JP5033900B2 - Diagnostic server device - Google Patents

Description

  The present invention relates to a link structure analysis that can be used for vulnerability diagnosis of a website.

  In order to prepare for an external attack on a website, it is diagnosed whether the website is vulnerable. For example, there is a vulnerability (referred to as directory listing) in which information that should not be disclosed to the user is displayed by directly manually inputting the folder name inferred from the disclosed URL into the web browser as a URL. There is going to be a diagnosis of whether or not.

  In order to perform such vulnerability diagnosis, it is necessary to analyze in advance the link structure of a website configured by linking a plurality of pages. By grasping the link structure, it is possible to prevent omission of page check and perform appropriate diagnosis.

  Patent Documents 1 and 2 disclose an apparatus that accesses a website and automatically analyzes a link structure. If these devices are used, the link structure of the website can be acquired.

JP2009-223485 JP2008-242803

  As described in Patent Document 1 and Patent Document 2, by repeating the process of extracting the description of the link embedded in each page (HTML) and further extracting the description of the link embedded in the linked page The link structure can be analyzed. Therefore, according to the techniques described in Patent Document 1 and Patent Document 2, an advantage that the link structure can be automatically analyzed can be obtained.

  However, the techniques of Patent Document 1 and Patent Document 2 have the following problems.

  Among the pages that make up a website, there are also pages that require the user to input. For example, a page for requesting input of a user name and a password, a page for requesting input of a credit card number for purchasing a product, and the like. In these pages, the linked page cannot be acquired unless a user input is made. It is also conceivable that these pages that require user input are automatically input by a program to obtain a linked page.

  However, in some of these pages, there are cases where the linked pages are set differently when a correct user input is performed and when an incorrect user input is performed. It is difficult to automatically generate correct input and incorrect input, and thus there is a limit to link analysis processing by a program.

  Also, depending on the content of the page and the content of user input, actions such as member registration and purchase at the product sales site may actually be performed, so there is a limit to automatic processing by the program in this respect as well. .

  However, when the link structure is analyzed while manually performing user input, there is a problem that the page is shifted to a page different from the page on which vulnerability diagnosis is performed due to an operator error. there is a possibility.

  Therefore, the present invention solves the above-described problems, reduces the risk of purchasing a product or registering a member by mistake during link structure analysis, and appropriately performing link structure analysis. An object of the present invention is to provide a device that can be used.

(1) A diagnostic server device according to the present invention is a diagnostic server device capable of communicating with a client terminal device and a diagnosis target server device, and extracts a link destination address without an input link included in a predetermined page. A page obtained by requesting an address extraction unit, a link destination address extraction unit for extracting a link destination address of an input link included in a predetermined page, and a page of the link destination address without input to the diagnosis target server device Other than the link with the input in the predetermined page including the link destination address with the input destination, and the link destination page acquisition means to be given to the input no link destination address extraction means and the input link destination address extraction means Generate a link invalidation page with the link invalidated and send it to the client terminal device Link invalidation page generation / transmission means, and input information transfer means for receiving the operator input information input to the input item by the operator and transmitting it to the diagnosis target server apparatus in the client terminal device that has received the invalidation page Receiving a reply page transmitted as a response from the diagnosis target server device that has received the input information, and using the reply page as a predetermined page, the input no link destination address extraction unit and the input link destination address extraction unit A reply page receiving means, a link structure determining means for determining a link structure based on the link destination address extracted by the input no link destination address extracting means and the input with link destination address extracting means, and based on the link structure And a diagnosis execution means for executing diagnosis of the server device to be diagnosed

  Therefore, even if there is a page that requires an operator's input, it is possible to prevent confusion due to an operator's input error, analyze an appropriate link structure, and perform an appropriate diagnosis.

(2) In the diagnostic server device according to the present invention, the link invalidation page generation / transmission means enables input to the user input item of the predetermined page, and generates a link invalidation page in which the link description is invalidated. It is characterized by transmitting.

  Therefore, while maintaining the appearance of the page, it is possible to invalidate the link without input and enable the link with input to be transmitted to the client terminal device.

(3) In the diagnosis server device according to the present invention, the link invalidation page generation / transmission means uses the entire predetermined page as an image, an image portion in which the user input item and the link description are invalid, and an input to the user input item A link invalidation page having an input portion that enables the transmission and generating the link invalidation page.

  Therefore, there is no possibility of transition to a link destination that is different from the link destination to be diagnosed, and appropriate diagnosis can be performed.

(4) The diagnostic server device according to the present invention is characterized in that the link invalidation page generation / transmission means invalidates the link description in the predetermined page by at least one of the following.

(i) Rewrite the link description into a comment description.

(ii) Delete the link description completely.

(iii) Make the link description grammatically incorrect by deleting at least a part of the link description.

(iv) Adding a description to the link description makes the link description grammatically incorrect.

(v) Rewrite the link description so that it is a link description to a warning page prepared in advance.

  In the present invention, “link” refers to a mechanism intended to transition to another page by a user operation.

  In the embodiment, “input non-link destination address extracting means” corresponds to steps S5 and S6.

  In the embodiment, “input link destination address extracting means” corresponds to steps S5 and S6.

  In the embodiment, “link invalidation page generation / transmission means” corresponds to steps S7 and S10.

  In the embodiment, “input information transfer means” corresponds to steps S11 and S12.

  In the embodiment, “reply page receiving means” corresponds to step S13.

  In the embodiment, “link structure determining means” corresponds to step S16.

  In the embodiment, “diagnosis execution means” corresponds to step S17.

  The “program” is a concept that includes not only a program that can be directly executed by the CPU, but also a source format program, a compressed program, an encrypted program, and the like.

It is a functional block diagram of the diagnostic server apparatus 2 by one Embodiment of this invention. It is a hardware configuration of the diagnostic server device 2. 5 is a flowchart of a diagnostic server program 44. 5 is a flowchart of a diagnostic server program 44. 5 is a flowchart of a diagnostic server program 44. It is an example of the HTML request transmitted from the diagnosis server device 2 to the diagnosis target server device 6. It is an example of the HTML response returned from the diagnostic target server device 6 in response to the request of FIG. It is a figure which shows the screen which displayed the HTML response with the browser. It is an example of a link invalidation page. It is an example of the link invalidation page which rewritten the address. It is an example of the analyzed link structure. It is an example of the link invalidation page by other embodiment.

1. 1 is a functional block diagram of a diagnostic server device 2 according to an embodiment of the present invention.

  The unlinked link destination address extracting unit 10 extracts a link destination address having no input item included in a predetermined page acquired from the target website of the diagnosis target server device 6.

  The link destination address extracting means 12 with input extracts a link destination address having an input item included in a predetermined page acquired from the target website of the diagnosis target server device 6.

  The link destination page acquisition unit 14 acquires a page from the diagnosis target server device 6 based on the link destination address extracted by the non-input link destination address extraction unit 10. Then, the acquired page is given to the input no link destination address extraction unit 10 and the input link destination address extraction unit 12 as a predetermined page. Therefore, link destination addresses are acquired sequentially.

  The link invalidation page generation / transmission means 16 creates a link invalidation page obtained by invalidating a link other than the input existence link for a predetermined page including a link (input existence link) having an input item (ID, password, etc.). Generate. In addition, the link destination address of the link with input is originally the address of the diagnosis target server device 6, but this is rewritten to the address of the diagnosis server device 2 itself. The link invalidation page generated in this way is transmitted to the client terminal device 4.

  The client terminal device 4 that has received the link invalidation page displays this on the screen. The operator of the client terminal device 4 inputs the input items on the link invalidation page and clicks the send button. As a result, the input information input to the input item is returned to the diagnosis server device 2 which is the link destination address of the link item with input.

  Receiving the input information, the input information transfer means 18 of the diagnosis server device 2 transfers the input information to the original address (diagnosis target server device 6) rewritten as described above. The diagnosis target server device 6 receives this input information and returns a page. The reply server receiving means 20 of the diagnostic server device 2 gives the received page to the input non-link destination address extracting means 10 and the input link destination address extracting means 12 as a predetermined page. Therefore, the link destination address is sequentially acquired for the link with input.

The link structure determination means 22 determines the link structure of the diagnosis target website based on the link destination addresses collected as described above. The diagnosis execution unit 24 sequentially executes vulnerability diagnosis for each page of the diagnosis target website based on the determined link structure.

2. Hardware Configuration FIG. 2 shows a hardware configuration of the diagnostic server device 2 according to the embodiment of the present invention. A display 32, a memory 34, a hard disk 36, a keyboard / mouse 38, a communication circuit 40, and a CD-ROM drive 48 are connected to the CPU 30. The communication circuit 40 is for communicating with the client terminal device 4 and the diagnosis target server device 6 via the Internet or the like.

  An operating system (for example, WINDOWS (trademark)) 42 and a diagnostic server program 44 are recorded on the hard disk 36.

The diagnostic server program 44 performs its function in cooperation with the operating system 42. The diagnostic server program 44 is an installation of what was recorded on the CD-ROM 50 via the CD-ROM drive 48.

3. Processing of Diagnostic Server Program FIGS. 3 to 5 show flowcharts of the diagnostic server program 44. The user who requests diagnosis operates the client terminal device 4 to activate browser software and accesses the diagnosis server device 2. In response to this, the CPU 30 of the diagnosis server device 2 transmits a screen requesting input of the URL of the site to be diagnosed to the client terminal device 4. A user who operates the client terminal device 4 inputs the URL of the site to be diagnosed and returns it to the diagnosis server device 2. For example, the user can request diagnosis of the entire diagnosis target site by inputting the top URL of the diagnosis target site.

  The CPU 30 of the diagnosis server device 2 receives the URL of the diagnosis target site and records it on the hard disk 36 as the survey URL list 52 (step S1). Next, the CPU 30 acquires one URL from the survey URL list 52 (step S2). Here, since only the top URL of the diagnosis target site is recorded in the survey URL list 52, this is taken out.

  The CPU 30 determines whether or not the extracted URL has already been investigated with reference to the investigated URL list 54 recorded on the hard disk 36 (step S3). If the survey has been completed, the next URL in the survey URL list 52 is acquired (step S2), and it is similarly determined whether the survey has been completed. Here, since nothing is recorded in the surveyed URL list, the URL is recorded in the surveyed URL list 54, and the process proceeds to step S4.

  In step S4, the CPU 30 transmits a request for the URL and receives a response. That is, the diagnosis target site of the diagnosis target server device 6 is accessed and a page is acquired. The CPU 30 records the above request and response (page) in the request / response list 56 of the hard disk 36. Examples of recorded requests and responses are shown in FIGS. FIG. 6 shows a request, and FIG. 7 shows a response corresponding to this.

  Next, CPU30 makes the page received as a response the predetermined page, and extracts the link contained in the said page. For example, in FIG. 7, a form tag 100, an a tag 102, and the like are links. Therefore, the CPU 30 can extract a link by extracting a tag starting with <form or a tag starting with <a. In addition, if a JAVA (trademark) applet or the like is described, it is determined whether or not a link is included in the content.

  The CPU 30 determines whether there is a link with a user input item among the links extracted from the predetermined page (step S6). For example, when the form tag is displayed by the browser, it is accompanied by an input field for the user to input, as shown at 104 in FIG. In this specification, such a link is referred to as an input link. A link without an input item is referred to as an input-free link.

  CPU30 performs step S7, when the link with an input is contained in a predetermined page, and when step S8 is not contained, the process which performs step S8 is performed. For example, in the case of a page as shown in FIG. 7, since the link with input 100 is included, the CPU 30 executes step S7. In step S <b> 7, a link invalidation page is generated in which non-input links other than the link with input 100 are invalidated. That is, a page in which only the link with input 100 is valid is generated. In addition, in the case of a page including two or more links with input 100, the plurality of links with input 100 are not invalidated.

  In this embodiment, a link is disabled by changing a tag with no input link to a comment tag. For example, the link is invalidated by rewriting <! A href = ...> in place of <a href=...> in the no-input link 102 in FIG. The link invalidation page generated in this way is shown in FIG.

  The CPU 30 records the link invalidation page thus generated and the URL thereof in the invalidation page list 58 of the hard disk 36.

  Next, the CPU 30 registers the no-input link included in the predetermined page in the survey URL list 52 (step S8).

  Subsequently, the CPU 30 determines whether there are unprocessed URLs recorded in the survey URL list 52 (step S9). If unprocessed items remain, the process returns to step S2 to investigate the next URL. In this manner, data for determining the link structure is accumulated in the request / response list 56. Therefore, the link structure to the page with input can be determined by analyzing the request / response list 56. The invalidation page list 58 stores link invalidation pages.

  If it is determined in step S9 that there is no unprocessed item, the CPU 30 proceeds to step S10 and collects data necessary for determining the link structure ahead from the page with input.

  In step S10, the CPU 30 reads one invalidated page from the invalidated page list 58, and rewrites the link destination address of the link with the input of the link invalidated page to the address of the diagnostic server device 2 itself. For example, the link destination of the form tag 100 in the link invalidation page of FIG. 9 is http://www.furutani.co.jp/cgi-bin/term.cgi Rewrite to .proxy.co.jp / cgi-bin / term.cgi. The rewritten link invalidation page is shown in FIG.

  The CPU 30 transmits the link invalidation page whose address has been rewritten in this way to the client terminal device 4 as a request. The browser software of the client terminal device 4 displays this on the display. For example, a screen as shown in FIG. 8 is displayed. In this screen, the link with input 104 is valid (however, the link destination address is rewritten), and the link without input 106 is invalid.

  The operator of the client terminal device 4 inputs a predetermined value in the user input item of the link with input 104. Since the input is performed by a human, the input can be performed based on appropriate judgment. For example, input that actually purchases a product is not performed. Further, since the no-input link 106 is invalid, even if the user clicks it by mistake, there is no possibility of transition to the link destination and there is no possibility of causing confusion.

  When the operator of the client terminal device 4 inputs the user input item and clicks the send button, data accompanied by the input value by the user is sent back to the diagnosis server device 2 as a response (step S11). At this time, the response includes the rewritten address.

  In response to this, the CPU 30 rewrites the address included in the response so as to return it to the original address, and then transmits it as a request to the diagnosis target server device 6 (step S12). Subsequently, a page returned as a response to this request is received (step S13). At this time, the CPU 30 records the request and response in the request / response list 56.

  The CPU 30 determines whether or not a link is included in the acquired page (step S14). If it is included, step S6 and subsequent steps are executed. If not included, it is determined whether there is an unprocessed link invalidation page in the invalidation page list 58 (step S15).

  If there is an unprocessed link invalidation page, the process returns to step S10, the next link invalidation page is read from the invalidation page list 58, and the processes in and after step S11 are performed.

  When there is no unprocessed link invalidation page, the CPU 30 determines a link structure based on the accumulated request / response list 56 (step S16). For example, http://www.furutani.co.jp is changed to http://www.furutani.co.jp/cgi-bin/term.cgi, http: / It can be determined that it is linked to /www.furutani.co.jp/office/ronbun/BP.html. An example of the link structure thus determined is shown in FIG.

Next, the CPU 30 sequentially executes vulnerability diagnosis for each page based on the determined link structure (step S17). Vulnerability diagnosis items include SQL injection, cross-site scripting, and cross-site request forgery. The vulnerability diagnosis algorithm may be a conventionally known method and will not be described in detail here. A part or all of the vulnerability diagnosis may be performed manually by the operator.

4). Other embodiments
(1) In the above embodiment, the link is invalidated by rewriting the tag to a comment tag. However, it may be invalidated by completely deleting the link description. Further, the link description may be grammatically incorrect by deleting at least a part of the link description, or the link description may be grammatically incorrect by adding a description to the link description. Alternatively, the link description may be rewritten, and a link description to a warning page that displays a warning that the user should return to the original page with a browser return button prepared in advance may be used. In this case, the diagnosis server program 44 may be set so that the analysis process is not performed on the warning page.

(2) In the above embodiment, as shown in FIG. 8, the link invalidation page is generated by invalidating the no-input link 106. However, as shown in FIG. 12, all links included in the page are invalidated (for example, displayed as an image) and displayed in a frame, and an input-provided link 110 that allows user input is displayed in another frame. In this way, a link invalidation page may be generated.

(3) In the above embodiment, the analysis of the link structure in the web vulnerability diagnosis has been described, but the present invention can also be applied to the analysis of the link structure for other uses.

(4) In the above embodiment, in order to limit the diagnosis target, a limit may be set in the link structure analysis depending on the link hierarchy or the like.

Claims (7)

A diagnostic server device capable of communicating with a client terminal device and a diagnosis target server device,
An input no link destination address extracting means for extracting an input no link destination address included in a predetermined page;
An input-with-link destination address extracting means for extracting a link-destination address of an input-with-link included in a predetermined page;
Link destination page acquisition means for requesting the page of the input non-link destination address to the server to be diagnosed and giving the acquired page as a predetermined page to the input non-link destination address extraction means and the input link destination address extraction means When,
A link invalidation page generating / transmitting means for generating a link invalidation page that invalidates a link other than the link with the input in the predetermined page including the link destination address with input, and transmitting the link invalidation page to the client terminal device;
In the client terminal device that has received the invalidation page, input information transfer means for receiving the operator input information input to the input item by the operator and transmitting it to the diagnosis target server device;
A reply page transmitted as a response from the diagnosis target server device that has received the input information is received, and the reply page is given as a predetermined page to the unlinked link destination address extracting unit and the linked link destination address extracting unit. A reply page receiving means;
A link structure determining means for determining a link structure based on the link destination address extracted by the input-less link destination address extracting means and the input-with-link destination address extracting means;
Diagnosis execution means for executing diagnosis of the diagnosis target server device based on the link structure;
A diagnostic server device. The diagnostic server device according to claim 1,
The link invalidation page generation / transmission means is capable of inputting user input items on the predetermined page, and generates and transmits a link invalidation page in which a link description is invalidated. The diagnostic server device according to claim 1,
The link invalidation page generation / transmission means includes a link including an image portion in which the entire predetermined page is an image, a user input item and a link description are invalidated, and an input portion that enables input to the user input item A diagnostic server device that generates and transmits an invalidation page. In the diagnostic server apparatus in any one of Claims 1-3,
The diagnostic server apparatus, wherein the link invalidation page generation / transmission unit invalidates the link description in the predetermined page by at least any of the following.
(1) Rewrite the link description to a comment description.
(2) Delete the link description completely.
(3) By deleting at least part of the link description, the link description is grammatically incorrect.
(4) By adding a description to the link description, the link description is grammatically incorrect.
(5) Rewrite the link description to make the link description to the warning page prepared in advance. A diagnostic server program for realizing a diagnostic server device capable of communicating with a client terminal device and a diagnostic target server device by a computer, the computer comprising:
An input no link destination address extracting means for extracting an input no link destination address included in a predetermined page;
An input-with-link destination address extracting means for extracting a link-destination address of an input-with-link included in a predetermined page;
Link destination page acquisition means for requesting the page of the input non-link destination address to the server to be diagnosed and giving the acquired page as a predetermined page to the input non-link destination address extraction means and the input link destination address extraction means When,
A link invalidation page generating / transmitting means for generating a link invalidation page that invalidates a link other than the link with the input in the predetermined page including the link destination address with input, and transmitting the link invalidation page to the client terminal device;
In the client terminal device that has received the invalidation page, input information transfer means for receiving input information input to the input item by operation and transmitting the input information to the diagnosis target server device;
A reply page transmitted as a response from the diagnosis target server device that has received the input information is received, and the reply page is given as a predetermined page to the unlinked link destination address extracting unit and the linked link destination address extracting unit. A reply page receiving means;
A link structure determining means for determining a link structure based on the link destination address extracted by the input-less link destination address extracting means and the input-with-link destination address extracting means;
A diagnostic server program that functions as diagnostic execution means for executing a diagnosis of a diagnosis target server device based on the link structure. A link structure analysis device capable of communicating with a client terminal device and a diagnosis target server device,
An input no link destination address extracting means for extracting an input no link destination address included in a predetermined page;
An input-with-link destination address extracting means for extracting a link-destination address of an input-with-link included in a predetermined page;
Link destination page acquisition means for requesting the page of the input non-link destination address to the server to be diagnosed and giving the acquired page as a predetermined page to the input non-link destination address extraction means and the input link destination address extraction means When,
A link invalidation page generating / transmitting means for generating a link invalidation page that invalidates a link other than the link with the input in the predetermined page including the link destination address with input, and transmitting the link invalidation page to the client terminal device;
In the client terminal device that has received the invalidation page, input information transfer means for receiving input information input to the input item by the operator and transmitting the input information to the diagnosis target server device;
A reply page transmitted as a response from the diagnosis target server device that has received the input information is received, and the reply page is given as a predetermined page to the unlinked link destination address extracting unit and the linked link destination address extracting unit. A reply page receiving means;
A link structure determining means for determining a link structure based on the link destination address extracted by the input-less link destination address extracting means and the input-with-link destination address extracting means;
Link structure analysis device with A link structure analysis program for realizing a link structure analysis device capable of communicating with a client terminal device and a server device to be diagnosed by a computer, wherein the computer extracts an input-less link destination address included in a predetermined page. Link destination address extraction means;
An input-with-link destination address extracting means for extracting a link-destination address of an input-with-link included in a predetermined page;
Link destination page acquisition means for requesting the page of the input non-link destination address to the server to be diagnosed and giving the acquired page as a predetermined page to the input non-link destination address extraction means and the input link destination address extraction means When,
A link invalidation page generating / transmitting means for generating a link invalidation page that invalidates a link other than the link with the input in the predetermined page including the link destination address with input, and transmitting the link invalidation page to the client terminal device;
In the client terminal device that has received the invalidation page, input information transfer means for receiving input information input to the input item by the operator and transmitting the input information to the diagnosis target server device;
A reply page transmitted as a response from the diagnosis target server device that has received the input information is received, and the reply page is given as a predetermined page to the unlinked link destination address extracting unit and the linked link destination address extracting unit. A reply page receiving means;
A link structure analysis program for functioning as a link structure determining means for determining a link structure based on the link destination address extracted by the input non-link destination address extracting means and the input-with-link destination address extracting means.