CN114117449A - Hidden parameter mining-based test method and device, electronic equipment and medium - Google Patents

Hidden parameter mining-based test method and device, electronic equipment and medium Download PDF

Info

Publication number
CN114117449A
CN114117449A CN202111437935.2A CN202111437935A CN114117449A CN 114117449 A CN114117449 A CN 114117449A CN 202111437935 A CN202111437935 A CN 202111437935A CN 114117449 A CN114117449 A CN 114117449A
Authority
CN
China
Prior art keywords
page
hidden
application
parameter
parameters
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111437935.2A
Other languages
Chinese (zh)
Inventor
范鑫禹
旷亚和
叶红
姜城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202111437935.2A priority Critical patent/CN114117449A/en
Publication of CN114117449A publication Critical patent/CN114117449A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present disclosure provides a hidden parameter mining based testing method, apparatus, electronic device, medium, and computer program product. The testing method and the testing device can be used in the technical field of information security. The test method comprises the following steps: determining an application address of an application to be tested; obtaining m response pages according to the application address; matching the page tags with standard tags in a hidden tag library, and taking the page tags matched with the standard tags in the hidden tag library as hidden tags; extracting parameters of fields under the hidden tags as page hidden parameters; adding the page hiding parameters to the first parameter message; adding the n types of attack loads into the first parameter messages respectively as values of page hidden parameters to obtain n first test messages; sending each first test message to an application to be tested to obtain a first response message; and judging whether the page hiding parameters have loopholes or not according to each first response message.

Description

Hidden parameter mining-based test method and device, electronic equipment and medium
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a hidden parameter mining-based test method, apparatus, electronic device, medium, and computer program product.
Background
At present, rapid iteration of an application system is normalized, the application system is also huge, in the large-volume codes, because a developer omits coding and unnecessary parameter processing logic during code multiplexing, or a development framework requires the developer to follow some parameters specified by a development rule, the application system has some hidden parameters which are not easy to find, the hidden parameters are often hidden in the application system and are unknown, a tester hardly covers the hidden parameters through a traditional manual or automatic test, and the hidden parameters are often not safely filtered and processed at the back end, once the hidden parameters are attacked, the application system is greatly damaged, and the safety of the application system is greatly influenced.
Disclosure of Invention
In view of the above, the present disclosure provides a hidden parameter mining-based testing method, device, electronic device, computer-readable storage medium, and computer program product with low cost and high security.
One aspect of the present disclosure provides a hidden parameter mining-based testing method, including: determining an application address of an application to be tested; obtaining m response pages according to the application address, wherein each response page comprises at least one page tag, and m is an integer greater than or equal to 1; matching the page tag with a standard tag in a hidden tag library, and taking the page tag matched with the standard tag in the hidden tag library as a hidden tag; extracting parameters of fields under the hidden tags into page hidden parameters; adding the page hiding parameters to a first parameter message; adding n types of attack loads into the first parameter message respectively as the values of the page hiding parameters to obtain n first test messages; sending each first test message to the application to be tested to obtain a first response message; and judging whether the page hiding parameters have loopholes or not according to each first response message.
According to the hidden parameter mining-based test method disclosed by the embodiment of the disclosure, the page hidden parameters in the application to be tested can be effectively mined, and the mined page hidden parameters can be automatically and safely tested, so that the potential risk of the application to be tested can be fully revealed, the test cost and the requirements on test personnel can be reduced, and the safety of the application to be tested can be improved.
In some embodiments, the method further comprises: establishing a hidden parameter library, wherein the hidden parameter library comprises preset hidden parameters; adding the preset hidden parameter to the second parameter message; adding n types of attack loads into the second parameter message as the values of the preset hidden parameters respectively to obtain n second test messages; sending each second test message to the application to be tested to obtain a second response message; and judging whether the preset hidden parameters have loopholes or not according to each second response message.
In some embodiments, the second parameter message is the first parameter message.
In some embodiments, said obtaining m response pages according to the application address includes: acquiring m page links of the application to be tested through the application address; and respectively sending requests to the m page links to obtain m response pages.
In some embodiments, the obtaining, by the application address, m page links of the application to be tested includes: acquiring a main page link of the application to be tested corresponding to the application address through the application address; acquiring t first sub-page links connected with the main page link according to the main page link, wherein t is an integer greater than or equal to 0; according to the t first sub-page links, s connected with each first sub-page link is obtainediA second sub-page link, wherein siIs an integer of 0 or more, i is an integer of 0 or more and t or less; until the last sub-page link connected with the previous sub-page link is obtained; and using the main page link and all the acquired sub-page links as the m page links.
In some embodiments, the obtaining, by the application address, m page links of the application to be tested includes: acquiring a page link connected with the previous page link each time through crawler for multiple times according to the application address; setting a threshold value of the crawler times, and terminating the crawler when the crawler times are more than or equal to the threshold value; and adding the page links acquired by the crawlers each time to serve as the m page links.
In some embodiments, the determining, according to each of the first response packets, whether the page hiding parameter has a bug includes: setting a leak library, wherein the leak library comprises leaks respectively corresponding to the n types of attack loads; matching the first response message with the vulnerability in the vulnerability database; and when the vulnerability is matched, taking the vulnerability as the vulnerability of the page hidden parameter corresponding to the first response message.
Another aspect of the present disclosure provides a hidden parameter mining-based testing apparatus, including: the device comprises a determining module, a judging module and a judging module, wherein the determining module is used for determining a test task, and the test task comprises an application address of an application to be tested; the acquisition module is used for acquiring m response pages according to the application address, wherein each response page comprises at least one page tag, and m is an integer greater than or equal to 1; the matching module is used for matching the page tag with a standard tag in a hidden tag library, and taking the page tag matched with the standard tag in the hidden tag library as a hidden tag; the extraction module is used for extracting the parameters of the fields under the hidden tags into page hidden parameters; the first adding module is used for adding the page hiding parameters to a first parameter message; the second adding module is used for adding n types of attack loads into the first parameter messages respectively as the values of the page hiding parameters to obtain n first test messages; the sending module is used for sending each first test message to the application to be tested to obtain a first response message; and the judging module is used for judging whether the page hiding parameters have loopholes or not according to each first response message.
Another aspect of the present disclosure provides an electronic device comprising one or more processors and one or more memories, wherein the memories are configured to store executable instructions that, when executed by the processors, implement the method as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program product comprising a computer program comprising computer executable instructions for implementing the method as described above when executed.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture to which the methods, apparatus, and methods may be applied, in accordance with an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow diagram of a hidden parameter mining based testing method according to an embodiment of the present disclosure;
FIG. 3 schematically shows a flow diagram for deriving m response pages from an application address according to an embodiment of the disclosure;
FIG. 4 schematically illustrates a flow diagram for obtaining m page links of an application under test via an application address according to some embodiments of the present disclosure;
FIG. 5 schematically illustrates a flow diagram for obtaining m page links of an application under test via an application address according to further embodiments of the present disclosure;
fig. 6 schematically shows a flowchart for determining whether a vulnerability exists in a page hidden parameter according to each first response packet according to an embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow diagram of a hidden parameter mining based testing method according to an embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of a hidden parameter mining based testing apparatus according to an embodiment of the present disclosure;
fig. 9 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure. In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). The terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, features defined as "first", "second", may explicitly or implicitly include one or more of the described features.
At present, rapid iteration of an application system is normalized, the application system is also huge, in the large-volume codes, because a developer omits coding and unnecessary parameter processing logic during code multiplexing, or a development framework requires the developer to follow some parameters specified by a development rule, the application system has some hidden parameters which are not easy to find, the hidden parameters are often hidden in the application system and are unknown, a tester hardly covers the hidden parameters through a traditional manual or automatic test, and the hidden parameters are often not safely filtered and processed at the back end, once the hidden parameters are attacked, the application system is greatly damaged, and the safety of the application system is greatly influenced.
Embodiments of the present disclosure provide a hidden parameter mining-based test method, apparatus, electronic device, computer-readable storage medium, and computer program product. The hidden parameter mining-based test method comprises the following steps: determining an application address of an application to be tested; obtaining m response pages according to the application address, wherein each response page comprises at least one page tag, and m is an integer greater than or equal to 1; matching the page tags with standard tags in a hidden tag library, and taking the page tags matched with the standard tags in the hidden tag library as hidden tags; extracting parameters of fields under the hidden tags as page hidden parameters; adding the page hiding parameters to the first parameter message; adding the n types of attack loads into the first parameter messages respectively as values of page hidden parameters to obtain n first test messages; sending each first test message to an application to be tested to obtain a first response message; and judging whether the page hiding parameters have loopholes or not according to each first response message.
It should be noted that the hidden parameter mining-based test method, device, electronic device, computer-readable storage medium, and computer program product of the present disclosure may be used in the field of information security, and may also be used in any field other than the field of information security, such as the field of finance, and the field of the present disclosure is not limited herein.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which hidden parameter mining based testing methods, apparatus, electronic devices, computer-readable storage media, and computer program products may be applied, according to embodiments of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104 and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the hidden parameter mining-based test method provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the hidden parameter mining-based testing apparatus provided by the embodiments of the present disclosure may be generally disposed in the server 105. The hidden parameter mining-based test method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Correspondingly, the hidden parameter mining-based testing apparatus provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The hidden parameter mining-based test method according to the embodiment of the present disclosure will be described in detail below with reference to fig. 2 to 7 based on the scenario described in fig. 1.
Fig. 2 schematically shows a flow chart of a hidden parameter mining based testing method according to an embodiment of the present disclosure.
As shown in fig. 2, the hidden parameter mining-based test method of this embodiment includes operations S210 to S280.
In operation S210, an application address of an application to be tested is determined. It can be understood that each application to be tested has a corresponding application address, and the application to be tested can be accessed by logging in the application address, so as to complete the test of the application to be tested.
In operation S220, m response pages are obtained according to the application address, where each response page includes at least one page tag, m is an integer greater than or equal to 1, and for example, the application to be tested may be crawled according to the application address to obtain m response pages.
As a specific example, as shown in fig. 3, the operation S220 of obtaining m response pages according to the application address includes operations S221 and S222.
In operation S221, m page links of the application to be tested are acquired through the application address.
As a possible implementation manner, as shown in fig. 4, the operation S221 of acquiring m page links of the application to be tested by using the application address may include operations S2211 to S2215.
In operation S2211, a home page link of the application to be tested corresponding to the application address is obtained through the application address; the application address can be logged in to obtain the main page link of the application to be tested corresponding to the application address.
In operation S2212, t first sub-page links connected to the main page link are obtained according to the main page link, where t is an integer greater than or equal to 0. For example, a main page of an application for which a financial product is to be tested has transfer, financing, deposit and balance modules. A financing product A, a financing product B and a financing product C are arranged under the financing module. Under the deposit module, there are a class A deposit and a class B deposit. There is income and expenditure under the income and expenditure module.
After logging in the application address of the application to be tested of the financial product, a main page link of a main page of the financial product can be obtained, t first sub-page links which are in connection with the main page link are respectively a transfer module, a financing module, a deposit module and a collection module, and t is 4 at the moment.
In operation S2213, S connected to each first sub-page link is obtained according to the t first sub-page linksiA second sub-page link, wherein siIs an integer of 0 or more, and i is an integer of 0 or more and t or less.
The application of the financial product to be tested is taken as an example for further explanation. the t first sub-page links are respectively a transfer module, a financing module, a deposit module and a collection module, the second sub-page link which is connected with the first sub-page link for transferring accounts is a confirmed transfer account, and at the moment, the s corresponding to the first sub-page link for transferring accounts1Is 1; the second sub-page link which has a connection relation with the first sub-page link for financing is a financing product A, a financing product B and a financing product C, and at the moment, s corresponding to the first sub-page link for financing is linked2Is 3; the second sub-page link having a connection relation with the first sub-page link of the deposit is a type A deposit and a type B deposit, and at this time, s corresponding to the first sub-page link of the deposit3Is 2; the second sub-page link connected with the first sub-page link for receiving and paying is income and expenditure, and at the moment, the second sub-page link corresponding to the first sub-page link for receiving and paying is income and expenditures4Is 2.
In operation S2214, until the last sub-page link connected to the previous sub-page link is acquired. Continuing with the example of the application to be tested of the financial product, under the second sub-page link for determining the transfer, no next sub-page link connected with the second sub-page link for determining the transfer exists, so that the transfer is determined as the last sub-page link; and under the link of the second sub-page of the financial product A, the link of the third sub-page connected with the link of the second sub-page of the financial product A is used for determining the sum of the financial product A, and the link of the next sub-page connected with the link of the third sub-page for determining the sum of the financial product A is not used, so that the sum of the financial product A is determined to be the last link of the sub-page.
And under the link of the second sub-page of the B financial product, the link of the third sub-page connected with the link of the second sub-page of the B financial product is used for determining the sum of the B financial product, and no link of the next sub-page connected with the link of the third sub-page for determining the sum of the B financial product is used, so that the sum of the B financial product is determined as the last link of the sub-page. And under the link of the second sub-page of the C financial product, the link of the third sub-page connected with the link of the second sub-page of the C financial product is used for determining the sum of the C financial product, and no link of the next sub-page connected with the link of the third sub-page for determining the sum of the C financial product is used, so that the sum of the C financial product is determined as the last link of the sub-page.
And under the link of the second sub-page of the A-type deposit, the link of the third sub-page connected with the link of the second sub-page of the A-type deposit is used for determining the deposit amount of the A-type deposit, and the link of the next sub-page connected with the link of the third sub-page for determining the deposit amount of the A-type deposit is not used, so that the deposit amount of the A-type deposit is determined to be the last link of the sub-page. And under the link of the second sub-page of the B-type deposit, the link of the third sub-page connected with the link of the second sub-page of the B-type deposit is used for determining the amount of the B-type deposit, and the link of the next sub-page connected with the link of the third sub-page for determining the amount of the B-type deposit is not used, so that the amount of the B-type deposit is determined as the link of the last sub-page.
And under the link of the second sub-page of the income, the link of a third sub-page connected with the link of the second sub-page of the income is the determined income amount, and the link of a next sub-page connected with the link of the third sub-page of the determined income amount is not included, so that the income amount is determined to be the last link of the sub-page. And under the link of the second subpage of the expenditure, the link of the third subpage connected with the link of the second subpage of the expenditure is the determined expenditure amount, and the link of the next subpage connected with the link of the third subpage of the determined expenditure amount is not present, so that the expenditure amount is determined as the last link of the subpage.
In operation S2215, the main page link and all the acquired sub page links are treated as m page links. Therefore, the m page links of the application to be tested of the financial product are main page links, a first sub-page transfer link, a first sub-page financing link, a first sub-page deposit link and a first sub-page balance link which are connected with the main page links, a second sub-page transfer link, a second sub-page A financing link, a second sub-page B financing product link, a second sub-page C financing product link, a second sub-page deposit link, a second sub-page income link and a second sub-page expense link which are connected with the first sub-page links, a third sub-page link, a third sub-page account sum link, a third sub-page deposit sum link, a third sub-page sum link sum link, a third sub-page sum link, a sub-page sum link, a sub-page sum link, a sub-sum of a sub, The income amount third sub-page link and the expenditure amount third sub-page link. In this case, m is 20.
In operation S222, requests are respectively sent to the m page links, and m response pages are obtained. Therefore, after m page links are obtained, requests can be sent to the m page links respectively, and m response pages can be obtained in response to the request information.
It will be appreciated that the financial products herein are intended for use with transfer, financing, deposit and balance modules. A financing product A, a financing product B and a financing product C are arranged under the financing module. Under the deposit module, there are a class A deposit and a class B deposit. The income and expenditure under the income and expenditure module are only exemplary, and the applications to be tested and the page links mentioned in the disclosure are not limited to the income and expenditure module, and are not understood to be the limitations of the disclosure.
As another possible implementation manner, as shown in fig. 5, the acquiring, by the application address, m page links of the application to be tested in operation S221 may include operations S2216 to S2218.
In operation S2216, a page link connected to the previous page link is acquired through crawler for a plurality of times according to the application address.
In operation S2217, a threshold value of the number of crawlers is set, and the crawlers are terminated when the number of crawlers is equal to or greater than the threshold value.
In operation S2218, the page links acquired by each crawler are added as m page links.
For example, a main page of an application for which a financial product is to be tested has transfer, financing, deposit and balance modules. A financing product A, a financing product B and a financing product C are arranged under the financing module. Under the deposit module, there are a class A deposit and a class B deposit. There is income and expenditure under the income and expenditure module. After the application address of the application to be tested of the financial product is logged in, the crawler can obtain the main page link of the main page of the financial product for the first time; the crawler obtains a first sub-page link which has a connection relation with the main page link for the second time, wherein the first sub-page link is respectively account transfer, financing, deposit and collection; the third crawler can obtain a second sub-page link which has a connection relation with the first sub-page link and respectively determines account transfer, A financing products, B financing products, C financing products, A-type deposit, B-type deposit, income and expenditure; the fourth crawler can obtain a third sub-page link which is linked with the second sub-page and is used for determining the sum of the A financing product, the sum of the B financing product, the sum of the C financing product, the A-type deposit sum, the B-type deposit sum, the income sum and the expenditure sum.
If the threshold value of the crawler times is set to be 2, the crawler operation can be stopped after the crawler is completed for the second time, and certainly the crawler operation can also be stopped after the crawler is completed for the third time, but the crawler operation is not limited to this, as long as the crawler times are larger than or equal to the threshold value. The following description will be given by taking an example in which the threshold is 2 and the crawler stops after the second crawler is completed.
For the application to be tested of the financial product, the crawler obtains a main page link for the first time, and the crawler obtains 4 page links for transferring accounts, financing, depositing and collecting and paying for the second time, so that the main page link and the 4 page links for transferring accounts, financing, depositing and collecting and paying can be added to obtain 5 page links.
Through the operation S2211 to the operation S2215 or the operation S2216 to the operation S2218, the m page links of the application to be tested can be obtained conveniently through the application address, so that the response page corresponding to each page link can be obtained conveniently.
In operation S230, the page tag is matched with a standard tag in the hidden tag library, and the page tag matched with the standard tag in the hidden tag library is used as the hidden tag. It will be appreciated that each response page includes at least one page tag, and the format of the response page may be, for example, as follows:
<input type=″hidden″name=″code1″value=″a″/>
<input type=″hidden″name=″code2″value=″@n″/>
<input name=″txt″type=″text″value=″@value″/>
among them, hidden under input type and txt under input name can be understood as page tags. The hidden tag library may store a standard tag, where the standard tag may be understood as a standard value of the hidden tag, and the page tag is matched with the standard tag, and if a matching result is obtained, the page tag may be indicated as the hidden tag. Thus, in the example of the response page described above, the hidden tag hidden can be obtained.
In operation S240, a parameter of a field under the hidden tag is extracted as a page hidden parameter. Continuing to explain by taking the response page as an example, the response page has two hidden tags hidden, a field under the first hidden tag hidden has a name, and the parameter of the name is code 1; the field under the second hidden tag hidden has a name, the parameter of which is code 2. Thus, code1 and code2 may be extracted as page hiding parameters.
In operation S250, a page hiding parameter is added to the first parameter packet. The first parameter message may be a single message, and the page hiding parameters code1 and code2 obtained in operation S240 may be added to the first parameter message.
In operation S260, the n types of attack loads are respectively added to the first parameter messages as values of the page hidden parameters, so as to obtain n first test messages. For example, the n types of attack loads may include, but are not limited to, an attack load a for an xxs vulnerability, an attack load b for an sql injection vulnerability, an attack load c for an ssrf vulnerability, and an attack load d for a csrf vulnerability, where there are several types of attack loads, n is several, and n may be any integer greater than or equal to 1. The attack loads a, b, c and d can be respectively assigned to the page hiding parameter code1, meanwhile, the attack loads a, b, c and d can be respectively assigned to the page hiding parameter code2, and the attack loads can be assigned once to obtain a first test message.
For example: first test packet 1: code1 ═ a; code2 ═ a.
First test packet 2: code1 ═ b; code2 ═ b.
First test packet 3: code1 ═ c; code2 ═ c.
First test packet 4: code1 ═ d; code2 ═ d.
In operation S270, each first test packet is sent to the application to be tested, so as to obtain a first response packet. It can be understood that the first test message 1, the first test message 2, the first test message 3, and the first test message 4 in the above example may be respectively sent to the application to be tested, and a first response message fed back by the application to be tested may be obtained.
In operation S280, whether a vulnerability exists in the page hiding parameter is determined according to each first response packet.
As an implementation manner, as shown in fig. 6, the operation S280 of determining whether the page hidden parameter has a bug according to each first response message includes operations S281 to S283.
In operation S281, a vulnerability library is set, wherein vulnerabilities corresponding to the n-type attack loads, respectively, are included in the vulnerability library. Here, the vulnerability library may include xxs vulnerability, sql injection vulnerability, ssrf vulnerability and csrf vulnerability, the attack load a corresponds to xxs vulnerability, the attack load b corresponds to sql injection vulnerability, the attack load c corresponds to ssrf vulnerability, and the attack load d corresponds to csrf vulnerability.
In operation S282, the first response message is matched with the vulnerability in the vulnerability library.
In operation S283, when a vulnerability is matched, the vulnerability is used as a vulnerability of the page hidden parameter corresponding to the first response packet. The first test message 1, the first test message 2, the first test message 3, and the first test message 4 in the above example are continuously sent to the application to be tested, and a first response message fed back by the application to be tested is obtained. The first response message 1 fed back by aiming at the first test message 1 may be attack-free, and may be attacked by xxs vulnerabilities, so that the first response message 1 may be matched with vulnerabilities in the vulnerability library, and when the first response message 1 is attack-free, vulnerabilities cannot be matched in the vulnerability library; when the first response packet 1 is attacked by xxs vulnerability, xxs vulnerability can be matched in the vulnerability library, so that xxs vulnerability can be used as vulnerability of the page hidden parameters code1 and code2 corresponding to the first response packet 1.
The method for matching the first test message 2, the first test message 3, and the first test message 4 with the first test message 1 has the same structure, and details are not repeated here.
According to the hidden parameter mining-based test method disclosed by the embodiment of the disclosure, the page hidden parameters in the application to be tested can be effectively mined through the operations S210 to S250, and the operations S260 to S280 can automatically and safely test the mined page hidden parameters, so that the potential risk of the application to be tested can be fully disclosed, the test cost and the requirements on test personnel can be reduced, and the safety of the application to be tested can be improved.
In some embodiments of the present disclosure, as shown in fig. 6, the operation S280 of determining whether the page hiding parameter has a bug according to each first response packet further includes an operation S284.
In operation S284, when the vulnerability is not matched, it is determined that the vulnerability does not exist in the page hiding parameter.
In some embodiments of the present disclosure, as shown in fig. 2, the hidden parameter mining based test method further includes operation S290.
In operation S290, a result of whether the page hidden parameter has a bug is shown. Therefore, the user can intuitively acquire the vulnerability information and make remedial measures in time.
FIG. 7 schematically shows a flowchart of a hidden parameter mining based testing method according to an embodiment of the present disclosure.
As shown in fig. 7, the hidden parameter mining-based test method of this embodiment includes operations S310 to S350.
In operation S310, a hidden parameter library is established, wherein the hidden parameter library includes preset hidden parameters. Here, the preset hidden parameter may be a hidden parameter common in an application to be tested and a hidden parameter common in the field of computers, and the hidden parameter may be maintained in a hidden parameter library.
In operation S320, a preset hidden parameter is added to the second parameter packet. The second parameter message may be a message, and the preset hidden parameter obtained in operation S310 may be added to the second parameter message.
In operation S330, the n types of attack loads are respectively added to the second parameter messages as values of the preset hidden parameters, so as to obtain n second test messages. For example, a class n attack load may include, but is not limited to, an attack load a for an xxs vulnerability, an attack load b for an sql injection vulnerability, an attack load c for an ssrf vulnerability, and an attack load d for a csrf vulnerability. The attack loads a, b, c and d can be respectively assigned to preset hidden parameters, and one second test message can be obtained by assigning the attack loads once.
For example: second test packet 1: presetting hidden parameters as a.
Second test packet 2: and presetting hidden parameters b.
Second test packet 3: and c is preset as hidden parameter.
Second test packet 4: and d is preset as hidden parameter.
In operation S340, each second test packet is sent to the application to be tested, so as to obtain a second response packet. It can be understood that the second test message 1, the second test message 2, the second test message 3, and the second test message 4 in the above example may be respectively sent to the application to be tested, and a second response message fed back by the application to be tested may be obtained.
In operation S350, whether a vulnerability exists in the preset hidden parameter is determined according to each second response packet. For example, a vulnerability library may be set, where the vulnerability library includes vulnerabilities corresponding to the n types of attack loads, respectively. Here, the vulnerability library may include xxs vulnerability, sql injection vulnerability, ssrf vulnerability and csrf vulnerability, the attack load a corresponds to xxs vulnerability, the attack load b corresponds to sql injection vulnerability, the attack load c corresponds to ssrf vulnerability, and the attack load d corresponds to csrf vulnerability.
The second test message 1, the second test message 2, the second test message 3, and the second test message 4 in the above example are continuously sent to the application to be tested, and a second response message fed back by the application to be tested is obtained. The second response message 1 fed back by aiming at the second test message 1 can be attack-free, and can be attacked by xxs vulnerabilities, so that the second response message 1 can be matched with vulnerabilities in the vulnerability database, and when the second response message 1 is attack-free, the vulnerabilities cannot be matched in the vulnerability database; when the second response packet 1 is attacked by xxs vulnerability, xxs vulnerability can be matched in the vulnerability library, so that xxs vulnerability can be used as the vulnerability of the preset hidden parameter corresponding to the second response packet 1.
The method for matching the second test message 2, the second test message 3, the second test message 4 and the second test message 1 with the bug is the same as that described above, and details are not repeated here.
Through the operations S310 to S350, the automatic security test can be performed on the preset hidden parameters, so as to improve the security of the application to be tested.
Furthermore, the second parameter message is the first parameter message, in other words, the second parameter message and the first parameter message are one message, so that the page hiding parameters and the preset hiding parameters can be collected on one message for testing, further the testing program and the testing time can be saved, the manpower and material resources are saved, and the testing cost is reduced.
Based on the test method based on hidden parameter mining, the present disclosure also provides a test apparatus 10 based on hidden parameter mining. The hidden parameter mining based test apparatus 10 will be described in detail below with reference to fig. 8.
Fig. 8 schematically shows a block diagram of the hidden parameter mining based test apparatus 10 according to an embodiment of the present disclosure.
The hidden parameter mining-based testing device 10 comprises a determining module 1, a crawler module 2, a matching module 3, an extracting module 4, a first adding module 5, a second adding module 6, a sending module 7 and a judging module 8.
Determination module 1, the determination module 1 is configured to perform operation S210: and determining a test task, wherein the test task comprises an application address of the application to be tested.
An obtaining module 2, where the obtaining module 2 is configured to perform operation S220: and obtaining m response pages according to the application address, wherein each response page comprises at least one page tag, and m is an integer greater than or equal to 1.
A matching module 3, the matching module 3 being configured to perform operation S230: and matching the page tag with a standard tag in a hidden tag library, and taking the page tag matched with the standard tag in the hidden tag library as a hidden tag.
An extraction module 4, the extraction module 4 being configured to perform operation S240: and extracting parameters of fields under the hidden tags as page hidden parameters.
A first adding module 5, the first adding module 5 being configured to perform operation S250: and adding the page hiding parameters to the first parameter message.
A second adding module 6, where the second adding module 6 is configured to perform operation S260: and adding the n types of attack loads into the first parameter messages respectively as the values of the page hidden parameters to obtain n first test messages.
A sending module 7, where the sending module 7 is configured to perform operation S270: and sending each first test message to the application to be tested to obtain a first response message.
The determining module 8, the determining module 8 is configured to perform operation S280: and judging whether the page hiding parameters have loopholes or not according to each first response message.
Since the testing device 10 based on hidden parameter mining is configured based on the testing method based on hidden parameter mining, the beneficial effects of the testing device 10 based on hidden parameter mining are the same as those of the testing method based on hidden parameter mining, and are not described herein again.
In addition, according to the embodiment of the present disclosure, any multiple modules of the determining module 1, the obtaining module 2, the matching module 3, the extracting module 4, the first adding module 5, the second adding module 6, the sending module 7, and the judging module 8 may be combined into one module to be implemented, or any one module thereof may be split into multiple modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module.
According to the embodiment of the present disclosure, at least one of the determining module 1, the obtaining module 2, the matching module 3, the extracting module 4, the first adding module 5, the second adding module 6, the sending module 7, and the judging module 8 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementation manners of software, hardware, and firmware, or by a suitable combination of any of them.
Alternatively, at least one of the determining module 1, the obtaining module 2, the matching module 3, the extracting module 4, the first adding module 5, the second adding module 6, the sending module 7 and the judging module 8 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
Fig. 9 schematically illustrates a block diagram of an electronic device adapted to implement a hidden parameter mining based testing method according to an embodiment of the present disclosure.
As shown in fig. 9, an electronic apparatus 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. Processor 901 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic apparatus 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 900 may also include input/output (I/O) interface 905, input/output (I/O) interface 905 also connected to bus 904, according to an embodiment of the present disclosure. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The driver 910 is also connected to an input/output (I/O) interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 902 and/or the RAM 903 described above and/or one or more memories other than the ROM 902 and the RAM 903.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. The program code is for causing a computer system to perform the methods of the embodiments of the disclosure when the computer program product is run on the computer system.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 901. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, and downloaded and installed through the communication section 909 and/or installed from the removable medium 911. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (11)

1. A test method based on hidden parameter mining is characterized by comprising the following steps:
determining an application address of an application to be tested;
obtaining m response pages according to the application address, wherein each response page comprises at least one page tag, and m is an integer greater than or equal to 1;
matching the page tag with a standard tag in a hidden tag library, and taking the page tag matched with the standard tag in the hidden tag library as a hidden tag;
extracting parameters of fields under the hidden tags into page hidden parameters;
adding the page hiding parameters to a first parameter message;
adding n types of attack loads into the first parameter message respectively as the values of the page hiding parameters to obtain n first test messages;
sending each first test message to the application to be tested to obtain a first response message; and
and judging whether the page hiding parameters have loopholes or not according to each first response message.
2. The method of claim 1, further comprising:
establishing a hidden parameter library, wherein the hidden parameter library comprises preset hidden parameters;
adding the preset hidden parameter to the second parameter message;
adding n types of attack loads into the second parameter message as the values of the preset hidden parameters respectively to obtain n second test messages;
sending each second test message to the application to be tested to obtain a second response message; and
and judging whether the preset hidden parameters have loopholes or not according to each second response message.
3. The method of claim 2, wherein the second parameter message is the first parameter message.
4. The method of claim 1, wherein obtaining m response pages according to the application address comprises:
acquiring m page links of the application to be tested through the application address;
and respectively sending requests to the m page links to obtain m response pages.
5. The method according to claim 4, wherein the obtaining m page links of the application to be tested through the application address comprises:
acquiring a main page link of the application to be tested corresponding to the application address through the application address;
acquiring t first sub-page links connected with the main page link according to the main page link, wherein t is an integer greater than or equal to 0;
according to the t first sub-page links, s connected with each first sub-page link is obtainediA second sub-page link, wherein siIs an integer of 0 or more, i is an integer of 0 or more and t or less;
until the last sub-page link connected with the previous sub-page link is obtained; and
and taking the main page link and all the acquired sub-page links as the m page links.
6. The method according to claim 4, wherein the obtaining m page links of the application to be tested through the application address comprises:
acquiring a page link connected with the previous page link each time through crawler for multiple times according to the application address;
setting a threshold value of the crawler times, and terminating the crawler when the crawler times are more than or equal to the threshold value; and
and adding the page links acquired by the crawlers each time to serve as the m page links.
7. The method according to any one of claims 1-6, wherein the determining whether the page hiding parameters have vulnerabilities according to each of the first response messages comprises:
setting a leak library, wherein the leak library comprises leaks respectively corresponding to the n types of attack loads;
matching the first response message with the vulnerability in the vulnerability database; and
and when the vulnerability is matched, taking the vulnerability as the vulnerability of the page hidden parameter corresponding to the first response message.
8. A hidden parameter mining-based testing device is characterized by comprising:
the device comprises a determining module, a judging module and a judging module, wherein the determining module is used for determining a test task, and the test task comprises an application address of an application to be tested;
the acquisition module is used for acquiring m response pages according to the application address, wherein each response page comprises at least one page tag, and m is an integer greater than or equal to 1;
the matching module is used for matching the page tag with a standard tag in a hidden tag library, and taking the page tag matched with the standard tag in the hidden tag library as a hidden tag;
the extraction module is used for extracting the parameters of the fields under the hidden tags into page hidden parameters;
the first adding module is used for adding the page hiding parameters to a first parameter message;
the second adding module is used for adding n types of attack loads into the first parameter messages respectively as the values of the page hiding parameters to obtain n first test messages;
the sending module is used for sending each first test message to the application to be tested to obtain a first response message; and
and the judging module is used for judging whether the page hiding parameters have bugs according to each first response message.
9. An electronic device, comprising:
one or more processors;
one or more memories for storing executable instructions that, when executed by the processor, implement the method of any of claims 1-7.
10. A computer-readable storage medium having stored thereon executable instructions that when executed by a processor implement a method according to any one of claims 1 to 7.
11. A computer program product comprising a computer program comprising one or more executable instructions which, when executed by a processor, implement a method according to any one of claims 1 to 7.
CN202111437935.2A 2021-11-29 2021-11-29 Hidden parameter mining-based test method and device, electronic equipment and medium Pending CN114117449A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111437935.2A CN114117449A (en) 2021-11-29 2021-11-29 Hidden parameter mining-based test method and device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111437935.2A CN114117449A (en) 2021-11-29 2021-11-29 Hidden parameter mining-based test method and device, electronic equipment and medium

Publications (1)

Publication Number Publication Date
CN114117449A true CN114117449A (en) 2022-03-01

Family

ID=80367748

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111437935.2A Pending CN114117449A (en) 2021-11-29 2021-11-29 Hidden parameter mining-based test method and device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN114117449A (en)

Similar Documents

Publication Publication Date Title
CN112965916B (en) Page testing method, page testing device, electronic equipment and readable storage medium
CN109325192B (en) Advertisement anti-shielding method and device
CN115357761A (en) Link tracking method and device, electronic equipment and storage medium
CN115587575A (en) Data table creation method, target data query method, device and equipment
CN114237651A (en) Installation method and device of cloud native application, electronic equipment and medium
CN112463729A (en) Data file storage method and device, electronic equipment and medium
CN115965474A (en) Service processing method, device, equipment and storage medium
CN113535577A (en) Application testing method and device based on knowledge graph, electronic equipment and medium
CN113176907A (en) Interface data calling method and device, computer system and readable storage medium
CN113495825A (en) Line alarm processing method and device, electronic equipment and readable storage medium
CN113362173A (en) Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium
CN113535568B (en) Verification method, device, equipment and medium for application deployment version
CN113535565B (en) Interface use case generation method, device, equipment and medium
CN114117449A (en) Hidden parameter mining-based test method and device, electronic equipment and medium
CN115203178A (en) Data quality inspection method and device, electronic equipment and storage medium
CN114218254A (en) Report generation method, device, equipment and storage medium
CN114490264A (en) File monitoring method and device of application system, electronic equipment and storage medium
CN112966167A (en) Data crawling method, device, computer system and computer readable storage medium
CN112988604A (en) Object testing method, testing system, electronic device and readable storage medium
CN113760835B (en) Log management method, middle platform system, electronic equipment and storage medium
CN113360417B (en) Test method, session modifier, electronic device and medium
CN114266547A (en) Method, device, equipment, medium and program product for identifying business processing strategy
CN113051090A (en) Interface processing method and device, interface calling method and device, system and medium
CN114861054A (en) Information acquisition method and device, electronic equipment and storage medium
CN114254621A (en) Document auditing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination