CN115221529A - Method and system for injecting abnormity of front-end webpage - Google Patents
Method and system for injecting abnormity of front-end webpage Download PDFInfo
- Publication number
- CN115221529A CN115221529A CN202211116656.0A CN202211116656A CN115221529A CN 115221529 A CN115221529 A CN 115221529A CN 202211116656 A CN202211116656 A CN 202211116656A CN 115221529 A CN115221529 A CN 115221529A
- Authority
- CN
- China
- Prior art keywords
- injection
- exception
- instruction
- abnormal
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000002347 injection Methods 0.000 claims abstract description 212
- 239000007924 injection Substances 0.000 claims abstract description 212
- 230000002159 abnormal effect Effects 0.000 claims abstract description 77
- 238000013515 script Methods 0.000 claims abstract description 15
- 238000004590 computer program Methods 0.000 claims description 6
- 230000005856 abnormality Effects 0.000 claims description 3
- 238000004088 simulation Methods 0.000 abstract description 4
- 238000011161 development Methods 0.000 abstract description 3
- 238000005553 drilling Methods 0.000 abstract description 3
- 238000011076 safety test Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000010354 integration Effects 0.000 description 2
- 210000001503 joint Anatomy 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001376 precipitating effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/128—Restricting unauthorised execution of programs involving web programs, i.e. using technology especially used in internet, generally interacting with a web browser, e.g. hypertext markup language [HTML], applets, java
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
Abstract
The invention discloses an exception injection method and system for a front-end webpage, wherein the method comprises the following steps: setting an injection tool package, wherein the injection tool package comprises a basic abnormal type, a trusted third party tool type and a user-defined script type; receiving an exception injection instruction, injecting the exception into a browser through an injection toolkit according to the exception injection instruction, loading a webpage containing the injection toolkit by the browser, acquiring the exception to be injected according to the exception injection instruction, running the exception and displaying the exception to the page; and refreshing the injection toolkit, continuing injection if a new injection instruction exists, and removing injection if no injection instruction exists. The method integrates the front-end abnormal injection toolkit, introduces the injection toolkit through the webpage to select injection types, simulates various front-end abnormal scenes, and quickly realizes injection schemes of various front-end abnormal scenes, so that the front end can also carry out daily safety test, fault drilling, development fault simulation and the like, and the technical significance of hot plug and hot plug is realized.
Description
Technical Field
The application relates to an exception injection method, in particular to a full-scene exception injection method for a front-end webpage.
Background
The internet market is increasingly huge, related technical means are gradually enriched, and the accompanying requirements are gradually diversified. Technical managers in various enterprises begin to think about how to ensure that the service provides uninterrupted, stable, reliable and credible service for users in the operation process, so that various products simulating abnormity and simulating system attack through tools are produced. At present, the prevention for the front-end problem is weak, and the research and development for the front-end injection tool are rare. However, the problem of the front-end failure is also important, for example, a page is crashed, a jump is redirected to a phishing website, or the monitoring discovery rate of the front-end failure is low, which depends on the feedback of a client and manual discovery, and when the front-end failure occurs, the discovery duration and the repair duration of the failure are both long.
The front-end abnormal injection function in the market still has great defects, such as less design scenes, complex operation, lack of experimental simulation, difficulty in expanding and precipitating scenes and the like. Moreover, the injection capabilities are biased to a single browser and a single user, and the situation that a full stack user injects an exception at the same time and the platform cannot be realized cannot be achieved.
Disclosure of Invention
In order to enable the front-end abnormal injection to carry out the injection of a whole scene and the injection of a whole stack, the application provides an abnormal injection method of a front-end webpage.
An exception injection method for a front-end webpage comprises the following steps:
setting an injection tool package, wherein the injection tool package comprises a basic abnormal type, a trusted third party tool type and a user-defined script type;
receiving an exception injection instruction, injecting the exception into a browser through an injection toolkit according to the exception injection instruction, loading a webpage containing the injection toolkit by the browser, acquiring the exception to be injected according to the exception injection instruction, operating the exception and displaying the exception to the page;
and refreshing the injection toolkit, continuing injection if a new injection instruction exists, and removing injection if no injection instruction exists.
Further, the exception injection instruction comprises instruction information, exception information and machine information, wherein the instruction information, the exception information or the machine information comprises exception parameters, and the exception parameters comprise an exception scenario ID, a machine ID and type selection of an injection toolkit.
Further, running the exception and displaying the exception to a page specifically includes:
receiving an abnormal parameter in an abnormal injection instruction, and judging whether the abnormal parameter can be executed or not; introducing the injection toolkits through a header file of a webpage, and selecting one type of the injection toolkits; and assembling the execution parameters of the selected type, converting the execution parameters into corresponding execution instructions, executing the exception, and returning to the front end to display an exception page.
Further, if the exception injection fails, other types in the injection tool kit are reselected, the execution parameters are reassembled, the execution parameters are converted into corresponding execution instructions, the exception is executed, and the front end is returned to display the exception page.
Further, after receiving the exception injection instruction, the method further comprises: and storing or deleting the corresponding abnormal injection instruction in the database.
Further, the basic exception types comprise JS injection errors, XSS cross-domain attacks, resource exceptions, request exceptions or set server IP exceptions, SQL injection type template exceptions or CRLF injection errors
Further, the trusted third party tool type comprises an npm packet type or a script type.
The method further comprises an exception removing method which receives the exception removing instruction, deletes the corresponding exception injection instruction, removes the exception injection and displays the page of the exception injection removing.
The invention also discloses an abnormal injection system for realizing the method, which comprises a user side and an injection end;
the user side comprises a browser, the injection end comprises a console and a front-end server, and the user side receives an abnormal injection instruction pulled from the injection end and injects an abnormality through the abnormal injection instruction;
the front-end server stores an injection tool package, wherein the injection tool package comprises a basic exception type, a trusted third party tool type and a user-defined script type;
the console receives an abnormal injection instruction and stores the abnormal injection instruction;
the browser acquires an instruction needing to be injected with an exception from a console, loads a webpage containing an injection tool package from a front-end server, acquires the exception needing to be injected from the injection tool package according to the exception injection instruction, runs the exception and displays the exception to the webpage, refreshes the injection tool, continues to inject if a new injection instruction exists, and releases injection if no injection instruction exists.
The invention has the beneficial effects that:
the method integrates the front-end abnormal injection toolkit, and introduces the injection toolkit through the webpage to select injection abnormal types and injection methods, so as to simulate various front-end abnormal scenes, and can quickly realize injection schemes of various front-end abnormal scenes, so that the front end can also perform daily safety test, fault drilling, development fault simulation and the like, and the technical significance of 'hot plug and hot plug' is realized. And moreover, the integration of the injection toolkit reduces the technical threshold, improves the working efficiency, shortens the project period and has practical landing practical significance.
In addition, the injection toolkit in the scheme can be infinitely expanded, abnormal contents can be updated, the front-end abnormal test of the platform is realized, and various abnormal injections are supported.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow diagram of the process.
Detailed Description
In order to make the purpose, features and advantages of the present application more obvious and understandable, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the embodiments described below are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The invention is further elucidated with reference to the drawings and the embodiments.
Example 1
A method for injecting an exception into a front-end web page, as shown in fig. 1, includes the following steps:
s1, setting an injection tool package, wherein the injection tool package comprises three types of tool packages, namely a basic exception type, a trusted third party tool type and a user-defined script type. The injection toolkit is stored in the front-end server, and the user end needs to access the injection toolkit. The number of the front-end servers is generally multiple, each front-end server accesses a corresponding application, and the more the front-end servers are, the more the applications are.
And S2, receiving an exception injection instruction, and injecting the exception into the browser through an injection toolkit according to the exception injection instruction. And the user side receives the exception injection instruction and injects exceptions according to the exception injection instruction.
The browser pulls an abnormal injection instruction from the console and loads a webpage containing an injection toolkit from the front-end server; and the browser acquires the exception to be injected from the injection toolkit according to the exception injection instruction, and runs the exception by using the injection toolkit and displays the exception to a front-end page.
And S3, refreshing the injection toolkit, continuing injection if a new injection instruction exists, and removing injection if no injection instruction exists.
The basic exception types in the step S1 include JS injection error, XSS cross-domain attack, resource exception, request exception or set server IP exception, SQL injection type template exception, or CRLF injection error. The request exception comprises fake websocket request, fake/modified interface response and mobile end app crash.
The trusted third party tool type includes an npm packet type or a script type. The Npm package is a toolkit for large enterprises with dedicated personnel to maintain open sources, such as byte or ali developed outbound tools, whistle tools.
Step S2 also includes storing an exception injection instruction. And selecting a storage mode of the instruction according to the configuration of the user sending the exception injection request, converting the instruction into an instruction mode corresponding to a third-party tool for storage if the third-party tool is a trusted third-party tool, and directly storing the instruction in the console if the third-party tool is a basic exception type or a custom script type.
The exception injection instruction comprises instruction information, exception information and machine information. The instruction information, the exception information or the machine information comprises exception parameters, and the exception parameters comprise exception scene ID, machine ID and type selection of the injection tool kit. The instruction information and the exception information have a corresponding relationship, for example, instruction 1 indicates that JS injection is wrong. The exception parameter is a part of information, and the parameter is called when executing, for example, the machine information includes a machine ID and machine state information, the machine ID refers to an ID of the front-end server, the parameter is called to participate in executing the exception task, the machine state information is stored in the console, and the parameter needs to be called when other needs are needed. The machine information is manually configured into the console.
In step S2, the browser pulls an exception injection instruction from the console, so as to implement injection and operation display of the front-end exception, which specifically includes:
s21, receiving the abnormal parameters in the abnormal injection instruction and judging whether the abnormal parameters can be executed or not. The exception parameters include an exception scenario ID, a machine ID, and a type selection of an injection toolkit, which is numbered as a tool parameter. The abnormal scene ID is an abnormal type number, and for example, the JS injection error ID is 1.
And S22, introducing the injection toolkit through the header file of the webpage, and selecting one type of the injection toolkit, such as a basic exception type. Generally, three types of injection kits are set as priorities, basic exception types are set as default choices, and one of the tools is automatically selected according to the priorities.
The header file refers to < head > element in the webpage HTML, and scripts (scripts), style files (CSS) and various meta information can be inserted into the < head > element; the element tags that can be added to the header area are of the types < title >, < style >, < meta >, < link >, < script >, < base >, etc.
And S23, assembling the execution parameters of the selected types, converting the execution parameters into corresponding execution instructions, executing exception, and returning to the front end to display an exception page. Different types of tools in the injection tool kit have different execution parameters, different execution parameter groups exist for the same exception scene, and the exception instruction is executed according to the execution parameter group corresponding to the selected type. For example, if the execution request is abnormal, the web page request is intercepted and the request content is replaced by the request state, the error content and the like in the execution parameters, so that the fault purpose is realized.
S24, if the abnormal injection fails, other types in the injection tool kit are reselected, the execution parameters are reassembled, the execution parameters are converted into corresponding execution instructions, the abnormal operation is executed, and the front end display abnormal page is returned.
This step is an alternative step, which is initiated when the injection fails, looks at other channels in the injection toolkit, redraws the execution type, and assembles the execution parameter execution instruction in the execution type.
And step S3, removing the abnormal injection after no new abnormal injection instruction exists, and displaying the page after the injection is removed.
And S3, a natural release step in the injection process, wherein the scheme also comprises an instruction release method, the console receives the abnormal release instruction and deletes the corresponding abnormal injection instruction, so that the abnormal injection is released, and the page of the abnormal release injection is displayed.
The method integrates the front-end abnormal injection toolkit, introduces the injection toolkit through the webpage to select the injection method and the abnormal type, simulates various front-end abnormal scenes, can quickly realize the injection scheme of various front-end abnormal scenes, is convenient for the front end to carry out daily safety test, fault drilling, development fault simulation and the like, and realizes the technical significance of hot plug and hot plug. And moreover, the integration of the injection toolkit reduces the technical threshold, improves the working efficiency, shortens the project period and has practical landing practical significance.
In addition, the injection toolkit in the scheme can be infinitely expanded, abnormal contents can be updated, the front-end abnormal test of the platform is realized, and various abnormal injections are supported.
Example 2
An anomaly injection system for implementing the method of embodiment 1, comprising:
a user side and an injection side; as shown in fig. 1, the user side includes a browser, the injection end includes a console and a front-end server, and the user side requests the injection end to perform exception injection, receives an exception injection command pulled from the injection end, and injects an exception through the exception injection command.
The front-end server is a front-end application machine for deploying business operation, one system comprises a plurality of front-end servers, the machine ID refers to the ID of each front-end server, each front-end server stores an injection tool package, and the injection tool package comprises a basic exception type, a trusted third-party tool type and a user-defined script type. The front-end server is here a linux front-end server.
The basic exception types comprise JS injection errors, XSS cross-domain attacks, resource exceptions, request exceptions or set server IP exceptions, SQL injection type template exceptions or CRLF injection errors. The request exception comprises fake websocket request, fake/modified interface response and mobile end app crash.
The trusted third party tool type includes an npm packet type or a script type. The Npm package is a toolkit for large enterprises having full-time personnel to maintain open sources, such as byte or ali developed foreign tools, whistle tools.
The console is connected with two parties in a butt joint mode, provides a first interface to receive the abnormal injection instruction, and selects and converts the abnormal injection instruction into an instruction corresponding to a trusted third party according to user configuration to store or directly store the abnormal injection instruction into the database. And providing a second interface for the browser to pull the abnormal injection instruction so that the browser obtains instruction information.
The browser is in butt joint with two parties and comprises a front-end server and a console. And loading a webpage containing the injection tool from the front-end server, and acquiring the exception needing to be injected from the console. And the browser runs the exception according to the instruction through an exception type running method in the injection toolkit, displays the exception to a page, refreshes the injection tool, continues to inject if a new injection instruction exists, and releases the injection if no injection instruction exists.
The specific operations in the browser include:
step 1, receiving an abnormal parameter in an abnormal injection instruction stored in a control console, and judging whether the abnormal parameter can be executed or not. The abnormal parameters comprise an abnormal scene ID, a machine ID and type selection of an injection tool package, the machine ID is the ID of a front-end server, each front-end server corresponds to different applications, the different applications are realized by different front-end servers, the servers corresponding to the IDs are used for carrying out abnormal tests, and the type selection of the injection tool package is numbered and used as tool parameters. The abnormal scene ID is an abnormal type number, and for example, the JS injection error ID is 1.
And 2, introducing an injection tool package stored in the front-end server through a header file of the webpage, and selecting one type of the injection tool package, such as a basic abnormal type. Generally, three types of injection kits are set as priorities, a basic exception type is set as a default selection, and one of the tools is automatically selected according to the priority.
And 3, assembling the execution parameters of the selected types, converting the execution parameters into corresponding execution instructions, executing the exception, and returning to the front end to display an exception page. Different types of tools in the injection tool kit have different execution parameters, different execution parameter groups can be provided for the same exception scene, and the exception instruction is executed according to the execution parameter group corresponding to the selected type. For example, if the execution request is abnormal, the web page request is intercepted and the request content is replaced by the request state, the error content and the like in the execution parameters, so that the fault purpose is realized.
And 4, if the abnormal injection fails, reselecting other types in the injection toolkit, reassembling the execution parameters, converting the execution parameters into corresponding execution instructions, executing the abnormal operation, and returning to the front-end display abnormal page.
Example 3
The present application discloses a storage medium storing a computer program for storing a computer program that can execute the abnormality injection method in embodiment 1. The computer programs are stored in the browser, the console, and the front-end server, respectively.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising" is interpreted when employed as a transitional word in a claim. Furthermore, any use of the term "or" in the specification of the claims is intended to mean a "non-exclusive or".
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless segments, wire segments, fiber optic cables, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Claims (10)
1. An exception injection method for a front-end webpage is characterized by comprising the following steps:
setting an injection tool package, wherein the injection tool package comprises a basic abnormal type, a trusted third party tool type and a user-defined script type;
receiving an exception injection instruction, injecting the exception into a browser through an injection toolkit according to the exception injection instruction, loading a webpage containing the injection toolkit by the browser, acquiring the exception to be injected according to the exception injection instruction, operating the exception and displaying the exception to the page;
and refreshing the injection toolkit, continuing injection if a new injection instruction exists, and removing injection if no injection instruction exists.
2. The method for injecting the exception into the front-end webpage according to claim 1, wherein the exception injection instruction includes instruction information, exception information, and machine information, the instruction information, the exception information, or the machine information includes exception parameters, and the exception parameters include an exception scenario ID, a machine ID, and a type selection of an injection toolkit.
3. The method for injecting the exception into the front-end webpage according to claim 2, wherein the running of the exception and the presentation to the page specifically include:
receiving an abnormal parameter in an abnormal injection instruction, and judging whether the abnormal parameter can be executed or not; introducing the injection toolkits through a header file of a webpage, and selecting one type of the injection toolkits; and assembling the execution parameters of the selected type, converting the execution parameters into corresponding execution instructions, executing the exception, and returning to the front end to display an exception page.
4. The method for injecting exceptions in the front-end webpage of claim 3, further comprising: if the abnormal injection fails, the type in the injection tool package is reselected, the execution parameters are reassembled, the execution parameters are converted into corresponding execution instructions, the abnormal operation is executed, and the front end is returned to display an abnormal page.
5. The method for injecting an exception into a front-end webpage according to claim 1, wherein after receiving the exception injection command, the method further comprises: and storing or deleting the corresponding abnormal injection instruction in the database.
6. The method for injecting the anomaly of the front-end webpage according to claim 1, wherein the basic anomaly types include JS injection errors, XSS cross-domain attacks, resource anomalies, request anomalies or set server IP anomalies, SQL injection type template anomalies, or CRLF injection errors.
7. The method of claim 1, wherein the trusted third party tool type comprises an npm packet type or a script type.
8. The method for injecting the exception into the front-end webpage according to claim 1, further comprising an exception removing method for receiving the exception removing instruction, deleting the corresponding exception injecting instruction, removing the exception injection, and displaying the page with the exception removed from the injection.
9. An abnormal injection system is characterized by comprising a user side and an injection side;
the user side comprises a browser, the injection end comprises a console and a front-end server, and the user side receives an abnormal injection instruction pulled from the injection end and injects an abnormality through the abnormal injection instruction;
the front-end server stores an injection tool package, wherein the injection tool package comprises a basic exception type, a trusted third party tool type and a user-defined script type;
the console receives an abnormal injection instruction and stores the abnormal injection instruction;
the browser acquires an instruction needing to be injected with an exception from a console, loads a webpage containing an injection tool package from a front-end server, acquires the exception needing to be injected from the injection tool package according to the exception injection instruction, runs the exception and displays the exception to the webpage, refreshes the injection tool, continues to inject if a new injection instruction exists, and releases injection if no injection instruction exists.
10. A storage medium storing a computer program, characterized in that the computer program, when executed by a processor, implements the method according to any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211116656.0A CN115221529B (en) | 2022-09-14 | 2022-09-14 | Method and system for injecting abnormity of front-end webpage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211116656.0A CN115221529B (en) | 2022-09-14 | 2022-09-14 | Method and system for injecting abnormity of front-end webpage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115221529A true CN115221529A (en) | 2022-10-21 |
| CN115221529B CN115221529B (en) | 2022-12-27 |
Family
ID=83617766
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211116656.0A Active CN115221529B (en) | 2022-09-14 | 2022-09-14 | Method and system for injecting abnormity of front-end webpage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115221529B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8949990B1 (en) * | 2007-12-21 | 2015-02-03 | Trend Micro Inc. | Script-based XSS vulnerability detection |
| CN104361076A (en) * | 2014-11-12 | 2015-02-18 | 腾讯科技(成都)有限公司 | Method and device for processing abnormality of browser |
| CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN104881607A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| US20170244714A1 (en) * | 2016-02-23 | 2017-08-24 | Electronics And Telecommunications Research Institute | Method for providing browser using browser processes separated for respective access privileges and apparatus using the same |
| CN107301345A (en) * | 2017-06-06 | 2017-10-27 | 新浪网技术(中国)有限公司 | A kind of method, system and device of prevention XSS attack |
| CN107423194A (en) * | 2017-06-30 | 2017-12-01 | 阿里巴巴集团控股有限公司 | Front end abnormality alarming processing method, apparatus and system |
| CN108268365A (en) * | 2016-12-30 | 2018-07-10 | 腾讯科技(深圳)有限公司 | Abnormal task method for implanting, device and system |
| CN109525567A (en) * | 2018-11-01 | 2019-03-26 | 郑州云海信息技术有限公司 | A kind of detection method and system for implementing parameter injection attacks for website |
| CN110083352A (en) * | 2019-03-20 | 2019-08-02 | 平安普惠企业管理有限公司 | JS code injection method, apparatus, computer equipment and storage medium |
| CN111523123A (en) * | 2020-04-26 | 2020-08-11 | 北京信息科技大学 | Intelligent website vulnerability detection method |
| CN112306862A (en) * | 2020-10-14 | 2021-02-02 | 北京健康之家科技有限公司 | Front-end automatic test system and method, storage medium and computing equipment |
| US20210097174A1 (en) * | 2019-09-30 | 2021-04-01 | Mcafee, Llc | Runtime Detection of Browser Exploits Via Injected Scripts |
-
2022
- 2022-09-14 CN CN202211116656.0A patent/CN115221529B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8949990B1 (en) * | 2007-12-21 | 2015-02-03 | Trend Micro Inc. | Script-based XSS vulnerability detection |
| CN104361076A (en) * | 2014-11-12 | 2015-02-18 | 腾讯科技(成都)有限公司 | Method and device for processing abnormality of browser |
| CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN104881607A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| US20170244714A1 (en) * | 2016-02-23 | 2017-08-24 | Electronics And Telecommunications Research Institute | Method for providing browser using browser processes separated for respective access privileges and apparatus using the same |
| CN108268365A (en) * | 2016-12-30 | 2018-07-10 | 腾讯科技(深圳)有限公司 | Abnormal task method for implanting, device and system |
| CN107301345A (en) * | 2017-06-06 | 2017-10-27 | 新浪网技术(中国)有限公司 | A kind of method, system and device of prevention XSS attack |
| CN107423194A (en) * | 2017-06-30 | 2017-12-01 | 阿里巴巴集团控股有限公司 | Front end abnormality alarming processing method, apparatus and system |
| CN109525567A (en) * | 2018-11-01 | 2019-03-26 | 郑州云海信息技术有限公司 | A kind of detection method and system for implementing parameter injection attacks for website |
| CN110083352A (en) * | 2019-03-20 | 2019-08-02 | 平安普惠企业管理有限公司 | JS code injection method, apparatus, computer equipment and storage medium |
| US20210097174A1 (en) * | 2019-09-30 | 2021-04-01 | Mcafee, Llc | Runtime Detection of Browser Exploits Via Injected Scripts |
| CN111523123A (en) * | 2020-04-26 | 2020-08-11 | 北京信息科技大学 | Intelligent website vulnerability detection method |
| CN112306862A (en) * | 2020-10-14 | 2021-02-02 | 北京健康之家科技有限公司 | Front-end automatic test system and method, storage medium and computing equipment |
Non-Patent Citations (3)
| Title |
|---|
| S. TOGAWA 等: "Administrator assistance system based on users behavior using Web-browsing-activity visualization", 《 PROCEEDINGS OF THE 2005 INTERNATIONAL CONFERENCE ON ACTIVE MEDIA TECHNOLOGY, 2005. (AMT 2005)》 * |
| 吕成成: "面向WEB应用程序的输入功能测试与XSS漏洞检测", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 尤枫 等: "基于 Chopping 的 Web 应用 SQL 注入漏洞检测方法", 《计算机系统应用》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115221529B (en) | 2022-12-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106095677B (en) | The RESTful Webservice automatic interface testing methods realized based on Robot Framework | |
| US6446120B1 (en) | Configurable stresser for a web server | |
| CN104767775B (en) | Web application information push method and system | |
| US9015832B1 (en) | Application auditing through object level code inspection | |
| CN107463500B (en) | Debugging method, medium, system and computing device of test script | |
| US7984332B2 (en) | Distributed system checker | |
| CN106033393B (en) | A kind of applied program testing method and system and mobile terminal | |
| CN107766509B (en) | Method and device for static backup of webpage | |
| US11301313B2 (en) | Collaborative application testing | |
| CN110750458A (en) | Big data platform testing method and device, readable storage medium and electronic equipment | |
| WO2019178957A1 (en) | Distributed system test method and device, computer device and storage medium | |
| CN113190464A (en) | mock testing method, mock testing device, electronic equipment and mock testing medium | |
| WO2014130370A1 (en) | Architecture for remote access to content state | |
| CN112565244B (en) | Active risk monitoring method, system and equipment for website projects | |
| CN107733743B (en) | Method and system for realizing automatic test of Ethernet bus data | |
| CN115221529B (en) | Method and system for injecting abnormity of front-end webpage | |
| US9400737B2 (en) | Generation of automated unit tests for a controller layer system and method | |
| EP2760183A1 (en) | System for detecting hyperlink faults | |
| Hine et al. | Scalable emulation of enterprise systems | |
| CN115599651A (en) | Application system testing method and device, electronic equipment and storage medium | |
| CN109408133A (en) | A kind of method and apparatus starting component | |
| CN110365627B (en) | Application program synchronization method and device, computing equipment and storage medium | |
| CN114691486A (en) | Program debugging method and device and computer equipment | |
| CN105407112B (en) | Equipment capability learning method, device and system | |
| CN117749627B (en) | Network service start-stop management system, method and system architecture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |