CN117834265A - Abnormal network request testing method and system - Google Patents
Abnormal network request testing method and system Download PDFInfo
- Publication number
- CN117834265A CN117834265A CN202410003728.3A CN202410003728A CN117834265A CN 117834265 A CN117834265 A CN 117834265A CN 202410003728 A CN202410003728 A CN 202410003728A CN 117834265 A CN117834265 A CN 117834265A
- Authority
- CN
- China
- Prior art keywords
- network request
- request data
- abnormal
- data
- original
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 189
- 238000012360 testing method Methods 0.000 title claims abstract description 126
- 238000000034 method Methods 0.000 claims abstract description 64
- 238000012545 processing Methods 0.000 claims description 47
- 230000008569 process Effects 0.000 claims description 36
- 238000004891 communication Methods 0.000 claims description 12
- 230000007547 defect Effects 0.000 claims description 8
- 238000001914 filtration Methods 0.000 claims description 8
- 238000007781 pre-processing Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 238000004088 simulation Methods 0.000 claims description 2
- 238000011161 development Methods 0.000 description 11
- 238000004458 analytical method Methods 0.000 description 10
- 230000008439 repair process Effects 0.000 description 7
- 230000005856 abnormality Effects 0.000 description 6
- 230000006399 behavior Effects 0.000 description 4
- 235000014510 cooky Nutrition 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 230000001680 brushing effect Effects 0.000 description 1
- 238000010835 comparative analysis Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000011076 safety test Methods 0.000 description 1
- 230000000153 supplemental effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and a system for testing abnormal network requests, wherein the method comprises the following steps: acquiring original network request data; modifying parameters of original network request data based on a preset abnormal network request test scene to generate simulated network request data; and replaying the original network request data and the simulated network request data, judging the abnormal state of the original network request data according to the similarity of replay results of the original network request data and the simulated network request data, and repairing the original network request data according to the type of the abnormal network request test scene if the original network request data is judged to be the abnormal network request data. According to the invention, the abnormal state of the original stream in the current abnormal network request test scene is judged by comparing the returned results of the original network request data and the simulated network request data, so that the abnormal state information of the original network request data is rapidly screened and positioned.
Description
Technical Field
The present invention relates to the field of network communications technologies, and in particular, to a method and a system for testing an abnormal network request.
Background
With the rapid development of internet technology, network applications have been advanced into people's daily lives and works. However, this popularity also brings about an increasing severity of network security issues. The current network environment is filled with various unsafe factors such as illegal crawlers, illegal injection, malicious trojans or viruses, etc., which can pose a potential threat to our network.
The network request data return result may contain important data such as account passwords of users and bank card passwords. Once these information assets are stolen, irreparable losses to the user, such as property loss, privacy disclosure, etc., will result. Therefore, how to effectively protect and resist external attacks, discover and repair problems in advance, becomes an urgent need in the current network security field.
Disclosure of Invention
In order to solve at least one technical problem, the invention provides an abnormal network request testing method and system for detecting abnormal network request data so as to solve the problem of information leakage caused by the abnormal network request data.
In one aspect, an abnormal network request testing method is provided, including:
acquiring original network request data;
Modifying parameters of the original network request data based on a preset abnormal network request test scene to generate simulated network request data;
replaying the original network request data and the simulated network request data, and judging the abnormal state of the original network request data according to the similarity of replay results of the original network request data and the simulated network request data;
and if the original network request data is judged to be abnormal network request data, repairing the original network request data according to the type of the abnormal network request test scene.
Preferably, after judging the abnormal state of the original network request data according to the replay result, the method further includes:
if the original network request data is judged to be abnormal network request data, generating a curl command according to a simulation network request corresponding to the original network request data, and generating a coding defect work order by combining the type of the abnormal network request test scene.
Preferably, after the obtaining the original network request data, the method further includes: preprocessing the original network request data, specifically including:
performing invalid network request data filtering processing on the original network request data based on host and uri rules;
And carrying out request body json standardization processing on the original network request data after the filtering processing.
Preferably, the abnormal network request test scenario includes: the first abnormal network request test scene is used for testing the login-free state access abnormal network request data, and the specific processing logic comprises the following steps:
deleting login information parameters in the original network request data in the process of modifying the network request data;
in the process of abnormality identification, when the returned result after replay is determined to be a preset data structure, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
Preferably, the abnormal network request test scenario further includes: the second abnormal network request test scene is used for testing abnormal network request data of cross-store visit store information, and the specific processing logic comprises the following steps:
in the process of modifying the network request data, modifying the operation store parameters of the network request data in the original network request data into non-current store identifications;
In the process of abnormality identification, when the returned result after replay is determined to be a preset data structure and is unequal to the returned result of unmodified operation shop parameters, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
Preferably, the abnormal network request test scenario further includes: the third abnormal network request test scene is used for testing abnormal network request data of cross-store visit store resources, and the specific processing logic comprises the following steps:
in the process of modifying the network request data, modifying the resource parameters of the network request data in the original network request data into non-current store resource identifiers;
in the process of abnormality identification, when the returned result after replay is determined to be a preset data structure, does not contain the current shop identifier and is unequal to the returned result of the unmodified resource parameter, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
Preferably, the abnormal network request test scenario further includes: the fourth abnormal network request test scenario is used for testing the unauthorized access abnormal network request data, and the specific processing logic comprises:
in the process of modifying network request data, modifying the resource parameters of the network request data in the original network request data into the resource identification in the non-authority of the current store;
in the process of abnormality identification, when the returned result after replay is determined to be a preset data structure and is unequal to the returned result of unmodified operation shop parameters, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
Preferably, the abnormal network request test scene can be modified and expanded according to different service modes.
In a second aspect, an abnormal network request testing system is provided, including:
the data acquisition unit is used for acquiring original network request data;
the first data processing unit is used for modifying parameters of the original network request data based on a preset abnormal network request test scene to generate simulated network request data;
The second data processing unit is used for replaying the original network request data and the analog network request data and judging the abnormal state of the original network request data according to the similarity of replay results of the original network request data and the analog network request data;
and the third data processing unit is used for repairing the original network request data according to the type of the abnormal network request test scene when judging that the original network request data is abnormal network request data.
In a third aspect, an electronic device is provided, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus; a memory for storing a computer program; and the processor is used for realizing the abnormal network request testing method when executing the program stored in the memory.
The invention discloses a method and a system for testing abnormal network requests, wherein the method comprises the following steps: acquiring original network request data; modifying parameters of the original network request data based on a preset abnormal network request test scene to generate simulated network request data; and replaying the original network request data and the simulated network request data, and judging the abnormal state of the original network request data according to the similarity of replay results of the original network request data and the simulated network request data. According to the invention, the abnormal state of the original stream in the current abnormal network request test scene is judged by comparing the returned results of the original network request data and the simulated network request data, so that the abnormal state information of the original network request data is rapidly screened and positioned; the method has the advantages that the method automatically generates the curl command according to the simulated network request data corresponding to the network request data, and then automatically generates the coding list by combining the types of the abnormal network request test scenes, so that the defect automatic reporting is realized, the time of the test bill is greatly saved, and the abnormal processing efficiency is improved; specific implementation details of the abnormal network request test scene are customized and adjusted through different service logics, so that the abnormal network request test scene has high flexibility and expandability, and the pertinence and the accuracy of the test are improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
In order to more clearly describe the embodiments of the present invention or the technical solutions in the background art, the following description will describe the drawings that are required to be used in the embodiments of the present invention or the background art.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flow chart of an abnormal network request testing method according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a process of modifying network request data for providing an abnormal network request test scenario according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating an anomaly identification process for providing an anomaly network request test scenario according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an abnormal network request testing system according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms first, second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better illustration of the invention. It will be understood by those skilled in the art that the present invention may be practiced without some of these specific details. In some instances, well known methods, procedures, components, and circuits have not been described in detail so as not to obscure the present invention.
At present, the network request data may contain important data such as account passwords of users and bank card passwords, so that the problem of sensitive information leakage may exist in some abnormal network request test scenes; the method has the advantages that the method automatically generates the curl command according to the simulated network request data corresponding to the network request data, and then automatically generates the coding list by combining the types of the abnormal network request test scenes, so that the defect automatic reporting is realized, the time of the test bill is greatly saved, and the abnormal processing efficiency is improved; specific implementation details of the abnormal network request test scene are customized and adjusted through different service logics, so that the abnormal network request test scene has high flexibility and expandability, and the pertinence and the accuracy of the test are improved.
Example 1
There is provided an abnormal network request testing method, referring to fig. 1, including:
s100, acquiring original network request data;
in this embodiment, the tester first needs to obtain the installation package of the client from the designated download source, and then installs the client software onto the test device according to the standard installation procedure. After the installation is completed, the tester accesses and operates various service functions such as login, browsing, transaction and the like through different terminals (such as a mobile phone, a tablet computer, a notebook computer and the like). These operations generate a series of network request data and responses that form the original network request data (i.e., raw data). To ensure that these raw network request data can be collected comprehensively and accurately, a mitxproxy tool is integrated in the client. The midbody acts as a man-in-the-middle agent and can intercept and record all network request data and responses passing through the midbody agent, so that the acquisition of the original network request data is realized. The tester may configure the mitmprox to save the collected raw network request data to a designated file or database for subsequent analysis and processing.
It should be noted that the integrated mitxproxy tool is only an alternative to network request data collection, and as long as network request data can be effectively captured and recorded, an alternative may be used, for example, mitmproxy, fiddler, charles or Wireshark tools.
S200, modifying parameters of original network request data based on a preset abnormal network request test scene to generate simulated network request data;
according to preset abnormal network request testing scenes, such as login-free access, cross-store access, unauthorized access and the like, parameters of original network request data can be modified in a targeted manner. Specifically, for the login-free access scene, the identity verification information in the network request data can be cleared, and the request in the login-free state is simulated; for cross-store access scenarios, we can modify store identification in the request header or request body so that the network request data appears to have accessed the resources of one store from another store; in the non-rights access scenario, we can modify the user rights parameters in the network request data to simulate access by users without certain specific rights. By adjusting the parameters, simulated network request data meeting the preset abnormal network request test scene can be generated, and powerful data support is provided for subsequent safety test and protection.
S300, replaying the original network request data and the simulated network request data, and judging the abnormal state of the original network request data according to the similarity of replay results of the original network request data and the simulated network request data.
The replay program (replay) of the analysis background re-initiates the request of the original network request data and the simulated network request data, and obtains a new return result (i.e. replay result), and the authentication program (differ) of the analysis background judges the abnormal state of the original network request data according to the similarity of the replay result of the original network request data and the replay result of the simulated network request data
In this embodiment, the replay program (replay) in the analysis background is responsible for re-initiating the request for the original network request data and the simulated network request data to obtain a new returned result (i.e., a replay result). The replay procedure needs to ensure the accuracy and integrity of the network request data in order to obtain reliable test results. Meanwhile, an analysis background authentication program (differ) can compare and analyze the replay result of the original network request data with the replay result of the analog network request data in detail. The authentication procedure may take care of various aspects of response time, returned content, error code, etc. to determine if the original network request data is anomalous. If the authentication program finds that there is a significant difference between the replay results of the original network request data and the simulated network request data, or the replay results of the simulated network request data trigger a preset abnormal condition, the original network request data can be considered to be abnormal. By the method, abnormal network request data can be screened out in time, potential security threats can be processed, and stability and security of a network environment are guaranteed.
S400, if the original network request data is judged to be abnormal network request data, repairing the original network request data according to the type of the abnormal network request test scene.
As a preferred embodiment, after judging the abnormal state of the original network request data according to the replay result, the method further includes:
if the original network request data is judged to be abnormal network request data, generating a curl command according to the simulated network request corresponding to the original network request data, and generating a coding defect work order by combining the type of the abnormal network request test scene.
Judging whether the network request data is abnormal, if so, reporting the defect, otherwise, ending the flow. Automatically generating a curl to facilitate development on a server or interface test tool such as postman one-key import, and quickly restoring the site; the coding worksheet is automatically generated and comprises a title (scheme+host+path+Chinese+authentication result corresponding to the object_type)/description (storage curl)/handler/belonging center/question type (Chinese+vulnerability corresponding to the object_type) and the like, so that the time of testing the worksheet is saved. The chinese map corresponding to the supplemental object_type is as follows: object_type=1 no login state access; object_type=2 to access other store information; object_type=3 to access his store resource information; object_type=4 accesses the store unauthorized resource information.
In this embodiment, once the authentication procedure determines that the network request data is abnormal, the system will automatically trigger the defect reporting mechanism. The mechanism generates detailed defect reports including detailed descriptions of anomalies, comparative analysis of replay results, etc., so that the development team can quickly locate and repair problems. Meanwhile, in order to facilitate developers to quickly restore the abnormal site and debug, the system can also automatically generate a curl command corresponding to the abnormal network request data. These curl commands can be imported directly into the server or interface test tool (e.g., postman) by the developer, and executed in one key, thereby quickly modeling the requests and responses of the abnormal network request data. In addition, the system can also automatically generate coding worksheets according to preset rules, wherein the worksheets comprise key information such as titles (scheme+host+path+Chinese+authentication result corresponding to the object_type), descriptions (storing a curl command), processing persons, affiliated centers, and problem types (Chinese+loopholes corresponding to the object_type) of the problems. The automatic work order generation mode can greatly save the time of the bill of lading of the testers and improve the efficiency of problem processing. If the authentication program judges that the network request data is normal, the whole process is ended.
In one possible embodiment, the curl command format is: "-X request method-H header-d request parameter-compressed request address", the curl command is for example as follows: the application/json ' -H ' cookie: ' -d { "app_id": "other store ids", "resource_id": "other store resource ids" } -compressed https:// xx.com/xx/xx/1.0.0. The coding worksheet format is: "title (scheme+host+path+object_type corresponds to chinese+authentication result)/description (storage curl)/handler/belonging center/question type (object_type corresponds to chinese+vulnerability)", coding worksheet examples are as follows: { "title": "[ https ]: "Curl-X POST-H 'content_type: application/json' -H 'cookie:' -d {" app_id ":" other store ids "," resource_id ":" other store resource ids "}
Compressed https:// xx. Com/xx/xx/1.0.0"," question type ": no login state access vulnerability, "handler": "Zhang san", "center of belonged": "center of labor and research" }.
As a preferred embodiment, after the original network request data is acquired, the method further includes: preprocessing original network request data, specifically including:
Performing invalid network request data filtering processing on the original network request data based on host and uri rules;
and carrying out request body json standardization processing on the original network request data after the filtering processing.
In order to improve the efficiency and accuracy of network request data processing, firstly, we perform invalid network request data filtering processing on original network request data based on host and uri rules. The purpose of this step is to remove test-independent network request data, such as inter-service communications, static resource requests, etc., to ensure that the subsequently processed network request data is valid and closely related to business logic. By defining well-defined host and uri rules, these invalid network request data can be accurately identified and filtered out, providing a clean data set for subsequent analysis and processing. After the filtering process, the request body json normalization process is performed on the remaining original network request data. In a second aspect, the resolution and processing of network request data may be complicated by the fact that different clients or servers may use different json formats or encodings. To solve this problem, the json data of the requestor is converted into a unified format and code using a unified json normalization process flow. The processing logic of the network request data is simplified, the processing efficiency is improved, the accuracy and consistency of the data can be ensured, and a reliable basis is provided for subsequent data analysis and mining.
In this embodiment, the invalid network request data is filtered through host and uri. And then uniformly processing the formats of the request bodies under different request methods, and uniformly converting the query/json/form into standardized json. Request protocol (scheme), request address (host), request address (path), request header(heads), request method (method), current return (old_res_body), processed request body (req_query/req_json/req_form), model id list (object_types), store id of operation (app_id), operator (user name), assembled into standard network request data body B as follows:
as a preferred embodiment, referring to fig. 2 and 3, the abnormal network request test scenario includes: the first abnormal network request test scene is used for testing the login-free state access abnormal network request data, and the specific processing logic comprises the following steps:
deleting login information parameters in original network request data in the process of modifying the network request data;
in the process of abnormal authentication, when the returned result after replay is determined to be a preset data structure, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
In one possible embodiment, the analysis background receives the standard network request data body B, traverses the model id list (object_types) in the standard network request data body B to match to the first abnormal network request test scene (i.e., object_types= [1 ]), and in order to simulate that the user tries to access the resource requiring login permission without login, in the process of modifying the network request data, deletes the login information parameter of the network request data in the original network request data (i.e., the cookie in the replacement headers is empty), and the abnormal judgment condition of the first abnormal network request test scene is that: new_res_body is json (preset data structure), code=0 (including request success status flag), and the following is a return body C1 of abnormal network request data under the first abnormal network request test scene parameter configuration:
in a first abnormal network request test scenario, we simulate the situation where a user tries to access a resource requiring login rights without login by deleting cookie information in the original network request data. The processing mode can truly reflect the request behavior of the user to the system in the unregistered state. Once the replay result of the simulated network request data meets the preset abnormal network request data judging condition, for example, the protected resource is successfully acquired, we determine the protected resource as abnormal network request data. In order to ensure that the problem is solved in time, the system can automatically generate a coding work order and timely feed back abnormal conditions to related development teams. The development team can rapidly locate and repair potential security holes, and the safety and stability of the system are improved.
As a preferred embodiment, referring to fig. 2 and 3, the abnormal network request test scenario further includes: the second abnormal network request test scene is used for testing abnormal network request data of cross-store visit store information, and the specific processing logic comprises the following steps:
in the process of modifying the network request data, modifying the operation store parameters of the network request data in the original network request data into non-current store identifications;
in the process of abnormality identification, when the returned result after replay is determined to be a preset data structure and is unequal to the returned result of unmodified operation shop parameters, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
In one possible embodiment, the analysis background receives the standard network request data body B, traverses the model id list (object_types) in the standard network request data body B to match to a second abnormal network request test scene (i.e., object_types= [2 ]), and in order to simulate the user to access other store information resources across stores, replaces app_id in the original network request data req_query, req_json or req_form with a recursive algorithm in the process of modifying the network request data to be key in a configuration file (i.e., modify the operation store parameter of the network request data in the original network request data to be a non-current store identifier), and the abnormal judgment condition of the second abnormal network request test scene is: new_res_body is json (preset data structure), new_res_body is not equal to old_res_body, code=0 (including request success status flag), and the following is a return body C2 of abnormal network request data under the second abnormal network request test scenario parameter configuration:
In a second abnormal network request test scenario, we simulate the user accessing other store information resources across stores by modifying the operating store parameters of the network request data in the original network request data to non-current store identifications. The processing mode can truly reflect the request behavior of cross-store access to other store information. Once the replay result of the simulated network request data meets the preset abnormal network request data judging condition, for example, the protected resource is successfully acquired, we determine the protected resource as abnormal network request data. In order to ensure that the problem is solved in time, the system can automatically generate a coding work order and timely feed back abnormal conditions to related development teams. The development team can rapidly locate and repair potential security holes, and the safety and stability of the system are improved.
As a preferred embodiment, referring to fig. 2 and 3, the abnormal network request test scenario further includes: the third abnormal network request test scene is used for testing abnormal network request data of cross-store visit store resources, and the specific processing logic comprises the following steps:
in the process of modifying the network request data, modifying the resource parameters of the network request data in the original network request data into non-current store resource identifiers;
In the abnormal identification process, when the returned result after replay is determined to be a preset data structure, the current shop identifier is not contained, and the returned result is not equal to the returned result of the unmodified resource parameter, whether the preset data structure contains a request success state mark is judged, if the request success state mark is contained, the network request data is determined to be abnormal network request data, and if the request success state mark is not contained, the network request data is determined to be normal network request data.
The third abnormal network requests the test scene to simulate cross-store access to other store resources, such as commodity information, in contrast to the second abnormal network requesting the test scene to simulate cross-store access to store information. In one possible embodiment, the analysis background receives the standard network request data body B, traverses the model id list (object_types) in the standard network request data body B to match to a third abnormal network request test scene (i.e., object_types= [3 ]), in order to simulate the user accessing other store resources across stores, in the process of modifying the network request data, a recursive algorithm is utilized to replace the resource_id in the original network request data req_query, req_json or req_form as a key in the configuration file (i.e., the operation store parameter of modifying the network request data in the original network request data is not the current store resource identifier), and the abnormal judgment condition of the third abnormal network request test scene is: the new_res_body is json, the new_res_body does not contain app_id, the new_res_body is not equal to the old_res_body new_res_body is json (preset data structure), code=0 (contains request success status flag), and the following is a return body C3 of abnormal network request data under the third abnormal network request test scene parameter configuration:
In a third abnormal network request test scenario, we simulate the user accessing other store resources across stores by modifying the operating store parameters of the network request data in the original network request data to non-current store resource identifications. The processing mode can truly reflect the request behavior of cross-store access to other store resources. Once the replay result of the simulated network request data meets the preset abnormal network request data judging condition, for example, the protected resource is successfully acquired, we determine the protected resource as abnormal network request data. In order to ensure that the problem is solved in time, the system can automatically generate a coding work order and timely feed back abnormal conditions to related development teams. The development team can rapidly locate and repair potential security holes, and the safety and stability of the system are improved.
As a preferred embodiment, referring to fig. 2 and 3, the abnormal network request test scenario further includes: the fourth abnormal network request test scenario is used for testing the unauthorized access abnormal network request data, and the specific processing logic comprises:
in the process of modifying the network request data, modifying the resource parameters of the network request data in the original network request data into the resource identification in the non-authority of the current store;
In the process of abnormality identification, when the returned result after replay is determined to be a preset data structure and is unequal to the returned result of unmodified operation shop parameters, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
In one possible embodiment, the analysis background receives the standard network request data body B, traverses the model id list (object_types) in the standard network request data body B to match to a fourth abnormal network request test scene (i.e., object_types= [4 ]), in order to simulate that the user has no authority to access the payment information resource of the store, in the process of modifying the network request data, a recursion algorithm is utilized to replace the resource_id in the original network request data req_query, req_json or req_form to be a key in the configuration file pay_id_subject (i.e., the resource parameter of the network request data in the original network request data is modified to be the resource identifier in the non-authority of the current store), and the abnormal judgment condition of the fourth abnormal network request test scene is: new_res_body is json (preset data structure), new_res_body is not equal to old_res_body, code=0 (including request success status flag), and the following is a return body C4 of abnormal network request data under the fourth abnormal network request test scenario parameter configuration:
In a fourth abnormal network request test scenario, we simulate the login state of using free resources of the store by modifying the resource parameters of the network request data in the original network request data into the resource identifiers in the non-authority of the current store, wherein the resource id in the parameters is the payment resource id of the store, and the condition of being able to return the payment resource information of the store can be simulated. The processing mode can truly reflect the request behavior of accessing the self resources across the permission. Once the replay result of the simulated network request data meets the preset abnormal network request data judging condition, for example, the protected resource is successfully acquired, we determine the protected resource as abnormal network request data. In order to ensure that the problem is solved in time, the system can automatically generate a coding work order and timely feed back abnormal conditions to related development teams. The development team can rapidly locate and repair potential security holes, and the safety and stability of the system are improved.
As a preferred embodiment, the abnormal network request test scene can be modified and expanded according to different service modes.
In one possible embodiment, the abnormal network request test scenario has high flexibility and expandability, and can be modified and expanded according to different service modes. Specific implementation details of the abnormal network request test scenario can be customized and adjusted for different business logic, system architecture or security requirements. For example, in e-commerce business, we may be concerned about abnormal behavior such as cross-store access, malicious ordering, etc.; in financial business, risks such as illegal transfer, theft and brushing may be more concerned. By flexibly adjusting and expanding the abnormal network request test scene, the test work can be ensured to closely fit the actual service requirement, so that potential security threats can be more effectively discovered and prevented. The expandability not only improves the pertinence and the accuracy of the test, but also provides powerful support for the security assurance of enterprises.
Example 2
There is provided an abnormal network request test system, referring to fig. 4, including:
a data acquisition unit 100 for acquiring original network request data;
the first data processing unit 200 is configured to modify parameters of original network request data based on a preset abnormal network request test scenario, and generate simulated network request data;
the second data processing unit 300 is configured to replay the original network request data and the analog network request data, and determine an abnormal state of the original network request data according to a similarity of replay results of the original network request data and the analog network request data;
the third data processing unit 400 is configured to repair the original network request data according to the type of the abnormal network request test scenario if the original network request data is determined to be abnormal network request data.
Example 3
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. The electronic device 600 as shown in fig. 5 includes: at least one processor 601, memory 602, at least one network interface 604, and other user interfaces 603. The various components in the electronic device 600 are coupled together by a bus system 605. It is understood that the bus system 605 is used to enable connected communications between these components. The bus system 605 includes a power bus, a control bus, and a status signal bus in addition to a data bus. But for clarity of illustration the various buses are labeled as bus system 605 in fig. 5.
The user interface 603 may include, among other things, a display, a keyboard, or a pointing device (e.g., a mouse, a trackball, a touch pad, or a touch screen, etc.).
It is to be appreciated that the memory 602 in embodiments of the invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and Direct memory bus RAM (DRRAM). The memory 602 described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
In some implementations, the memory 602 stores the following elements, executable units or data structures, or a subset thereof, or an extended set thereof: an operating system 6021 and application programs 6022.
The operating system 6021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, for implementing various basic services and processing hardware-based tasks. The application 6022 includes various application programs such as a Media Player (Media Player), a Browser (Browser), and the like for realizing various application services. The program for implementing the method of the embodiment of the present invention may be included in the application 6022.
In the embodiment of the present invention, the processor 601 is configured to execute the steps of an abnormal network request testing method provided by the method embodiments by calling a program or an instruction stored in the memory 602, specifically, a program or an instruction stored in the application program 6022.
The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. An abnormal network request testing method, comprising:
acquiring original network request data;
modifying parameters of the original network request data based on a preset abnormal network request test scene to generate simulated network request data;
replaying the original network request data and the simulated network request data, and judging the abnormal state of the original network request data according to the similarity of replay results of the original network request data and the simulated network request data;
and if the original network request data is judged to be abnormal network request data, repairing the original network request data according to the type of the abnormal network request test scene.
2. The method according to claim 1, wherein after determining the abnormal state of the original network request data according to the replay result, the method further comprises:
if the original network request data is judged to be abnormal network request data, generating a curl command according to a simulation network request corresponding to the original network request data, and generating a coding defect work order by combining the type of the abnormal network request test scene.
3. The abnormal network request testing method according to claim 1, wherein after the obtaining the original network request data, further comprises: preprocessing the original network request data, specifically including:
performing invalid network request data filtering processing on the original network request data based on host and uri rules;
and carrying out request body json standardization processing on the original network request data after the filtering processing.
4. The abnormal network request testing method according to claim 1, wherein the abnormal network request testing scenario comprises: the first abnormal network request test scene is used for testing the login-free state access abnormal network request data, and the specific processing logic comprises the following steps:
deleting login information parameters in the original network request data in the process of modifying the network request data;
in the process of abnormal authentication, when the returned result after replay is determined to be a preset data structure, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
5. The abnormal network request testing method according to claim 1, wherein the abnormal network request testing scenario further comprises: the second abnormal network request test scene is used for testing abnormal network request data of cross-store visit store information, and the specific processing logic comprises the following steps:
in the process of modifying the network request data, modifying the operation store parameters of the network request data in the original network request data into non-current store identifications;
in the abnormal identification process, when the returned result after replay is determined to be a preset data structure and is unequal to the returned result of unmodified operation shop parameters, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
6. The abnormal network request testing method according to claim 1, wherein the abnormal network request testing scenario further comprises: the third abnormal network request test scene is used for testing abnormal network request data of cross-store visit store resources, and the specific processing logic comprises the following steps:
In the process of modifying the network request data, modifying the resource parameters of the network request data in the original network request data into non-current store resource identifiers;
in the process of abnormal identification, when the returned result after replay is determined to be a preset data structure, the current shop identifier is not contained, and the returned result is not equal to the returned result of the unmodified resource parameter, whether the preset data structure contains a request success state mark is judged, if the request success state mark is contained, the network request data is determined to be abnormal network request data, and if the request success state mark is not contained, the network request data is determined to be normal network request data.
7. The abnormal network request testing method according to claim 1, wherein the abnormal network request testing scenario further comprises: the fourth abnormal network request test scenario is used for testing the unauthorized access abnormal network request data, and the specific processing logic comprises:
in the process of modifying network request data, modifying the resource parameters of the network request data in the original network request data into the resource identification in the non-authority of the current store;
in the abnormal identification process, when the returned result after replay is determined to be a preset data structure and is unequal to the returned result of unmodified operation shop parameters, judging whether the preset data structure contains a request success state mark, if so, determining that the network request data is abnormal network request data, and if not, determining that the network request data is normal network request data.
8. The abnormal network request testing method according to claim 1, wherein the abnormal network request testing scene can be modified and expanded according to different service modes.
9. An abnormal network request testing system, comprising:
the data acquisition unit is used for acquiring original network request data;
the first data processing unit is used for modifying parameters of the original network request data based on a preset abnormal network request test scene to generate simulated network request data;
the second data processing unit is used for replaying the original network request data and the analog network request data and judging the abnormal state of the original network request data according to the similarity of replay results of the original network request data and the analog network request data;
and the third data processing unit is used for repairing the original network request data according to the type of the abnormal network request test scene when judging that the original network request data is abnormal network request data.
10. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
A memory for storing a computer program;
a processor for implementing an abnormal network request testing method according to any one of claims 1 to 8 when executing a program stored on a memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410003728.3A CN117834265A (en) | 2024-01-02 | 2024-01-02 | Abnormal network request testing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410003728.3A CN117834265A (en) | 2024-01-02 | 2024-01-02 | Abnormal network request testing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117834265A true CN117834265A (en) | 2024-04-05 |
Family
ID=90520580
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410003728.3A Pending CN117834265A (en) | 2024-01-02 | 2024-01-02 | Abnormal network request testing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117834265A (en) |
-
2024
- 2024-01-02 CN CN202410003728.3A patent/CN117834265A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8225281B1 (en) | Automated baseline deployment system | |
| US10462148B2 (en) | Dynamic data masking for mainframe application | |
| US9229844B2 (en) | System and method for monitoring web service | |
| CN111835756B (en) | APP privacy compliance detection method and device, computer equipment and storage medium | |
| KR100926735B1 (en) | Web source security management system and method | |
| Glisson et al. | An empirical comparison of data recovered from mobile forensic toolkits | |
| Li et al. | LogicScope: Automatic discovery of logic vulnerabilities within web applications | |
| US11297091B2 (en) | HTTP log integration to web application testing | |
| CN114138590A (en) | Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment | |
| KR20230156129A (en) | Blockchain-based responsible distributed computing system | |
| CN108650123B (en) | Fault information recording method, device, equipment and storage medium | |
| US7454791B1 (en) | Method and system for checking the security on a distributed computing environment | |
| JP4363214B2 (en) | Access policy generation system, access policy generation method, and access policy generation program | |
| CN113542191A (en) | Block chain based data access and verification method and device | |
| CN114006735B (en) | Data protection method, device, computer equipment and storage medium | |
| CN112015715A (en) | Industrial Internet data management service testing method and system | |
| CN117834265A (en) | Abnormal network request testing method and system | |
| CN111241547A (en) | Detection method, device and system for unauthorized vulnerability | |
| CN114003916A (en) | Method, system, terminal and storage medium for testing WEB role longitudinal override vulnerability | |
| CN112468356B (en) | Router interface testing method, device, electronic equipment and storage medium | |
| KR102178048B1 (en) | Data monitoring method by detecting personal information downloaded | |
| CN113485905B (en) | Test method, device, equipment and computer storage medium in data transaction | |
| CN113949578B (en) | Automatic detection method and device for unauthorized loopholes based on flow and computer equipment | |
| CN110930234B (en) | Financial management method with remote access function | |
| CN114357460A (en) | Vulnerability detection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |