CN115935310A - Method, device, equipment and storage medium for detecting weak password in login page - Google Patents

Method, device, equipment and storage medium for detecting weak password in login page Download PDF

Info

Publication number
CN115935310A
CN115935310A CN202211557603.2A CN202211557603A CN115935310A CN 115935310 A CN115935310 A CN 115935310A CN 202211557603 A CN202211557603 A CN 202211557603A CN 115935310 A CN115935310 A CN 115935310A
Authority
CN
China
Prior art keywords
login
weak password
page
password
weak
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211557603.2A
Other languages
Chinese (zh)
Inventor
刘帅甫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202211557603.2A priority Critical patent/CN115935310A/en
Publication of CN115935310A publication Critical patent/CN115935310A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The application provides a method, a device, equipment and a storage medium for detecting a weak password in a login page, and belongs to the technical field of computers. The method comprises the following steps: when weak password detection is carried out on a login page, a weak password in a preset weak password library is used as a login parameter of the login page to generate a simulated login request; submitting the simulated login request to the login page, and acquiring a processing result of the login page on the simulated login request; matching the processing result with a weak password in the preset weak password dictionary; and constructing a target weak password library of the login page by using the field data matched with the weak password in the processing result, wherein the target weak password library is used for identifying the weak password in the login request received by the login interface.

Description

Method, device, equipment and storage medium for detecting weak password in login page
Technical Field
The application belongs to the field of computers, and particularly relates to a method, a device, equipment and a storage medium for detecting a weak password in a login page.
Background
In weak password detection and protection aiming at a Web (page) site, a common means is to match a password mode input by a user through a front-end JS script code and detect whether a character string in a password input box of the user conforms to a preset regular expression. This approach prompts the user for information or organizes the click on login/registration button directly to prevent the user from using a weak password. However, this approach has the fatal disadvantage that JS can be bypassed by the user at the front end.
When the weak password is detected, a common technical means is to adopt a brute force cracking mode, and the general brute force cracking needs to acquire the request data logged by the user. And analyzing the login request data packet of the user in a proxy packet capturing and analyzing mode, and then selecting the password position to be replaced according to the analyzed result. And traversing the weak passwords in the weak password dictionary to replace the passwords in the request one by one, and replaying the request. And then judging whether the request is successful according to the return value information of the request. And further judging whether the weak password is successfully logged in. There are a number of obvious problems with this approach. For example, the tester is required to know the specific encryption mode of the password, the request may have other data related to encryption parameters (so that the password after each encryption is different), etc., and the encryption algorithm implementation needs to be re-analyzed for each site.
In the existing passive weak password detection mode, matching is mostly performed through keywords "username", "password" and the like in the request, and only a plaintext password is valid in the unknown encryption mode during matching, so that a high accuracy rate cannot be achieved for login request matching. If the encrypted password needs to be matched, the password processing mode of each application needs to be realized again, which wastes time and labor.
In the existing weak password server detection method, a method with high accuracy is to obtain the password stored in a database by a user and compare the password with the password in a weak password dictionary library. This method requires periodic testing and does not provide a stable and consistent test.
Disclosure of Invention
The application provides a method, a device, equipment and a storage medium for detecting a weak password in a login page.
Some embodiments of the present application provide a method for detecting a weak password in a login page, where the method includes:
when weak password detection is carried out on a login page, a weak password in a preset weak password library is used as a login parameter of the login page to generate a simulated login request;
submitting the simulated login request to the login page, and acquiring a processing result of the login page on the simulated login request;
matching the processing result with a weak password in the preset weak password dictionary;
and constructing a target weak password library of the login page by using the field data matched with the weak password in the processing result, wherein the target weak password library is used for identifying the weak password in the login request received by the login interface.
Optionally, before the generating of the simulated login request by using the weak password in the preset weak password library as the login parameter of the login page, the method includes:
searching the login keywords in the login page, and identifying a login input box in the login page;
and when a login input box control exists around the login input box, taking the input parameter in the login input box as a login parameter.
Optionally, the generating a simulated login request by using a weak password in a preset weak password library as a login parameter of the login page includes:
filling the login input box with each weak password in a preset weak password library as a login parameter of the login page;
and sending a trigger instruction to the login input box control so that the login page generates a login request.
Optionally, after the weak passwords in the preset weak password library are respectively used as login parameters of the login page and are filled in the login input box, the method further includes:
and when a verification code input box exists in the login page, filling a preset verification code into the login code input box.
Optionally, when the login page has the verification code input box, before filling the preset verification code into the login code input box, the method further includes:
and when the verification code input frame exists in the login page, performing page element comparison on the login page after the login parameters are input and the login page before the login parameters are input, and taking the input frame corresponding to the identified changed page element as the verification code input frame.
Optionally, after the field data matching the weak password in the processing result is used to construct a target weak password library of the login page, where the target weak password library is used to identify the weak password in the login request received by the login interface, the method further includes:
acquiring a user login request input by a user on the login page;
matching each field data in the user login request with a weak password in a target weak password library; wherein the field data includes at least: at least one of user name field data, password field data and logic field data;
determining that the login request contains a weak password when any field data is matched with any weak password;
and displaying prompt information for prompting that the login request contains a weak password.
Optionally, the obtaining a processing result of the login page on the simulated login request includes:
and intercepting a processing result sent by the login page to a server when the login event triggered by the login page is monitored.
Some embodiments of the present application provide an apparatus for detecting a weak password in a login page, the apparatus including:
the simulation module is used for generating a simulated login request by using a weak password in a preset weak password library as a login parameter of a login page when the weak password of the login page is detected;
submitting the simulated login request to the login page, and acquiring a processing result of the login page on the simulated login request;
the matching module is used for matching the processing result with the weak password in the preset weak password dictionary;
and the building module is used for building a target weak password library of the login page by using the field data matched with the weak password in the processing result, wherein the target weak password library is used for identifying the weak password in the login request received by the login interface.
Optionally, the simulation module is further configured to:
searching the login keywords in the login page, and identifying a login input box in the login page;
and when a login input box control exists around the login input box, taking the input parameters in the login input box as login parameters.
Optionally, the simulation module is further configured to:
filling the login input frame with each weak password in a preset weak password library as a login parameter of the login page;
and sending a trigger instruction to the login input box control so that the login page generates a login request.
Optionally, the simulation module is further configured to:
and when a verification code input box exists in the login page, filling a preset verification code into the login code input box.
Optionally, the simulation module is further configured to:
and when the verification code input frame exists in the login page, performing page element comparison on the login page after the login parameters are input and the login page before the login parameters are input, and taking the input frame corresponding to the identified changed page element as the verification code input frame.
Optionally, the apparatus further comprises: a detection module to:
acquiring a user login request input by a user on the login page;
matching each field data in the user login request with a weak password in a target weak password library; wherein the field data includes at least: at least one of user name field data, password field data and logic field data;
determining that the login request contains a weak password when any field data is matched with any weak password;
and displaying prompt information for prompting that the login request contains a weak password.
Optionally, the simulation module is further configured to:
and intercepting a processing result sent by the login page to a server when the login event triggered by the login page is monitored.
Some embodiments of the present application provide a computing processing device comprising:
a memory having computer readable code stored therein;
one or more processors which, when the computer readable code is executed by the one or more processors, the computing processing device performs the method for weak password detection in a landing page as described above.
Some embodiments of the present application provide a computer program comprising computer readable code which, when run on a computing processing device, causes the computing processing device to perform a method of detecting a weak password in a landing page as described above.
Some embodiments of the present application provide a non-transitory computer readable medium in which a method of detecting a weak password in a landing page as described above is stored.
According to the method, the device, the equipment and the storage medium for detecting the weak password in the login page, the weak password in the weak password library is preset to serve as the login parameter to simulate a user to send a simulated login request to the login page, the processing result of the weak password contained in the simulated login request by the login page is utilized to construct the target weak password library special for the login page, and the target weak password library can reflect a series of processing modes of the login page for encrypting the weak password and the like, so that the weak password in the login request sent by the user can be accurately identified by utilizing the target weak password, and the accuracy of identifying the weak password in the login request is improved.
The above description is only an overview of the technical solutions of the present application, and the present application may be implemented in accordance with the content of the description so as to make the technical means of the present application more clearly understood, and the detailed description of the present application will be given below in order to make the above and other objects, features, and advantages of the present application more clearly understood.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic flow chart illustrating a method for detecting a weak password in a landing page according to some embodiments of the present application;
FIG. 2 is a schematic flow chart diagram illustrating another method for detecting a weak password in a landing page provided by some embodiments of the present application;
FIG. 3 is a schematic flow chart illustrating a method for identifying a weak password in a landing page according to some embodiments of the present application;
FIG. 4 is a schematic diagram illustrating an exemplary configuration of a device for detecting a weak password in a landing page according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a block diagram of a computing processing device for performing a method according to some embodiments of the present application;
fig. 6 schematically illustrates a memory unit for holding or carrying program code implementing methods according to some embodiments of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 schematically shows a flowchart of a method for detecting a weak password in a login page provided by the present application, where the method includes:
step 101, when weak password detection is performed on a login page, a weak password in a preset weak password library is used as a login parameter of the login page to generate a simulated login request.
The login page is a service page for providing a user with a login or registration service, and the user can access a server connected to the login page by inputting information such as a user name and a login password into the login page. A weak password refers to a password that contains only simple numbers and letters, such as "123", "abc", etc., because such passwords are easily broken by others, exposing the user's computer to risk, and thus not recommending the user as a login password. The preset weak password library is a weak password library constructed by utilizing known common weak passwords or specific weak passwords designated by a user in advance, and it can be understood that the weak passwords contained in the preset weak password library do not relate to a password encryption mode which possibly exists in the detection login interface, and are only some known unencrypted weak passwords.
In the embodiment of the present application, considering that the password encryption methods used by different login pages may be different, if the encryption method of the login page is unknown, the processing result of the login parameter output by the login page is directly analyzed, and only the plaintext data in the login page can be effectively matched with the weak password in the preset weak password library to determine whether the weak password exists, but the encrypted data in the login page cannot be effectively matched, and whether the data decrypted by the encrypted data is the weak password cannot be identified. Therefore, some embodiments of the present application simulate the process of inputting login parameters into a login page by a user by simulating the login page and generating a simulated login request by using weak passwords in a preset weak password library as login parameters.
And 102, submitting the simulated login request to the login page, and acquiring a processing result of the login page on the simulated login request.
In the embodiment of the present application, after the system simulates the login request, the login page performs a series of processing such as encryption on the login request, so that the login parameters are converted into a form that can be analyzed and identified by the server, that is, a processing result. Some embodiments of the present application will not focus on the specific way the login page processes the login request, but only capture the processing result of the login page for the login request, because the processing result is obtained by processing the weak password in the preset weak password library, and the processing result can already reflect the way the login page processes the weak password. It can be appreciated that after the simulated login request is input to the login page, the result of successful login is not obtained. After the login request is sent, it can be determined that the weak password as the login parameter has been processed by the front end JS, encrypted or transformed in some way, or has not been subjected to any operation. The password request parameters in the login page are replaced one by one to be values in a preset weak password library, and a simulated login request is sent, so that a simulated login request generated by the preset weak password library can be obtained, and a processing result of each weak password processed by the login page is obtained. And the weak password in the simulated login request has undergone some processing, which conforms to the parsing rules of the back-end server.
And 103, matching the processing result with the weak password in the preset weak password dictionary.
In the embodiment of the application, the system may match the log-in page output processing result with the weak password which is the log-in parameter before according to each simulated log-in request sending timing sequence, for example, the weak password 1, the weak password 2, and the weak password 3 are respectively used as the log-in parameters to generate simulated log-in parameters and are sequentially submitted to the log-in interface, and the processing result 1, the processing result 2, and the processing result 3 are sequentially output after the log-in page, so that the processing result 1 may be matched with the weak password 1, the processing result 2 may be matched with the weak password 2, and the processing result 3 may be matched with the weak password 3. Of course, it is described here in time by way of example, and the weak password may be matched with the processing result according to a data matching manner such as data characteristics and data length of the weak password, which may be specifically set according to actual requirements, and is not limited here.
And 104, constructing a target weak password library of the login page by using the field data matched with the weak password in the processing result, wherein the target weak password library is used for identifying the weak password in the login request received by the login interface.
In the embodiment of the application, the field data matched with the weak password in the processing result is used as the weak instruction of the login page to construct the target weak password library of the login page, and the field data in the target weak password library is obtained by a series of processing such as encrypting the weak password by the login page, so the field data is consistent with the processing mode of the login password by the login page, the field data in the subsequent login request of the login page is matched by using the target weak password, and the weak password encrypted by the login page can be effectively identified.
According to the embodiment of the application, the weak password in the weak password library is preset to serve as the login parameter to simulate the user to send the simulated login request to the login page, the processing result of the login page on the weak password contained in the simulated login request is utilized to construct the target weak password library special for the login page, and the target weak password library can reflect a series of processing modes such as encryption and the like of the login page on the weak password, so that the weak password in the login request sent by the user can be accurately identified by utilizing the target weak password, and the accuracy of identification of the weak password in the login request is improved.
Fig. 2 schematically shows a flowchart of another method for detecting a weak password in a login page provided by the present application, where the method includes:
step 201, when weak password detection is performed on a login page, retrieving login keywords in the login page, and identifying a login input box in the login page.
It should be noted that the login keyword may be a keyword used to identify a login input box in the login page, for example: the user name, the user, the username, the password, and the like may be specifically set according to actual requirements, and are not limited herein.
In the embodiments of the present application, it is considered that there may be a variety of input parameters in the login page, and some embodiments of the present application only focus on the login parameters in which the login operation is involved, so that the input box identified by the login keyword in the login page, i.e., the login input box, may be identified by retrieving the identification information contained in the login page by using the login keyword.
Step 202, when a login input box control exists around the login input box, taking the input parameter in the login input box as a login parameter.
In the embodiment of the present application, in order to further improve the accuracy of the identified login input box, it may be further determined whether a login input box control exists around the identified login input box, for example, on the right side of the login input box or below the login input box. The login input box control is a function control for receiving clicking, long pressing, sliding and other operations of a user to trigger generation and sending operations of a login request. If a login input box control exists around the recognized login input box, the login parameters can be determined to be input in the login input box.
And step 203, filling the login input box with each weak password in a preset weak password library as a login parameter of the login page.
In the embodiment of the application, after the login input box is determined, the system may respectively input the different login parameters into the login input box by arranging and combining the weak passwords in the preset weak password library.
According to the method and the device, the login input box in the login page is identified in a login keyword retrieval mode, whether the login input box is credible or not is further determined according to whether the login input box control exists around the login input box, and the accuracy of the determined login parameters is improved.
And 204, when the verification code input box exists in the login page, comparing the page elements of the login page with the login page before the login parameter is input, and taking the input box corresponding to the identified changed page elements as the verification code input box.
In the embodiment of the application, the verification code input frame in the login page is usually displayed after the login parameters in the login input frame are filled, so that the input frame corresponding to the newly added page element in the login page after the login parameters are input can be used as the verification code input frame by comparing the elements of the login page before and after the login parameters are input, and the verification code input frame in the login page can be conveniently and accurately determined.
Step 205, when a verification code input box exists in the login page, filling a preset verification code into the login code input box.
In the embodiment of the present application, it is considered that there may be an authentication code in the login page, but since some embodiments of the present application do not concern the authentication result of the server for the processing result of the simulated login request, the authentication code may be uniformly filled with a preset authentication code, for example, a specific character instead of "1234", that is, a check mechanism of the server is not triggered, and therefore, the correctness of the input authentication code does not need to be considered, and any value may be filled as the preset authentication code, so that the login page determines that the authentication code has been input to generate the simulated login request.
According to the embodiment of the application, the preset verification code is used for filling the login page to verify the code input box, the situation that the login request cannot be sent due to the fact that the verification code is vacant is avoided, and the efficiency of simulating the sending of the login request is improved.
Furthermore, the login request can be marked by the preset verification code, namely after the subsequent login page outputs the processing result, the preset verification code in the processing result can be identified to determine which simulated login request the processing result is, so that the matching accuracy of the processing result is improved.
Step 206, sending a trigger instruction to the login input box control so that the login page generates a login request.
Step 207, submitting the simulated login request to the login page.
In the embodiment of the application, after the login parameters and/or the verification codes are input, the system can simulate a user to send a click, a long press and other triggering instructions to the login input control frame control, so that the login page triggers the sending process of the login request, the login request is generated according to the input login parameters and/or the verification codes, and the simulated login request is submitted to the login page, so that the login page encrypts the login request and other series of processing processes.
And 208, intercepting a processing result sent by the login page to the server when the login event triggered by the login page is monitored.
In the embodiment of the present application, considering that some embodiments of the present application do not pay attention to the verification result of the server for the processing result, when the system detects that the login page triggers the login event for the login request, the system intercepts the processing result sent by the login page to the server, so as to avoid occupying a large amount of traffic and processing resources of the server due to a large amount of simulated login requests.
According to the method and the device for detecting the weak password, the login page is sent to the server to intercept the processing result sent by the server, the server for detecting the weak password and simulating the arrival of the login request is avoided, the function and the performance of the server are not affected, and mechanisms such as IP (Internet protocol) blocking or account locking of the server cannot be triggered.
And step 209, matching the processing result with the weak password in the preset weak password dictionary.
This step can refer to the detailed description of step 103, which is not repeated herein.
And step 210, constructing a target weak password library of the login page by using the field data matched with the weak password in the processing result, wherein the target weak password library is used for identifying the weak password in the login request received by the login interface.
This step can refer to the detailed description of step 104, which is not repeated here.
Optionally, referring to fig. 3, after the step 104, the method further includes:
step 301, obtaining a user login request input by the user on the login page.
Step 302, matching each field data in the user login request with a weak password in a target weak password library, wherein the field data at least comprises: at least one of user name field data, password field data and logic field data.
Step 303, determining that the login request includes a weak password when any field data matches any weak password.
And 304, displaying prompt information for prompting that the login request contains a weak password.
In the embodiment of the present application, after the target weak password library is obtained through some embodiments, the target weak password library may be used to match field data in a login request input by a user to detect whether a weak password exists in the login request, if a weak password exists, prompt information may be displayed to inform the user to change the input login password, and the prompt information may further mark the position of the field data matched to the weak password to prompt the user to change.
The embodiment of the application is based on the target weak password library of the login page provided by some embodiments, and on the premise that the flow matching is successful, the accuracy is over 99%. Unlike the existing traffic monitoring mode, some embodiments of the present application match the user's true login request with the processed weak password value in the target weak password by bypassing the application request. If the processed string is present in the request, then it is determined:
1. the string encryption mode in the request is the same as the password encryption mode
2. The character string in the request is formed by encrypting a specific initial weak password
From the two points above, it has been determined that the request is a login request with a weak password. As an additional verification measure, the keyword in the request can be matched with fields such as "username", "password" and the like for auxiliary verification. The fields in the request URL, such as the "login" and "logon" login fields, are used for secondary authentication. To further improve accuracy.
By matching with the initial weak password library, it can be determined that the username is in the presence of a particular weak password.
Fig. 4 schematically shows a structural diagram of an apparatus 40 for detecting a weak password in a login page provided by the present application, where the apparatus includes:
the simulation module 401 is configured to, when weak password detection is performed on a login page, generate a simulated login request by using a weak password in a preset weak password library as a login parameter of the login page;
submitting the simulated login request to the login page, and acquiring a processing result of the login page on the simulated login request;
a matching module 402, configured to match the processing result with a weak password in the preset weak password dictionary;
a constructing module 403, configured to construct a target weak password library of the login page by using the field data matched with the weak password in the processing result, where the target weak password library is used to identify the weak password in the login request received by the login interface.
Optionally, the simulation module 401 is further configured to:
searching the login keywords in the login page, and identifying a login input box in the login page;
and when a login input box control exists around the login input box, taking the input parameter in the login input box as a login parameter.
Optionally, the simulation module 401 is further configured to:
filling the login input box with each weak password in a preset weak password library as a login parameter of the login page;
and sending a trigger instruction to the login input box control so that the login page generates a login request.
Optionally, the simulation module 401 is further configured to:
and when a verification code input box exists in the login page, filling a preset verification code into the login code input box.
Optionally, the simulation module 401 is further configured to:
and when the verification code input frame exists in the login page, performing page element comparison on the login page after the login parameters are input and the login page before the login parameters are input, and taking the input frame corresponding to the identified changed page element as the verification code input frame.
Optionally, the apparatus further comprises: a detection module to:
acquiring a user login request input by a user on the login page;
matching each field data in the user login request with a weak password in a target weak password library; wherein the field data includes at least: at least one of user name field data, password field data and logic field data;
determining that the login request contains a weak password when any field data is matched with any weak password;
and displaying prompt information for prompting that the login request contains a weak password.
Optionally, the simulation module 401 is further configured to:
and intercepting a processing result sent by the login page to a server when the login event triggered by the login page is monitored.
