JP2011113315A - Program, apparatus and method for extracting verification object - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To efficiently extract hidden attribute items of a Web application involving potential security issues as verification objects. <P>SOLUTION: A verification object extraction apparatus 1 extracts request parameters 24 from request data 21a and 21b and extracts hidden attribute items 23 from response data 22a and 22b. The verification object extraction apparatus 1 further extracts hidden attribute items having values which are not included in the request parameters 24 from the extracted hidden attribute items 23 as unentered hidden attribute items 25. The verification object extraction apparatus 1 then extracts duplicates between first message data 20a and second message data 20b as verification object hidden attribute items 26. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a verification target extraction program, a verification target extraction apparatus, and a verification target extraction method for extracting a non-display attribute item to be verified by a structured document providing application.

  In implementing a web application (structured document providing application), it is indispensable to prepare against external attacks that exploit the vulnerabilities of the web application. There are a variety of factors that make web applications vulnerable. One of them is an illegal operation of a non-display attribute item of a structured document. The illegal operation of the non-display attribute of the structured document is, for example, an illegal operation of the hidden field of HTML (HyperText Markup Language).

  The hidden field is an HTML form item (non-display attribute item) that is not displayed on the screen of the web browser (structured document viewing application), and is sent to the web server along with user input data when sending a request from the web browser. Is done. The value of the hidden field is normally not rewritten by the user, and is used for holding information across a plurality of pages, such as passing parameters from one page to the next.

  Here, an example in which the hidden field causes a security problem will be described. FIG. 20 shows a site example “example. It is a figure which shows an example of the HTML page of com. The example site example. The response HTML page 95 includes a hidden field with a hidden field name 96 of “to” and a hidden field value 97 of “admin@example.com”. Assume that a mail is sent from the web server to “admin@example.com” by submitting a form including the hidden field. At this time, when the user changes the value of the name “to” to another arbitrary mail address and makes a request to the web server, the web server may transmit mail to the mail address after the change. If the specification of the web application allows mail transmission to the mail address after the change, this web server may be abused as a mail transmission server with weak usage restrictions, and such a specification is not preferable in terms of security. In this case, it is appropriate that the web server side holds the mail transmission destination address, not the hidden field.

  Therefore, in order to develop a secure web application, proposals have been made to detect hidden fields that have or may have security problems.

  For example, there is a method of collecting and presenting information in the hidden field of a page visited by a browser. The inspector or developer can extract a hidden field having a security problem from the presented hidden field. However, this method leaves the hidden field extraction work having security problems to an inspector or a developer, and the work load becomes excessive when the number of pages to be visited by the browser increases.

  In addition, there is a method in which an inspector or a developer changes a parameter of the hidden field, makes a request to the web server, and verifies the response to detect the hidden field having a security problem. However, since the parameter of the hidden field cannot be changed on a normal browser, this method requires time and effort to change the parameter of the hidden field itself. Further, in this method, when the change operation is automated, the accuracy of determining whether or not the hidden field has a security problem from the response decreases.

  There is also a method for analyzing the vulnerability of a website based on session tracking parameters included in communication contents. This method extracts parameters that are highly likely to be used as session tracking parameters by assigning priorities to various parameters included in communication contents and evaluating them. However, this method can take various values as compared with the session ID, and the accuracy is lowered when the priority is given to the parameter of the hidden field that is not necessarily highly related to the personal information.

Japanese Patent No. 4170243 Japanese Patent No. 3896486

  As described above, in order to develop a secure web application, some proposals have been made to detect a parameter having a security problem from hidden attribute items such as a hidden field. However, these methods are not always easy to use because the burden on workers such as inspectors and developers is excessive, and parameters with security problems cannot be detected with the expected accuracy. I couldn't.

  The present invention has been made in view of such a point, and a verification target extraction program capable of efficiently extracting a non-display attribute item that is a verification target of a web application that has or may have a security problem, An object of the present invention is to provide a verification target extraction apparatus and a verification target extraction method.

  In order to solve the above problem, a verification target extraction program is provided that causes a computer to function as a verification target extraction device that extracts a non-display attribute item to be verified by a structured document providing application.

The verification target extraction device includes request parameter extraction means, non-display attribute item extraction means, non-input non-display attribute item extraction means, and verification target non-display attribute item extraction means.
The request parameter extraction unit extracts the request parameter from the request data included in the first message data and the second message data, and stores the request parameter in the request parameter storage unit. The first message data includes the contents of a series of communications between the server on which the structured document providing application is installed and the client on which the structured document browsing application provided by the server is installed. The second message data includes the contents of a series of communications at a different timing from the series of communications included in the first message data. The contents of the series of communication include request data from the client to the server and response data from the server to the client.

  The non-display attribute item extraction unit extracts the non-display attribute item from the response data included in the first message data and the second message data, and stores the non-display attribute item in the non-display attribute item storage unit.

  The non-input non-display attribute item extraction unit is configured to delete a non-display attribute item having a value not included in the request parameter stored in the request parameter storage unit from among the non-display attribute items stored in the non-display attribute item storage unit. Extract as input hidden attribute item. Then, the non-input non-display attribute item extraction unit stores the non-input non-display attribute item in the non-input non-display attribute item storage unit.

  The verification target non-display attribute item extraction unit includes the non-input non-display attribute item included in the first message data and the second message among the non-input non-display attribute items stored in the non-input non-display attribute item storage unit. A non-input hidden attribute item that overlaps with the non-input hidden attribute item included in the data is extracted as a verification target hidden attribute item.

  According to the above-described verification target extraction program, verification target extraction device, and verification target extraction method, it is possible to efficiently display hidden attribute items to be verified by a structured document providing application that has or may have a security problem. Can be extracted.

It is a block diagram of the verification object extraction device of a 1st embodiment. It is a figure which shows the structural example of the verification object extraction system of 2nd Embodiment. It is a figure which shows the hardware structural example of the verification object extraction apparatus of 2nd Embodiment. It is a functional block diagram of the verification object hidden field extraction part of 2nd Embodiment. It is a functional block diagram of the HTTP message sequence generation part of a 2nd embodiment. It is a figure which shows the Example format of the browser operation script of 2nd Embodiment. It is a figure which shows the example of a HTML document display which the web application of 2nd Embodiment provides. It is a figure which shows the example of a HTML document display which the web application of 2nd Embodiment provides. It is a flowchart of the HTTP message string generation control process of the second embodiment. It is a flowchart of the HTTP message string acquisition process of 2nd Embodiment. It is a figure which shows an example of the 1st HTTP message sequence of 2nd Embodiment. It is a figure which shows an example of the 1st HTTP message sequence of 2nd Embodiment. It is a figure which shows an example of the 2nd HTTP message sequence of 2nd Embodiment. It is a figure which shows an example of the 2nd HTTP message sequence of 2nd Embodiment. It is a flowchart of the non-input hidden field analysis process of 2nd Embodiment. It is a flowchart of the non-input hidden field extraction process of 2nd Embodiment. It is a figure which shows an example of the request parameter value set of 2nd Embodiment. It is a figure which shows an example of the non-input hidden field set of 2nd Embodiment. It is a figure which shows an example of the verification object hidden field set of 2nd Embodiment. Example site example. It is a figure which shows an example of the HTML page of com.

Before describing the embodiment, first, a hidden field to be extracted by the embodiment, that is, a hidden field having a security problem will be described.
For example, a Web server stores the server administrator's email address to=admin@example.com (name is to and value is admin@example.com) in the hidden field value in the response. And if you submit a form that includes this hidden field, the server will send an email to admin@example.com. At this time, if you change the parameter to value to any other email address and request it, mail may be sent to the new email address from the server. If such a mechanism is used, this server may be abused as a mail transmission server with a weak usage restriction, which is not preferable in terms of security. In this example, it is reasonable to keep the destination email address on the server side, not in the hidden field.

  The hidden field above is an example of a usage that has security problems, but there are of course reasonable usages. For example, when used as a temporary storage location for user input values, or when used as an ID for identifying a page or session, it is considered to be an appropriate usage. On the other hand, hidden fields that are used differently from these fields, that is, hidden fields that the server knows from the beginning and set a value that does not need to be retransmitted by the browser, are likely to have a security problem. It can be judged. In other words, a hidden field in which the value has never been entered (requested) in the past and the same value is set at any time can be regarded as a “suspicious hidden field”. The disclosed verification target extraction apparatus extracts such a suspicious hidden field.

Hereinafter, embodiments will be described with reference to the drawings.
FIG. 1 is a block diagram of a verification target extraction apparatus according to the first embodiment.
The verification target extraction apparatus 1 according to the first embodiment extracts the verification target non-display attribute item 26 to be verified by the structured document providing application from the first message data 20a and the second message data 20b. The structured document is, for example, data described in a markup language such as HTML or XML (Extensible Markup Language), and includes a character string including tags and parameters.

  The first message data 20a is a series of communications between a server (for example, a web server) in which a structured document providing application is implemented and a client in which a structured document viewing application (for example, a web browser) provided by the server is implemented. It has contents of. The first message data 20a includes request data 21a from the client to the server and response data 22a from the server to the client. The second message data 20b has the contents of a series of communications at different timings from the series of communications included in the first message data 20a. The second message data 20b includes request data 21b from the client to the server and response data 22b from the server to the client. The response data 22a, 22b includes a structured document provided by the server and viewed by the client. For example, HTTP (HyperText Transfer Protocol) or HTTPS (HyperText Transfer Protocol over Secure Sockets Layer) is used for communication between the server and the client.

  The server provides the structured document providing service to the client by the structured document providing application to be verified. The verification target non-display attribute item 26 is a non-display attribute item 23 and is a verification target of the structured document providing application. The non-display attribute item 23 is an item (non-display attribute item) that is not displayed on the structured document browsing screen (for example, a web browser screen), and is, for example, an HTML hidden field.

  The verification target extraction device 1 includes a request parameter extraction unit 11, a non-display attribute item extraction unit 12, a non-input non-display attribute item extraction unit 15, and a verification target non-display attribute item extraction unit 17.

  The request parameter extraction unit 11 extracts the request parameter 24 from the request data 21a and 21b included in the first message data 20a and the second message data 20b. Then, the request parameter extraction unit 11 stores the request parameter 24 in the request parameter storage unit 14. The request parameter storage unit 14 stores zero, or one or more request parameters 24. The request data 21a and 21b can be input to the request parameter extraction unit 11 via a storage unit (not shown) provided in the verification target extraction device 1. The request data 21a and 21b can be obtained from an external storage medium 108 described later or a computer connected to the network. The request data 21a and 21b can also be obtained from an application (for example, a proxy server or a packet capture) that operates on the verification target extraction device 1.

  The non-display attribute item extraction unit 12 extracts the non-display attribute item 23 from the response data 22a and 22b included in the first message data 20a and the second message data 20b. Then, the non-display attribute item extraction unit 12 stores the extracted non-display attribute item 23 in the non-display attribute item storage unit 13. The non-display attribute item storage unit 13 stores zero or one or more non-display attribute items 23. The response data 22a and 22b can be input to the non-display attribute item extraction unit 12 via a storage unit (not shown) included in the verification target extraction device 1. The response data 22a and 22b can be acquired from an external storage medium 108 described later or a computer connected to the network. The response data 22a and 22b can also be obtained from an application (for example, a proxy server or a packet capture) that operates on the verification target extraction apparatus 1.

  The non-input non-display attribute item extraction unit 15 has a value not included in the request parameter 24 stored in the request parameter storage unit 14 among the non-display attribute items 23 stored in the non-display attribute item storage unit 13. The display attribute item is extracted as a non-input non-display attribute item 25. That is, the value of the non-input non-display attribute item 25 indicates that it has never been included in the request data from the client to the server.

  Then, the non-input non-display attribute item extraction unit 15 stores the extracted non-input non-display attribute item 25 in the non-input non-display attribute item storage unit 16. The non-input non-display attribute item storage unit 16 stores zero, or one or more non-input non-display attribute items 25.

  The verification target non-display attribute item extraction unit 17 extracts the verification target non-display attribute item 26 from the non-input non-display attribute item 25 stored in the non-input non-display attribute item storage unit 16. The verification target non-display attribute item 26 extracted here is duplicated between the non-input non-display attribute item included in the first message data 20a and the non-input non-display attribute item included in the second message data 20b. It is a non-input hidden attribute item.

  According to such a configuration, the verification target non-display attribute item 26 is a non-display attribute item having the same value even at different timings without requesting the value of the non-display attribute item. That is, the verification target non-display attribute item 26 corresponds to the suspicious non-display attribute item having or possibly having the security problem described above. Therefore, the verification target extraction apparatus 1 can efficiently extract the verification target of the web application from the first message data 20a and the second message data 20b. This reduces the burden on workers such as inspectors and developers.

  Next, the second embodiment will be described in detail. FIG. 2 is a diagram illustrating a configuration example of the verification target extraction system according to the second embodiment. The verification target extraction system includes a verification target extraction device 100, a web server 2, a proxy server 3, and a client 4 connected via a network 5.

  The web server 2 implements a web application (structured document providing application) 46 and provides web content in response to a request from the client 4. The client 4 mounts a web browser, receives a web content corresponding to the request from the web server 2, and displays it on the web browser.

  For example, the web server 2 and the client 4 are connected by a network 5 based on the Internet technology, and communicate with each other using HTTP or HTTPS. At this time, the request data is data included in a request from the client 4 to the web server 2. Response data is data included in a response from the web server 2 to the client 4. The message data is request data and response data included in a series of communications (for example, one session) between the client 4 and the web server 2.

  Since the message data can be obtained from a series of communication contents between the client 4 and the web server 2, the proxy server 3 relays communication between the web server 2 and the client 4 in addition to the web server 2 and the client 4. Can be acquired. The communication content can be acquired not only by the proxy server 3 but also by packet capture from a relay device that relays communication between the web server 2 and the client 4 such as a firewall, a router or a switch (not shown).

  When the communication protocol is encrypted communication such as HTTPS, the proxy server 3 acquires the plain text communication content by dividing the SSL (Secure Sockets Layer) session between the web server 2 and the client 4 into two. be able to.

  The verification target extraction apparatus 100 includes a verification target hidden field extraction unit 30 and an HTTP message string generation unit 50. In the verification target extraction apparatus 100, the message data generated by the HTTP message string generation unit 50 is input, and the verification target hidden field extraction unit 30 extracts the verification target hidden field. The HTTP message sequence generation unit 50 may be provided in the client 4, the web server 2, the proxy server 3, and the like. In this case, the verification target extraction device 100 includes the client 4, the web server 2, and the proxy server 3. The message data obtained by the above can be used as input. At least two pieces of message data are acquired as a series of communications with different timings (for example, two sessions with different timings).

Note that the verification target extraction device 100 may also function as one or more of the client 4, the web server 2, and the proxy server 3.
In the second embodiment, the verification target extraction device 100 will be described as having a browser function included in the client 4.

  A hardware configuration example of the verification target extraction apparatus 100 will be described. FIG. 3 is a diagram illustrating a hardware configuration example of the verification target extraction apparatus according to the second embodiment. The entire verification target extraction apparatus 100 is controlled by a CPU (Central Processing Unit) 101. A random access memory (RAM) 102, a hard disk drive (HDD) 103, a communication interface 104, a graphic processing device 105, and an input / output interface 106 are connected to the CPU 101 via a bus 107.

  The RAM 102 temporarily stores at least a part of an OS (Operating System) program to be executed by the CPU 101 and an application program for extracting a verification target from message data. The RAM 102 stores various data necessary for processing by the CPU 101. The HDD 103 stores an OS and application programs.

  The communication interface 104 is connected to the network 5. The communication interface 104 transmits / receives data to / from other computers via the network 5.

  A monitor 110 is connected to the graphic processing device 105. The graphic processing device 105 displays an image on the screen of the monitor 110 in accordance with a command from the CPU 101.

  A keyboard 111 and a mouse 112 are connected to the input / output interface 106. The input / output interface 106 transmits signals sent from the keyboard 111 and the mouse 112 to the CPU 101 via the bus 107. The input / output interface 106 can be connected to an external storage medium interface that can write information to the external storage medium 108 and read information from the external storage medium 108.

  With the hardware configuration as described above, the processing functions of the present embodiment can be realized. Note that other computers (for example, the client 4, the web server 2, and the proxy server 3) connected via the network 5 can be realized with the same hardware configuration.

  Next, the verification target hidden field extraction unit 30 provided in the verification target extraction apparatus 100 of the second embodiment will be described. FIG. 4 is a functional block diagram of the verification target hidden field extraction unit according to the second embodiment.

  The verification target hidden field extraction unit 30 is provided in the verification target extraction device 100. The verification target hidden field extraction unit 30 inputs two HTTP message strings 40 and 41 and outputs a verification target hidden field set 44.

  The HTTP message strings 40 and 41 are data in which predetermined request data in HTTP communication between the web server 2 and the client 4 in which the web application 46 to be inspected is mounted and response data corresponding to the request data are arranged in time series. The HTTP message sequence 40 and the HTTP message sequence 41 are data acquired based on a series of communications (for example, different sessions) having different timings between the web server 2 and the client 4. The HTTP message sequence 40 and the HTTP message sequence 41 may be data acquired by different clients 4 connected to the web server 2.

  The predetermined request data is data generated when an HTTP client is operated based on predetermined operation information. The HTTP message string 40 and the HTTP message string 41 have the same request data. Similar request data refers to request data obtained when operating an HTTP client based on the same operation information.

  The verification target hidden field set 44 is data obtained by extracting, from the hidden fields included in the response data, the hidden field that may be a security problem of the web application 46 as the verification target.

  Note that the HTTP message sequence 40 and the HTTP message sequence 41 may be determined before the verification target hidden field extraction unit 30 is executed, or may be stream data sequentially input during the execution.

  The verification target hidden field extraction unit 30 includes a non-input hidden field analysis unit 31, a request parameter analysis unit 32, a hidden field analysis unit 33, and a duplicate hidden field analysis unit 36. Further, the verification target hidden field extraction unit 30 includes a request parameter value storage unit 34 that stores a request parameter value set 42, and an uninput hidden field storage unit 35 that stores an uninput hidden field set 43. The request parameter value storage unit 34 and the non-input hidden field storage unit 35 can be realized by the RAM 102, for example. The request parameter value storage unit 34 and the non-input hidden field storage unit 35 store the data via the HDD 103, other storage devices, the external storage medium 108, or the network 5 as long as the data can be stored. It may be a thing.

  The uninput hidden field analysis unit 31 sequentially analyzes the HTTP message strings 40 and 41 and extracts request data and response data from the HTTP message strings 40 and 41. The uninput hidden field analysis unit 31 passes the request data to the request parameter analysis unit 32. The uninput hidden field analysis unit 31 passes the response data to the hidden field analysis unit 33.

  The request parameter analysis unit 32 extracts a request parameter value from the request data and passes it to the non-input hidden field analysis unit 31. The uninput hidden field analysis unit 31 stores the request parameter values in the request parameter value storage unit 34 as a request parameter value set 42. The request parameter value set 42 includes a request parameter value set P 1 based on the HTTP message sequence 40 and a request parameter value set P 2 based on the HTTP message sequence 41. The request parameter is a parameter included in the request data, and includes, for example, a URL query parameter, a form data parameter transmitted by the POST method, a cookie, and the like.

  The hidden field analysis unit 33 extracts the hidden field from the response data and passes it to the uninput hidden field analysis unit 31. The uninput hidden field analysis unit 31 refers to the request parameter value set 42 and determines whether or not the value of the hidden field has a requested history. When the hidden field value does not have the requested history, the hidden field analysis unit 31 determines that the hidden field is an uninput hidden field. The non-input hidden field analysis unit 31 stores the non-input hidden field storage unit 35 in the non-input hidden field storage unit 35 as a non-input hidden field set 43. The uninput hidden field set 43 includes an uninput hidden field set H1 based on the HTTP message sequence 40 and an uninput hidden field set H2 based on the HTTP message sequence 41.

  The duplicate hidden field analysis unit 36 refers to the non-input hidden field set 43 generated by the non-input hidden field analysis unit 31 and extracts a non-input hidden field duplicated in the HTTP message strings 40 and 41. Here, the non-input hidden field extracted from the non-input hidden field set 43 is set as a verification target hidden field. The duplicate hidden field analysis unit 36 outputs the extracted verification target hidden field as the verification target hidden field set 44.

  As a result, the verification target hidden field extraction unit 30 automatically eliminates the decision of the person who makes the determination as a verification target for the hidden field having a value without a requested history that is duplicated in the HTTP message strings 40 and 41. E) can be extracted. Such hidden fields may have security problems, and inspectors and developers can preferentially check the extracted hidden fields and efficiently develop secure web applications. Can do.

  The verification target hidden field extraction unit 30 receives the HTTP message strings 40 and 41 as input, but may receive request data and response data extracted from the HTTP message strings 40 and 41, respectively.

  In addition, although it was set as the same request data by the HTTP message sequence 40 and the HTTP message sequence 41, it does not necessarily need to be the same. For example, if it can be determined that the possibility of duplication of the hidden field that may cause a security problem between the HTTP message sequence 40 and the HTTP message sequence 41 is sufficiently large in terms of probability, there is no requirement for the same request data. . The case where it can be determined that the probability is sufficiently large is, for example, a case where a sufficient amount of resources such as an HTML document provided by a web application to be verified is prepared for the verification range. For example, the determination as to whether or not the possibility of duplication is sufficient can set the size of the collected data with respect to the verification range or the collection range as a threshold for determination.

  Next, the HTTP message string generation unit 50 provided in the verification target extraction apparatus 100 according to the second embodiment will be described. FIG. 5 is a functional block diagram of an HTTP message string generation unit according to the second embodiment.

  The HTTP message string generation unit 50 is provided in the verification target extraction device 100. The HTTP message string generation unit 50 receives the browser operation script 45 and the resource (response data) provided by the web application 46, and outputs the HTTP message strings 40 and 41 to the verification target hidden field extraction unit 30. The verification target hidden field extraction unit 30 receives the HTTP message strings 40 and 41 and outputs a verification target hidden field set 44. Therefore, the verification target extraction apparatus 100 inputs the browser operation script 45 and the web application 46 and outputs the verification target hidden field set 44.

  Here, first, the browser operation script 45 and the web application 46 will be described. The browser operation script 45 is a list of browser operation contents, and is described according to a predetermined rule. The browser operation script 45 is configured to include, for example, a Selenium format as a main input form of Selenium RC and a basic URL (Uniform Resource Locator) as shown in FIG. The series format is a list describing the operation contents of the browser. The basic URL includes a communication protocol (scheme) with the web server to be inspected and a web server name (authority) to be inspected, for example, http: // example. com /. The Selenium RC is disclosed in, for example, http://selenium-rc.openqa.org/.

  FIG. 6 is a diagram illustrating an example of a browser format of the browser operation script according to the second embodiment. The browser operation script 45 shown in the browser operation script example 70 includes command, target, and value as elements. The browser operation script example 70 is a list in which the operation order of the browser operations 71, 72, 73 is arranged in time series.

  The browser operation 71 (open, / form1,) means “request a page whose URI (Uniform Resource Identifier) is“ / form1 ”and wait until the page is read”.

The browser operation 72 (type, name, Ryo Kuzuru) has the meaning of “input“ Zoro Kyo Ryo ”in the input field whose name is“ name ””.
The browser operation 73 (clickAndWait, // input [@ value = 'send'],) means "look for an" input "tag with the" value "attribute and click it to wait until the page is read" Become.

  The web application 46 is an application for the web server to provide resources such as an HTML document in response to a request from the client. The web application 46 will be described with reference to FIGS. 7 and 8 are diagrams showing examples of HTML document display provided by the web application according to the second embodiment.

  The resource provided by the web application 46 is, for example, an HTML document, and when viewed with a browser, HTML document display examples 74 and 76 are obtained. An HTML document display example 74 includes URL http: // example. com / form1 is opened and “Ryozo Morozuka” is entered in the input field for the person name. The HTML document display example 76 is a display screen obtained as a response after the transmission button is pressed on the screen of the HTML document display example 74.

  The hidden field 75 is data that is set in the HTML document display example 74 and is not displayed on the browser. At this time, the hidden field 75 has a value of “id = 1E4DC00D476ABDF1”, for example.

  The hidden field 77 is data that is set in the HTML document display example 76 and is not displayed on the browser. At this time, the hidden field 77 has values of “id = 1E4DC00D476ABDF1,” “name = Ryo Kazuka,” “to=admin@example.com”, for example.

As described above, the web application 46 provides resources such as an HTML document including a hidden field to the HTTP message string generation unit 50.
Here, returning to FIG. 5, the HTTP message string generation unit 50 will be described. The HTTP message sequence generation unit 50 includes a control unit 51, a browser operation unit 52, a browser 53, an HTTP message sequence acquisition unit 54, and an HTTP message sequence storage unit 55.

  The control unit 51 comprehensively controls the HTTP message sequence generation unit 50 and transfers the HTTP message sequences 40 and 41 based on the received browser operation script 45 to the verification target hidden field extraction unit.

  The browser operation unit 52 operates the browser 53 according to the browser operation script 45 received by the control unit 51. The browser operation unit 52 can be, for example, Selenium RC. The Selenium RC operates the browser 53 by interpreting the browser operation script 45 in the Selene format and the basic URL.

  The browser 53 is an application for browsing resources provided by the web application 46. The browser 53 transmits a request to a web server that implements the web application 46, and receives a response from the web server that received the request. The browser 53 only needs to be operable by the browser operation unit 52, and for example, Mozilla Firefox can be used. Note that the browser here may be an HTTP client that can process the response by making a request to the web application 46, and is not limited to a narrowly defined browser (for example, a web browser) such as a visual user agent.

  The HTTP message string acquisition unit 54 is located in the communication path between the browser 53 and the web application 46 and acquires an HTTP message from communication between the browser 53 and the web application 46. The HTTP message string acquisition unit 54 stores the acquired HTTP message in the HTTP message string storage unit 55. The HTTP message string acquisition unit 54 can be realized as, for example, an HTTP proxy server. Further, the HTTP message string storage unit 55 can acquire plain text from encrypted communication such as HTTPS by dividing the session of the browser 53 and the web application 46 into two sessions before and after the HTTP proxy server. Further, the HTTP message string acquisition unit 54 can be realized by packet capture, for example.

  As described above, the HTTP message string generation unit 50 receives the prepared browser operation script 45, and the request data included in the communication when the browser 53 acquires the page set as the circulation range by the browser operation script 45. And an HTTP message string including response data. The HTTP message string generation unit 50 generates two sets of such HTTP message strings (HTTP message strings 40 and 41).

  The HTTP message strings 40 and 41 generated in this way are passed to the verification target hidden field extraction unit 30. The verification target hidden field extraction unit 30 extracts the verification target hidden field set 44 having or possibly having a security problem from the HTTP message strings 40 and 41.

  Note that the HTTP message string generation unit 50 may be provided in a computer separate from the verification target extraction apparatus 100 including the verification target hidden field extraction unit 30. For example, the HTTP message sequence generation unit 50 can be provided in the web server 2, the proxy server 3, and the client 4 described in FIG. The HTTP message sequences 40 and 41 generated by the HTTP message sequence generation unit 50 can be transferred to the verification target extraction apparatus 100 including the verification target hidden field extraction unit 30 via the network 5. Alternatively, the HTTP message strings 40 and 41 can be transferred to the verification target extraction apparatus 100 via the external storage medium 108.

  Next, the HTTP message string generation control process executed by the control unit 51 will be described in detail using a flowchart. FIG. 9 is a flowchart of HTTP message string generation control processing according to the second embodiment. The HTTP message string generation control process is a process executed by the control unit 51, and is executed in response to an execution instruction from an operator, for example.

[Step S11] The control unit 51 receives an input of the browser operation script 45.
[Step S12] The control unit 51 stores the HTTP message sequence acquired by the HTTP message sequence acquisition unit 54 in the storage area (first HTTP message sequence storage area) of the first HTTP message sequence (HTTP message sequence 40). The HTTP message string acquisition unit 54 is instructed to do so. The first HTTP message string storage area is set in the HTTP message string storage unit 55.

  [Step S <b> 13] The control unit 51 instructs the communication between the browser 53 and the web application 46 to pass through the HTTP message string acquisition unit 54. For example, the control unit 51 sets a proxy server for the browser 53. Then, the control unit 51 instructs the browser operation unit 52 to execute the browser operation script 45.

  [Step S14] The control unit 51 monitors the end of a series of browser operations based on the browser operation script 45, and instructs the HTTP message sequence acquisition unit 54 to end the storage of the first HTTP message sequence.

  [Step S15] The control unit 51 stores the HTTP message sequence acquired by the HTTP message sequence acquisition unit 54 in the storage area (second HTTP message sequence storage area) of the second HTTP message sequence (HTTP message sequence 41). The HTTP message string acquisition unit 54 is instructed to do so. The second HTTP message string storage area is set in the HTTP message string storage unit 55.

  [Step S <b> 16] The control unit 51 instructs the communication between the browser 53 and the web application 46 to pass through the HTTP message string acquisition unit 54. For example, the control unit 51 sets a proxy server for the browser 53. Then, the control unit 51 instructs the browser operation unit 52 to execute the browser operation script 45.

  [Step S17] The control unit 51 monitors the end of a series of browser operations based on the browser operation script 45, and instructs the HTTP message sequence acquisition unit 54 to end the storage of the second HTTP message sequence.

  [Step S18] The control unit 51 notifies the verification target hidden field extraction unit 30 of the storage area of the first HTTP message sequence and the storage area of the second HTTP message sequence, and inputs the HTTP message sequences 40 and 41. Instruct. The control unit 51 ends the HTTP message string generation control process.

  Next, the HTTP message sequence acquisition process executed by the HTTP message sequence acquisition unit 54 will be described in detail using a flowchart. FIG. 10 is a flowchart of HTTP message string acquisition processing according to the second embodiment. The HTTP message string acquisition process is a process executed by the HTTP message string acquisition unit 54 and is executed in response to an instruction from the control unit 51.

[Step S <b> 21] The HTTP message sequence acquisition unit 54 receives an instruction from the control unit 51 for a storage area for storing the HTTP message sequence.
[Step S22] The HTTP message string acquisition unit 54 repeats the processing from step S22 to step S29 unless there is an end instruction from the control unit 51.

[Step S <b> 23] The HTTP message string acquisition unit 54 receives a request for the web application 46 from the browser 53.
[Step S24] The HTTP message sequence acquisition unit 54 secures an HTTP message sequence storage area in the HTTP message sequence storage unit 55 based on an instruction from the control unit 51.

[Step S25] The HTTP message string acquisition unit 54 stores the request from the browser 53 to the web application 46 in the HTTP message string storage area.
[Step S26] The HTTP message string acquisition unit 54 processes the request received from the browser 53 as a proxy server (for example, changes the Connection header field) and transmits it to the web application 46. Further, the HTTP message string acquisition unit 54 processes the response received from the web application 46 (for example, changes the Connection header field).

  [Step S27] The HTTP message string acquisition unit 54 stores the response to the browser 53 and the time at which the response was received in the reserved HTTP message string storage area.

[Step S28] The HTTP message string acquisition unit 54 transmits the processed response to the browser 53.
[Step S29] If there is no termination instruction from the control unit 51, the HTTP message string acquisition unit 54 proceeds to step S22, and if there is an termination instruction from the control unit 51, the HTTP message sequence acquisition processing ends.

  The HTTP message string acquisition unit 54 executes an HTTP message string acquisition process for each acquisition of the HTTP message strings 40 and 41. By executing the HTTP message sequence acquisition process twice based on the instruction of the control unit 51, the first HTTP message sequence is stored in the first HTTP message sequence storage area, and the second HTTP message sequence is stored in the second HTTP message sequence. Stored in the HTTP message string storage area. Thereby, the HTTP message string acquisition unit 54 acquires the HTTP message strings 40 and 41.

  Next, the HTTP message sequence 40 (first HTTP message sequence) and the HTTP message sequence 41 (second HTTP message sequence) acquired by the HTTP message sequence acquisition unit 54 will be described with reference to FIGS. FIGS. 11 and 12 are diagrams illustrating an example of the first HTTP message string according to the second embodiment. FIGS. 13 and 14 are diagrams illustrating an example of the second HTTP message string according to the second embodiment.

  The HTTP message sequence 78 is an example of a first HTTP message sequence. The HTTP message string 78 lists a storage area ID (storage area identifier), a request, a response, and a time in an access unit (a pair of a request and a response to the request). The HTTP message string 78 lists two access units. The first access unit has a storage area ID “M1-A”, and the second access unit has a storage area ID “M1-B”. Each access unit is stored in a storage area corresponding to the storage area ID. Note that the number of access units included in the HTTP message string is not limited to the two illustrated, and can take any value.

  The request included in the first access unit of the HTTP message string 78 is partially omitted, but does not include a request parameter. The response included in the first access unit of the HTTP message string 78 includes hidden field information 79. The time of the first access unit in the HTTP message string 78 represents the time recorded in the response in the ISO8601 format.

  The request included in the second access unit of the HTTP message string 78 includes request parameter values 80 and 81, although a part of the request is omitted. The response included in the second access unit of the HTTP message string 78 includes hidden field information 82, 83, 84. The time of the second access unit in the HTTP message string 78 represents the time recorded in the response in the ISO8601 format.

  The HTTP message sequence 85 is an example of a second HTTP message sequence. The HTTP message string 85 lists storage area IDs, requests, responses, and times in units of access. The HTTP message sequence 85 lists two access units. The first access unit has a storage area ID “M2-A”, and the second access unit has a storage area ID “M2-B”. Each access unit is stored in a storage area corresponding to the storage area ID.

  The request included in the first access unit of the HTTP message string 85 is partially omitted, but does not include a request parameter. The response included in the first access unit of the HTTP message sequence 85 includes hidden field information 86. The time of the first access unit in the HTTP message sequence 85 represents the time recorded in the response in the ISO8601 format.

  The request included in the second access unit of the HTTP message sequence 85 is partially omitted, but includes request parameter values 87 and 88. The response included in the second access unit of the HTTP message sequence 85 includes hidden field information 89, 90, 91. The time of the second access unit in the HTTP message sequence 85 represents the time recorded in the response in ISO8601 format.

  Note that the order in which a plurality of requests are received and the order in which responses corresponding to the requests are returned are not necessarily the same. Therefore, if the order is different, the HTTP message string acquisition unit 54 stores them in time order. be able to.

  Next, processing executed by the uninput hidden field analysis unit 31 of the verification target hidden field extraction unit 30 that receives the HTTP message strings 40 and 41 will be described in detail with reference to FIGS. 15 and 16. FIG. 15 is a flowchart of a non-input hidden field analysis process according to the second embodiment. FIG. 16 is a flowchart of the uninput hidden field extraction process according to the second embodiment.

  First, the uninput hidden field analysis process will be described. In the uninput hidden field analysis process, the HTTP message strings 40 and 41 are input, and an uninput hidden field set is output.

[Step S31] The uninput hidden field analysis unit 31 receives the storage areas of the two HTTP message strings 40 and 41 to be compared with each other.
[Step S32] The uninput hidden field analysis unit 31 designates the HTTP message string 40 (first HTTP message string) as an analysis target.

  [Step S33] The uninput hidden field analysis unit 31 executes an uninput hidden field extraction process using the HTTP message string 40 as an analysis target. Details of the uninput hidden field extraction process will be described later with reference to FIG.

[Step S34] The uninput hidden field analysis unit 31 designates an HTTP message string 41 (second HTTP message string) as an analysis target.
[Step S35] The uninput hidden field analysis unit 31 performs an uninput hidden field extraction process on the HTTP message string 41 as an analysis target.

As a result, a non-input hidden field set is generated from the HTTP message strings 40 and 41.
In addition, although the case where the non-input hidden field extraction process which inputs the HTTP message string 40 or the HTTP message string 41 is executed in series has been described, the two processes may be executed simultaneously in parallel. .

  Next, a non-input hidden field extraction process will be described. In the uninput hidden field extraction process, HTTP message strings 40 and 41 are input, and an uninput hidden field set 44 is output.

  [Step S41] The uninput hidden field analysis unit 31 prepares a request parameter value set and an uninput hidden field set in a storage area corresponding to the designated HTTP message string.

  For example, when the designated HTTP message sequence is the HTTP message sequence 40, the uninput hidden field analysis unit 31 prepares a request parameter value set P1 and an uninput hidden field set H1. The request parameter value storage unit 34 stores the request parameter value set P1 as a subset of the request parameter value set 42. The non-input hidden field storage unit 35 stores the non-input hidden field set H 1 as a subset of the non-input hidden field set 43. When the designated HTTP message string is the HTTP message string 41, the uninput hidden field analysis unit 31 prepares a request parameter value set P2 and an uninput hidden field set H2. The request parameter value storage unit 34 stores the request parameter value set P2 as a subset of the request parameter value set 42. The non-input hidden field storage unit 35 stores the non-input hidden field set H2 as a subset of the non-input hidden field set 43. At this time, the request parameter value sets P1 and P2 and the uninput hidden field sets H1 and H2 are empty sets.

  [Step S42] The uninput hidden field analysis unit 31 repeatedly executes the processing from step S42 to step S52 by the number of access units included in the HTTP message string. In the example of the HTTP message string 78, the uninput hidden field analysis unit 31 performs the iterative process twice for the access unit with the storage area ID “M1-A” and the access unit with the storage area ID “M1-B”. Execute.

  [Step S43] The uninput hidden field analysis unit 31 reads the HTTP message sequence to be analyzed from the HTTP message sequence storage unit 55. In the example of the HTTP message sequence 78, the uninput hidden field analysis unit 31 reads the HTTP message sequence of the access unit whose storage area ID is “M1-A” in the first iteration. Then, the non-input hidden field analysis unit 31 reads the HTTP message string of the access unit whose storage area ID is “M1-B” in the second repetition process.

  [Step S44] The uninput hidden field analysis unit 31 designates the read message string and instructs the request parameter analysis unit 32 to extract the request parameter value. The request parameter analysis unit 32 extracts a request parameter value from the specified message string. In the example of the HTTP message string of the access unit with the storage area ID “M1-A”, no request parameter value is included, and therefore the request parameter value is not extracted (see FIG. 11).

  [Step S45] The uninput hidden field analysis unit 31 adds the request parameter value extracted by the request parameter analysis unit 32 to the request parameter value set 42 stored in the request parameter value storage unit 34. In the example of the HTTP message string in the access unit with the storage area ID “M1-A”, no request parameter value is included, and therefore no request parameter value is added.

  [Step S46] The uninput hidden field analysis unit 31 designates the read message string and instructs the hidden field analysis unit 33 to extract hidden field information. The hidden field analysis unit 33 extracts hidden field information from the specified message string. In the example of the HTTP message string of the access unit with the storage area ID “M1-A”, the hidden field information 79 is included, so that the hidden field information 79 is extracted (see FIG. 11). More specifically, the hidden field information 79 is extracted as “id = 1E4DC00D476ABDF1”.

  [Step S47] The uninput hidden field analysis unit 31 repeatedly executes the processing from step S47 to step S51 until there is no unselected hidden field information in the hidden field information extracted in step S46. In the example of hidden field information extracted from the HTTP message string of the access unit with the storage area ID “M1-A”, only one hidden field information 79 is included, so the processing from step S47 to step S51 is executed only once. Is done.

  [Step S48] The uninput hidden field analysis unit 31 selects unselected hidden field information from the hidden field information extracted in step S46. In the example of hidden field information extracted from the HTTP message string of the access unit having the storage area ID “M1-A”, hidden field information 79 is selected.

  [Step S49] The uninput hidden field analysis unit 31 determines whether or not the value of the selected hidden field information is included in the request parameter value set 42. When the value of the selected hidden field information is included in the request parameter value set 42, the uninput hidden field analysis unit 31 proceeds to step S51. On the other hand, when the value of the selected hidden field information is not included in the request parameter value set 42, the uninput hidden field analysis unit 31 proceeds to step S50. In the example of the hidden field information 79, since the value of the hidden field information 79 is not included in the request parameter value set P1 that is a subset of the request parameter value set 42, the uninput hidden field analysis unit 31 proceeds to step S50.

  [Step S50] The uninput hidden field analysis unit 31 adds the requested hidden field information without a history to the uninput hidden field set 43 stored in the uninput hidden field storage unit 35. In the example of the hidden field information 79, the hidden field information 79 is added to an uninput hidden field set H 1 that is a subset of the uninput hidden field set 43 stored in the uninput hidden field storage unit 35. As a result, the uninput hidden field set H1 becomes {id = 1E4DC00D476ABDF1 (M1-A)}. Note that information for identifying an access unit such as “M1-A” may be added to the element of the uninput hidden field set.

  [Step S51] If there is no unselected hidden field information, the uninput hidden field analysis unit 31 proceeds to step S52, and if there is unselected hidden field information, proceeds to step S47.

  [Step S52] If there is an unread HTTP message string, the uninput hidden field analysis unit 31 proceeds to step S42, and if there is no unread HTTP message string, the uninput hidden field extraction process is terminated.

  In the example of the HTTP message string 78, after the processing from step S42 to step S52 is executed for the access unit having the storage area ID “M1-A”, the access unit having the storage area ID “M1-B” is also started from step S42. The process of step S52 is executed. At this time, the uninput hidden field analysis unit 31 reads the HTTP message string of the access unit having the storage area ID “M1-B” in step S43 (second repetition process). In step S44, the request parameter analysis unit 32 extracts the request parameter values 80 and 81 from the HTTP message string of the access unit having the storage area ID “M1-B” (see FIG. 12). More specifically, the request parameter value 80 is extracted as “id = 1E4DC00D476ABDF1”. The request parameter value 81 is extracted as “name =% E8% AB% B8% E8% 91% 9B% E4% BA% AE”.

  The extracted request parameter values 80 and 81 are added to the request parameter value set 42. At this time, the request parameter values 80 and 81 based on the first HTTP message string are added to the request parameter value set P1 which is a subset of the request parameter value set 42. The encoded request parameter value is decoded and added. More specifically, the encoded value “% E8% AB% B8% E8% 91% 9B% E4% BA% AE” is added as a decoded value “Shoraku Ryo”. As a result, the request parameter value set P1 becomes {1E4DC00D476ABDF1, Ryo Kutsuka}. The addition of the request parameter value to the request parameter value set 42 may be an encoded value, or may be both an encoded value and a decoded value.

  In step S46, the uninput hidden field analysis unit 31 designates an HTTP message string of an access unit whose storage area ID is “M1-B” and instructs the hidden field analysis unit 33 to extract hidden field information. The hidden field analysis unit 33 extracts hidden field information 82, 83, and 84 (see FIG. 12). More specifically, the hidden field information 82 is extracted as “id = 1E4DC00D476ABDF1”. The hidden field information 83 is extracted as “name = Ryo Kazuka”. The hidden field information 84 is extracted as “to=admin@example.com”. The uninput hidden field analysis unit 31 repeatedly executes the processing from step S47 to step S51 for the extracted hidden field information 82, 83, and 84.

  The uninput hidden field analysis unit 31 selects, for example, hidden field information 82 in step S48. In step S49, the uninput hidden field analysis unit 31 determines whether the value “1E4DC00D476ABDF1” of the hidden field information 82 is included in the request parameter value set P1. Since the value “1E4DC00D476ABDF1” of the hidden field information 82 is included in the request parameter value set P1, the uninput hidden field analysis unit 31 proceeds to step S51. The hidden field information 82 is not added to the uninput hidden field set H1. In the same manner, the value “Ryo Shizukuri” of the hidden field information 83 is not added to the uninput hidden field set H1, and the value “admin@example.com” of the hidden field information 84 is added to the uninput hidden field set H1. The Thus, the uninput hidden field set H1 is {id = 1E4DC00D476ABDF1 (M1-A), to = admin @ example. com (M1-B)}.

  FIG. 17 to FIG. 19 show the results of executing the uninput hidden field analysis processing for the examples of the HTTP message strings 78 and 85. FIG. 17 is a diagram illustrating an example of a request parameter value set according to the second embodiment. FIG. 18 is a diagram illustrating an example of an uninput hidden field set according to the second embodiment. FIG. 19 is a diagram illustrating an example of a verification target hidden field set according to the second embodiment.

  The request parameter value set 92 includes a request parameter value set P1 (identification name P1) that is a subset and a request parameter value set P2 (identification name P2) that is a subset. The request parameter value set P1 is a set of request parameter values based on the first HTTP message string, and includes set data {1E4DC00D476ABDF1, Ryo Kutsuka}. The request parameter value set P2 is a set of request parameter values based on the second HTTP message string, and includes set data {2A100D3C84BC6E92, Ryo Kutsuka}. The request parameter value sets P1 and P2 may be combined into one set by adding identification information for identifying which HTTP message sequence is included in each set element.

  The uninput hidden field set 93 includes an uninput hidden field set H1 (identification name H1) that is a subset and an uninput hidden field set H2 (identification name H2) that is a subset. The uninput hidden field set H1 is a set of uninput hidden field information based on the first HTTP message string. The uninput hidden field set H1 includes set data {id = 1E4DC00D476ABDF1 (M1-A), to = admin @ example. com (M1-B)}. The uninput hidden field set H2 is a set of uninput hidden field information based on the second HTTP message string. The uninput hidden field set H2 includes set data {id = 2A100D3C84BC6E92 (M2-A), to = admin @ example. com (M2-B)}. Note that the uninput hidden field sets H1 and H2 may be combined into one set by adding identification information identifying which HTTP message sequence is included in each set element.

  The request parameter value set 92 and the non-input hidden field set 93 do not necessarily have a mathematical meaning set. For example, the request parameter value set 92 and the non-input hidden field set 93 may be a list that allows duplication of the same data, a data group, or the like. Further, the request parameter value storage unit 34 for storing the request parameter value set 92 and the non-input hidden field storage unit 35 for storing the non-input hidden field set 93 are not distinguished from each other. You may make it memorize | store in a part.

  The duplicate hidden field analysis unit 36 refers to the request parameter value set 92 and the uninput hidden field set 93 generated in this manner, and the verification target hidden field set 94 is extracted. The duplicate hidden field analysis unit 36 includes a hidden field (product set) that overlaps in the uninput hidden field sets H1 and H2, {to = admin @ example. com} is extracted as a verification target hidden field. The illustrated request parameter value set 92 includes only one element, but may naturally have a plurality of elements depending on input data.

  The duplicate hidden field analysis unit 36 also outputs additional information for the convenience of verifying the hidden field. The additional information includes information (for example, “M1-B”, “M2-B”) that specifies the storage location of the corresponding HTTP message (from which the verification target hidden field is extracted). The information specifying the storage location of the HTTP message may be identification information specifying the HTTP message. Further, the additional information can include the method and URI (for example, “GET http://example.com/form1”) of the corresponding HTTP request. The method and URI of the corresponding HTTP request can be acquired from the stored HTTP message.

  In addition, the duplicate hidden field analysis unit 36 may use priority information whose verification target is the verification target hidden field as additional information. The priority information is information for use in determining whether or not the subsequent processing is actually adopted as the verification target by the verification target hidden field set 44 presented as the verification target. The hidden field verification performed after extraction of the verification target hidden field set 44 is more efficient when resources are constrained by referring to the priority information added to each element of the verification target hidden field set 44. The

  The priority information is information obtained by evaluating information included in the verification target hidden field such as the name and value of the verification target hidden field, for example. For example, the duplicate hidden field analysis unit 36 includes evaluation criterion information for registering a character string (not limited to a narrowly defined character string but including numbers and other information) and an evaluation value of the character string in advance. The duplicate hidden field analysis unit 36 searches for a character string in which the character string included in the verification target hidden field is registered in the evaluation criterion information, and calculates an evaluation value. An example of more specific evaluation standard information is given below.

  (1) The hidden field information includes “from”, “to”, “host”, “port”, “file”, “PATH”, “COMMAND”, “CMD”, “QUERY”, “SQL” in the name. In this case, 1 is added to the evaluation value. Note that uppercase and lowercase letters are not distinguished in determining whether a name includes a predetermined character or character string.

  (2) When the hidden field information includes “id” in the name, 1 is subtracted from the evaluation value. Note that uppercase and lowercase letters are not distinguished in determining whether a name includes a predetermined character or character string.

(3) If the hidden field information includes “. (Dot)”, “/ (slash)”, “¥ (yen symbol, backslash)” in the value, 1 is added.
Thereby, for example, the verification target hidden field {to = admin @ example. com} includes “to” in the name, does not include “id”, and includes “.” in the value, and therefore adds 2 to obtain the priority of the evaluation value “2”. As a result, the hidden field having the priority of the evaluation value “2” is judged to be taken up as a verification target in preference to the hidden field having the priority of the evaluation values “−1”, “0”, and “1”. obtain.

  Note that the evaluation criterion information may allow the user to add, delete, and change the evaluation target character string, and may set an evaluation value. Thereby, when resources such as time and people are limited, it is possible to efficiently verify a verification target of a web application that may have a security problem.

  The above processing functions can be realized by a computer. In that case, a program describing the processing content of the function that the verification target extraction apparatus should have is provided. By executing the program on a computer, the above processing functions are realized on the computer. The program describing the processing contents can be recorded on a computer-readable recording medium. Examples of the computer-readable recording medium include a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Examples of the magnetic recording device include a hard disk device (HDD), a flexible disk (FD), and a magnetic tape. Optical discs include DVD (Digital Versatile Disc), DVD-RAM, CD-ROM, CD-R (Recordable) / RW (ReWritable), and the like. Magneto-optical recording media include MO (Magneto-Optical disk).

  When distributing the program, for example, an external storage medium such as a DVD or a CD-ROM in which the program is recorded is sold. It is also possible to store the program in a storage device of a server computer and transfer the program from the server computer to another computer via a network.

  The computer that executes the program stores, for example, the program recorded in the external storage medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. The computer can also read a program directly from an external storage medium and execute processing according to the program. Further, each time the program is transferred from the server computer, the computer can sequentially execute processing according to the received program.

Note that various modifications can be made to the above-described embodiment without departing from the gist of the embodiment.
Further, the above-described embodiments can be modified and changed by those skilled in the art, and are not limited to the exact configurations and application examples described.

The main technical features of the embodiment described above are as follows.
(Appendix 1)
First message data including the contents of a series of communications between a server that implements a structured document providing application and a client that implements a structured document viewing application provided by the server, and at a timing different from the series of communications. A request parameter extracting unit that extracts a request parameter from request data included in the second message data including a series of communication contents, and stores the request parameter in a request parameter storage unit;
Non-display attribute item extraction means for extracting non-display attribute items from response data included in the first message data and the second message data, and storing the non-display attribute items in non-display attribute item storage means ,
Among the non-display attribute items stored by the non-display attribute item storage unit, the non-input non-display attribute item that has a value not included in the request parameter stored by the request parameter storage unit. Uninput non-display attribute item extracting means for storing the non-input non-display attribute item in the non-input non-display attribute item storage means,
Among the non-input non-display attribute items stored by the non-input non-display attribute item storage means, the non-input non-display attribute items included in the first message data and the second message data included A verification target non-display attribute item extracting means for extracting the non-input non-display attribute item overlapping with the non-input non-display attribute item as a verification target non-display attribute item;
The verification object extraction program characterized by making it function as.

(Supplementary note 2)
Communication content acquisition means for acquiring the first message data and the second message data from the content of communication between the server and the client, and storing them in message data storage means;
The verification target extraction program according to appendix 1, wherein the verification target extraction program is made to function as:

(Supplementary note 3)
A browsing application operating means for operating the browsing application of the structured document;
The verification target extraction program according to supplementary note 2, wherein the verification target extraction program is made to function as:

  (Additional remark 4) The said browsing application operation means operates the said browsing application based on the operation script of the browsing application operation prepared beforehand, The verification object extraction program of Additional remark 3 characterized by the above-mentioned.

  (Additional remark 5) The said communication content acquisition means acquires the content of communication between the said server and the said client as a proxy server of the said client, The verification object extraction program of Additional remark 2 characterized by the above-mentioned.

(Additional remark 6) The said non-input non-display attribute item extraction means,
Of the non-display attribute items based on the first message data, the non-display attribute item having a value not included in the request parameter based on the first message data is based on the first message data. Extracted as the non-input hidden attribute item,
Of the non-display attribute items based on the second message data, the non-display attribute item having a value not included in the request parameter based on the second message data is based on the second message data. 3. The verification object extraction program according to appendix 1 or appendix 2, wherein the verification target extraction item is extracted as the non-input non-display attribute item.

(Supplementary note 7)
Evaluation means for evaluating the priority of verification of the extracted verification target hidden attribute item,
Function as
The verification target extraction program according to appendix 1 or appendix 2, wherein the verification target non-display attribute item extraction unit adds the evaluation to the verification target non-display attribute item.

  (Additional remark 8) The said evaluation means is provided with the evaluation reference | standard information which registered the predetermined character string and the evaluation value of the said character string, and the said character string is contained in the said verification object non-display attribute item, The verification object extraction program according to appendix 7, wherein the verification target non-display attribute item is evaluated based on an evaluation value.

(Supplementary Note 9) In a verification target extraction apparatus that extracts a non-display attribute item to be verified by a structured document providing application,
First message data including the contents of a series of communications between a server that implements the structured document providing application and a client that implements a structured document browsing application provided by the server, and timings different from the series of communications Request parameter extraction means for extracting request parameters from request data included in the second message data including the contents of a series of communication, and storing the request parameters in the request parameter storage means;
Non-display attribute item extraction means for extracting non-display attribute items from response data included in the first message data and the second message data, and storing the non-display attribute items in non-display attribute item storage means When,
Among the non-display attribute items stored by the non-display attribute item storage unit, the non-input non-display attribute item that has a value not included in the request parameter stored by the request parameter storage unit. Un-input non-display attribute item extraction means for storing the non-input non-display attribute item in the non-input non-display attribute item storage means;
Among the non-input non-display attribute items stored by the non-input non-display attribute item storage means, the non-input non-display attribute items included in the first message data and the second message data included A verification target non-display attribute item extracting means for extracting the non-input non-display attribute item overlapping with the non-input non-display attribute item as a verification target non-display attribute item;
A verification object extraction apparatus comprising:

(Additional remark 10) In the verification object extraction method of the verification object extraction apparatus which extracts the non-display attribute item used as the verification object of a structured document provision application,
The verification object extraction device is
First message data including the contents of a series of communications between a server that implements the structured document providing application and a client that implements a structured document browsing application provided by the server, and timings different from the series of communications A request parameter is extracted from the request data included in the second message data including the contents of a series of communication, and the request parameter is stored in the request parameter storage unit,
Extracting a non-display attribute item from response data included in the first message data and the second message data, and storing the non-display attribute item in a non-display attribute item storage unit;
Among the non-display attribute items stored by the non-display attribute item storage unit, the non-input non-display attribute item that has a value not included in the request parameter stored by the request parameter storage unit. And the non-input non-display attribute item is stored in the non-input non-display attribute item storage means,
Among the non-input non-display attribute items stored by the non-input non-display attribute item storage means, the non-input non-display attribute items included in the first message data and the second message data included A verification target extraction method, wherein the non-input non-display attribute item overlapping with the non-input non-display attribute item is extracted as a verification target non-display attribute item.

DESCRIPTION OF SYMBOLS 1 Verification object extraction apparatus 11 Request parameter extraction means 12 Non-display attribute item extraction means 13 Non-display attribute item storage means 14 Request parameter storage means 15 Non-input non-display attribute item extraction means 16 Non-input non-display attribute item storage means 17 Verification object Non-display attribute item extraction means 20a Message data 20b Message data 21a Request data 21b Request data 22a Response data 22b Response data 23 Non-display attribute item 24 Request parameter 25 Non-input non-display attribute item 26 Verification target non-display attribute item

Claims (7)

Computer
First message data including the contents of a series of communications between a server that implements a structured document providing application and a client that implements a structured document viewing application provided by the server, and at a timing different from the series of communications. A request parameter extracting unit that extracts a request parameter from request data included in the second message data including a series of communication contents, and stores the request parameter in a request parameter storage unit;
Non-display attribute item extraction means for extracting non-display attribute items from response data included in the first message data and the second message data, and storing the non-display attribute items in non-display attribute item storage means ,
Among the non-display attribute items stored by the non-display attribute item storage unit, the non-input non-display attribute item that has a value not included in the request parameter stored by the request parameter storage unit. Uninput non-display attribute item extracting means for storing the non-input non-display attribute item in the non-input non-display attribute item storage means,
Among the non-input non-display attribute items stored by the non-input non-display attribute item storage means, the non-input non-display attribute items included in the first message data and the second message data included A verification target non-display attribute item extracting means for extracting the non-input non-display attribute item overlapping with the non-input non-display attribute item as a verification target non-display attribute item;
The verification object extraction program characterized by making it function as. Said computer further
Communication content acquisition means for acquiring the first message data and the second message data from the content of communication between the server and the client, and storing them in message data storage means;
The verification target extraction program according to claim 1, wherein the verification target extraction program is executed as follows. The non-input non-display attribute item extraction means includes
Of the non-display attribute items based on the first message data, the non-display attribute item having a value not included in the request parameter based on the first message data is based on the first message data. Extracted as the non-input hidden attribute item,
Of the non-display attribute items based on the second message data, the non-display attribute item having a value not included in the request parameter based on the second message data is based on the second message data. The verification target extraction program according to claim 1 or 2, wherein the non-input non-display attribute item is extracted. Said computer further
Evaluation means for evaluating the priority of verification of the extracted verification target hidden attribute item,
Function as
The verification object extraction program according to claim 1 or 2, wherein the verification target non-display attribute item extraction unit adds the evaluation to the verification target non-display attribute item.   The evaluation means includes evaluation reference information in which a predetermined character string and an evaluation value of the character string are registered, and when the verification target non-display attribute item includes the character string, the evaluation means is based on the evaluation value. 5. The verification object extraction program according to claim 4, wherein the verification target non-display attribute item is evaluated. In the verification target extraction device that extracts the non-display attribute item to be verified by the structured document providing application,
First message data including the contents of a series of communications between a server that implements the structured document providing application and a client that implements a structured document browsing application provided by the server, and timings different from the series of communications Request parameter extraction means for extracting request parameters from request data included in the second message data including the contents of a series of communication, and storing the request parameters in the request parameter storage means;
Non-display attribute item extraction means for extracting non-display attribute items from response data included in the first message data and the second message data, and storing the non-display attribute items in non-display attribute item storage means When,
Among the non-display attribute items stored by the non-display attribute item storage unit, the non-input non-display attribute item that has a value not included in the request parameter stored by the request parameter storage unit. Un-input non-display attribute item extraction means for storing the non-input non-display attribute item in the non-input non-display attribute item storage means;
Among the non-input non-display attribute items stored by the non-input non-display attribute item storage means, the non-input non-display attribute items included in the first message data and the second message data included A verification target non-display attribute item extracting means for extracting the non-input non-display attribute item overlapping with the non-input non-display attribute item as a verification target non-display attribute item;
A verification object extraction apparatus comprising: In the verification target extraction method of the verification target extraction device that extracts the non-display attribute item to be verified by the structured document providing application,
The verification object extraction device is
First message data including the contents of a series of communications between a server that implements the structured document providing application and a client that implements a structured document browsing application provided by the server, and timings different from the series of communications A request parameter is extracted from the request data included in the second message data including the contents of a series of communication, and the request parameter is stored in the request parameter storage unit,
Extracting a non-display attribute item from response data included in the first message data and the second message data, and storing the non-display attribute item in a non-display attribute item storage unit;
Among the non-display attribute items stored by the non-display attribute item storage unit, the non-input non-display attribute item that has a value not included in the request parameter stored by the request parameter storage unit. And the non-input non-display attribute item is stored in the non-input non-display attribute item storage means,
Among the non-input non-display attribute items stored by the non-input non-display attribute item storage means, the non-input non-display attribute items included in the first message data and the second message data included A verification target extraction method, wherein the non-input non-display attribute item overlapping with the non-input non-display attribute item is extracted as a verification target non-display attribute item.

Images