CN113938289A - System and method for preventing interception mechanism from being abused and attacked by proxy client - Google Patents
System and method for preventing interception mechanism from being abused and attacked by proxy client Download PDFInfo
- Publication number
- CN113938289A CN113938289A CN202111011229.1A CN202111011229A CN113938289A CN 113938289 A CN113938289 A CN 113938289A CN 202111011229 A CN202111011229 A CN 202111011229A CN 113938289 A CN113938289 A CN 113938289A
- Authority
- CN
- China
- Prior art keywords
- app
- module
- free
- stream
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000007246 mechanism Effects 0.000 title claims abstract description 13
- 230000004044 response Effects 0.000 claims description 27
- 238000010276 construction Methods 0.000 claims description 18
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 4
- 238000005336 cracking Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The invention discloses a system and a method for preventing an interception mechanism from being abused and attacked by an agent client, wherein the system comprises an agent APP, an authentication server, a Socks5 agent server cluster, a stream-to-be-exempt APP and a target server; the agent APP is used for interacting with the authentication server to perform user authentication and management of the to-be-exempted stream APP, intercepting network request data of the to-be-exempted stream APP, establishing connection with the Socks5 agent server cluster, and forwarding and receiving agent data. The invention manages and controls the behavior that the ordinary user arbitrarily sets the APP to be free from streaming, avoids causing excessive pressure on the proxy server, and protects the legitimate rights and interests of the service provider. The problem that an attacker tampers with the APP to be free from streaming through hook is solved, and the problem that the attacker blocks proxy forwarding and attacks the APP to be free from streaming is solved.
Description
Technical Field
The invention relates to the technical field of agent interception, in particular to a system and a method for preventing an interception mechanism from being abused and attacked by an agent client.
Background
At present, a VpnService instance is often created in a proxy application in the Android mobile phone, and to-be-streaming-free APP information is set in the VpnService, and the VpnService intercepts network request data of the applications in a network layer through a TUN virtual network card and forwards the network request data to a streaming-free proxy server cluster, so that streaming-free is realized. The operation of setting the to-be-free stream APP information is performed locally in the agent application, the server cannot perform verification and limitation, and a user can set the problem of misuse of application data interception optionally. In addition, if the user is an attacker with a certain application cracking experience, even if the proxy application locally takes a certain limiting measure, the attacker can bypass the limitation in the proxy application in a hook manner, and still cause the problem of intercepting and abusing the application data, and even more, the attacker may block the forwarding after intercepting the application data, so that the proxy client cannot normally work, or forge response data put back by the destination server, thereby attacking the exempt stream APP.
Disclosure of Invention
Technical problem to be solved
In view of the deficiencies of the prior art, the present invention discloses a system and a method for preventing an interception mechanism from being abused and attacked by a proxy client, so as to solve the problems proposed in the background art.
(II) technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme: a system for a proxy client to prevent misuse and attack of an interception mechanism, the system comprising: the system comprises a proxy APP, an authentication server, Socks5 proxy server cluster, a to-be-exempt stream APP and a destination server. The agent APP is used for carrying out user authentication and management on the to-be-exempted stream APP with the authentication server, intercepting network request data of the to-be-exempted stream APP, establishing connection with the Socks5 agent server cluster, and forwarding and receiving agent data; the target server is a server corresponding to the to-be-free stream APP; the Socks5 proxy server cluster is used for receiving the data packet in the proxy APP, communicating with the destination server, returning the response data returned by the destination server to the proxy APP initiating the proxy request, and having a traffic statistic function, when the traffic overflows, the current proxy connection will be disconnected.
Preferably, the agent APP includes an upper layer for authentication and flow-exempt APP management, and a native layer for decryption and configuration of information of the flow-exempt APP, and interception, processing, agent forwarding of request data of the flow-exempt APP, and providing a secure dynamic library for the upper layer to invoke.
Preferably, the upper layer comprises an authentication module 1 and a flow management-free management module 1, and the authentication module 1 is responsible for user registration/login and flow authentication module;
the stream-free management module 1 is used for managing a stream-free APP and comprises a local APP scanning display sub-module, a stream-free APP reporting sub-module and a stream-free APP downloading sub-module.
Preferably, it is characterized in that: the native layer comprises a VpnService construction module, a VpnService operation module and a Socks5 client module; the VpnService building module is used for initializing and setting the VpnService and decrypting and configuring the APP information to be free from streaming. The VpnService operation module is used for managing the VpnService operation, acquiring the IP datagram from the TUN virtual network card, and delivering the IP datagram to the Socks5 client module after carrying out protocol processing; and response data received by the Socks5 client module are received and are handed to the TUN virtual network card after protocol processing. And simultaneously maintaining and managing the life cycle of the VpnService. The Socks5 client module is used for establishing connection with the Socks5 proxy server cluster, and sending and receiving proxy data.
Preferably, the authentication server comprises an authentication module 2 and a flow-free APP management module 2; the authentication module 2 is used for providing registration and login with a mobile phone number as a user name and providing flow rights, ordering and inquiring for a user; the flow-free management module 2 is used for performing centralized management on the to-be-flow-free APP and comprises a reporting check submodule and an issuing encryption submodule.
A method for a proxy client to prevent misuse and attack of an interception mechanism, the method comprising the steps of:
step S1, the authentication module 1 in the agent APP and the authentication module 2 of the authentication server finish the user login authentication;
step S2, the flow-free management module 1 in the agent APP interacts with the flow-free management module 2 in the authentication server to complete the selection and reporting of the information of the to-be-flow-free APP and the AES encryption and issuing;
step S3, the stream exemption management module 1 passes the received encrypted data to the VpnService construction module.
Step S4, the VpnService construction module uses the AES decryption key held by the VpnService construction module to decrypt the encrypted data to obtain the original APP information of the stream to be exempted;
step S5, the VpnService construction module uses the decrypted APP information of the stream to be exempted to set the APP information expected to be intercepted for the TUN virtual network card, starts VpnService service, acquires a file descriptor representing the TUN virtual network card, and starts to intercept the request data of the APP of the stream to be exempted;
step S6, the VpnService running module reads the intercepted request IP datagram from the TUN file descriptor, generates the original data of the application layer through protocol conversion, and directly sends the original data to the Socks5 client module;
step S7, the Socks5 client module sends the request data to an Socks5 proxy server cluster, the Socks5 proxy server cluster sends the received request data to a destination server, and then sends the received response data returned by the destination server to the corresponding Socks5 client module;
step S8, after the Socks5 client module receives the response data, the data is transferred to the VpnService operation module;
and step S9, the VpnService operation module carries out protocol conversion on the received response data, restores the response data into response IP datagram, and directly writes the response IP datagram into the TUN file descriptor, thereby completing a data proxy process.
Preferably, the step S2 further includes a method for configuring and encrypting the to-be-exempted stream APP information, where the method for configuring and encrypting the to-be-exempted stream APP information includes the following steps:
and step S21, the local APP scanning and displaying submodule of the stream-free management module 1 scans all the installed APPs on the mobile phone and displays the APPs to the user. A user selects a certain number of APPs, and the sum of the new number and the existing number cannot exceed the maximum setting number of the user;
step S22, the to-be-flow-free APP reporting submodule of the flow-free management module 1 reports the APP information selected by the user to the reporting check submodule in the flow-free management module 2;
and step S23, the reporting and checking submodule in the flow-free management module 2 checks the received information of the APP to be subjected to flow free, if the current user has new or changed rights and the number of the APP to be subjected to flow free is not more than the maximum number of the APP to be subjected to flow free of the user, the APP to be subjected to flow free is considered to be legal, and the information of the APP to be subjected to flow free is stored in the authentication server database. If not, returning error information to the APP reporting sub-module of the stream to be exempted;
and step 24, after the setting is completed, the to-be-streaming-free APP downloading submodule in the streaming-free management module 1 requests the issuing encryption submodule in the streaming-free management module 2 to download the to-be-streaming-free APP information set by the user.
Has the advantages that:
the method and the device well solve the problems that the Android stream-free agent client based on VpnService can not effectively control the setting of the stream-free APP by the user according to the specification, and the problem that an attacker can not block the agent forwarding and attack the stream-free APP. Through the scheme, the behavior that a common user arbitrarily sets the APP to be free from streaming is controlled, excessive pressure on the proxy server is avoided, and the legitimate rights and interests of a service provider are protected. The problem that an attacker tampers with the APP to be free from streaming through hook is solved, and the problem that the attacker blocks proxy forwarding and attacks the APP to be free from streaming is solved.
Drawings
FIG. 1 is a system framework diagram of a proxy client preventing the abuse and attack of an interception mechanism;
FIG. 2 is a flow chart of a method for preventing the interception mechanism from being abused and attacked by a proxy client;
Detailed Description
As shown in fig. 1-2, a system for preventing an interception mechanism from being abused and attacked by a proxy client includes a proxy APP, a to-be-exempt stream APP, an authentication server, a packages 5 proxy server cluster, and a destination server. Agent APP: the method is used for interacting with an authentication server to perform user authentication and management of the to-be-exempted stream APP, intercepting network request data of the to-be-exempted stream APP, establishing connection with a Socks5 proxy server cluster through a Socks5 client module realized in the network request data, and forwarding and receiving proxy data. It comprises a two-layer structure, 5 large functional modules. The system comprises an upper layer written by Java language and a native layer written by C language, wherein the native layer code is compiled into a safe dynamic library through NDK and is provided for the upper layer to call. The upper layer mainly comprises an authentication module 1 and a stream-free management module 1. The native layer comprises a VpnService construction module, a VpnService operation module and a Socks5 client module.
The authentication module 1: and the agent APP side is responsible for a module of user registration/login and flow authentication.
The flow management-free module 1: and the agent APP side is responsible for managing the to-be-exempted stream APP. The system comprises a local APP scanning display sub-module, a to-be-stream-free APP reporting sub-module and a to-be-stream-free APP downloading sub-module.
VpnService construction module: and the device is responsible for initialization setting of VpnService and decryption and configuration of the to-be-exempt stream APP information.
VpnService operation module: the system is mainly responsible for management of VpnService operation, and is responsible for acquiring IP datagrams from a TUN virtual network card, performing protocol processing and then delivering the IP datagrams to a Socks5 client module; and the system is responsible for receiving response data received by the Socks5 client module, and the response data is handed to the TUN virtual network card after being processed by a protocol. And simultaneously maintaining and managing the VpnService life cycle.
Socks5 client module: and the proxy server is responsible for establishing connection with the Socks5 proxy server cluster, and sending and receiving proxy data.
Waiting to exempt from to flow APP: and the APP is installed in the Android system mobile phone and is free from streaming of data traffic generated by the use of the Android system mobile phone, such as video and audio APP.
The authentication server: the system comprises an authentication module 2 and a flow-free APP management module 2.
And the authentication module 2: and a registration and login function taking the mobile phone number as a user name is provided, and a flow interest ordering and inquiring function is provided for the user.
A flow management free module 2: and the system is responsible for carrying out centralized management on the stream to be exempted APP owned by the user, and comprises a reporting check submodule and an issuing encryption submodule.
Socks5 proxy server cluster: and receiving the data packet in the agent APP, communicating with the destination server, and returning response data returned by the destination server to the Socks5 client module initiating the agent request. And has the function of flow statistics, when the flow overflows, the current proxy connection is disconnected.
The destination server: the server corresponding to the to-be-streaming-free APP
A method for a proxy client to prevent misuse and attack of an interception mechanism, the method comprising the steps of:
step S1, the authentication module 1 in the agent APP displays a login page to the user, the user inputs a user name and a password, the authentication module 1 uploads the user name and the password to the authentication module 2, the authentication module 2 completes login operation and authenticates the traffic right of the user, and login and authentication results are returned to the authentication module 1. If the authentication is successful, the subsequent operation can be carried out; otherwise, the subsequent operation cannot be performed.
Step S2, the flow-free management module 1 in the agent APP interacts with the flow-free management module 2 in the authentication server, and the to-be-flow-free APP downloading submodule in the flow-free management module 1 requests the issuing encryption submodule in the flow-free management module 2 to download the to-be-flow-free APP information set by the user. If the user does not set any APP to be free from streaming, the setting of the APP to be free from streaming must be completed first; if the setting is already set, the flow-free management module 2 encrypts the to-be-flow-free APP information and returns the to-be-flow-free APP information to the flow-free management module 1. Specifically, there are the following cases:
the number of full standby exempt stream APPs is already set, and no replacement opportunity exists. The issuing encryption submodule of the stream exemption module 2 encrypts the to-be-stream exemption APP information by using an AES encryption algorithm, and issues the encrypted information to the to-be-stream exemption APP downloading submodule of the stream exemption module 1.
The to-be-exempted stream APP is already set, but is not set to full; or is set full, but has an opportunity to be replaced. The issuing encryption sub-module of the stream exempting module 2 encrypts the set to-be-stream exempting APP information by using an AES encryption algorithm, and issues the encrypted information to the to-be-stream exempting APP downloading sub-module of the stream exempting module 1. The user decides whether to add or replace a setting.
If no to-be-exempt stream APP is set, the setting must be performed first. And then sending the set to-be-free stream APP information. The method comprises the following steps:
a. and the local APP scanning and displaying sub-module of the stream-free management module 1 scans all the installed APPs on the mobile phone and displays the APPs to the user. The user selects a certain number of APPs, and the sum of the new number and the existing number cannot exceed the maximum setting number of the user.
b. And the to-be-flow-free APP reporting submodule of the flow-free management module 1 reports the APP information selected by the user to the reporting check submodule in the flow-free management module 2.
c. And a reporting and checking submodule in the stream-free management module 2 checks the received to-be-stream-free APP information, if the current user has a new added or replaced right and the number of the to-be-stream-free APPs is not more than the maximum stream-free APP number of the user, the to-be-stream-free APPs are considered to be legal, and the to-be-stream-free APP information is stored in an authentication server database. And if not, returning error information to the APP reporting submodule of the stream to be exempted.
d. After the setting is completed, the to-be-stream-free APP downloading submodule in the stream-free management module 1 requests the issuing encryption submodule in the stream-free management module 2 to download the to-be-stream-free APP information set by the user.
The scheme limits the number of the to-be-stream-free APP which can be set by the agent APP in the stream-free management module 2 of the authentication server side, checks the reported to-be-stream-free APP information, prevents an attacker from directly tampering the server data through attack, and simultaneously performs encryption operation on the issued to-be-stream-free APP data to prevent hijacking and tampering for the attacker.
The VpnService construction module, the VpnService operation module, the Socks5 client module and the AES decryption key are all placed on a native layer for processing, and because the native layer code can be compiled into a dynamic library file and then is called by an upper layer code in a JNI mode, the problems that the AES decryption key is leaked and the agent forwarding is blocked and even attacks the to-be-free stream APP can be effectively prevented from being broken by an attacker. Steps 3-9 are all performed at the native layer.
And step S3, the stream-free management module 1 transmits the received encrypted data to the VpnService construction module, the upper layer does not hold the decryption key of the AES, the encrypted data cannot be processed, and the possibility of tampering interception by an attacker in a hook mode is prevented.
And step S4, the VpnService construction module decrypts the encrypted data by using the AES decryption key held by the VpnService construction module to obtain the original APP information of the stream to be exempted. According to the scheme, the AES decryption key is stored in the native layer, and because the native layer code can be compiled into the dynamic library, an attacker cannot attack the dynamic library. It is ensured that only the VpnSerice construction module knows the decrypted APP information of the stream to be exempted.
And step S5, the VpnService construction module uses the decrypted APP information of the stream to be exempted to set the APP information expected to be intercepted by the TUN virtual network card. And starting the VpnService service, acquiring a file descriptor representing the TUN virtual network card, and starting to intercept data.
And step S6, the VpnService operation module reads the intercepted request IP datagram from the TUN file descriptor, extracts the application layer original data from the IP datagram through protocol conversion, and directly sends the application layer original data to the Socks5 client module.
And S7, the Socks5 client module sends the request data to an Socks5 proxy server cluster, the Socks5 proxy server cluster sends the received request data to a destination server, and then sends the received response data returned by the destination server to the corresponding Socks5 client module.
And step S8, after the Socks5 client module receives the response data, the data is transferred to the VpnService running module.
And step S9, the VpnService operation module carries out protocol conversion on the received response data, adds a TCP or UDP header and an IP header to the original response data of the application layer to restore the original response data into a response IP datagram, and directly writes the response IP datagram into the TUN file descriptor, thereby completing a data proxy process.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (7)
1. A system for preventing misuse and attack of an interception mechanism by a proxy client, comprising: the system comprises: the system comprises a proxy APP, an authentication server, Socks5 proxy server cluster, a to-be-exempt stream APP and a destination server. The agent APP is used for carrying out user authentication and management on the to-be-exempted stream APP with the authentication server, intercepting network request data of the to-be-exempted stream APP, establishing connection with the Socks5 agent server cluster, and forwarding and receiving agent data; the target server is a server corresponding to the to-be-free stream APP; the Socks5 proxy server cluster is used for receiving the data packet in the proxy APP, communicating with the destination server, and returning the response data returned by the destination server to the proxy APP initiating the proxy request.
2. The system of claim 1, wherein: the agent APP comprises an upper layer used for authentication and flow-free APP management, and a native layer used for decryption and configuration of information of the flow-free APP, interception, processing and agent forwarding of request data of the flow-free APP, and a safe dynamic library is provided for the upper layer to call.
3. The system of claim 1, wherein: the upper layer comprises an authentication module 1 and a flow management-free management module 1, wherein the authentication module 1 is responsible for user registration/login and flow authentication module; the stream-free management module 1 is used for managing a stream-free APP and comprises a local APP scanning display sub-module, a stream-free APP reporting sub-module and a stream-free APP downloading sub-module.
4. The system of claim 1, wherein: the native layer comprises a VpnService construction module, a VpnService operation module and a Socks5 client module; the VpnService building module is used for initializing and setting the VpnService and decrypting and configuring the APP information to be free from streaming. The VpnService operation module is used for managing the VpnService operation, acquiring the IP datagram from the TUN virtual network card, and delivering the IP datagram to the Socks5 client module after carrying out protocol processing; and response data received by the Socks5 client module are received and are handed to the TUN virtual network card after protocol processing. And simultaneously maintaining and managing the life cycle of the VpnService. The Socks5 client module is used for establishing connection with the Socks5 proxy server cluster, and sending and receiving proxy data.
5. The system of claim 1, wherein: the authentication server comprises an authentication module 2 and a stream-free APP management module 2; the authentication module 2 is used for providing registration and login with a mobile phone number as a user name and providing flow rights, ordering and inquiring for a user; the flow-free management module 2 is used for performing centralized management on the to-be-flow-free APP and comprises a reporting check submodule and an issuing encryption submodule.
6. A method for preventing an interception mechanism from being abused and attacked by a proxy client is characterized by comprising the following steps: the method comprises the following steps:
step S1, the authentication module 1 in the agent APP and the authentication module 2 of the authentication server finish the user login authentication;
step S2, the flow-free management module 1 in the agent APP interacts with the flow-free management module 2 in the authentication server to complete the selection and reporting of the information of the to-be-flow-free APP and the AES encryption and issuing;
step S3, the stream exemption management module 1 passes the received encrypted data to the VpnService construction module.
Step S4, the VpnService construction module uses the AES decryption key held by the VpnService construction module to decrypt the encrypted data to obtain the original APP information of the stream to be exempted;
step S5, the VpnService construction module uses the decrypted APP information of the stream to be exempted to set the APP information expected to be intercepted for the TUN virtual network card, starts VpnService service, acquires a file descriptor representing the TUN virtual network card, and starts to intercept the request data of the APP of the stream to be exempted;
step S6, the VpnService running module reads the intercepted request IP datagram from the TUN file descriptor, generates the original data of the application layer through protocol conversion, and directly sends the original data to the Socks5 client module;
step S7, the Socks5 client module sends the request data to an Socks5 proxy server cluster, the Socks5 proxy server cluster sends the received request data to a destination server, and then sends the received response data returned by the destination server to the corresponding Socks5 client module;
step S8, after the Socks5 client module receives the response data, the data is transferred to the VpnService operation module;
and step S9, the VpnService operation module carries out protocol conversion on the received response data, restores the response data into response IP datagram, and directly writes the response IP datagram into the TUN file descriptor, thereby completing a data proxy process.
7. The method of claim 6, wherein: step S2 further includes a method for configuring and encrypting the to-be-exempted stream APP information, where the method for configuring and encrypting the to-be-exempted stream APP information includes the following steps:
and step S21, the local APP scanning and displaying submodule of the stream-free management module 1 scans all the installed APPs on the mobile phone and displays the APPs to the user. A user selects a certain number of APPs, and the sum of the new number and the existing number cannot exceed the maximum setting number of the user;
step S22, the to-be-flow-free APP reporting submodule of the flow-free management module 1 reports the APP information selected by the user to the reporting check submodule in the flow-free management module 2;
and step S23, the reporting and checking submodule in the flow-free management module 2 checks the received information of the APP to be subjected to flow free, if the current user has new or changed rights and the number of the APP to be subjected to flow free is not more than the maximum number of the APP to be subjected to flow free of the user, the APP to be subjected to flow free is considered to be legal, and the information of the APP to be subjected to flow free is stored in the authentication server database. If not, returning error information to the APP reporting sub-module of the stream to be exempted;
and step 24, after the setting is completed, the to-be-streaming-free APP downloading submodule in the streaming-free management module 1 requests the issuing encryption submodule in the streaming-free management module 2 to download the to-be-streaming-free APP information set by the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111011229.1A CN113938289B (en) | 2021-08-31 | 2021-08-31 | System and method for preventing interception mechanism from being abused and attacked by proxy client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111011229.1A CN113938289B (en) | 2021-08-31 | 2021-08-31 | System and method for preventing interception mechanism from being abused and attacked by proxy client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113938289A true CN113938289A (en) | 2022-01-14 |
| CN113938289B CN113938289B (en) | 2024-03-01 |
Family
ID=79274843
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111011229.1A Active CN113938289B (en) | 2021-08-31 | 2021-08-31 | System and method for preventing interception mechanism from being abused and attacked by proxy client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113938289B (en) |
Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083538A (en) * | 2006-05-30 | 2007-12-05 | 卓望数码技术(深圳)有限公司 | Real-time counting method for value added business of IP network environment |
| CN101729543A (en) * | 2009-12-04 | 2010-06-09 | 同济大学 | Method for improving performance of mobile SSL VPN by utilizing remote Socks5 technology |
| CN102984167A (en) * | 2012-12-07 | 2013-03-20 | 北京邮电大学 | Traversal method for universal firewall based on Socks5 protocol |
| CN103916405A (en) * | 2014-04-25 | 2014-07-09 | 厦门享游网络科技有限公司 | Method for guiding flow of TCP/UDP of App on IOS |
| US9059853B1 (en) * | 2012-02-22 | 2015-06-16 | Rockwell Collins, Inc. | System and method for preventing a computing device from obtaining unauthorized access to a secure network or trusted computing environment |
| CN106713320A (en) * | 2016-12-23 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Terminal data transmission method and device |
| CN106973107A (en) * | 2017-03-29 | 2017-07-21 | 小沃科技有限公司 | A kind of mobile client orientation flow agency plant realized based on hook modes and method |
| CN106998551A (en) * | 2016-01-25 | 2017-08-01 | 中兴通讯股份有限公司 | A kind of method, system, device and the terminal of application access authentication |
| CN107277150A (en) * | 2017-06-28 | 2017-10-20 | 湖南科创信息技术股份有限公司 | CDN intelligent dispatching methods and system |
| DE102016107673A1 (en) * | 2016-04-26 | 2017-10-26 | Deutsche Telekom Ag | Method for using a proxy server for data exchange |
| CN107508739A (en) * | 2017-09-06 | 2017-12-22 | 成都佑勤网络科技有限公司 | A kind of method for authenticating that data are transmitted by vpn tunneling |
| CN107948203A (en) * | 2017-12-29 | 2018-04-20 | 平安科技(深圳)有限公司 | A kind of container login method, application server, system and storage medium |
| CN108307393A (en) * | 2017-08-21 | 2018-07-20 | 腾讯科技(深圳)有限公司 | Network flow resource sharing method, device, system and storage medium |
| CN109510775A (en) * | 2018-11-12 | 2019-03-22 | 网宿科技股份有限公司 | Orient dispatching method, authentication device, the network equipment and the storage medium of flow |
| US20190173849A1 (en) * | 2017-12-01 | 2019-06-06 | Anchorfree Inc. | Local Interception Of Traffic To A Remote Forward Proxy |
| CN110365741A (en) * | 2019-06-13 | 2019-10-22 | 网宿科技股份有限公司 | A kind of connection method for building up and transfer server |
| CN111628987A (en) * | 2020-05-22 | 2020-09-04 | 北京金山云网络技术有限公司 | Authentication method, device, system, electronic equipment and computer readable storage medium |
| CN111835789A (en) * | 2020-07-28 | 2020-10-27 | 北京金山云网络技术有限公司 | Service authentication method, device, equipment, system and storage medium |
| CN113824685A (en) * | 2021-08-20 | 2021-12-21 | 联通沃音乐文化有限公司 | Mobile terminal directional flow proxy system and method realized based on Android VpnService |
-
2021
- 2021-08-31 CN CN202111011229.1A patent/CN113938289B/en active Active
Patent Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083538A (en) * | 2006-05-30 | 2007-12-05 | 卓望数码技术(深圳)有限公司 | Real-time counting method for value added business of IP network environment |
| CN101729543A (en) * | 2009-12-04 | 2010-06-09 | 同济大学 | Method for improving performance of mobile SSL VPN by utilizing remote Socks5 technology |
| US9059853B1 (en) * | 2012-02-22 | 2015-06-16 | Rockwell Collins, Inc. | System and method for preventing a computing device from obtaining unauthorized access to a secure network or trusted computing environment |
| CN102984167A (en) * | 2012-12-07 | 2013-03-20 | 北京邮电大学 | Traversal method for universal firewall based on Socks5 protocol |
| CN103916405A (en) * | 2014-04-25 | 2014-07-09 | 厦门享游网络科技有限公司 | Method for guiding flow of TCP/UDP of App on IOS |
| CN106998551A (en) * | 2016-01-25 | 2017-08-01 | 中兴通讯股份有限公司 | A kind of method, system, device and the terminal of application access authentication |
| DE102016107673A1 (en) * | 2016-04-26 | 2017-10-26 | Deutsche Telekom Ag | Method for using a proxy server for data exchange |
| CN106713320A (en) * | 2016-12-23 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Terminal data transmission method and device |
| CN106973107A (en) * | 2017-03-29 | 2017-07-21 | 小沃科技有限公司 | A kind of mobile client orientation flow agency plant realized based on hook modes and method |
| CN107277150A (en) * | 2017-06-28 | 2017-10-20 | 湖南科创信息技术股份有限公司 | CDN intelligent dispatching methods and system |
| CN108307393A (en) * | 2017-08-21 | 2018-07-20 | 腾讯科技(深圳)有限公司 | Network flow resource sharing method, device, system and storage medium |
| CN107508739A (en) * | 2017-09-06 | 2017-12-22 | 成都佑勤网络科技有限公司 | A kind of method for authenticating that data are transmitted by vpn tunneling |
| US20190173849A1 (en) * | 2017-12-01 | 2019-06-06 | Anchorfree Inc. | Local Interception Of Traffic To A Remote Forward Proxy |
| CN107948203A (en) * | 2017-12-29 | 2018-04-20 | 平安科技(深圳)有限公司 | A kind of container login method, application server, system and storage medium |
| CN109510775A (en) * | 2018-11-12 | 2019-03-22 | 网宿科技股份有限公司 | Orient dispatching method, authentication device, the network equipment and the storage medium of flow |
| CN110365741A (en) * | 2019-06-13 | 2019-10-22 | 网宿科技股份有限公司 | A kind of connection method for building up and transfer server |
| CN111628987A (en) * | 2020-05-22 | 2020-09-04 | 北京金山云网络技术有限公司 | Authentication method, device, system, electronic equipment and computer readable storage medium |
| CN111835789A (en) * | 2020-07-28 | 2020-10-27 | 北京金山云网络技术有限公司 | Service authentication method, device, equipment, system and storage medium |
| CN113824685A (en) * | 2021-08-20 | 2021-12-21 | 联通沃音乐文化有限公司 | Mobile terminal directional flow proxy system and method realized based on Android VpnService |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113938289B (en) | 2024-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7890760B2 (en) | Secure method of termination of service notification | |
| US8447970B2 (en) | Securing out-of-band messages | |
| JP5619287B2 (en) | Secure registration for services provided by web servers | |
| CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
| US20080052509A1 (en) | Trusted intermediary for network data processing | |
| CN112995612B (en) | Safe access method and system for power video monitoring terminal | |
| CN111918284B (en) | Safe communication method and system based on safe communication module | |
| CN105491073B (en) | Data downloading method, device and system | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN103428221A (en) | Safety logging method, system and device of mobile application | |
| CN105429962B (en) | A kind of general go-between service construction method and system towards encryption data | |
| CN109472130A (en) | Linux cipher management method, middle control machine, readable storage medium storing program for executing | |
| GB2404535A (en) | Secure transmission of data via an intermediary which cannot access the data | |
| CN111614686B (en) | Key management method, controller and system | |
| CN114422194A (en) | Single package authentication method, device, server and storage medium | |
| US20210377224A1 (en) | Secure and auditable proxy technology using trusted execution environments | |
| CN108289074A (en) | User account login method and device | |
| CN114221927A (en) | Mail encryption service system and method based on national encryption algorithm | |
| JP4720576B2 (en) | Network security management system, encrypted communication remote monitoring method and communication terminal. | |
| CN113647051A (en) | System and method for secure electronic data transfer | |
| CN110035035B (en) | Secondary authentication method and system for single sign-on | |
| CN113938289B (en) | System and method for preventing interception mechanism from being abused and attacked by proxy client | |
| CN111935164B (en) | Https interface request method | |
| Hsu et al. | The design and implementation of a lightweight CoAP-based IoT framework with smart contract security guarantee | |
| US20080059788A1 (en) | Secure electronic communications pathway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |