CN113328995A - Flow proxy method and system for android - Google Patents
Flow proxy method and system for android Download PDFInfo
- Publication number
- CN113328995A CN113328995A CN202110491168.7A CN202110491168A CN113328995A CN 113328995 A CN113328995 A CN 113328995A CN 202110491168 A CN202110491168 A CN 202110491168A CN 113328995 A CN113328995 A CN 113328995A
- Authority
- CN
- China
- Prior art keywords
- flow
- traffic
- android
- proxy
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a flow proxy method and a flow proxy system for android, wherein the method comprises the following steps: the application monitoring service intercepts the bottom layer flow of the application and redirects the intercepted bottom layer flow to a local address; the local proxy service adds corresponding header information on the intercepted bottom-layer flow to obtain complete flow; and the business analysis service puts the complete flow into the corresponding business server according to the header information. The method is realized on the basis of an application level, and the use of other applications in the equipment is not influenced; the screening and authentication of the bottom layer flow are finished at the bottom layer without dialing, so that the user experience is improved; header information can be added in the bottom-layer flow, so that flow statistics and analysis are facilitated.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a flow proxy method and system for android.
Background
Existing enterprises generally adopt traditional vpn for traffic proxy. However, this method has the following problems: 1. the method is realized on the equipment level, and after vpn is opened, the flow of almost most applications is defaulted to take away the vpn, so that the use of other applications in the equipment is influenced. 2. When the network is unstable, the user needs to redial, and the user experience is not good. 3. The data of the application is inconvenient to collect in a classified manner, and the collected data is inconvenient to analyze.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides the flow proxy method and system aiming at the android, which do not influence the use of other applications in equipment and improve the user experience.
In a first aspect, a traffic proxy method for android includes the following steps:
the application monitoring service intercepts the bottom layer flow of the application and redirects the intercepted bottom layer flow to a local address;
the local proxy service adds corresponding header information on the intercepted bottom-layer flow to obtain complete flow;
and the business analysis service puts the complete flow into the corresponding business server according to the header information.
Preferably, before the application monitoring service intercepts the bottom layer traffic of the application, the method further includes:
and replacing system functions of the process in a hook mode.
Preferably, the system function for replacing the process in a hook manner specifically includes:
acquiring/proc/self/maps files in the android system;
reading all library files loaded in the process from the/proc/self/maps file;
searching whether a system function needing to be replaced exists in the library file;
and if the system function exists, replacing the system function with a preset custom function.
Preferably, the intercepting the bottom layer traffic of the application by the application monitoring service and redirecting the intercepted bottom layer traffic to the local address specifically includes:
carrying out address screening on the bottom layer flow by using the replaced self-defined function;
and redirecting the screened bottom-layer traffic to a local address.
Preferably, the header information includes rights to the underlying traffic.
In a second aspect, the traffic proxy system for android is a software development kit and is integrated in an application; the flow proxy system comprises an application monitoring service, a local proxy service and a business analysis service;
the application monitoring service is used for intercepting the bottom layer flow of the application and redirecting the intercepted bottom layer flow to a local address;
the local proxy service is used for adding corresponding header information on the intercepted bottom-layer flow to obtain complete flow;
and the business analysis service is used for delivering the complete flow to the corresponding business server according to the header information.
Preferably, the application monitoring service is further configured to replace a system function of the process in a hook manner.
Preferably, the application monitoring service is specifically configured to:
acquiring/proc/self/maps files in the android system;
reading all library files loaded in the process from the/proc/self/maps file;
searching whether a system function needing to be replaced exists in the library file;
and if the system function exists, replacing the system function with a preset custom function.
Preferably, the application monitoring service is specifically configured to:
carrying out address screening on the bottom layer flow by using the replaced self-defined function;
and redirecting the screened bottom-layer traffic to a local address.
Preferably, the header information includes rights to the underlying traffic.
According to the technical scheme, the flow proxy method and the flow proxy system for the android provided by the invention have the following advantages:
1. based on application level implementation, the use of other applications in the device is not affected.
2. And the screening and authentication of the bottom flow are finished at the bottom layer without dialing, so that the user experience is improved.
3. Header information can be added in the bottom-layer flow, so that flow statistics and analysis are facilitated.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
Fig. 1 is a flowchart of a traffic proxy method according to an embodiment of the present invention.
Fig. 2 is a block diagram of a traffic proxy system according to a second embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and therefore are only examples, and the protection scope of the present invention is not limited thereby. It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which the invention pertains.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
The first embodiment is as follows:
a traffic proxy method for android, see fig. 1, comprising the steps of:
the application monitoring service intercepts the bottom layer flow of the application and redirects the intercepted bottom layer flow to a local address;
the local proxy service adds corresponding header information on the intercepted bottom-layer flow to obtain complete flow;
and the business analysis service puts the complete flow into the corresponding business server according to the header information.
Specifically, when the service analysis service delivers the complete traffic to the corresponding service server, the complete traffic is sent to the gateway for permission verification, and is delivered to the corresponding service server according to the verification result, so that the traffic permission can be refined to a single service.
The flow proxy method aiming at the android has the following advantages:
1. based on application level implementation, the use of other applications in the device is not affected.
2. And the screening and authentication of the bottom flow are finished at the bottom layer without dialing, so that the user experience is improved.
3. Header information can be added in the bottom-layer flow, so that flow statistics and analysis are facilitated.
Preferably, before the application monitoring service intercepts the bottom layer traffic of the application, the method further includes:
the method for replacing the system function of the process in the hook mode specifically comprises the following steps:
acquiring/proc/self/maps files in the android system;
reading all library files loaded in the process from the/proc/self/maps file;
searching whether a system function needing to be replaced exists in the library file;
and if the system function exists, replacing the system function with a preset custom function.
Specifically, when bottom layer traffic is intercepted, a hook mode is adopted to replace a system function of a process. The method can read all library files loaded by a process from/proc/self/maps files of the android system, then traverse the library files and search whether system functions which are required to be replaced exist or not. If the symbol table has the set system function, the original function address is replaced by the self-defined function address, then the bottom layer flow is subjected to address screening in the self-defined function, the bottom layer flow meeting the conditions is redirected to the local address which is pre-distributed before, and further processing is carried out. For example, tcp interception is implemented by the following steps:
1. and after the client starts interception, acquiring the address to be intercepted at the server through a protocol.
2. The client initially needs to listen to the tcp port to map with the address to be intercepted.
3. A client initiates a tcp-based request (such as http, https and the like) in the process, and then automatically intercepts a connect function, acquires ip address information in the structure from the sockaddr, and then compares whether an address needing to be intercepted exists in the unmapping. If yes, the flow is redirected to a port which is monitored in advance, and the flow is further processed.
Therefore, the functions of intercepting the traffic of the application through hook and redirecting the traffic to the home agent are realized.
Preferably, the intercepting the bottom layer traffic of the application by the application monitoring service and redirecting the intercepted bottom layer traffic to the local address specifically includes:
carrying out address screening on the bottom layer flow by using the replaced self-defined function;
and redirecting the screened bottom-layer traffic to a local address.
The header information includes the authority of the underlying traffic.
Specifically, when the method is used for obtaining the local proxy of the flow, the header information is added in the bottom flow, and the obtained complete flow is put into the corresponding service server, so that the analysis and statistics of the bottom flow can be conveniently carried out according to the header information at the later stage.
After adding the header information in the bottom layer flow, the method can also select different encryption modes for encryption or marking to obtain complete information. For example using national secrets or ordinary ssl for encryption.
Example two:
a flow agent system for android, which is a software development kit and integrated in an application, see fig. 2; the flow proxy system comprises an application monitoring service, a local proxy service and a business analysis service;
the application monitoring service is used for intercepting the bottom layer flow of the application and redirecting the intercepted bottom layer flow to a local address;
the local proxy service is used for adding corresponding header information on the intercepted bottom-layer flow to obtain complete flow;
and the business analysis service is used for delivering the complete flow to the corresponding business server according to the header information.
Specifically, the traffic proxy system may be designed as a development kit sdk, and after the application needs to integrate the traffic proxy system, the application has functions of traffic proxy, traffic analysis, user behavior control (screen shot, file sandbox, etc.), and the like. If the application is installed on the client side or published by the portal website, the client side can have the functions of flow proxy, flow analysis, user behavior control (screen shot, file sandbox and the like) and the like.
The flow proxy system for the android has the following advantages:
1. based on application level implementation, the use of other applications in the device is not affected.
2. And the screening and authentication of the bottom flow are finished at the bottom layer without dialing, so that the user experience is improved.
3. Header information can be added in the bottom-layer flow, so that flow statistics and analysis are facilitated.
Preferably, the application monitoring service is further configured to replace a system function of the process in a hook manner.
Preferably, the application monitoring service is specifically configured to:
acquiring/proc/self/maps files in the android system;
reading all library files loaded in the process from the/proc/self/maps file;
searching whether a system function needing to be replaced exists in the library file;
and if the system function exists, replacing the system function with a preset custom function.
Preferably, the application monitoring service is specifically configured to:
carrying out address screening on the bottom layer flow by using the replaced self-defined function;
and redirecting the screened bottom-layer traffic to a local address.
Preferably, the header information includes rights to the underlying traffic.
For the sake of brief description, the system provided by the embodiment of the present invention may refer to the corresponding content in the foregoing embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Claims (10)
1. A flow proxy method for android is characterized by comprising the following steps:
the application monitoring service intercepts the bottom layer flow of the application and redirects the intercepted bottom layer flow to a local address;
the local proxy service adds corresponding header information on the intercepted bottom-layer flow to obtain complete flow;
and the business analysis service puts the complete flow into the corresponding business server according to the header information.
2. The traffic proxy method for android as claimed in claim 1, wherein before the application monitoring service intercepts the underlying traffic of the application, the method further comprises:
and replacing system functions of the process in a hook mode.
3. The method for flow proxy for android as claimed in claim 2, wherein the system function for replacing the process in a hook manner specifically includes:
acquiring/proc/self/maps files in the android system;
reading all library files loaded in the process from the/proc/self/maps file;
searching whether a system function needing to be replaced exists in the library file;
and if the system function exists, replacing the system function with a preset custom function.
4. The traffic proxy method for the android, as recited in claim 3, wherein the intercepting of the application underlying traffic by the application monitoring service and the redirecting of the intercepted underlying traffic to the local address specifically include:
carrying out address screening on the bottom layer flow by using the replaced self-defined function;
and redirecting the screened bottom-layer traffic to a local address.
5. The traffic proxy method for android of claim 1, wherein the traffic proxy method comprises the steps of,
the header information includes the authority of the underlying traffic.
6. The flow agent system for the android is characterized in that the flow agent system is a software development kit and is integrated in an application; the flow proxy system comprises an application monitoring service, a local proxy service and a business analysis service;
the application monitoring service is used for intercepting the bottom layer flow of the application and redirecting the intercepted bottom layer flow to a local address;
the local proxy service is used for adding corresponding header information on the intercepted bottom-layer flow to obtain complete flow;
and the business analysis service is used for delivering the complete flow to the corresponding business server according to the header information.
7. The traffic proxy system for android of claim 6, wherein,
the application monitoring service is also used for replacing system functions of the process in a hook mode.
8. The traffic proxy system for android as claimed in claim 7, wherein the application monitoring service is specifically configured to:
acquiring/proc/self/maps files in the android system;
reading all library files loaded in the process from the/proc/self/maps file;
searching whether a system function needing to be replaced exists in the library file;
and if the system function exists, replacing the system function with a preset custom function.
9. The traffic proxy system for android as claimed in claim 8, wherein the application monitoring service is specifically configured to:
carrying out address screening on the bottom layer flow by using the replaced self-defined function;
and redirecting the screened bottom-layer traffic to a local address.
10. The traffic proxy system for android of claim 6, wherein,
the header information includes the authority of the underlying traffic.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110491168.7A CN113328995B (en) | 2021-05-06 | 2021-05-06 | Flow proxy method and system for android |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110491168.7A CN113328995B (en) | 2021-05-06 | 2021-05-06 | Flow proxy method and system for android |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113328995A true CN113328995A (en) | 2021-08-31 |
| CN113328995B CN113328995B (en) | 2023-03-24 |
Family
ID=77414197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110491168.7A Active CN113328995B (en) | 2021-05-06 | 2021-05-06 | Flow proxy method and system for android |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113328995B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090307532A1 (en) * | 2008-06-04 | 2009-12-10 | Jason Neal Raber | Stealthy debugger |
| US20100250920A1 (en) * | 2009-03-31 | 2010-09-30 | Chandrika K Sarath | Techniques for packet processing with removal of ip layer routing dependencies |
| CN103441996A (en) * | 2013-08-16 | 2013-12-11 | 上海理工大学 | Method and system for transmitting files in concurrent mode |
| CN103605930A (en) * | 2013-11-27 | 2014-02-26 | 湖北民族学院 | Double file anti-divulging method and system based on HOOK and filtering driving |
| CN105049437A (en) * | 2015-08-04 | 2015-11-11 | 浪潮电子信息产业股份有限公司 | Method for filtering data of network application layer |
| CN107635011A (en) * | 2017-10-17 | 2018-01-26 | 上海哎媲媲网络技术有限公司 | A kind of Android platform realizes the system and method for the interior network Transparent Proxy of application |
| CN109766145A (en) * | 2019-01-22 | 2019-05-17 | 杭州云缔盟科技有限公司 | A kind of method that function hot patch is realized by HOOK technology under Windows |
| CN110287123A (en) * | 2019-07-03 | 2019-09-27 | 武汉斗鱼鱼乐网络科技有限公司 | A kind of method and device around IOS system debug detection |
-
2021
- 2021-05-06 CN CN202110491168.7A patent/CN113328995B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090307532A1 (en) * | 2008-06-04 | 2009-12-10 | Jason Neal Raber | Stealthy debugger |
| US20100250920A1 (en) * | 2009-03-31 | 2010-09-30 | Chandrika K Sarath | Techniques for packet processing with removal of ip layer routing dependencies |
| CN103441996A (en) * | 2013-08-16 | 2013-12-11 | 上海理工大学 | Method and system for transmitting files in concurrent mode |
| CN103605930A (en) * | 2013-11-27 | 2014-02-26 | 湖北民族学院 | Double file anti-divulging method and system based on HOOK and filtering driving |
| CN105049437A (en) * | 2015-08-04 | 2015-11-11 | 浪潮电子信息产业股份有限公司 | Method for filtering data of network application layer |
| CN107635011A (en) * | 2017-10-17 | 2018-01-26 | 上海哎媲媲网络技术有限公司 | A kind of Android platform realizes the system and method for the interior network Transparent Proxy of application |
| CN109766145A (en) * | 2019-01-22 | 2019-05-17 | 杭州云缔盟科技有限公司 | A kind of method that function hot patch is realized by HOOK technology under Windows |
| CN110287123A (en) * | 2019-07-03 | 2019-09-27 | 武汉斗鱼鱼乐网络科技有限公司 | A kind of method and device around IOS system debug detection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113328995B (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7305703B2 (en) | Method and system for enforcing a communication security policy | |
| US20180041475A1 (en) | Centralized management and enforcement of online privacy policies | |
| US20190075049A1 (en) | Determining Direction of Network Sessions | |
| US7584506B2 (en) | Method and apparatus for controlling packet transmission and generating packet billing data on wired and wireless network | |
| CN113938308B (en) | Application cluster security protection system, method, electronic equipment and storage medium | |
| JP2010508598A (en) | Method and apparatus for detecting unwanted traffic in one or more packet networks utilizing string analysis | |
| JP5980968B2 (en) | Information processing apparatus, information processing method, and program | |
| EP3826263A1 (en) | Method and apparatus for combining a firewall and a forensics agent to detect and prevent malicious software activity | |
| CN111970233A (en) | Analysis and identification method for network violation external connection scene | |
| CN110891056A (en) | HTTPS request authentication method and device, electronic equipment and storage medium | |
| CN112491836B (en) | Communication system, method, device and electronic equipment | |
| CN101826991A (en) | Method and system for identifying illegal data packet | |
| CN113328995B (en) | Flow proxy method and system for android | |
| JP6007308B1 (en) | Information processing apparatus, information processing method, and program | |
| JP5966076B1 (en) | Information processing apparatus, information processing method, and program | |
| JP6105797B1 (en) | Information processing apparatus, information processing method, and program | |
| US20230353539A1 (en) | Methods for automatically modifying firewall rules based on Internet Protocol (IP) addresses | |
| CN110098975B (en) | Detection method and system for user to access internet through virtual private network | |
| JP2005189996A (en) | Network intrusion detection system | |
| JP6063593B1 (en) | Information processing apparatus, information processing method, and program | |
| KR101288103B1 (en) | Method and system for monitoring and cutting off illegal electronic-commerce transaction | |
| JP2016042312A (en) | Security management system and method | |
| CN117675302A (en) | Request identification attack method based on abnormal request feature construction | |
| JP5190807B2 (en) | Packet path tracking system | |
| CN113079178A (en) | Method, device, equipment and storage medium for identifying illegal external connection of terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |