CN114363022B - Attack tracing method and device, electronic equipment and storage medium - Google Patents
Attack tracing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114363022B CN114363022B CN202111577925.9A CN202111577925A CN114363022B CN 114363022 B CN114363022 B CN 114363022B CN 202111577925 A CN202111577925 A CN 202111577925A CN 114363022 B CN114363022 B CN 114363022B
- Authority
- CN
- China
- Prior art keywords
- attack
- page
- server
- tracing
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000006399 behavior Effects 0.000 claims abstract description 26
- 230000006870 function Effects 0.000 claims description 15
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 238000001914 filtration Methods 0.000 claims description 6
- 230000000694 effects Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 230000006978 adaptation Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The disclosure provides an attack tracing method, an attack tracing device, electronic equipment and a storage medium, and relates to the technical field of network security. The specific technical scheme is as follows: if the attacker is detected to generate the attack action on the user equipment, sending indication information to a server, wherein the indication information is used for indicating the attack action; receiving an attack tracing instruction sent by the server; and tracing the attack behaviors of the attacker according to the attack tracing instruction. The present disclosure is used to improve security of a network environment.
Description
Technical Field
The disclosure relates to the technical field of network security, and in particular relates to an attack tracing method, an attack tracing device, electronic equipment and a storage medium.
Background
The browser is used as a portal for users to access the internet, and the security of the browser is important. Any unintended click by the user in the browser may cause information leakage. When a user accesses a webpage by opening the browser and the browser, a light user can steal the cookie, namely the identity information, of the user to acquire privacy such as browser records of the user by utilizing some vulnerabilities of the browser; the heavy person can steal and tamper the files on the user computer, and even install the back door on the user computer, the user information is stolen. Therefore, tracing the attack of an attacker is required to ensure the security of the network environment.
Disclosure of Invention
The embodiment of the disclosure provides an attack tracing method, an attack tracing device, electronic equipment and a storage medium, so as to provide an attack tracing technical scheme. The technical scheme is as follows:
According to a first aspect of an embodiment of the present disclosure, there is provided an attack tracing method, applied to a browser, including:
If the attacker is detected to generate the attack action on the user equipment, sending indication information to a server, wherein the indication information is used for indicating the attack action;
receiving an attack tracing instruction sent by the server;
And tracing the attack behaviors of the attacker according to the attack tracing instruction.
According to the attack tracing method provided by the embodiment of the disclosure, if an attacker is detected to generate an attack on user equipment, indication information is sent to a server, wherein the indication information is used for indicating the attack; receiving an attack tracing instruction sent by the server; the attack behavior of the attacker is traced according to the attack tracing instruction, so that the attack behavior can be traced when the attacker is detected to occur on the user equipment, and the security of the network environment is effectively improved.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
Receiving a Flash update instruction input by a user on the first page;
acquiring the permission of the Flash application to access the camera and the microphone of the user equipment according to the Flash updating instruction;
After the use rights of the camera and the microphone are obtained, generating a target flash application;
Starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker and sound information of the attacker through the camera;
and sending the photo information and the sound information to the server.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
Sending an end-to-end connection request to target equipment according to the attack tracing instruction;
receiving an SDP inclusion responded by the target equipment according to the end-to-end connection request;
acquiring the IP address of the user equipment by regularly filtering the SDP inclusion;
and sending the IP address of the user equipment to the server.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
Acquiring characteristic information of the browser according to the attack tracing instruction;
Performing hash conversion on the characteristic information to generate an ID of user equipment;
And sending the ID of the user equipment to the server.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
polling each IP in a network segment of the local area network of the user equipment according to the attack tracing instruction, and acquiring the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP quantity and the use state of each IP to a server.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
Generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website;
filling an account password which is stored in advance by the browser and is logged in the target website into a page of the target Iframe;
inquiring DOM elements corresponding to the page of the target Iframe, and acquiring the account password;
and sending the account password to the server.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
Generating a second page according to the attack tracing instruction, wherein an execution function is added in the title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises account passwords and information of user bookmark favorites;
And sending the user information to the server.
According to a second aspect of an embodiment of the present disclosure, there is provided an attack tracing apparatus, applied to a browser, including:
the system comprises an indication information sending module, a server and a control module, wherein the indication information sending module is used for sending indication information to the server if an attacker is detected to generate an attack on user equipment, and the indication information is used for indicating the attack;
The attack tracing instruction receiving module is used for receiving an attack tracing instruction sent by the server;
And the attack behavior tracing module is used for tracing the attack behavior of the attacker according to the attack tracing instruction.
In one embodiment, the attack behavior tracing module is configured to:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
Receiving a Flash update instruction input by a user on the first page;
acquiring the permission of the Flash application to access the camera and the microphone of the user equipment according to the Flash updating instruction;
After the use rights of the camera and the microphone are obtained, generating a target flash application;
Starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker and sound information of the attacker through the camera;
and sending the photo information and the sound information to the server.
In one embodiment, the attack behavior tracing module is configured to:
Sending an end-to-end connection request to target equipment according to the attack tracing instruction;
receiving an SDP inclusion responded by the target equipment according to the end-to-end connection request;
acquiring the IP address of the user equipment by regularly filtering the SDP inclusion;
and sending the IP address of the user equipment to the server.
In one embodiment, the attack behavior tracing module is configured to:
Acquiring characteristic information of the browser according to the attack tracing instruction;
Performing hash conversion on the characteristic information to generate an ID of user equipment;
And sending the ID of the user equipment to the server.
In one embodiment, the attack behavior tracing module is configured to:
polling each IP in a network segment of the local area network of the user equipment according to the attack tracing instruction, and acquiring the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP quantity and the use state of each IP to the server.
In one embodiment, the attack behavior tracing module is configured to:
Generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website;
filling an account password which is stored in advance by the browser and is logged in the target website into a page of the target Iframe;
inquiring DOM elements corresponding to the page of the target Iframe, and acquiring the account password;
and sending the account password to the server.
In one embodiment, the attack behavior tracing module is configured to:
Generating a second page according to the attack tracing instruction, wherein an execution function is added in the title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises account passwords and information of user bookmark favorites;
And sending the user information to the server.
According to a third aspect of embodiments of the present disclosure, there is provided an electronic device comprising a processor and a memory, the memory having stored therein at least one computer instruction, the instructions being loaded and executed by the processor to implement the steps performed in the attack tracing method according to any one of the first aspects.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored therein at least one computer instruction that is loaded and executed by a processor to implement the steps performed in the attack tracing method of any of the first aspects.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flowchart of an attack tracing method provided by an embodiment of the present disclosure;
Fig. 2 is a block diagram of an attack tracing device according to an embodiment of the present disclosure;
fig. 3 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.
Fig. 1 is a flowchart of an attack tracing method provided in an embodiment of the present disclosure. As shown in fig. 1, the method includes:
S101, if an attacker is detected to generate an attack action on user equipment, sending indication information to a server, wherein the indication information is used for indicating the attack action.
Illustratively, the attacker's attack behavior on the user device may be monitored through firewall, security guard, etc. applications.
S102, receiving an attack tracing instruction sent by the server;
Further, after receiving the indication information sent by the browser, the server sends an attack tracing instruction to the browser.
S103, tracing the attack behaviors of the attacker according to the attack tracing instruction.
How to trace the source of the attack behavior of the attacker according to the attack tracing instruction is described below.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
Receiving a Flash update instruction input by a user on the first page;
acquiring the permission of the Flash application to access the camera and the microphone of the user equipment according to the Flash updating instruction;
After the use rights of the camera and the microphone are obtained, generating a target flash application;
Starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker and sound information of the attacker through the camera;
and sending the photo information and the sound information to the server.
In this embodiment, the size of the target flash application is smaller than or equal to the preset pixel value, so that an attacker cannot easily perceive the target flash application. For example, the target flash application may be a 1px flash application.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
Sending an end-to-end connection request to target equipment according to the attack tracing instruction;
Receiving a session description protocol (Session Description Protocol, SDP) body of the target device according to the end-to-end connection request response;
Acquiring an internet protocol address (Internet Protocol, IP) address of the user equipment by regularly filtering the SDP inclusion;
and sending the IP address of the user equipment to the server.
Illustratively, an end-to-end P2P connection with the target device may be created by determining the browser model, making a call to the browser's own webRTC function. For example, google browser has its own webRTC function webkitRTCPeerConnection and firefox browser has its own webRTC function mozRTCPeerConnection.
In this embodiment, the browser is a google browser, and the target device is a google server stun: stun.l.google.com:19302. The google browser on the user equipment creates P2P connection with the google server stun.l.google.com 19302 by calling webkitRTCPeerConnection, sends a P2P connection request to the google server stun.l.google.com 19302, and receives an SDP inclusion responded by the google server stun.l.google.com 19302 according to the P2P connection request; and obtaining the IP address of the user equipment by regularly filtering SDP inclusion content.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
Acquiring characteristic information of the browser according to the attack tracing instruction;
Carrying out hash conversion on the characteristic information to generate an ID of user equipment;
And sending the ID of the user equipment to the server.
The characteristic information of the browser is a User Agent (UA) of the browser. According to the browser UA, obtaining information such as browser default language, color width and color depth values of equipment, memory values allocated to the browser, core number of a central processing unit (Central Processing Unit/Processor, CPU), screen resolution, display information, CPU model number, an operating system, whether the browser starts privacy protection, browser plug-in information, font library, audio fingerprint and the like, and then performing hash conversion to generate unique identification information (Identity document, ID) of user equipment.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
polling each IP in a network segment of the local area network of the user equipment according to the attack tracing instruction, and acquiring the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP quantity and the use state of each IP to a server.
Illustratively, asynchronous polling requests are generated by timers with asynchronous Javascript and XML (Asynchronous Javascript And XML (extensible markup language, extensible Markup Language), ajax). After generating an asynchronous polling request, polling each IP in a network segment of a local area network of user equipment; and acquiring the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network. For example, asynchronous polling requests are sent to each IP in the network segment of the local area network, so that each IP in the network segment of the local area network is polled. After sending an asynchronous polling request to each IP in a network segment of the local area network, receiving a status code returned by each IP in the network segment of the local area network, determining the use status of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network according to each status code, and sending the use status of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network to a server. After receiving the use state of each IP in the network segment of the local area network and the IP number in the network segment of the local area network, the server locates the network environment of the attacker according to the use state of each IP in the network segment of the local area network and the IP number in the network segment of the local area network.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
Generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website;
filling an account password which is stored in advance by the browser and is logged in the target website into a page of the target Iframe;
inquiring DOM elements corresponding to the page of the target Iframe, and acquiring the account password;
and sending the account password to the server.
Illustratively, in this embodiment, the size of the target Iframe page is less than or equal to the preset pixel value, so that an attacker cannot easily perceive the target Iframe page. For example, the target Iframe page may be an Iframe page of 1 px. If the attacker browser starts the account number and password for automatically filling the login target website, the browser automatically fills the prestored account number and password for logging in the target website into the page of the Iframe. Inquiring DOM elements corresponding to the page of the target Iframe, and acquiring the account password; and sending the account password to the server. After receiving the account number, the server monitors whether the account number is stolen or not or whether the account number is attacked by the account number.
In one embodiment, tracing the attacker according to the attack tracing instruction includes:
Generating a second page according to the attack tracing instruction, wherein an execution function is added in a title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises account passwords and information of user bookmark favorites;
And sending the user information to the server.
If the user equipment installs an extension program for calling the title, an execution function is triggered, user information pre-stored in the browser is obtained by executing the execution function, the user information comprises account passwords and information of user bookmark favorites, the user information is sent to the server, and after the server receives the user information, specific information of an attacker is analyzed according to the user information.
According to the attack tracing method provided by the embodiment of the disclosure, if an attacker is detected to generate an attack on user equipment, indication information is sent to a server, wherein the indication information is used for indicating the attack; receiving an attack tracing instruction sent by the server; the attack behavior of the attacker is traced according to the attack tracing instruction, so that the attack behavior can be traced when the attacker is detected to occur on the user equipment, and the security of the network environment is effectively improved.
Fig. 2 is a block diagram of an attack tracing device provided in an embodiment of the present disclosure. The device 20 is applied to a browser. As shown in fig. 2, the apparatus 20 includes:
The instruction information sending module 201 is configured to send instruction information to a server if an attacker is detected to generate an attack on a user device, where the instruction information is used to indicate that the attack is generated;
the attack tracing instruction receiving module 202 is configured to receive an attack tracing instruction sent by the server;
And the attack behavior tracing module 203 is configured to trace the attack behavior of the attacker according to the attack tracing instruction.
In one embodiment, the attack activity tracing module 203 is configured to:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
Receiving a Flash update instruction input by a user on the first page;
acquiring the permission of the Flash application to access the camera and the microphone of the user equipment according to the Flash updating instruction;
After the use rights of the camera and the microphone are obtained, generating a target flash application;
Starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker and sound information of the attacker through the camera;
and sending the photo information and the sound information to the server.
In one embodiment, the attack activity tracing module 203 is configured to:
Sending an end-to-end connection request to target equipment according to the attack tracing instruction;
receiving an SDP inclusion responded by the target equipment according to the end-to-end connection request;
acquiring the IP address of the user equipment by regularly filtering the SDP inclusion;
and sending the IP address of the user equipment to the server.
In one embodiment, the attack activity tracing module 203 is configured to:
Acquiring characteristic information of the browser according to the attack tracing instruction;
Performing hash conversion on the characteristic information to generate an ID of user equipment;
And sending the ID of the user equipment to the server.
In one embodiment, the attack activity tracing module 203 is configured to:
polling each IP in a network segment of the local area network of the user equipment according to the attack tracing instruction, and acquiring the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP quantity and the use state of each IP to the server.
In one embodiment, the attack activity tracing module 203 is configured to:
Generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website;
filling an account password which is stored in advance by the browser and is logged in the target website into a page of the target Iframe;
inquiring DOM elements corresponding to the page of the target Iframe, and acquiring the account password;
and sending the account password to the server.
In one embodiment, the attack activity tracing module 203 is configured to:
Generating a second page according to the attack tracing instruction, wherein an execution function is added in the title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises account passwords and information of user bookmark favorites;
And sending the user information to the server.
The implementation process and the technical effect of the attack behavior tracing device provided by the embodiment of the present disclosure may be referred to the embodiment of fig. 1, and are not described herein.
Fig. 3 is a block diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 3, the electronic device 30 includes:
A processor 301 and a memory 302, wherein the memory 302 stores at least one computer instruction, and the instruction is loaded and executed by the processor 301 to implement the attack behavior tracing method described in the above method embodiment.
Based on the attack tracing method described in the foregoing embodiment corresponding to fig. 1, the embodiment of the disclosure further provides a computer readable storage medium, for example, the non-transitory computer readable storage medium may be a Read Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and so on. The storage medium stores computer instructions for executing the attack behavior tracing method described in the embodiment corresponding to fig. 1, which is not described herein.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (9)
1. The attack tracing method is characterized by being applied to a browser and comprising the following steps of:
If the attacker is detected to generate the attack action on the user equipment, sending indication information to a server, wherein the indication information is used for indicating the attack action;
receiving an attack tracing instruction sent by the server;
Tracing the attack behavior of the attacker according to the attack tracing instruction;
the tracing the attacker according to the attack tracing instruction comprises:
Generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website, and the size of the target Iframe page is smaller than or equal to a preset pixel value; if an attacker browser starts an account number password for automatically filling a login target website, automatically filling the account number password which is stored in advance by the browser and used for logging in the target website into a page of the target Iframe; inquiring DOM elements corresponding to the page of the target Iframe, and acquiring the account password; and sending the account password to the server.
2. The method of claim 1, wherein after the sending the account password to the server, the method further comprises:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
Receiving a Flash update instruction input by a user on the first page;
acquiring the permission of the Flash application to access the camera and the microphone of the user equipment according to the Flash updating instruction;
After the use rights of the camera and the microphone are obtained, generating a target flash application;
Starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker and sound information of the attacker through the camera;
and sending the photo information and the sound information to the server.
3. The method of claim 1, wherein after the sending the account password to the server, the method further comprises:
Sending an end-to-end connection request to target equipment according to the attack tracing instruction;
receiving an SDP inclusion responded by the target equipment according to the end-to-end connection request;
acquiring the IP address of the user equipment by regularly filtering the SDP inclusion;
and sending the IP address of the user equipment to the server.
4. The method of claim 1, wherein after the sending the account password to the server, the method further comprises:
Acquiring characteristic information of the browser according to the attack tracing instruction;
Performing hash conversion on the characteristic information to generate an ID of user equipment;
And sending the ID of the user equipment to the server.
5. The method of claim 1, wherein after the sending the account password to the server, the method further comprises:
polling each IP in a network segment of the local area network of the user equipment according to the attack tracing instruction, and acquiring the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP quantity and the use state of each IP to the server.
6. The method of claim 1, wherein after the sending the account password to the server, the method further comprises:
Generating a second page according to the attack tracing instruction, wherein an execution function is added in the title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises account passwords and information of user bookmark favorites;
And sending the user information to the server.
7. The attack traceability device is characterized by being applied to a browser and comprising the following components:
the system comprises an indication information sending module, a server and a control module, wherein the indication information sending module is used for sending indication information to the server if an attacker is detected to generate an attack on user equipment, and the indication information is used for indicating the attack;
The attack tracing instruction receiving module is used for receiving an attack tracing instruction sent by the server;
the attack behavior tracing module is used for tracing the attack behavior of an attacker according to the attack tracing instruction;
The attack behavior tracing module is used for: generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website, and the size of the target Iframe page is smaller than or equal to a preset pixel value; if an attacker browser starts an account number password for automatically filling a login target website, automatically filling the account number password which is stored in advance by the browser and used for logging in the target website into a page of the target Iframe; inquiring DOM elements corresponding to the page of the target Iframe, and acquiring the account password; and sending the account password to the server.
8. An electronic device comprising a processor and a memory having stored therein at least one computer instruction that is loaded and executed by the processor to implement the steps performed in the attack-tracing method of any one of claims 1 to 6.
9. A computer readable storage medium having stored therein at least one computer instruction that is loaded and executed by a processor to implement the steps performed in the attack-tracing method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111577925.9A CN114363022B (en) | 2021-12-22 | 2021-12-22 | Attack tracing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111577925.9A CN114363022B (en) | 2021-12-22 | 2021-12-22 | Attack tracing method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363022A CN114363022A (en) | 2022-04-15 |
| CN114363022B true CN114363022B (en) | 2024-05-24 |
Family
ID=81101395
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111577925.9A Active CN114363022B (en) | 2021-12-22 | 2021-12-22 | Attack tracing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363022B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471883A (en) * | 2015-12-10 | 2016-04-06 | 中国电子科技集团公司第三十研究所 | Tor network tracing system and tracing method based on web injection |
| CN107341375A (en) * | 2016-12-09 | 2017-11-10 | 北京安天网络安全技术有限公司 | A kind of method and system for the attacker that traced to the source based on Web page picture secret mark |
| CN108616538A (en) * | 2018-04-28 | 2018-10-02 | 北京网思科平科技有限公司 | Attacker's formation gathering method, system, terminal, server and its storage medium |
| CN111898128A (en) * | 2020-08-04 | 2020-11-06 | 北京丁牛科技有限公司 | Defense method and device for cross-site scripting attack |
| CN113676485A (en) * | 2021-08-27 | 2021-11-19 | 中国电信股份有限公司 | Virtual reality interaction method and device, storage medium and electronic equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9762611B2 (en) * | 2016-02-16 | 2017-09-12 | Cylance Inc. | Endpoint-based man in the middle attack detection using machine learning models |
-
2021
- 2021-12-22 CN CN202111577925.9A patent/CN114363022B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471883A (en) * | 2015-12-10 | 2016-04-06 | 中国电子科技集团公司第三十研究所 | Tor network tracing system and tracing method based on web injection |
| CN107341375A (en) * | 2016-12-09 | 2017-11-10 | 北京安天网络安全技术有限公司 | A kind of method and system for the attacker that traced to the source based on Web page picture secret mark |
| CN108616538A (en) * | 2018-04-28 | 2018-10-02 | 北京网思科平科技有限公司 | Attacker's formation gathering method, system, terminal, server and its storage medium |
| CN111898128A (en) * | 2020-08-04 | 2020-11-06 | 北京丁牛科技有限公司 | Defense method and device for cross-site scripting attack |
| CN113676485A (en) * | 2021-08-27 | 2021-11-19 | 中国电信股份有限公司 | Virtual reality interaction method and device, storage medium and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 基于浏览器脚本注入的追踪溯源技术研究;李晓云;中国优秀硕士学位论文全文数据库;20190815;第18-42页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363022A (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9418218B2 (en) | Dynamic rendering of a document object model | |
| CN107077410B (en) | Analyzing client application behavior to detect anomalies and prevent access | |
| JP4395178B2 (en) | Content processing system, method and program | |
| US20190303601A1 (en) | Apparatus and Method for Securing Web Application Server Source Code | |
| EP2642718B1 (en) | Dynamic rendering of a document object model | |
| US8904492B2 (en) | Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus | |
| US20190222587A1 (en) | System and method for detection of attacks in a computer network using deception elements | |
| CN110839039B (en) | Intruder countercheck method and device | |
| CN113645253A (en) | Attack information acquisition method, device, equipment and storage medium | |
| CN109446801B (en) | Method, device, server and storage medium for detecting simulator access | |
| Kaur et al. | Browser fingerprinting as user tracking technology | |
| CN113190838A (en) | Web attack behavior detection method and system based on expression | |
| EP2973192B1 (en) | Online privacy management | |
| CN107908956B (en) | Resource access request monitoring method and device and readable storage medium | |
| US20190012454A1 (en) | Validating sign-out implementation for identity federation | |
| CN114157568A (en) | Browser security access method, device, equipment and storage medium | |
| CN114124414B (en) | Method and device for generating honey service, method for capturing attack behavior data, computer equipment and storage medium | |
| CN114363022B (en) | Attack tracing method and device, electronic equipment and storage medium | |
| CN106209746B (en) | Security service providing method and server | |
| CN108509229B (en) | Window cross-domain control method, terminal equipment and computer readable storage medium | |
| KR101234592B1 (en) | Method of driving vaccine program of web browser in cell phone having Android operating system | |
| JP6413540B2 (en) | Relay device, data processing system, and program | |
| CN108804713B (en) | Image output method, electronic device, and computer-readable medium | |
| KR101731838B1 (en) | Apparatus and Method for Scanning Vulnerability of Web Site Based Java Script | |
| CN114978691B (en) | Camouflage method, device and medium for honeypot |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |