CN113348655B - Anti-hijacking method and device for browser, electronic equipment and storage medium - Google Patents
Anti-hijacking method and device for browser, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113348655B CN113348655B CN201980089741.2A CN201980089741A CN113348655B CN 113348655 B CN113348655 B CN 113348655B CN 201980089741 A CN201980089741 A CN 201980089741A CN 113348655 B CN113348655 B CN 113348655B
- Authority
- CN
- China
- Prior art keywords
- data
- webpage
- web page
- hijacking
- frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The application discloses a browser anti-hijacking method and device, electronic equipment and a storage medium, and relates to the technical field of browsers. Wherein, the method comprises the following steps: the browser receives webpage data; acquiring the data volume of legal data in the webpage data as a first numerical value; acquiring the actual data volume of the webpage data as a second numerical value; if the first numerical value is different from the second numerical value, the webpage corresponding to the webpage data is judged to be hijacked, anti-hijacked processing is conducted on the webpage, and safety of the webpage is improved.
Description
Technical Field
The present application relates to the field of browser technologies, and in particular, to a method and an apparatus for anti-hijacking a browser, an electronic device, and a storage medium.
Background
With the development of economy and society, the number of people who surf the internet is more and more, which leads to the diversification of web pages, the situation that the web pages of the browser are hijacked by the web pages of operators or third parties often occurs, and the threat to the data security and property security of users is caused, so that the anti-hijacking of the browser is very important.
Disclosure of Invention
In view of the foregoing problems, the present application provides a method, an apparatus, an electronic device, and a storage medium for preventing a browser from being hijacked, so as to improve the foregoing problems.
In a first aspect, an embodiment of the present application provides a browser anti-hijacking method, where the method includes: the browser receives webpage data; acquiring the data volume of legal data in the webpage data as a first numerical value; acquiring the actual data volume of the webpage data as a second numerical value; and if the first numerical value is different from the second numerical value, judging that the webpage corresponding to the webpage data is hijacked, and carrying out anti-hijacking processing on the webpage.
In a second aspect, an embodiment of the present application provides a browser anti-hijacking device, where the device includes: the data receiving module is used for receiving the webpage data by the browser; the first data acquisition module is used for acquiring the data volume of legal data in the webpage data as a first numerical value; the second data acquisition module is used for acquiring the actual data volume of the webpage data as a second numerical value; and the anti-hijacking processing module is used for judging that the webpage corresponding to the webpage data is hijacked and carrying out anti-hijacking processing on the webpage if the first numerical value is different from the second numerical value.
In a third aspect, an embodiment of the present application provides an electronic device, including: one or more processors; a memory; one or more programs. Wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the methods described above.
In a fourth aspect, the present application provides a computer-readable storage medium, in which a program code is stored, and the program code can be called by a processor to execute the above method.
According to the browser anti-hijacking method, the browser anti-hijacking device, the electronic equipment and the storage medium, the data volume of legal data in the webpage is compared with the data volume of actual data, and under the condition that the two data volumes are different, the webpage can be determined to be hijacked, anti-hijacking processing is carried out, and therefore the safety of the webpage is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating a browser anti-hijacking method according to an embodiment of the present application.
Fig. 2 is a flowchart illustrating a browser anti-hijacking method according to another embodiment of the present application.
Fig. 3 is a schematic diagram illustrating a multi-frame web page provided in an embodiment of the present application.
Fig. 4 is a flowchart illustrating a browser anti-hijacking method according to another embodiment of the present application.
Fig. 5 to fig. 7 respectively output flow diagrams of different anti-hijacking modes in the embodiment of the present application.
Fig. 8 is a functional block diagram of a browser anti-hijacking device according to an embodiment of the present application.
Fig. 9 shows a block diagram of an electronic device according to an embodiment of the present application.
Fig. 10 is a storage unit according to an embodiment of the present application, configured to store or carry program code for implementing a browser anti-hijacking method according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
In the process of browsing the web pages of the browser, the browser may be hijacked, and hijackers such as operators, third-party web pages or hijacked software may attack the browser of the user, for example, the web pages are tampered by changing the display mode and display content of the web pages, or the browser is turned to malicious web pages when accessing normal websites, and the home pages or search pages of the browser are modified to the website addresses specified by the hijackers.
Generally, hijacking of all web pages depends on an HTTPS (hypertext transfer protocol secure) protocol of the web pages to achieve data encryption protection, however, the security protocol is not safe enough, and can also be disguised by a server for hijacking, the disguised server gives a disguised encryption key, data decrypted by a browser is also hijacked data from the disguised server, the browser cannot know that the web pages are hijacked, the anti-hijacking purpose cannot be achieved completely, and the probability of hijacking is simply reduced. In addition, the anti-hijack mode cannot recover the hijacked data and only can add errors.
The inventor finds that under the conditions that the website is diverted to a malicious webpage when a normal website is accessed, a browser homepage or a search page is modified to a website address specified by a hijacker, and the like, the website actually accessed by the browser is different from the website desired to be accessed, and the browser can be directly judged to be hijacked. In this case, if the browser can obtain the website to be accessed, the browser can acquire data from the server through the website to be accessed.
For hijacking that the webpage is tampered, operations such as adding data, deleting data, replacing data and the like on the basis of legal data of the webpage can cause the data volume in the webpage to change, that is, the data volume of the webpage data actually received by the browser is different from the data volume of the legal data of the webpage. Therefore, when the data volume of the webpage data actually received by the browser is different from the data volume of the legal data of the webpage, the webpage can be judged to be hijacked, and anti-hijacking processing can be performed.
Therefore, the inventor proposes a browser anti-hijacking method, a browser anti-hijacking device, electronic equipment and a storage medium provided by the embodiment of the application, judges whether a webpage is hijacked or not by comparing the legal data volume with the actual data volume in the webpage, and performs anti-hijacking treatment under the condition of being hijacked. The method, the apparatus, the electronic device, and the storage medium for preventing browser hijacking according to the embodiments of the present application will be described in detail below with specific embodiments.
Fig. 1 illustrates a browser anti-hijacking method provided in an embodiment of the present application, which may be applied to a browser in an electronic device. Specifically, the method comprises the following steps:
step S110: the browser receives the web page data.
The browser can initiate a webpage acquisition request to the server and receive various data information of the webpage returned by the browser. The web page fetch request may be an encrypted request, such as a data fetch request of the https protocol. The obtained data information may include one or more of codes, words, pictures, and the like, and is not limited in the embodiments of the present application. If the webpage is not hijacked, the webpage data received by the browser is data returned by the server; if the web page is hijacked, actual web page data received by the browser is different from data returned by the server.
Step S120: and acquiring the data volume of legal data in the webpage data as a first numerical value.
Step S130: and acquiring the actual data volume of the webpage data as a second numerical value.
If the webpage of the browser is hijacked and the content is tampered, the data volume of the legal data of the webpage is different from the data volume of the webpage data actually received by the browser. Therefore, the browser can acquire the data volume of legal data in the received webpage data, and the acquired data volume is defined as a first numerical value; and acquiring the actual quantity of the received webpage data, and defining the actual quantity as a second numerical value.
The legal data of the web page is original data of the web page, or data of the web page written by a programmer for the web page, or data which the web page should have under the condition that the web page is not hijacked, or data returned by a server responding to a web page acquisition request of a browser. The data amount indicates the size of the data, or how much of the data, or the number of bytes of the data, or the storage space that the data needs to occupy, etc.
Step S140: and if the first numerical value is different from the second numerical value, judging that the webpage corresponding to the webpage data is hijacked, and carrying out anti-hijacking processing on the webpage.
And comparing whether the data volume of the legal data is the same as the data volume of the webpage actually received. If the difference is different, the webpage is indicated to be tampered, and anti-hijack processing is carried out on the webpage.
In the anti-hijacking method for the browser provided by the embodiment of the application, whether the webpage is hijacked or not is judged according to whether the data volume of the legal data of the webpage is the same as the actually received data volume or not, so that the browser can accurately know whether the webpage is hijacked or not, anti-hijacking processing is performed under the condition that the webpage is hijacked, and the safety of the webpage is improved.
Another embodiment of the present application provides a method for preventing hijacking of a browser, where the method includes determining a data size of legal data. Referring to fig. 2, the method includes:
step S210: the browser receives the web page data.
Step S220: and acquiring data of the recorded data volume in the webpage data as stored value data.
Step S230: and analyzing the data volume of the webpage data from the stored value data to be used as the data volume of legal data in the webpage data, and taking the data volume as a first numerical value.
Step S240: and acquiring the actual data volume of the webpage data as a second numerical value.
The browser receives the webpage data and can acquire the data volume of legal data in the webpage data.
Specifically, the data size of the web page is written in the valid data of the web page. That is, after the programmer writes the legal data of the finished web page, the programmer can write the data size of the web page into the legal data.
The data of the legal data size in the recorded web page may be specially recorded in the legal data of the web page, such as a tag, a byte, and the like. The data amount written in the legal data of the webpage can be written in the stored value data, and the data amount of the legal data in the webpage data can be obtained by analyzing the stored value data in the webpage data. For example, a tag is set in a web page as stored value data, and after the web page is written, the web page has a data size of 20M, and the programmer writes the data of 20M into the tag. Through the analysis of the label, the legal data of the webpage can be obtained to be 20M.
Therefore, upon receiving the web page data, it is possible to acquire data in which the data amount is recorded, and to parse the data amount of the legitimate data of the web page from the data. And, the data volume may be stored for later comparison. The acquisition and analysis process can be completed by the browser kernel, for example, the browser kernel acquires the stored-value data from the web page data through the web page data analysis module, analyzes the data amount of the legal data from the stored-value data, and stores the data in the data storage module of the browser.
Optionally, in this embodiment of the present application, the stored value data may be data encrypted according to a preset encryption algorithm. The browser can decrypt the stored value data according to the preset encryption algorithm and then acquire the data volume of legal data in the webpage data from the decrypted stored value data.
The specific algorithm of the preset encryption algorithm is not limited in the embodiment of the present application, and may be an encryption algorithm that is known to the browser and unknown to the hijacker. That is to say, the specific kind of the preset encryption algorithm is not disclosed, so that the hijacker does not know the encryption algorithm used by the stored-value data, and even if the hijacker writes the changed data volume, such as the increased data volume, into the webpage when tampering the legal data of the webpage, the browser analyzes the data volume written by the hijacker through the preset encryption algorithm, and the analysis result should be a messy code, which does not affect the acquisition of the data volume of the legal data.
The browser then counts the actual data volume of the web page data. The specific statistical method is not limited, and for example, the size of the storage space occupied by the received web page data may be counted, and the calculation may be performed according to the receiving speed and receiving time of the web page data.
Step S250: if the first numerical value is different from the second numerical value, judging that the webpage corresponding to the webpage data is hijacked, and carrying out anti-hijacking processing on the webpage.
Comparing whether the first value is the same as the second value. If the data volume of the legal data in the webpage data is different from the actually received data volume, the webpage is hijacked, and corresponding anti-hijacking processing can be carried out.
In the embodiment of the application, the data size recorded by the processing data is compared with the actually received data size to determine whether the webpage is hijacked or not by recording the size of legal data in the webpage through the stored value data. If the user is hijacked, anti-hijacked processing is carried out.
In the embodiment of the present application, a web page may include multiple portions, each portion having its own corresponding independent web page data, and the embodiment of the present application takes a frame web page as an example for description. The frame web page includes a plurality of frames in one web page, or more than one page is displayed in the same browser window, and each page is used as one frame. Each frame is independent of other frames and has independent webpage data. For example, how a window is divided into frames can be defined by a frame structure tag, and the data of the web page in each frame can be defined by a frame tag, such as how the web page is divided into frames by a frame structure tag frameset, and the HTML document placed in each frame is defined by the frame tag frame corresponding to the frame. For example, fig. 3 shows a schematic diagram of a frame web page, wherein the web page 110 includes three frames, namely a first frame 101, a second frame 102 and a third frame 103.
Another embodiment of the present application provides a method for anti-hijacking a browser. In this embodiment, the data volume of the legal data of each frame may be compared with the actual data volume to determine whether the frame is hijacked, so as to determine whether to perform anti-hijacking processing on the web page or the frame. That is to say, in this embodiment, the web page data may be data information of a frame, the first value is a data amount of legal data received by the frame, and the second value is a data amount of web page data actually received after the frame is received. That is, in this embodiment, for each frame, as shown in fig. 4, the following steps are performed:
step S310: the browser receives the web page data of the frame.
Step S320: and acquiring the data volume of legal data in the webpage data as a first numerical value.
Step S330: and acquiring the actual data volume of the webpage data as a second numerical value.
Step S340: and if the first numerical value is different from the second numerical value, judging that the webpage corresponding to the webpage data is hijacked, and carrying out anti-hijacking processing on the webpage.
For any frame, the browser may receive web page data for that frame. When data recording the data volume of the legal data in the frame is received, that is, the stored value data in the web page data of the frame is received, the stored value data can be analyzed to obtain the data volume of the legal data in the frame as a first numerical value of the frame.
When the data in the frame is received completely, the actual data size of the received web page data of the frame may be obtained, and the actual data size is used as the second value of the frame.
Comparing whether the first value and the second value are different. If the first value is the same as the second value, the frame is not hijacked, the anti-hijacked processing is not needed to be carried out on the frame, and the frame can carry out normal processing, such as rendering, displaying and the like. If the first value and the second value of each frame in the webpage indicate that all frames are not hijacked, the webpage is not hijacked.
If the first value and the second value of a certain frame are different, the data in the frame are tampered, the frame can be judged to be hijacked, meanwhile, the webpage can be judged to be hijacked, and anti-hijacking processing is conducted on the webpage.
As an implementation manner, since each frame has its own web page data, if it is determined that a certain frame is hijacked, the anti-hijacking processing for the web page may be anti-hijacking processing for the frame, so as to reduce the processing amount of data. That is to say, when the first numerical value and the second numerical value in the webpage data of a certain frame are different, the anti-hijacking processing is carried out on the frame corresponding to the webpage data. The anti-hijacking processing on the frame can be to acquire the data of the frame from the server again so as to recover the data of the frame. Specifically, as shown in fig. 5, the anti-hijack processing on the framework may include the following steps:
step S3411: and acquiring the website information of the frame.
Each frame has its link address, i.e. has its web address information, which can be used to request the browser for the frame's legal data. Therefore, when a certain frame is hijacked, that is, the frame is hijacked by comparing the data amount of legal data in the webpage data with the actual amount, the website information of the frame can be acquired. The specific obtaining manner is not limited in this embodiment, for example, the website information of the frame is analyzed from the webpage data of the frame.
Step S3421: and initiating a webpage acquisition request carrying the website information to a server, so that the server returns webpage data of the frame according to the webpage acquisition request.
The address of the server can be analyzed according to the website information, so that the server for acquiring legal data is determined. Therefore, a web page acquisition request can be sent to the server, and the legal data of the frame can be acquired. And when the server receives the webpage acquisition request, returning the webpage data of the frame again.
Step S3431: and acquiring new webpage data of the frame from a server, and replacing the webpage data of the frame.
And after receiving the webpage data returned by the server, replacing the original webpage data of the frame with the webpage data to realize the recovery of the hijacked webpage data in the frame.
Optionally, in this embodiment, the web page acquisition request may carry an anti-hijack flag, where the anti-hijack flag indicates that web page data of the browser is hijacked and the web page data corresponding to the website information needs to be re-copied from the server. The anti-hijack mark can be only one mark known by a legal server, and if an illegal server hijacks the webpage acquisition request, the anti-hijack mark cannot be correctly identified, because the existence of the anti-hijack mark cannot correctly analyze the webpage acquisition request.
In addition, the anti-hijacking mark added in the webpage acquisition request can be used for adding an anti-hijacking response mark in returned webpage data by the server according to the anti-hijacking mark, so that when the browser receives the webpage data, the browser determines the webpage data to be returned by a legal server according to the anti-hijacking response mark. Therefore, in the embodiment of the application, when the browser receives the webpage data returned by the server in response to the webpage acquisition request carrying the anti-hijack mark, whether the anti-hijack mark is carried in the received webpage data can be judged. If the webpage data carries the webpage data, the webpage data returned by the legal server is judged to be replaced, namely, the original webpage data in the frame is replaced by new webpage data.
Optionally, the web page obtaining request may be an encrypted data obtaining request, such as an https request, and the anti-hijack mark and the website information may be carried on a request header. When the server receives the request, the original data of the website information, namely legal data corresponding to the website information, can be searched from a database of the server end according to the anti-hijack mark and the website information, then the legal data are encrypted and compressed and returned to the browser, and an anti-hijack response mark is added in a response header. And after receiving the corresponding response data, the browser kernel decrypts and decompresses the received encrypted compressed packet according to the anti-hijack mark and the website information to obtain original data, and completely replaces the hijacked data with the obtained data by the browser kernel to achieve the anti-hijack purpose.
Optionally, in this embodiment of the application, when it is determined that a certain frame is hijacked, an anti-hijacked reminder may be performed, for example, a hijacked reminder label is displayed, so as to notify the user that the current webpage is hijacked. In addition, the anti-hijacking label can also specifically indicate which frame is hijacked, so that the user can know the specific hijacking condition of the frames in the webpage.
Optionally, the anti-hijack reminder may disappear after the user responds, and the user knows that the webpage data of the frame is obtained again and disappears after the webpage data is replaced.
Optionally, in this embodiment, after the webpage data of the hijacked frame is obtained again and replaced, the comparison process from step S310 to step S340 may be executed again, so that the displayed data is legal data.
Optionally, if the browser performs anti-hijack processing on a certain frame for a preset number of times, all the acquired webpage data are hijacked webpage data, which indicates that the probability of hijacking the frame is high, and the request for acquiring the webpage data of the frame can be suspended.
Optionally, in this embodiment, when it is determined that a certain frame is hijacked, in the process of performing anti-hijacking processing on the certain frame, it may be continuously determined whether other frames are hijacked or not and whether anti-hijacking processing needs to be performed, so as to improve the processing speed of preventing web page hijacking. Of course, after the anti-hijacking processing is performed on the frame determined to be hijacked, the determination of whether other frames are hijacked can be continued.
Optionally, after it is determined that a certain frame is hijacked, the relevant hijacked information may be uploaded to the background server, which may be used to record the hijacked condition, count which frames are hijacked, the probability of hijacked, and the like, and provide data support for subsequent tracking and optimization. If the framework with high hijacking probability is optimized, the hijacking probability is reduced. The background server is a server for counting hijacking information and can be the same as or different from a server for acquiring legal webpage data. If the hijacking information fails to be uploaded for many times, if the hijacking information fails to be uploaded for three times, the hijacking information can be stored locally and uploaded again under the condition that the network condition is detected to be good next time.
As another embodiment, when it is determined that a certain frame is hijacked, it indicates that the web page is hijacked, and the probability that other frames in the web page are hijacked is also high. In order to improve the data processing speed, whether other frames in the webpage are hijacked or not can be judged, and anti-hijacked processing of the webpage can be performed. When the anti-hijacking processing is carried out on the webpage, the anti-hijacking processing is carried out on the whole webpage. That is, when it is determined that a certain frame is hijacked, the anti-hijacked processing is performed on the entire web page, and the web page data of the entire web page is obtained from the server again and replaced. Specifically, as shown in fig. 6, the anti-hijack processing on the web page includes:
step S3412: and acquiring the website information of the webpage.
Step S3422: and initiating a webpage acquisition request carrying the website information to a server, so that the server returns all webpage data of the webpage according to the webpage acquisition request.
Step S3432: and acquiring new webpage data of the webpage from a server to replace the webpage data of the webpage.
The web page itself corresponds to a piece of website information, for example, in fig. 3, the first frame 101, the second frame 102, and the third frame 103 correspond to website information respectively, and the web page 110 also corresponds to a piece of website information, which is a link address of the web page 110 itself. The server for acquiring the whole webpage data of the webpage can be found through the website information, and all data information in the webpage can be acquired from the server. The browser may obtain the website information of the web page, and the specific obtaining manner is not limited, for example, the browser analyzes data of the stored website information of the web page to obtain the website information of the web page.
And then, initiating a webpage acquisition request carrying the website information to the server, so that the server receiving the webpage acquisition request returns all webpage data acquired by all webpage data browsers to the browsers, and then all webpage data in the webpages are replaced by newly acquired webpage data. That is, the web page data of all frames in the web page is replaced with the newly acquired web page data.
Optionally, after the browser acquires and replaces all the web page data of the web page, in order to avoid that the acquired web page data is hijacked, the browser may determine whether the web page is hijacked again.
As another embodiment, when a certain frame is hijacked, the webpage is hijacked, and the probability that other frames in the webpage are hijacked is high. In order to improve the data processing speed, when the anti-hijack processing is carried out on the webpage, all webpage data of the whole webpage are obtained from the server, and the hijacked frame is replaced by the webpage data of the hijacked frame in all the webpage data. Specifically, as shown in fig. 7, the anti-hijacking processing on the web page includes:
step S3413: and acquiring the website information of the webpage, and continuously judging whether other frames which are not determined to be hijacked are hijacked or not.
Step S3423: and initiating a webpage acquisition request carrying the website information to a server, so that the server returns all webpage data of the webpage according to the webpage acquisition request.
Step S3433: and acquiring new webpage data of the webpage from a server to replace the webpage data of the hijacked frame.
In this embodiment, when it is determined that a certain frame is hijacked, the probability that other frames are hijacked is high, and all the web page data of the entire web page may be acquired first, so that the web page data of each frame is acquired. In addition, the process of acquiring the webpage data and the process of judging whether other frames are hijacked or not can be performed in parallel, so that the data processing speed is improved.
And after all webpage data of the webpage are acquired from the server, replacing the original webpage data of the hijacked frame with the webpage data belonging to the hijacked frame. And, caching the web page data obtained from the server.
In the process of continuously judging whether frames are hijacked or not, if other frames are hijacked, the webpage data of the hijacked frames can be obtained from the cached webpage data, and the original webpage data of the hijacked frames are replaced.
Optionally, the implementation may be performed under the condition that other frames that are not determined to be hijacked exist in the web page, and the frame that is determined to be hijacked may need to be replaced with the web page data only subsequently. Specifically, when the first frame determined to be hijacked appears in the web page and the frame is not the last frame determined to be hijacked, the processes of step S3413 to step S3433 are performed to perform the anti-hijacking process. Therefore, in the embodiment, when more than one frame is hijacked, when other hijacked frames except the first frame which is determined to be hijacked are subjected to anti-hijacked processing, the data do not need to be requested from the server, and the locally cached webpage data can be directly used for replacement, so that the interaction times with the server are reduced, and the data processing efficiency is improved.
In addition, when the first frame determined to be hijacked appears in the web page, but the frame is the last frame determined to be hijacked or not, only the web page data of the frame can be acquired, and the original web page data of the frame can be replaced, so that the data processing amount is reduced, and the processing speed is improved.
Optionally, in this embodiment, after all frames are subjected to hijack processing, locally cached webpage data may be deleted, so as to reduce local data storage pressure of the browser.
In the examples of the present application, various embodiments may be referred to each other, and the same or similar parts may be applied to each other. For example, when the browser sends a web page acquisition request carrying web address information of a web page to the server, an encrypted acquisition request may be sent; an acquisition request carrying an anti-hijacking mark can be sent so that the server can add an anti-hijacking response mark in the returned webpage data according to the anti-hijacking mark; whether the anti-hijack mark is carried in the received webpage data or not can be judged, if the anti-hijack mark is carried in the received webpage data, the received webpage data is considered to be effective, and the newly received webpage data is used for replacing the webpage data of the hijacked frame.
In addition, in order to increase the data processing speed, in the embodiment of the present application, when receiving the web page data of a frame, a determination process of whether the frame is hijacked may be performed. That is, the browser receives and processes the data of the web page, and when the data of one frame is received, the data volume of legal data in the web page data of the frame and the actual data volume of the web page data are obtained and compared, and if the two data volumes are the same, the frame is judged not to be hijacked; if the two data volumes are different, the frame is determined to be hijacked.
Optionally, the browser may process in parallel with multiple frames to increase processing speed. That is, when receiving the web page data of a frame, judging whether the frame is hijacked or not and carrying out anti-hijacking processing on the frame; if the receiving of the web page data of other frames is completed, the other frames which are received are also started to judge whether to hijack and to perform anti-hijack processing.
Optionally, the browser may perform hijacking judgment and anti-hijacking processing in series, and reduce processing pressure while increasing processing speed as much as possible. That is, when the browser receives the web page data of one frame, if the judgment on whether the other frame is hijacked or not and the anti-hijacking processing are not performed on the other frame at this time, the judgment on whether the frame is hijacked or not and the anti-hijacking processing are started to be performed on the frame; if there is other frame to make judgment and anti-hijack treatment, then waiting until the browser completes judgment and anti-hijack treatment to the received frame, and then making judgment and anti-hijack treatment to the frame.
Optionally, the browser may perform hijacking determination serially, and perform anti-hijacking processing serially. That is, whether a frame is hijacked or not is determined at the same time, and anti-hijacking processing is performed on a frame at the same time. After the judgment on whether the frame is hijacked or not is finished, judging whether the next frame is hijacked or not; after the anti-hijack processing of the frame is finished, the anti-hijack processing of the next hijacked frame is carried out.
During the web browsing process of the browser, the web page may or may not be hijacked. If each frame of the webpage is subjected to hijacking judgment, judgment needs to be carried out for many times, and for the webpage which is not hijacked, the judgment needs to be carried out for many times are not great. Therefore, in the embodiment of the application, in order to reduce meaningless judgment, which frame is hijacked can be searched under the condition that the webpage is determined to be hijacked, so that anti-hijacking processing is performed on the frame.
As an implementation manner, before each frame performs hijacking processing on the web page, if the first value is different from the second value, it is determined that the web page corresponding to the web page data is hijacked, and before the web page is subjected to anti-hijacking processing, a sum of first values corresponding to all frames may be calculated as a first total value, where the first total value represents the size of all legal data in the web page; and calculating the sum of the second numerical values corresponding to all the frames to serve as a second total value, wherein the second total value represents the size of the total data actually received by the webpage. It can be understood that, when the main frame of the web page is received, it indicates that the data loading of the web page is completed, and the first total value calculated at this time includes the data amount of the legal data of all frames; the second total value calculated at this time includes the data amount of the data received to all frames in the web page.
Comparing whether the first total value is the same as the second total value, if the first total value is the same as the second total value, the data in the webpage is not hijacked, and whether each frame is hijacked or not and whether anti-hijacked processing is carried out or not do not need to be carried out; if the first total value is different from the second total value, the webpage is hijacked, and data of frames are tampered, at this time, whether the first value is the same as the second value or not can be compared with each frame, and if the first value is different from the second value, the frame is determined to be hijacked, and anti-hijacking processing is carried out.
As another embodiment, the webpage may be dedicated with data recording the total legal data size of the webpage, and the data recording the legal data size of the webpage is defined as the total stored value data. When the webpage is loaded, the total stored value data of the webpage can be obtained, and the size of the total legal data in the webpage in the total stored value data is used as a first total value. And determining the size of the total data received by the webpage as a second total value. Comparing whether the first total value is the same as the second total value, if so, indicating that the webpage is not hijacked; if not, the webpage is hijacked.
In this embodiment, whether each frame of the web page is hijacked is determined by comparing the data volume of the legal data of each frame in the web page with the actually received data volume, so that corresponding anti-hijacking processing is performed under the condition of hijacking. In the scheme, the discovery of hijacking and the recovery of hijacking data are realized, the risk of disclosure of the user is greatly reduced, the safety of the browser is improved, and property loss of the user is avoided.
The present application also provides an embodiment in which a web page may include multiple portions, such as multiple frames as illustrated in the previous embodiments; the web page may also be only one part, i.e. all data information of the web page is an integral body.
In this embodiment, the web page data is defined as all data of the web page. Therefore, when the judgment on whether the webpage is hijacked or not and the anti-hijacking processing are carried out on the webpage, the data volume of legal data in the webpage data is obtained after the browser receives all data of the webpage and is used as a first numerical value, and the first numerical value is the total data volume of the legal data in the webpage. The actual data amount in the web page data is obtained as a second numerical value representing the total received data amount of the web page. Comparing whether the first numerical value is the same as the second numerical value, if so, indicating that the webpage is not hijacked, and performing subsequent normal processing such as rendering, displaying and the like; if the first numerical value is different from the second numerical value, judging that the webpage corresponding to the webpage data is hijacked, and carrying out anti-hijacking processing on the webpage.
In this embodiment, when the anti-hijack processing is performed on the web page, the anti-hijack processing is performed on the whole web page. That is, the website information of the web page can be acquired; initiating a webpage acquisition request carrying the website information to a server, so that the server returns all webpage data of the webpage according to the webpage acquisition request; and acquiring new webpage data of the webpage from a server to replace the webpage data of the webpage.
It can be understood that the same or similar parts of this embodiment and the foregoing embodiment may be referred to each other, and this embodiment may not be described again, for example, in this embodiment, the web page acquisition request may carry an anti-hijack flag, so that the server adds an anti-hijack response flag to the returned web page data according to the anti-hijack flag. Whether the anti-hijack mark is carried in the received webpage data can be judged; and if so, replacing the webpage data and the like.
In the embodiment of the application, the web page is taken as a whole, and whether the web page is hijacked or not is judged by comparing the data volume of legal data in all the web page data with the actual data volume. If the webpage is determined to be hijacked, the webpage is taken as a whole to perform anti-hijacked processing, so that the judgment times and the anti-hijacked processing times are reduced, and the data processing pressure is reduced.
In the embodiments of the present application, during anti-hijacking, if a browser cannot access a server, and cannot get connected to the server due to network interruption, poor network quality, or the like, the server initiates a web page acquisition request to the server, or cannot receive web page data returned by the server according to the web page acquisition request, and cannot perform data recovery of a web page.
In addition, if the browser cannot obtain the new webpage data from the server for other reasons, for example, the server does not find the webpage data corresponding to the website information carried in the webpage obtaining request of the browser, an error message may be returned to the browser to inform that the browser cannot find the corresponding webpage data. At this time, the browser may determine that the web page data cannot be obtained from the server for anti-hijacking data recovery.
Under the condition that the data of the webpage cannot be recovered, in order to avoid the harm caused by the continuous operation of the hijacked webpage data, the execution of the hijacked webpage data can be stopped. Specifically, the execution of the web page data may be stopped by stopping the execution of the script function corresponding to the hijacked web page data.
Optionally, if it is determined that a certain frame is hijacked, the execution of the web page data of the frame may be stopped, for example, the execution of the script function corresponding to the frame may be stopped; execution of all web page data for the web page may also be stopped, such as stopping execution of script functions for the web page.
Alternatively, when it is determined that a certain web page is hijacked, execution of all web page data of the web page may be stopped, for example, execution of a script function of the web page may be stopped.
In addition, a webpage hijacking reminding label can be displayed for reminding a user that the webpage is hijacked. Optionally, the website information, the data size, and the like of the hijacked frame may also be acquired and written into the reminding tag, and a prompt box of the reminding tag is popped up on a display page of the browser to remind the user of tampering with the data of which frame. Of course, the pop-up prompt box may also remind the user that the web page is hijacked, but does not necessarily remind the user that the frame is hijacked. Wherein the reminder label can be created by a script inside the web page.
Therefore, by hijacking the reminding tag and stopping execution of the webpage data, the user can be reminded and the webpage data can be locked, so that leakage of the user data and loss of property can be prevented.
An embodiment of the present application further provides a browser anti-hijacking apparatus 400, as shown in fig. 8, where the apparatus 400 includes: a data receiving module 410, configured to receive web page data by a browser; a first data obtaining module 420, configured to obtain a data amount of legal data in the web page data, where the data amount is used as a first numerical value; a second data obtaining module 430, configured to obtain an actual data amount of the web page data as a second numerical value; and the anti-hijack processing module 440 is configured to determine that the webpage corresponding to the webpage data is hijacked if the first value is different from the second value, and perform anti-hijack processing on the webpage.
Optionally, the first data obtaining module 420 may be configured to obtain data of data volume recorded in the web page data as stored value data; and analyzing the data volume of the webpage data from the stored value data to be used as the data volume of legal data in the webpage data.
Optionally, the stored-value data is encrypted according to a preset encryption algorithm, and the first data obtaining module 420 may decrypt the stored-value data according to the preset encryption algorithm.
Alternatively, the web page may include a plurality of frames. The device can also comprise a comparison module, a calculation module and a calculation module, wherein the comparison module is used for calculating the sum of first numerical values corresponding to all the frames as a first total value; calculating the sum of the second numerical values corresponding to all the frames to serve as a second total value; comparing whether the first total value is the same as the second total value. If the comparison result is different, each frame is processed by the data receiving module 410, the first data obtaining module 420, the second data obtaining module 430, and the anti-hijack processing module 440.
Optionally, the anti-hijack processing module 440 may be configured to perform anti-hijack processing on a frame corresponding to the web page data; or the anti-hijack processing is carried out on the whole webpage.
Optionally, the anti-hijacking processing module 440 performs anti-hijacking processing on the frame corresponding to the web page data, which includes: acquiring website information of a frame corresponding to the webpage data; initiating a webpage acquisition request carrying the website information to a server, so that the server returns webpage data of the frame according to the webpage acquisition request; and acquiring new webpage data of the frame from a server, and replacing the webpage data of the frame.
Optionally, the anti-hijacking processing module 440 may perform anti-hijacking processing on the whole webpage by: acquiring website information of the webpage; initiating a webpage acquisition request carrying the website information to a server, so that the server returns all webpage data of the webpage according to the webpage acquisition request; and acquiring new webpage data of the webpage from a server to replace the webpage data of the webpage.
Optionally, the anti-hijacking processing module 440 may be configured to carry an anti-hijacking flag in the web page acquisition request, so that the server adds an anti-hijacking response flag to the returned web page data according to the anti-hijacking flag. The anti-hijacking processing module 440 may be further configured to determine whether the received web page data carries an anti-hijacking flag; and if so, replacing the webpage data.
Optionally, when the anti-hijack processing module 440 performs anti-hijack processing on the frame corresponding to the web page data, the anti-hijack processing module may be further configured to stop executing the script function corresponding to the frame if the server cannot be accessed or the new web page data cannot be obtained from the server.
Optionally, the anti-hijack processing module 440 may perform anti-hijack processing on the web page, where if the server cannot be accessed or the new web page data cannot be obtained from the server, the execution of all the web page data of the web page is stopped.
Optionally, the anti-hijack processing module 440 may also be configured to display a web page hijack reminder label.
According to the method and the device, the webpage data can be detected and monitored, the monitored hijacking page can be fed back and reported, the hijacking resisting operation can be performed on the hijacking page, the normal page can be recovered, double-layer protection can be performed on the safety detection of the webpage data on the basis of https data protection, and the safety of the webpage data is greatly improved. After the webpage is hijacked, the webpage detects and warns the user, attempts to perform anti-hijacking operation, recovers the normal page, greatly reduces the risk of disclosure of the user, improves the safety of the browser, avoids property loss of the user, and reduces other behaviors damaging the interests of the user.
It will be clear to those skilled in the art that, for convenience and brevity of description, the various method embodiments described above may be referred to one another; the various embodiments of each method embodiment may also be referred to one another. For the specific working processes of the above-described devices and modules, reference may be made to corresponding processes in the foregoing method embodiments, which are not described herein again.
In the several embodiments provided in the present application, the coupling between the modules may be electrical, mechanical or other type of coupling.
In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
Referring to fig. 9, a block diagram of an electronic device 500 according to an embodiment of the present disclosure is shown. The electronic device 500 may be an electronic device capable of running an application, such as a smart phone, a tablet computer, a desktop computer, an e-reader, and the like, and may be connected to a server via a network, and request web page data from the server to the server, and upload hijacking information to the server. The electronic device includes one or more processors 510 (only one shown), memory 520, and one or more programs. Wherein the one or more programs are stored in the memory 520 and configured to be executed by the one or more processors 510. The one or more programs are configured to perform the methods described in the foregoing embodiments.
In the embodiment of the present application, the one or more programs may be an application program and a fast application.
Processor 510 may include one or more processing cores. The processor 510 interfaces with various components throughout the electronic device 500 using various interfaces and circuitry to perform various functions of the electronic device 500 and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 520 and invoking data stored in the memory 520. Alternatively, the processor 510 may be implemented in hardware using at least one of Digital Signal Processing (DSP), field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 510 may integrate one or a combination of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a modem, and the like. Wherein, the CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing display content; the modem is used to handle wireless communications. It is understood that the modem may not be integrated into the processor 510, but may be implemented by a communication chip.
The Memory 520 may include a Random Access Memory (RAM) or a Read-Only Memory (Read-Only Memory). The memory 520 may be used to store instructions, programs, code sets, or instruction sets. The memory 520 may include a program storage area and a data storage area, wherein the program storage area may store instructions for implementing an operating system, instructions for implementing at least one function, instructions for implementing the various method embodiments described above, and the like. The data storage area can also store data (such as a phone book, audio and video data, chatting record data) and the like created by the electronic equipment in use.
In addition, the electronic device 500 may further include a display screen for displaying the video to be displayed.
Referring to fig. 10, a block diagram of a computer-readable storage medium according to an embodiment of the present application is shown. The computer-readable storage medium 600 has stored therein program code that can be called by a processor to execute the method described in the above-described method embodiments.
The computer-readable storage medium 600 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Alternatively, the computer-readable storage medium 600 includes a non-volatile computer-readable storage medium. The computer readable storage medium 600 has storage space for program code 610 for performing any of the method steps of the method described above. The program code can be read from or written to one or more computer program products. The program code 610 may be compressed, for example, in a suitable form.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (19)
1. A browser anti-hijacking method, characterized in that the method comprises:
the browser receives webpage data;
acquiring the data volume of legal data in the webpage data as a first numerical value;
acquiring the actual data volume of the webpage data as a second numerical value;
if the first numerical value is different from the second numerical value, judging that the webpage corresponding to the webpage data is hijacked, and performing anti-hijacking processing on the webpage;
and if the first numerical value is different from the second numerical value, judging that the webpage corresponding to the webpage data is hijacked, and performing anti-hijacking processing on the webpage.
2. The method of claim 1, wherein the obtaining of the data volume of the legal data in the web page data comprises:
acquiring data of recorded data volume in the webpage data as stored value data;
and analyzing the data volume of the webpage data from the stored value data to be used as the data volume of legal data in the webpage data.
3. The method according to claim 2, wherein the stored value data is encrypted according to a predetermined encryption algorithm, and before the parsing out the data amount of the web page data from the stored value data, the method further comprises: and decrypting the stored value data according to a preset encryption algorithm.
4. The method of claim 1, wherein if the first value is different from the second value, determining that the webpage corresponding to the webpage data is hijacked, and before performing anti-hijacking processing on the webpage, the method further comprises:
calculating the sum of first numerical values corresponding to all frames to serve as a first total value;
calculating the sum of the second numerical values corresponding to all the frames to serve as a second total value;
comparing whether the first total value and the second total value are the same,
if the first numerical value is different from the second numerical value, the steps of judging that the webpage corresponding to the webpage data is hijacked and carrying out anti-hijacking processing on the webpage are carried out for each frame.
5. The method as claimed in claim 1, wherein the web page data is frame data, and when receiving a frame of web page data, the step of obtaining the data amount of the legal data in the web page data is executed for the frame until the step of determining that the web page corresponding to the web page data is hijacked and performing anti-hijacking processing on the web page if the first value is different from the second value.
6. The method according to any one of claims 1-5, wherein the anti-hijacking the web page comprises:
and carrying out anti-hijack processing on the frame corresponding to the webpage data.
7. The method according to claim 6, wherein the anti-hijacking processing of the frame corresponding to the web page data comprises:
acquiring website information of a frame corresponding to the webpage data;
initiating a webpage acquisition request carrying the website information to a server, so that the server returns webpage data of the frame according to the webpage acquisition request;
and acquiring new webpage data of the frame from a server, and replacing the webpage data of the frame.
8. The method according to claim 6, wherein the anti-hijacking processing of the frame corresponding to the web page data comprises:
and if the server cannot be accessed or new webpage data cannot be obtained from the server, stopping the execution of the webpage data of the frame.
9. The method according to claim 6, wherein the anti-hijacking processing of the web page comprises:
and carrying out anti-hijack treatment on the whole webpage.
10. The method of claim 1, wherein the web page data is all data of the web page, and the anti-hijacking the web page comprises: and carrying out anti-hijack treatment on the whole webpage.
11. The method according to claim 10, wherein the anti-hijacking processing of the whole webpage comprises:
acquiring website information of the webpage;
initiating a webpage acquisition request carrying the website information to a server, so that the server returns all webpage data of the webpage according to the webpage acquisition request;
and acquiring new webpage data of the webpage from a server to replace the webpage data of the webpage.
12. The method according to claim 1, wherein the anti-hijacking processing of the web page comprises:
and if the server cannot be accessed or new webpage data cannot be obtained from the server, stopping the execution of all webpage data of the webpage.
13. The method of claim 12, wherein the anti-hijacking the web page further comprises:
and displaying the webpage hijacking reminding label.
14. The method according to claim 11, wherein the web page fetch request carries an anti-hijacking flag, so that the server adds an anti-hijacking response flag to the returned web page data according to the anti-hijacking flag.
15. The method of claim 14, prior to replacing the web page data, further comprising: judging whether the received webpage data carries an anti-hijack mark or not;
and if so, replacing the webpage data.
16. The method according to claim 1, wherein if the web page includes a plurality of frames and the web page data is frame data, it is determined that the frame corresponding to the web page data is not hijacked if the first value is the same as the second value;
and under the condition that the webpage data are all data of the webpage, if the first numerical value is the same as the second numerical value, judging that the webpage is not hijacked.
17. A browser anti-hijacking device, said device comprising:
the data receiving module is used for receiving the webpage data by the browser;
the first data acquisition module is used for acquiring the data volume of legal data in the webpage data as a first numerical value;
the second data acquisition module is used for acquiring the actual data volume of the webpage data as a second numerical value;
the anti-hijack processing module is used for judging that the webpage corresponding to the webpage data is hijacked if the first numerical value is different from the second numerical value and carrying out anti-hijack processing on the webpage;
the web page comprises a plurality of frames, the web page data is data of any one frame, and the anti-hijack processing module is used for executing the step that the browser receives the web page data to the step that if the first numerical value is different from the second numerical value, the web page corresponding to the web page data is determined to be hijacked, and the anti-hijack processing is carried out on the web page.
18. An electronic device, comprising:
one or more processors;
a memory;
one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method of any of claims 1-16.
19. A computer-readable storage medium, having stored thereon program code that can be invoked by a processor to perform the method according to any one of claims 1 to 16.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2019/082334 WO2020206662A1 (en) | 2019-04-11 | 2019-04-11 | Browser anti-hijacking method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113348655A CN113348655A (en) | 2021-09-03 |
| CN113348655B true CN113348655B (en) | 2023-01-06 |
Family
ID=72751843
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980089741.2A Active CN113348655B (en) | 2019-04-11 | 2019-04-11 | Anti-hijacking method and device for browser, electronic equipment and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113348655B (en) |
| WO (1) | WO2020206662A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116912669B (en) * | 2023-09-11 | 2023-11-28 | 中国物品编码中心 | Webpage hijacking monitoring method, system, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125215A (en) * | 2014-06-30 | 2014-10-29 | 新浪网技术(中国)有限公司 | Website domain name hijacking detection method and system |
| CN104767747A (en) * | 2015-03-30 | 2015-07-08 | 微梦创科网络科技(中国)有限公司 | Click jacking safety detection method and device |
| CN106911693A (en) * | 2017-02-27 | 2017-06-30 | 百度在线网络技术(北京)有限公司 | For detecting method, device and terminal device that web page contents are kidnapped |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006221242A (en) * | 2005-02-08 | 2006-08-24 | Fujitsu Ltd | Authentication information fraud prevention system, program, and method |
| WO2009075007A1 (en) * | 2007-12-12 | 2009-06-18 | Duaxes Corporation | Communication control device and communication control method |
| DE102011009358A1 (en) * | 2011-01-25 | 2012-07-26 | Xamine GmbH | A method for detecting improper ad redirection on the Internet |
| US20140380477A1 (en) * | 2011-12-30 | 2014-12-25 | Beijing Qihoo Technology Company Limited | Methods and devices for identifying tampered webpage and inentifying hijacked web address |
| CN102624713B (en) * | 2012-02-29 | 2016-01-06 | 深信服网络科技(深圳)有限公司 | The method of website tamper Detection and device |
| CN104125121A (en) * | 2014-08-15 | 2014-10-29 | 携程计算机技术(上海)有限公司 | Network hijacking behavior detecting system and method |
| CN108111561B (en) * | 2016-11-25 | 2021-03-02 | 腾讯科技(深圳)有限公司 | Data downloading method and equipment thereof |
| CN107124430B (en) * | 2017-06-08 | 2021-07-06 | 腾讯科技(深圳)有限公司 | Page hijacking monitoring method, device, system and storage medium |
| CN107547524A (en) * | 2017-08-09 | 2018-01-05 | 百度在线网络技术(北京)有限公司 | A kind of page detection method, device and equipment |
| CN108171082B (en) * | 2017-12-06 | 2021-04-30 | 新华三信息安全技术有限公司 | Webpage detection method and device |
-
2019
- 2019-04-11 CN CN201980089741.2A patent/CN113348655B/en active Active
- 2019-04-11 WO PCT/CN2019/082334 patent/WO2020206662A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125215A (en) * | 2014-06-30 | 2014-10-29 | 新浪网技术(中国)有限公司 | Website domain name hijacking detection method and system |
| CN104767747A (en) * | 2015-03-30 | 2015-07-08 | 微梦创科网络科技(中国)有限公司 | Click jacking safety detection method and device |
| CN106911693A (en) * | 2017-02-27 | 2017-06-30 | 百度在线网络技术(北京)有限公司 | For detecting method, device and terminal device that web page contents are kidnapped |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113348655A (en) | 2021-09-03 |
| WO2020206662A1 (en) | 2020-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9215246B2 (en) | Website scanning device and method | |
| US20140041029A1 (en) | Method and system for processing website address risk detection | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN109194671B (en) | Abnormal access behavior identification method and server | |
| CN110650117B (en) | Cross-site attack protection method, device, equipment and storage medium | |
| CN111008348A (en) | Anti-crawler method, terminal, server and computer readable storage medium | |
| US11831617B2 (en) | File upload control for client-side applications in proxy solutions | |
| CN110113315B (en) | Service data processing method and device | |
| CN109543454A (en) | A kind of anti-crawler method and relevant device | |
| CN109766725B (en) | Data processing method, device, intelligent terminal and computer readable medium | |
| US9177011B2 (en) | Systems and methods for locating application specific data | |
| WO2021253252A1 (en) | Method and apparatus for testing webpage, and electronic device and storage medium | |
| CN113469866A (en) | Data processing method and device and server | |
| CN112612546A (en) | Page loading method and device, electronic equipment and storage medium | |
| CN107180194B (en) | Method and device for vulnerability detection based on visual analysis system | |
| CN113348655B (en) | Anti-hijacking method and device for browser, electronic equipment and storage medium | |
| CN112416496A (en) | Page display method and device and storage medium | |
| CN107995167B (en) | Equipment identification method and server | |
| CN112363841B (en) | Application process searching and killing method and device, electronic equipment and storage medium | |
| CN112565269B (en) | Method and device for detecting back door flow of server, electronic equipment and storage medium | |
| CN111756744B (en) | H5 user identification method, device, equipment and storage medium | |
| CN114629875A (en) | Active detection domain name brand protection method and device | |
| CN109218284B (en) | XSS vulnerability detection method and device, computer equipment and readable medium | |
| CN111753286A (en) | Terminal device monitoring method and device, terminal device and storage medium | |
| CN116304458B (en) | Method, device, equipment and medium for web page real-time notification update |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |