer readable medium.
In summary, the method and system for reversing interactive protocol described in the present invention obtain the data packet sent by the client; detecting whether an interactive network environment exists between the client and the server; if the network environment exists, carrying out region division on the data packet according to a preset reference rule, and sequentially changing the data blocks corresponding to each region to respectively generate a plurality of corresponding changed data packets; and analyzing the field information of the corresponding data block according to the response generated after the server receives the change data packet. Therefore, the invention interacts with the client/server using the protocol in the reverse process, carries out protocol reverse through the interaction result, improves the reverse accuracy, and can verify the reverse result in real time in the reverse process.
The present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof, and it should be understood that various changes and modifications can be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.
Also provided is a1, a method for interactive protocol reversal, comprising the steps of:
acquiring a data packet sent by a client;
detecting whether an interactive network environment exists between the client and the server;
if the network environment exists, carrying out region division on the data packet according to a preset reference rule, and sequentially changing the data blocks corresponding to each region to respectively generate a plurality of corresponding changed data packets;
and analyzing the field information of the corresponding data block according to the response generated after the server receives the change data packet.
A2, the method for reverse interactive protocol according to a1, wherein the acquiring the data packets sent by the client specifically includes:
and acquiring the data packet sent by the client in a packet capturing mode.
A3, the method for conversing the interactive protocol according to a1, wherein the step of detecting whether an interactive network environment exists between the client and the server specifically comprises:
and detecting whether the server generates a response after receiving the data packet sent by the client, wherein if the server generates the response, the interactive network environment exists.
A4, the method for reversing the interactive protocol according to a1, wherein if the network environment exists, the method specifically includes the steps of performing region division on the data packets according to a preset reference rule, and sequentially changing data blocks corresponding to each region to generate a plurality of corresponding changed data packets, respectively:
dividing the data packet into a plurality of regions according to the reference rule;
acquiring at least one change data corresponding to each region;
and sequentially replacing the data blocks of each region of the data packet with the corresponding change data so as to respectively generate a plurality of corresponding change data packets.
A5, the method according to the reverse direction of the interactive protocol of a4, wherein the step of obtaining at least one change datum associated with each of the zones comprises:
and extracting at least one change data configured in the corresponding area from a preset database.
A6, according to the method for interactive protocol inversion described in a4, the step of sequentially replacing the data blocks of each area of the data packet with the corresponding changed data to generate a plurality of corresponding changed data packets respectively specifically includes:
and respectively constructing the change data packets corresponding to the replaced areas according to the areas where the data blocks which are replaced in sequence are located.
A7, the method according to the interactive protocol reversal of a1, wherein the step of analyzing the field information of the corresponding data block according to the response generated by the server after receiving the change data packet specifically includes:
detecting a response return state and/or response content of the server after receiving the change data packet;
and analyzing the field information of the data block replaced by the change data packet according to the response return state and/or the response content.
A8, the method for conversing the interactive protocol according to any one of a1 to a7, wherein the step of analyzing the field information of the corresponding data block according to the response generated by the server after receiving the change data packet further comprises:
and identifying the protocol content of the data packet according to the field information of each data block of the data packet.
B9, a system for interactive protocol reversal, comprising:
the acquisition unit is used for acquiring a data packet sent by a client;
the interaction detection unit is used for detecting whether an interactive network environment exists between the client and the server;
the division changing unit is used for carrying out region division on the data packets according to a preset reference rule and sequentially changing the data blocks corresponding to the regions to respectively generate a plurality of corresponding changed data packets if the network environment exists;
and the response analysis unit is used for analyzing the field information of the corresponding data block according to the response generated after the server receives the change data packet.
B10, the system according to the interactive protocol reversal of B9, wherein the obtaining unit is specifically configured to:
and acquiring the data packet sent by the client in a packet capturing mode.
B11, the system according to the interactive protocol of B9 being specifically configured to:
and detecting whether the server generates a response after receiving the data packet sent by the client, wherein if the server generates the response, the interactive network environment exists.
B12, the system according to the interactive protocol reversal of B9, wherein the partition change unit specifically includes:
a dividing subunit, configured to divide the data packet into a plurality of regions according to the reference rule;
a data acquiring subunit, configured to acquire at least one change data corresponding to each of the areas;
and the data replacement subunit is configured to sequentially replace the data blocks of each region of the data packet with the corresponding change data, so as to generate a plurality of corresponding change data packets respectively.
B13, the data acquisition subunit being specifically configured to, in accordance with the interactive protocol inversion system of B12:
and extracting at least one change data configured in the corresponding area from a preset database.
B14, the system according to the interactive protocol inverse of B12, wherein the data replacement subunit is specifically configured to:
and respectively constructing the change data packets corresponding to the replaced areas according to the areas where the data blocks which are replaced in sequence are located.
B15, the system according to the interactive protocol reverse of B9, wherein the response analysis unit specifically comprises:
the response detection subunit is used for detecting the response return state and/or the response content of the server after receiving the change data packet;
and the data analysis subunit is used for analyzing the field information of the data block replaced by the change data packet according to the response return state and/or the response content.
B16, the system for conversing interactive protocol according to any one of B9-B15, further comprising:
and the protocol identification unit is used for identifying the protocol content of the data packet according to the field information of each data block of the data packet.
C17, a storage medium storing a computer program for performing a method for reversing the interactive protocol of any one of a 1-a 8 is also provided.
There is also provided D18, a computer device comprising a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, the processor implementing the method for interactive protocol reversal of any of a 1-a 8 when executing the computer program.