According to the embodiment of the application, the weak password in the weak password library is preset to serve as the login parameter to simulate the user to send the simulated login request to the login page, the processing result of the login page on the weak password contained in the simulated login request is utilized to construct the special target weak password library of the login page, and the target weak password library can reflect a series of processing modes of the login page on the encryption of the weak password and the like, so that the weak password in the login request sent by the user can be accurately identified by utilizing the target weak password, and the accuracy of the identification of the weak password in the login request is improved.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Various component embodiments of the present application may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in a computing processing device according to embodiments of the present application. The present application may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present application may be stored on a non-transitory computer readable medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
For example, FIG. 5 illustrates a computing processing device that may implement methods in accordance with the present application. The computing processing device conventionally includes a processor 510 and a computer program product or non-transitory computer-readable medium in the form of a memory 520. The memory 520 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. The memory 520 has a memory space 530 for program code 531 for performing any of the method steps in the method described above. For example, the storage space 530 for the program code may include respective program codes 531 for implementing various steps in the above method, respectively. The program code can be read from and written to one or more computer program products. These computer program products comprise a program code carrier such as a hard disk, a Compact Disc (CD), a memory card or a floppy disk. Such a computer program product is typically a portable or fixed storage unit as described with reference to fig. 6. The memory unit may have memory segments, memory spaces, etc. arranged similarly to memory 520 in the computing processing device of fig. 5. The program code may be compressed, for example, in a suitable form. Typically, the memory unit comprises computer readable code 531', i.e. code that can be read by a processor, such as 510, for example, which when executed by a computing processing device causes the computing processing device to perform the steps of the method described above.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless otherwise indicated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of execution is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
Reference herein to "one embodiment," "an embodiment," or "one or more embodiments" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Furthermore, it is noted that instances of the word "in one embodiment" are not necessarily all referring to the same embodiment.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the application may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The application may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A method for detecting a weak password in a landing page, the method comprising:
when weak password detection is carried out on a login page, a weak password in a preset weak password library is used as a login parameter of the login page to generate a simulated login request;
submitting the simulated login request to the login page, and acquiring a processing result of the login page on the simulated login request;
matching the processing result with a weak password in the preset weak password dictionary;
and constructing a target weak password library of the login page by using the field data matched with the weak password in the processing result, wherein the target weak password library is used for identifying the weak password in the login request received by the login interface.
2. The method according to claim 1, wherein before generating the simulated login request by using the weak password in the preset weak password library as the login parameter of the login page, the method comprises:
searching the login keywords in the login page, and identifying a login input box in the login page;
and when a login input box control exists around the login input box, taking the input parameter in the login input box as a login parameter.
3. The method of claim 2, wherein generating a simulated login request by using a weak password in a preset weak password library as a login parameter of the login page comprises:
filling the login input box with each weak password in a preset weak password library as a login parameter of the login page;
and sending a trigger instruction to the login input box control so that the login page generates a login request.
4. The method according to claim 3, wherein after the filling of the login input box with the respective weak passwords in the preset weak password library as the login parameters of the login page, the method further comprises:
and filling a preset verification code into the login code input box when the verification code input box exists in the login page.
5. The method according to claim 4, wherein before filling a preset verification code into the login code input box when the verification code input box exists in the login page, the method further comprises:
and when the verification code input box exists in the login page, comparing the login page with the login page before the login parameter is input with page elements, and taking the input box corresponding to the identified changed page elements as the verification code input box.
6. The method of claim 1, wherein after constructing a weak target password library of the login page by using field data matched with the weak password in the processing result, wherein the weak target password library is used for identifying the weak password in the login request received by the login interface, the method further comprises:
acquiring a user login request input by a user on the login page;
matching each field data in the user login request with a weak password in a target weak password library; wherein the field data includes at least: at least one of user name field data, password field data and logic field data;
determining that the login request contains a weak password when any field data is matched with any weak password;
and displaying prompt information for prompting that the login request contains a weak password.
7. The method of claim 1, wherein obtaining the result of processing the simulated login request by the login page comprises:
and intercepting a processing result sent by the login page to a server when the login event triggered by the login page is monitored.
8. An apparatus for detecting a weak password in a landing page, the apparatus comprising:
the simulation module is used for generating a simulated login request by using a weak password in a preset weak password library as a login parameter of a login page when weak password detection is carried out on the login page;
submitting the simulated login request to the login page, and acquiring a processing result of the login page on the simulated login request;
the matching module is used for matching the processing result with the weak password in the preset weak password dictionary;
and the building module is used for building a target weak password library of the login page by using the field data matched with the weak password in the processing result, wherein the target weak password library is used for identifying the weak password in the login request received by the login interface.
9. A computing processing device, comprising:
a memory having computer readable code stored therein;
one or more processors which, when the computer readable code is executed by the one or more processors, the computing processing device performs the method of detection of a weak password in a landing page of any of claims 1 to 7.
10. A non-transitory computer-readable medium, in which a computer program of a method for detecting a weak password in a landing page according to any one of claims 1 to 7 is stored.
CN202211557603.2A 2022-12-06 2022-12-06 Method, device, equipment and storage medium for detecting weak password in login page Pending CN115935310A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211557603.2A CN115935310A (en) 2022-12-06 2022-12-06 Method, device, equipment and storage medium for detecting weak password in login page

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211557603.2A CN115935310A (en) 2022-12-06 2022-12-06 Method, device, equipment and storage medium for detecting weak password in login page

Publications (1)

Publication Number Publication Date
CN115935310A true CN115935310A (en) 2023-04-07

Family

ID=86700211

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211557603.2A Pending CN115935310A (en) 2022-12-06 2022-12-06 Method, device, equipment and storage medium for detecting weak password in login page

Country Status (1)

Country Link
CN (1) CN115935310A (en)

Similar Documents

Publication Publication Date Title
CN110324311B (en) Vulnerability detection method and device, computer equipment and storage medium
US10587612B2 (en) Automated detection of login sequence for web form-based authentication
Costin et al. A {Large-scale} analysis of the security of embedded firmwares
CN109376078B (en) Mobile application testing method, terminal equipment and medium
US10740411B2 (en) Determining repeat website users via browser uniqueness tracking
CN107294953B (en) Attack operation detection method and device
CN108256322B (en) Security testing method and device, computer equipment and storage medium
CN108075888B (en) Dynamic URL generation method and device, storage medium and electronic equipment
CN104956372A (en) Determining coverage of dynamic security scans using runtime and static code analyses
CN113918526B (en) Log processing method, device, computer equipment and storage medium
CN103647652B (en) A kind of method for realizing data transfer, device and server
US10671456B2 (en) Method and device for acquiring application information
CN111046309A (en) Page view rendering method, device and equipment and readable storage medium
CN104375935A (en) Method and device for testing SQL injection attack
CN110691090B (en) Website detection method, device, equipment and storage medium
US10931693B2 (en) Computation apparatus and method for identifying attacks on a technical system on the basis of events of an event sequence
CN116361793A (en) Code detection method, device, electronic equipment and storage medium
CN115935310A (en) Method, device, equipment and storage medium for detecting weak password in login page
CN111786991B (en) Block chain-based platform authentication login method and related device
CN114422175A (en) Network security supervision and inspection behavior auditing method and device
CN114003916A (en) Method, system, terminal and storage medium for testing WEB role longitudinal override vulnerability
CN116074280A (en) Application intrusion prevention system identification method, device, equipment and storage medium
CN108229127A (en) Verification data are generated in advance to distinguish the system and method for client
CN111291044A (en) Sensitive data identification method and device, electronic equipment and storage medium
CN109218284A (en) XSS leak detection method and device, computer equipment and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination