CN114567459B - System and method for automatically generating attack vector of intranet XSS platform - Google Patents

System and method for automatically generating attack vector of intranet XSS platform Download PDF

Info

Publication number
CN114567459B
CN114567459B CN202210112733.9A CN202210112733A CN114567459B CN 114567459 B CN114567459 B CN 114567459B CN 202210112733 A CN202210112733 A CN 202210112733A CN 114567459 B CN114567459 B CN 114567459B
Authority
CN
China
Prior art keywords
attack
attack vector
xss
vector
platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210112733.9A
Other languages
Chinese (zh)
Other versions
CN114567459A (en
Inventor
陈生虎
张立鹏
张宇森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Caicaibao Internet Service Co ltd
Original Assignee
Guizhou Caicaibao Internet Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Caicaibao Internet Service Co ltd filed Critical Guizhou Caicaibao Internet Service Co ltd
Priority to CN202210112733.9A priority Critical patent/CN114567459B/en
Publication of CN114567459A publication Critical patent/CN114567459A/en
Application granted granted Critical
Publication of CN114567459B publication Critical patent/CN114567459B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an internal network XSS platform attack vector automatic generation system and a method, comprising a WEB server, an interactive command, an attack vector callback interface route and an XSS attack vector library; the WEB server is used for initializing an XSS attack vector library after being started; the interactive command line is used for dynamically configuring relevant attack vector interface routes through user input and automatically generating attack vectors; and the attack vector callback interface route is used for receiving the attack result, storing and displaying the current attack result. The invention realizes the cross-platform rapid deployment of the XSS platform system in the intranet environment, dynamically configures system parameters through an interactive command line, automatically generates the attack vector without manual operation, and has high speed and high effectiveness.

Description

System and method for automatically generating attack vector of intranet XSS platform
Technical Field
The invention relates to an intranet XSS platform attack vector automatic generation system and method.
Background
With the development of WEB technologies, network attacks are diversified, wherein an XSS cross site scripting attack is the most common vulnerability in a WEB application program, and if the WEB application program directly outputs input data of a user without effective detection, the XSS cross site scripting attack is caused.
The XSS vulnerability utilization needs to be supported by a related XSS platform, a current main XSS platform system depends on related components, most of the XSS platform system is deployed in a public network system, the deployment is relatively complex, safety testers need to spend a large amount of time to build an environment during intranet testing, related attack vectors need to be manually operated, the speed is low, and the effectiveness is poor.
Disclosure of Invention
The invention aims to provide an XSS test platform in an intranet environment. The method realizes cross-platform quick construction and deployment of the XSS platform through interactive commands without depending on relevant environments and graphical interfaces, and has the advantages of automatic generation of attack vectors, high speed and high effectiveness.
In order to solve the technical problems, the technical scheme of the invention is as follows:
an internal network XSS platform attack vector automatic generation system comprises a WEB server, an interactive command, an attack vector callback interface route and an XSS attack vector library;
the WEB server is used for initializing an XSS attack vector library after being started;
the interactive command is used for dynamically configuring relevant attack vector callback interface routes through user input and automatically generating attack vectors;
and the attack vector callback interface route is used for receiving the attack result, storing and displaying the current attack result.
A generation method of an internal network XSS platform attack vector automatic generation system is based on GO language and comprises the following steps:
the method comprises the following steps: starting a WEB server through a starting parameter, and initializing an attack XSS vector library;
step two: inputting a dynamic configuration related attack vector interface route through a user interactive command, and automatically generating an attack vector;
step three: and (4) callback attack vector callback interface routing receives the attack result, stores and displays the current attack result.
Preferably, the starting the WEB server through the start parameter includes configuring a local binding address and a port of the platform through the start parameter during the operation.
Preferably, the dynamically configuring the attack vector interface route through the user interactive command input includes identifying the interactive command input by the user, configuring an open route and receiving parameters in the WEB server, and automatically generating an attack vector according to the configured route and displaying the attack vector to the user through the interactive command.
Preferably, the attack vector callback interface route receiving attack results include that after the tested terminal successfully attacks, relevant WEB browser data can be received through the attack vector callback interface route, local storage is carried out, and the attack results are displayed by calling an interactive command.
Compared with the prior art, the invention has the following beneficial effects:
the system and the method for automatically generating the attack vector of the intranet XSS platform open WEB service by starting parameters and initialize an attack vector library; inputting a dynamic configuration related attack vector interface route through a user interactive command, and automatically generating an attack vector; and receiving the attack result by using an attack vector callback interface, and storing and displaying the current attack result. The method has the advantages that the XSS platform system can be rapidly deployed in an intranet environment in a cross-platform mode, system parameters are dynamically configured through interactive commands, attack vectors are automatically generated without manual operation, and the method is high in speed and high in effectiveness.
Drawings
FIG. 1 is an overall block diagram of an intranet XSS platform attack vector automatic generation system according to the present invention;
FIG. 2 is a flow chart of interactive commands of the present invention;
FIG. 3 is a frame diagram of the WEB server according to the present invention;
fig. 4 is a flow chart of the routing interface data reception of the present invention.
Detailed Description
The following further describes embodiments of the present invention with reference to the drawings. It should be noted that the description of the embodiments is provided to help understanding of the present invention, but the present invention is not limited thereto. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Referring to fig. 1, the system for automatically generating the attack vector of the intranet XSS platform of the present invention comprises a WEB server, an interactive command, an attack vector callback interface route and an XSS attack vector library;
the WEB server is used for initializing an XSS attack vector library after being started;
the interactive command is used for dynamically configuring relevant attack vector interface routes through user input and automatically generating attack vectors;
and the attack vector callback interface route is used for receiving the attack result, storing and displaying the current attack result.
The generation method of the automatic generation system of the internal network XSS platform attack vector based on the GO language comprises the following steps:
the method comprises the following steps: starting a WEB server through a starting parameter, and initializing an attack XSS vector library;
step two: as shown in fig. 2, relevant attack vector callback interface routes are dynamically configured by user interactive command input, and attack vectors are automatically generated; specifically, a callback interface route of the WEB server can be dynamically configured through a configuration instruction input by a user, and an attack vector suitable for current configuration is generated through the current successfully configured interface route. As shown in fig. 3, the WEB server includes a configuration unit, an interface route, and a storage unit.
Step three: and (4) callback attack vector callback interface routing receives the attack result, stores and displays the current attack result. As shown in fig. 4, after the user uses the attack vector at the tested end, the data of the WEB browser is sent to the callback interface of the current configuration, the attack result is classified and stored according to the current configuration and is displayed and output to the interactive command, and similarly, the interactive command instruction can be called at any time to display the attack result set.
Furthermore, starting the WEB server through the start parameter comprises configuring a local binding address and a local binding port of the platform through the start parameter during operation.
Further, the step of inputting the dynamic configuration attack vector interface route through the user interactive command comprises the steps of identifying the interactive command input by the user, configuring an open route and receiving parameters in the WEB server, automatically generating an attack vector according to the configured route and displaying the attack vector to the user through a command line.
Furthermore, the attack vector callback interface route receives the attack result, wherein after the attack is successful by the tested end, the attack vector callback interface route can receive related WEB browser data, the related WEB browser data is locally stored, and the attack result is displayed by calling an interactive command.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the described embodiments. It will be apparent to those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, and the scope of protection is still within the scope of the invention.

Claims (4)

1. An automatic generating system of an attack vector of an intranet cross-site script XSS platform is characterized in that: the method comprises a WEB server, an interactive command, an attack vector callback interface route and an XSS attack vector library;
the WEB server is used for initializing an XSS attack vector library after being started;
the interactive command is used for inputting a dynamic configuration attack vector interface route through a user interactive command, including identifying the interactive command input by the user, configuring an open route and receiving parameters in a WEB server, automatically generating an attack vector according to the configured route and displaying the attack vector to the user through the interactive command;
and the attack vector callback interface route is used for receiving the attack result, storing and displaying the current attack result.
2. The generation method of the intranet XSS platform attack vector automatic generation system according to claim 1, based on the GO language, comprising the steps of:
the method comprises the following steps: starting a WEB server through a starting parameter, and initializing an attack XSS vector library;
step two: inputting a dynamic configuration attack vector interface route through a user interactive command, wherein the dynamic configuration attack vector interface route comprises the steps of identifying the interactive command input by the user, configuring an open route and receiving parameters in a WEB server, automatically generating an attack vector according to the configured route and displaying the attack vector to the user through the interactive command;
step three: and (4) callback attack vector callback interface routing receives the attack result, stores and displays the current attack result.
3. The generation method of the intranet XSS platform attack vector automatic generation system according to claim 2, wherein: the starting of the WEB server through the starting parameters comprises the step of configuring a local binding address and a port of the platform through the starting parameters during operation.
4. The generation method of the intranet XSS platform attack vector automatic generation system according to claim 2, wherein: and after the attack of the tested end is successful, the attack vector callback interface route receives the attack result, namely, the related WEB browser data can be received through the attack vector callback interface route, the local storage is carried out, and the attack result is displayed by calling an interactive command.
CN202210112733.9A 2022-01-29 2022-01-29 System and method for automatically generating attack vector of intranet XSS platform Active CN114567459B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210112733.9A CN114567459B (en) 2022-01-29 2022-01-29 System and method for automatically generating attack vector of intranet XSS platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210112733.9A CN114567459B (en) 2022-01-29 2022-01-29 System and method for automatically generating attack vector of intranet XSS platform

Publications (2)

Publication Number Publication Date
CN114567459A CN114567459A (en) 2022-05-31
CN114567459B true CN114567459B (en) 2023-04-14

Family

ID=81714814

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210112733.9A Active CN114567459B (en) 2022-01-29 2022-01-29 System and method for automatically generating attack vector of intranet XSS platform

Country Status (1)

Country Link
CN (1) CN114567459B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8949990B1 (en) * 2007-12-21 2015-02-03 Trend Micro Inc. Script-based XSS vulnerability detection
CN107103241A (en) * 2017-03-15 2017-08-29 广西科技大学 A kind of method of testing for automatically generating storage-type XSS attack vector
CN107046533A (en) * 2017-03-15 2017-08-15 广西科技大学 A kind of automatic generation method of storage-type XSS attack vector
CN111797407B (en) * 2020-09-08 2021-05-07 江苏开博科技有限公司 XSS vulnerability detection method based on deep learning model optimization

Also Published As

Publication number Publication date
CN114567459A (en) 2022-05-31

Similar Documents

Publication Publication Date Title
CN105389222B (en) A kind of methods, devices and systems of dynamic call native interface
KR101008977B1 (en) Method of testing OSGi service platform and test tool thereof
CN109525461A (en) A kind of test method of the network equipment, device, equipment and storage medium
CN108347356A (en) A kind of multi-protocols unit test method, device, electronic equipment and storage medium
CN112988608B (en) Data testing method and device, computer equipment and storage medium
CN112015573A (en) Interface data simulation method and device and electronic equipment
US20080118038A1 (en) Media gateway testing device and method
CN110896366A (en) Network card function testing method and device of multi-network card equipment and storage medium
CN110018956A (en) Using adjustment method and relevant apparatus
CN114567459B (en) System and method for automatically generating attack vector of intranet XSS platform
CN112543478B (en) WiFi module automatic test method and device, computer equipment and storage medium
CN109976773B (en) Deployment method and device of game testing environment
CN111104331A (en) Software management method, terminal device and computer-readable storage medium
CN112511386B (en) Vehicle-mounted Ethernet test method and system based on robotframe and Ethernet test equipment
CN116010254A (en) Performance detection method and system in system research and development stage
CN115442260A (en) Data transmission method, terminal device and storage medium
CN116132357A (en) Test information determining method, device and computer readable storage medium
US20220337476A1 (en) Internet-Of-Things Model-Based Virtual Internet-Of-Things Device Generation Method and Apparatus
CN112433938A (en) Method and device for testing application of mobile terminal
CN113961504A (en) Mobile terminal group control method, device, system, server and storage medium
CN107634851B (en) Method for dynamically configuring server by mobile terminal
CN111082984A (en) Method and device for simulating login of network equipment to carry out command line interaction
CN112579872B (en) Network resource access intermediary system based on resource plug-in and processing method thereof
CN111158969B (en) Data processing method, electronic device and storage medium
CN108959066A (en) A kind of method and system tested automatically, test terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant