WO2018233379A1 - Method and device for obtaining data plaintext, electronic terminal, and readable storage medium - Google Patents

Method and device for obtaining data plaintext, electronic terminal, and readable storage medium Download PDF

Info

Publication number
WO2018233379A1
WO2018233379A1 PCT/CN2018/085151 CN2018085151W WO2018233379A1 WO 2018233379 A1 WO2018233379 A1 WO 2018233379A1 CN 2018085151 W CN2018085151 W CN 2018085151W WO 2018233379 A1 WO2018233379 A1 WO 2018233379A1
Authority
WO
WIPO (PCT)
Prior art keywords
plaintext
target website
obtaining
hook function
plaintext information
Prior art date
Application number
PCT/CN2018/085151
Other languages
French (fr)
Chinese (zh)
Inventor
周志刚
陈少杰
张文明
Original Assignee
武汉斗鱼网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉斗鱼网络科技有限公司 filed Critical 武汉斗鱼网络科技有限公司
Publication of WO2018233379A1 publication Critical patent/WO2018233379A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/308Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking

Abstract

The present application provides a method and device for obtaining data plaintext, an electronic terminal, and a readable storage medium. The method for obtaining data plaintext may be applied in an electronic terminal, and a browser is installed in the electronic terminal. The method comprises: monitoring, after starting a target website in the browser, the startup process of the target website, and searching for a process point of a hypertext transfer protocol corresponding to the target website before encryption; and obtaining plaintext information corresponding to the target website at the process point. The present application facilitates efficient obtaining of plaintext information corresponding to a target website, and helps to further resolve problems occurring to the target website.

Description

数据明文获取方法、装置、电子终端及可读存储介质Data clear text acquisition method, device, electronic terminal and readable storage medium
相关申请的交叉引用Cross-reference to related applications
本申请要求于2017年06月23日提交中国专利局的申请号为2017104876051,名称为“数据明文获取方法、装置、电子终端及可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese Patent Application entitled "Data Clearance Acquisition Method, Apparatus, Electronic Terminal and Readable Storage Medium" submitted by the Chinese Patent Office on June 23, 2017, with the application number of 2017104876051. The citations are incorporated herein by reference.
技术领域Technical field
本申请涉及计算机技术领域,具体而言,涉及一种数据明文获取方法、装置、电子终端及可读存储介质。The present application relates to the field of computer technology, and in particular, to a data clear text acquisition method, apparatus, electronic terminal, and readable storage medium.
背景技术Background technique
目前,随着网络安全的普及,越来越多的网站会使用HTTPS(Hyper Text Transfer Protocol over Secure Socket Layer,基于安全套接层的超文本传输协议)来传输网络协议,HTTPS是更为安全的HTTP通道。对于传统的HTTP,其网络传输的是数据的明文信息,通过网络抓包工具则可以获取到所有的HTTP的明文信息,安全性较差。相比之下,HTTPS传输的数据是经过加密的,网络抓包工具无法获取HTTPS传输的网络数据的明文信息,从而有效提升了网络数据传输的安全性。At present, with the popularity of network security, more and more websites use HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) to transmit network protocols. HTTPS is a more secure HTTP. aisle. For the traditional HTTP, the network transmits the plaintext information of the data, and the network packet capture tool can obtain all the plaintext information of the HTTP, and the security is poor. In contrast, the data transmitted by the HTTPS is encrypted, and the network packet capture tool cannot obtain the plaintext information of the network data transmitted by the HTTPS, thereby effectively improving the security of the network data transmission.
但是,采用HTTPS提升安全性的同时,也存在如下问题:网络抓包工具因难以获取HTTPS的明文信息,致使程序中遇到的问题难以定位。However, when HTTPS is used to improve security, the following problems exist: the network packet capture tool is difficult to obtain the plaintext information of the HTTPS, and the problems encountered in the program are difficult to locate.
申请内容Application content
有鉴于此,本申请的目的,包括提供一种数据明文获取方法、装置、电子终端及可读存储介质。In view of this, the purpose of the present application includes providing a data plaintext acquisition method, apparatus, electronic terminal, and readable storage medium.
本申请提供的一种数据明文获取方法,应用于电子终端,所述电子终端中安装有浏览器,所述数据明文获取方法包括:The data clear text obtaining method provided by the present application is applied to an electronic terminal, and a browser is installed in the electronic terminal, and the data clear text obtaining method includes:
在所述浏览器中启动一目标网站后对所述目标网站的启动流程进行监控,查找所述目标网站对应的超文本传输协议在加密前的流程点;以及After starting a target website in the browser, monitoring a startup process of the target website, and searching for a process point before the encryption of the hypertext transfer protocol corresponding to the target website;
在该流程点处获取所述目标网站对应的明文信息。Obtaining the plaintext information corresponding to the target website at the process point.
在一种优选的实施方式中,所述在该流程点处获取所述目标网站对应的明文信息的步骤包括:In a preferred embodiment, the step of acquiring the plaintext information corresponding to the target website at the process point includes:
在所述流程点插入执行一钩子函数,通过所述钩子函数获取所述目标网站的明文信息。Inserting a hook function at the process point, and acquiring the plaintext information of the target website by using the hook function.
在一种优选的实施方式中,所述在所述流程点插入执行一钩子函数的步骤,包括:In a preferred embodiment, the step of performing a hook function at the process point includes:
在所述流程点插入一挂钩函数;Inserting a hook function at the process point;
通过所述挂钩函数将当前执行所述目标网站对应的超文本传输协议在加密前的流程跳转到预设待执行的所述钩子函数。The hypertext transfer protocol corresponding to the target website currently being executed is jumped to the hook function preset to be executed by the hook function.
在一种优选的实施方式中,所述通过所述钩子函数获取所述目标网站的明文信息的步骤,包括:In a preferred embodiment, the step of acquiring the plaintext information of the target website by using the hook function includes:
在对明文信息加密之前执行所述钩子函数;Executing the hook function before encrypting the plaintext information;
通过所述钩子函数获取压入堆栈的目标参数,基于所述目标参数获取加密前的网络数据包;其中,所述加密前的网络数据包包括所述目标网站的明文信息。And obtaining, by the hook function, a target parameter that is pushed into the stack, and acquiring a network packet before encryption according to the target parameter; wherein the network packet before encryption includes plaintext information of the target website.
在一种优选的实施方式中,所述在所述流程点插入执行一钩子函数,通过所述钩子函数获取所述目标网站的明文信息的步骤之前,所述方法还包括:In a preferred embodiment, before the step of performing a hook function at the process point to obtain the plaintext information of the target website by using the hook function, the method further includes:
通过逆向的静态分析工具和逆向的动态调试工具对所述浏览器中启动网站的启动流程进行逆向分析,以得到网站进行超文本传输协议加密前的流程点。Reverse analysis of the startup process of the startup website in the browser is performed by a reverse static analysis tool and a reverse dynamic debugging tool to obtain a process point before the website performs hypertext transfer protocol encryption.
在一种优选的实施方式中,所述静态分析工具是交互式反汇编器;所述动态调试工具是具有可视化界面的汇编-分析调试器。In a preferred embodiment, the static analysis tool is an interactive disassembler; the dynamic debugging tool is an assembly-analysis debugger with a visual interface.
在一种优选的实施方式中,所述在该流程点处获取所述目标网站对应的明文信息的步骤之后,所述方法还包括:In a preferred embodiment, after the step of acquiring the plaintext information corresponding to the target website at the process point, the method further includes:
将所述明文信息写入日志文件中;或者,Write the plaintext information into a log file; or,
将所述明文信息打印到调试窗口以在所述调试窗口显示所述明文信息;或者,Printing the plaintext information to a debug window to display the plaintext information in the debug window; or
将所述明文信息发送给指定终端或服务器中。Send the plaintext information to a specified terminal or server.
本申请还提供一种数据明文获取装置,应用于电子终端,所述电子终端中安装有浏览器,所述数据明文获取装置包括:The application also provides a data plaintext obtaining device, which is applied to an electronic terminal, wherein the electronic terminal is equipped with a browser, and the data plaintext obtaining device includes:
监控模块,用于在浏览器中启动一目标网站后对所述目标网站的启动流程进行监控,查找所述目标网站对应的超文本传输协议在加密前的流程点;a monitoring module, configured to monitor a startup process of the target website after starting a target website in a browser, and search for a process point before the encryption of the hypertext transfer protocol corresponding to the target website;
获取模块,用于在该流程点处获取所述目标网站对应的明文信息。The obtaining module is configured to obtain the plaintext information corresponding to the target website at the process point.
在一种优选的实施方式中,所述获取模块包括:In a preferred embodiment, the obtaining module includes:
插入单元,配置成在所述流程点插入执行一钩子函数;Inserting a unit configured to insert and execute a hook function at the process point;
获取单元,配置成通过所述钩子函数获取所述目标网站的明文信息。And an obtaining unit configured to acquire the plaintext information of the target website by using the hook function.
在一种优选的实施方式中,所述插入单元配置成:在所述流程点插入一挂钩函数;通过所述挂钩函数将当前执行所述目标网站对应的超文本传输协议在加密前的流程跳转到预设待执行的所述钩子函数。In a preferred embodiment, the insertion unit is configured to: insert a hook function at the process point; and use the hook function to jump the current hypertext transfer protocol corresponding to the target website in the process before encryption Go to the hook function that is preset to be executed.
在一种优选的实施方式中,所述获取单元配置成:在对明文信息加密之前执行所述钩子函数;通过所述钩子函数获取压入堆栈的目标参数,基于所述目标参数获取加密前的网络数据包;其中,所述加密前的网络数据包包括所述目标网站的明文信息。In a preferred embodiment, the obtaining unit is configured to: execute the hook function before encrypting the plaintext information; acquire a target parameter pushed into the stack by using the hook function, and obtain the pre-encrypted based on the target parameter a network data packet; wherein the pre-encrypted network data packet includes plaintext information of the target website.
在一种优选的实施方式中,所述数据明文获取装置还包括:In a preferred embodiment, the data plaintext obtaining device further includes:
查找模块,配置成通过逆向的静态分析工具和逆向的动态调试工具对所述浏览器中启动网站的启动流程进行逆向分析,以得到网站进行超文本传输协议加密前的流程点。The search module is configured to perform reverse analysis on the startup process of the startup website in the browser by using a reverse static analysis tool and a reverse dynamic debugging tool to obtain a process point before the website performs hypertext transfer protocol encryption.
在一种优选的实施方式中,所述静态分析工具是交互式反汇编器;所述动态调试工具是具有可视化界面的汇编-分析调试器。In a preferred embodiment, the static analysis tool is an interactive disassembler; the dynamic debugging tool is an assembly-analysis debugger with a visual interface.
在一种优选的实施方式中,所述数据明文获取装置还包括:In a preferred embodiment, the data plaintext obtaining device further includes:
写入模块,配置成将所述明文信息写入日志文件中;Writing to the module, configured to write the plaintext information into a log file;
打印模块,配置成将所述明文信息打印到调试窗口以在所述调试窗口显示所述明文信息;a printing module configured to print the plaintext information to a debug window to display the plaintext information in the debug window;
发送模块,配置成将所述明文信息发送给指定终端或服务器中。The sending module is configured to send the plaintext information to the designated terminal or the server.
本申请还提供一种电子终端,包括:The application also provides an electronic terminal, including:
存储器;Memory
处理器;processor;
安装/存储于所述存储器并由所述处理器执行的上述的数据明文获取装置。The above-described data plaintext acquisition device installed/stored in the memory and executed by the processor.
本申请还提供一种可读存储介质,其上存储有计算机程序,所述计算机程序在执行时实现上述的数据明文获取方法。The present application also provides a readable storage medium having stored thereon a computer program that implements the above-described data plaintext acquisition method when executed.
与现有技术相比,本申请的数据明文获取方法、装置、电子终端及可读存储介质,通过对目标网站的启动流程进行监控,并查找该目标网站对应的超文本传输协议在加密前的流程点,进而可从该流程点获取该目标网站对应的明文信息;与现有技术中网络抓包工具因HTTPS传输的数据被加密而难以获取到HTTPS的明文信息,难以定位网站问题的问题相比,本申请提供的这种方式能够在目标网站的网络数据被加密之前便获取到该目标网站对应的明文信息,有助于进一步定位目标网站出现的问题。Compared with the prior art, the data clear text obtaining method, device, electronic terminal and readable storage medium of the present application monitor the startup process of the target website, and find the hypertext transfer protocol corresponding to the target website before encryption. a process point, which can obtain the plaintext information corresponding to the target website from the process point; and the network capture tool in the prior art is encrypted because the data transmitted by the HTTPS is difficult to obtain the plaintext information of the HTTPS, and it is difficult to locate the problem of the website. In this way, the method provided by the present application can obtain the plaintext information corresponding to the target website before the network data of the target website is encrypted, which helps to further locate the problem of the target website.
为使本申请的上述目的、特征和优点能更明显易懂,下文特举较佳实施例,并配合所附附图,作详细说明如下。The above described objects, features, and advantages of the present invention will become more apparent from the following description.
附图说明DRAWINGS
为了更清楚地说明本申请的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,应当理解,以下附图仅示出了本申请的某些实施例,因此不应被看作是对范围的限定,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图 获得其他相关的附图。In order to more clearly illustrate the technical solutions of the present application, the drawings to be used in the embodiments will be briefly described below. It should be understood that the following drawings show only certain embodiments of the present application and therefore should not be It is considered to be a limitation on the scope, and other related drawings may be obtained according to the drawings without any creative work for those skilled in the art.
图1为本申请较佳实施例提供的电子终端的方框示意图。FIG. 1 is a schematic block diagram of an electronic terminal according to a preferred embodiment of the present application.
图2为本申请较佳实施例提供的数据明文获取方法的流程图。FIG. 2 is a flowchart of a method for acquiring a plaintext data according to a preferred embodiment of the present application.
图3为本申请另一较佳实施例提供的数据明文获取方法的流程图。FIG. 3 is a flowchart of a method for acquiring a plaintext data according to another embodiment of the present application.
图4为本申请较佳实施例提供的数据明文获取装置的功能模块示意图;4 is a schematic diagram of functional modules of a data plaintext obtaining apparatus according to a preferred embodiment of the present application;
图5为本申请另一较佳实施例提供的数据明文获取装置的功能模块示意图。FIG. 5 is a schematic diagram of functional modules of a data plaintext obtaining apparatus according to another preferred embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请中的实施例附图,对本申请提供的实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。通常在此处附图中描述和示出的本申请提供的实施例的组件可以以各种不同的配置来布置和设计。因此,以下对在附图中提供的本申请的实施例的详细描述并非旨在限制要求保护的本申请的范围,而是仅仅表示本申请的选定实施例。基于本申请的实施例,本领域技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments provided in the present application are clearly and completely described in the following with reference to the embodiments of the present application. It is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. . The components of the embodiments provided herein, which are generally described and illustrated in the figures herein, may be arranged and designed in various different configurations. The detailed description of the embodiments of the present application, which is set forth in the claims All other embodiments obtained by a person skilled in the art based on the embodiments of the present application without creative efforts are within the scope of the present application.
应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步定义和解释。同时,在本申请的描述中,术语“第一”、“第二”等仅用于区分描述,而不能理解为指示或暗示相对重要性。It should be noted that similar reference numerals and letters indicate similar items in the following figures. Therefore, once an item is defined in one figure, it is not necessary to further define and explain it in the subsequent figures. Also, in the description of the present application, the terms "first", "second", and the like are used merely to distinguish a description, and are not to be construed as indicating or implying a relative importance.
如图1所示,是一电子终端100的方框示意图。所述电子终端100包括数据明文获取装置110、存储器111、存储控制器112、处理器113、外设接口114及输入输出单元115。As shown in FIG. 1, it is a block schematic diagram of an electronic terminal 100. The electronic terminal 100 includes a data plaintext acquiring device 110, a memory 111, a memory controller 112, a processor 113, a peripheral interface 114, and an input and output unit 115.
所述存储器111、存储控制器112、处理器113、外设接口114及输入输出单元115各元件相互之间直接或间接地电性连接,以实现数据的传输或交互。例如,这些元件相互之间可通过一条或多条通讯总线或信号线实现电性连接。所述数据明文获取装置110包括至少一个可以软件或固件(firmware)的形式存储于所述存储器111中或固化在所述电子终端100的操作系统(operating system,OS)中的软件功能模块。所述处理器113用于执行存储器中存储的可执行模块,例如所述数据明文获取装置110包括的软件功能模块或计算机程序。The components of the memory 111, the memory controller 112, the processor 113, the peripheral interface 114, and the input and output unit 115 are electrically connected directly or indirectly to each other to implement data transmission or interaction. For example, the components can be electrically connected to one another via one or more communication buses or signal lines. The data plaintext obtaining device 110 includes at least one software function module that can be stored in the memory 111 or solidified in an operating system (OS) of the electronic terminal 100 in the form of software or firmware. The processor 113 is configured to execute an executable module stored in a memory, such as a software function module or a computer program included in the data plaintext acquiring device 110.
本实施例中,所述存储器111中还存储一浏览器中各个功能的可执行模块,所述处理器113执行所述存储器111中存储的所述浏览器的可执行模块。In this embodiment, the memory 111 further stores an executable module of each function in the browser, and the processor 113 executes the executable module of the browser stored in the memory 111.
其中,所述存储器111可以是,但不限于,随机存取存储器(Random Access Memory,RAM),只读存储器(Read Only Memory,ROM),可编程只读存储器(Programmable Read-Only Memory,PROM),可擦除只读存储器(Erasable Programmable Read-Only Memory,EPROM),电可擦除只读存储器(Electric Erasable Programmable Read-Only  Memory,EEPROM)等。其中,存储器111用于存储程序,所述处理器113在接收到执行指令后,执行所述程序,本申请任一实施例揭示的过程定义的电子终端100所执行的方法可以应用于处理器113中,或者由处理器113实现。The memory 111 can be, but not limited to, a random access memory (RAM), a read only memory (ROM), and a programmable read-only memory (PROM). Erasable Programmable Read-Only Memory (EPROM), Electric Erasable Programmable Read-Only Memory (EEPROM), and the like. The memory 111 is used to store a program, and the processor 113 executes the program after receiving the execution instruction. The method executed by the electronic terminal 100 defined by the process disclosed in any embodiment of the present application may be applied to the processor 113. Medium or implemented by processor 113.
所述处理器113可能是一种集成电路芯片,具有信号的处理能力。上述的处理器113可以是通用处理器,包括中央处理器(Central Processing Unit,简称CPU)、网络处理器(Network Processor,简称NP)等;还可以是数字信号处理器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本申请中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 113 may be an integrated circuit chip with signal processing capabilities. The processor 113 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP processor, etc.), or a digital signal processor (DSP), an application specific integrated circuit. (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component. The methods, steps, and logical block diagrams disclosed in this application can be implemented or executed. The general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
所述外设接口114将各种输入/输入装置耦合至处理器113以及存储器111。在一些实施例中,外设接口114,处理器113以及存储控制器112可以在单个芯片中实现。在其他一些实例中,他们可以分别由独立的芯片实现。The peripheral interface 114 couples various input/input devices to the processor 113 and the memory 111. In some embodiments, peripheral interface 114, processor 113, and memory controller 112 can be implemented in a single chip. In other instances, they can be implemented by separate chips.
所述输入输出单元115用于提供给用户输入数据。所述输入输出单元115可以是,但不限于,鼠标和键盘等。The input and output unit 115 is configured to provide input data to the user. The input and output unit 115 may be, but not limited to, a mouse, a keyboard, and the like.
可以知道的是,图1仅仅是所示的电子终端100示意结构,本实施例中的电子终端100可以比图1更多或更少的组件,当然,所述电子终端100还可以是与图1完全不同的组件。It can be seen that FIG. 1 is only a schematic structure of the electronic terminal 100 shown in the figure. The electronic terminal 100 in this embodiment may have more or less components than FIG. 1 . Of course, the electronic terminal 100 may also be 1 completely different components.
本申请提供的上述电子终端100包括但不限于:服务器、个人电脑(personal computer,PC)、平板电脑、个人数字助理(personal digital assistant,PDA)、移动上网设备(mobile Internet device,MID)、智能手机或便携式穿戴设备等。The above electronic terminal 100 provided by the present application includes but is not limited to: a server, a personal computer (PC), a tablet computer, a personal digital assistant (PDA), a mobile internet device (MID), and a smart device. Mobile phones or portable wearable devices, etc.
请参阅图2,是本申请较佳实施例提供的应用于图1所示的电子终端100的数据明文获取方法的流程图。下面将对图2所示的具体流程进行详细阐述。Please refer to FIG. 2 , which is a flowchart of a method for acquiring data plaintext applied to the electronic terminal 100 shown in FIG. 1 according to a preferred embodiment of the present application. The specific flow shown in FIG. 2 will be described in detail below.
步骤S101,在浏览器中启动一目标网站。Step S101, starting a target website in the browser.
在一个实例中,所述电子终端的浏览器接收到用户选择一目标网站的选择操作后启动所述目标网站。具体的,电子终端上可以安装有浏览器,用户可以在浏览器上输入所需的网站(也即,目标网站)的网址,也可以在浏览器的网站快捷界面上选取所需的网站(也即,目标网站)。电子终端通过浏览器确定目标网站并启动该目标网站。In one example, the browser of the electronic terminal launches the target website after receiving a selection operation of the user selecting a target website. Specifically, a browser can be installed on the electronic terminal, and the user can input the website address of the desired website (that is, the target website) in the browser, or select the desired website on the website shortcut interface of the browser (also That is, the target website). The electronic terminal determines the target website through the browser and launches the target website.
步骤S102,对所述目标网站的启动流程进行监控,查找所述目标网站对应的超文本传输协议在加密前的流程点。在其它实施例中,所述数据明文获取方法也可以不包括步骤S101。所述步骤S102直接启动的浏览器中执行所述步骤S102;或者,所述电子终端监控到所述目标网站启动时执行步骤S102。Step S102, monitoring the startup process of the target website, and searching for a process point before the encryption of the hypertext transfer protocol corresponding to the target website. In other embodiments, the data plaintext acquisition method may not include step S101. Step S102 is performed in the browser directly started in step S102; or, when the electronic terminal monitors that the target website is started, step S102 is performed.
步骤S103,在该流程点处获取所述目标网站对应的明文信息。Step S103: Obtain the plaintext information corresponding to the target website at the process point.
本实施例中,所述在步骤S103之前,所述方法还包括:通过逆向的静态分析工具和逆 向的动态调试工具对所述浏览器中启动网站的启动流程进行逆向分析,以得到网站进行超文本传输协议加密前的流程点。逆向分析包括静态分析和动态分析;其中,静态分析是在程序尚未运行的状态时进行逆向分析的行为,动态分析是在程序按照指令的先后顺序动态运行的状态时进行逆向分析的行为。In this embodiment, before the step S103, the method further includes: performing a reverse analysis on the startup process of starting the website in the browser by using a reverse static analysis tool and a reverse dynamic debugging tool to obtain a website for super The process point before the text transfer protocol is encrypted. Reverse analysis includes static analysis and dynamic analysis; among them, static analysis is the behavior of reverse analysis when the program is not running, and dynamic analysis is the behavior of reverse analysis when the program is dynamically running in the order of instructions.
本实施例中,所述静态分析工具可以是IDA Pro(Interactive Disassembler Professional,交互式反汇编器专业版)。其中,IDA Pro是一种静态逆向的反编译工具,可用于反汇编和动态调试等方面。In this embodiment, the static analysis tool may be IDA Pro (Interactive Disassembler Professional, Interactive Disassembler Professional). Among them, IDA Pro is a static reverse decompilation tool for disassembly and dynamic debugging.
本实施例中,所述动态调试工具可以是Ollydbg。Ollydbg是一种具有可视化界面的32位汇编-分析调试器,也为当前逆向工程主流的动态跟踪调试工具。Ollydbg的最大特点之一就是较为强大的分析功能。具体的,Ollydbg能够分析函数过程、循环语句、选择语句、表、常量、代码中的字符串、欺骗性指令(tricky constructs)、API调用、函数中参数的数目等。Ollydbg的分析功能增加了二进制代码的可读性,减少了出错的可能性,使得我们的调试工作更加容易。In this embodiment, the dynamic debugging tool may be Ollydbg. Ollydbg is a 32-bit assembly-analysis debugger with a visual interface. It is also the current dynamic trace debugging tool for reverse engineering. One of the biggest features of Ollydbg is the more powerful analysis. Specifically, Ollydbg can analyze function procedures, loop statements, select statements, tables, constants, strings in code, tricky constructs, API calls, and the number of arguments in a function. Ollydbg's analysis capabilities increase the readability of the binary code, reducing the possibility of errors and making our debugging work easier.
在一个实例中,通过反汇编分析得到浏览器发送所述目标网站的网络数据包之前会调用SSL库来将待发送的所述网络数据包进行加密。因此,可以在加密前获取到浏览器发送出去的所有网络的明文信息。在一种实施方式中,所述电子终端通过逆向的静态分析工具IDA Pro(Interactive Disassembler Professional,交互式反汇编器专业版)和逆向的动态调试工具Ollydbg来对所述浏览器中启动网站的启动流程进行逆向分析。通过上述逆向分析得到所有的网站的网络数据包最终都是会调用系统的Socket函数将所述网络数据包发送出去。在一种实施方式中,所述电子终端可以通过所述动态调试工具在网络发包函数WSASend上下断点。当需要发送网络数据包时,当到所述WSASend函数的流程点时会中断,此时调用所述WSASend函数的调用函数调用堆栈,通过调用函数调用堆栈以查找所述发送所述网络数据包的之前的函数逻辑,综上则可以找到明文信息使用SSL加密的函数。本实施例中,所述网络数据包在加密前所包含的信息为所述明文信息。In one example, the SSL library is invoked by the browser to send the network data packet to be sent before the browser sends the network data packet of the target website by disassembling the analysis. Therefore, the plaintext information of all networks sent by the browser can be obtained before encryption. In an embodiment, the electronic terminal launches the website in the browser by using a reverse static analysis tool IDA Pro (Interactive Disassembler Professional) and a reverse dynamic debugging tool Ollydbg. The process performs a reverse analysis. Through the above reverse analysis, the network data packets of all the websites are finally sent by the Socket function of the calling system to send the network data packets. In an embodiment, the electronic terminal may break points on the network sending function WSASend by using the dynamic debugging tool. When a network data packet needs to be sent, it is interrupted when it reaches the process point of the WSASend function. At this time, the calling function call stack of the WSASend function is called, and the function call stack is called to find the network packet to be sent. In the previous function logic, you can find the function of clear text information using SSL encryption. In this embodiment, the information included in the network data packet before encryption is the plaintext information.
在一个实例中,所述通过调用函数调用堆栈以查找所述发送所述网络数据包的之前的函数逻辑的具体实现如下:In one example, the specific implementation of the previous function logic by calling the function call stack to look up the network packet is as follows:
Figure PCTCN2018085151-appb-000001
Figure PCTCN2018085151-appb-000001
Figure PCTCN2018085151-appb-000002
Figure PCTCN2018085151-appb-000002
其中,asm{}括起来的内容标示在C语言中内嵌入汇编代码。Among them, the content enclosed by asm{} indicates that the assembly code is embedded in the C language.
其中,push汇编指令则将明文的网络信息netdata压人堆栈中。Among them, the push assembly instruction pushes the plaintext network information netdata into the stack.
其中,SSLThis则是SSL库的实例化对象,并传入ecx寄存器。Among them, SSLThis is the instantiation object of the SSL library, and is passed to the ecx register.
其中,函数SSL_Encode用于对网络数据包进行加密。Among them, the function SSL_Encode is used to encrypt network packets.
因此,通过上述堆栈的顺序可以找到网站进行超文本传输协议加密前的流程点。Therefore, the sequence of the above stack can be found in the process point before the website performs hypertext transfer protocol encryption.
所述步骤S103包括:在所述流程点插入执行一钩子函数,通过所述钩子函数获取所述目标网站的明文信息。其中,钩子函数是计算机Windows消息处理机制的一部分,通过设置“钩子(hook)”,应用程序可以在系统级层面上对所有消息、事件进行过滤,以访问在正常情况下无法访问的消息。钩子的本质是一段用以处理系统消息的程序,通过系统调用,把它挂入系统。每当特定的消息发出,在没有到达目的窗口前,钩子程序能够先捕获该消息,亦即钩子函数先得到控制权。在实际应用中,钩子函数的类型可以有多种,每一种类型的钩子函数可以使应用程序能够监视不同类型的系统消息处理机制。本实施例插入的钩子函数主要用于获取目标网站的明文信息。The step S103 includes: executing a hook function at the process point, and acquiring the plaintext information of the target website by using the hook function. Among them, the hook function is part of the computer Windows message processing mechanism. By setting a "hook", the application can filter all messages and events at the system level to access messages that are normally inaccessible. The essence of a hook is a program that processes system messages and hooks it into the system through system calls. Whenever a particular message is sent, the hook program can first capture the message before it reaches the destination window, ie the hook function gets control first. In practice, there are many types of hook functions, and each type of hook function enables an application to monitor different types of system message processing mechanisms. The hook function inserted in this embodiment is mainly used to obtain the plaintext information of the target website.
在一种实施方式中,所述电子终端通过所述静态分析工具和动态调试工具查找到所述浏览器具体将网络数据包使用SSL加密的流程点后,在对明文信息加密之前执行所述钩子函数;通过所述钩子函数获取压入堆栈的目标参数,基于所述目标参数获取加密前的网络数据包;其中,所述加密前的网络数据包包括所述目标网站的明文信息。In an embodiment, the electronic terminal searches the process point that the browser specifically encrypts the network data packet by using the static analysis tool and the dynamic debugging tool, and executes the hook before encrypting the plaintext information. And obtaining, by the hook function, a target parameter that is pushed into the stack, and acquiring a network packet before encryption according to the target parameter; wherein the network packet before encryption includes plaintext information of the target website.
具体实施时,将所述钩子函数在调用函数SSL_Encode进行加密之前执行,从而所述钩子函数可以获取到压入堆栈的目标参数netdata,则可以得到加密前的所述网络数据包,其中所述加密前的网络数据包包括全部明文信息。In a specific implementation, the hook function is executed before the calling function SSL_Encode is encrypted, so that the hook function can obtain the target parameter netdata pushed into the stack, and the network packet before encryption can be obtained, wherein the encryption is performed. The previous network packet includes all plaintext information.
在一个实例中,所述钩子函数可以通过以下方式实现。In one example, the hook function can be implemented in the following manner.
所述钩子函数原型如下:The hook function prototype is as follows:
Figure PCTCN2018085151-appb-000003
Figure PCTCN2018085151-appb-000003
本实施例中,也可以在所述钩子函数中调用系统的读写文件函数来将明文信息写入到日志文件中。In this embodiment, the read/write file function of the system may also be called in the hook function to write the plaintext information into the log file.
在另一种实施例中,在查找所述目标网站对应的超文本传输协议在加密前的流程点插入一挂钩函数,所述挂钩函数用于将原来将执行目标网站对应的超文本传输协议在加密前的流程跳转到所述钩子函数,从而实现在流程点插入执行钩子函数的步骤。在一个实例中,在所述call SSL_Encode此汇编代码之前的指令修改成一个JUMP指令,使得该汇编代码的执行流程从原有的流程跳转到所述钩子函数,以读取或打印所述明文信息,当所述钩子函数执行完成后接着原有的汇编代码继续执行。通过此种方法,可以在原有的汇编代码执行流程中插入了打印网络信息的功能函数,从而可以获取到所有的网络明文信息。In another embodiment, a hypertext transfer protocol corresponding to the target website is inserted at a process point before encryption to insert a hook function, and the hook function is used to execute a hypertext transfer protocol corresponding to the target website. The process before encryption jumps to the hook function, thereby implementing the step of inserting the execution hook function at the process point. In one example, the instruction prior to the call SSL_Encode assembly code is modified into a JUMP instruction such that the execution flow of the assembly code jumps from the original flow to the hook function to read or print the plaintext Information, when the execution of the hook function is completed, the original assembly code continues to execute. In this way, a function function for printing network information can be inserted in the original assembly code execution flow, so that all network plaintext information can be obtained.
为便于理解,本实施例进一步对上述挂钩函数的插入过程解释如下:在一种实施方式中,通过调用Windows系统提供的API函数来将一个模块注入到浏览器进程中。在一个实例中,通过Windows系统API函数CreateRemoteThread在浏览器进程中创建一个远程线程。其中,所述远程线程可以是在浏览器进程中创建的一个线程。本实例中,通过创建的远程线程调用系统函数LoadLibrary来加载需要注入到浏览器进程的模块,如上述的挂钩函数。For ease of understanding, the present embodiment further explains the insertion process of the above hook function as follows: In an embodiment, a module is injected into the browser process by calling an API function provided by the Windows system. In one example, a remote thread is created in the browser process via the Windows system API function CreateRemoteThread. The remote thread may be a thread created in a browser process. In this example, the created remote thread calls the system function LoadLibrary to load the module that needs to be injected into the browser process, such as the hook function described above.
本实例中,所述通过调用Windows系统提供的API函数来将一个模块注入到浏览器进程中具体实现如下。In this example, the module is injected into the browser process by calling an API function provided by the Windows system, and the specific implementation is as follows.
a、通过WindowsAPI函数中的VirtualAllocEx函数在目标进程的内存空间中分配内存。a. Allocate memory in the memory space of the target process through the VirtualAllocEx function in the Windows API function.
b、通过WindowsAPI函数中的WriteProcessMemory函数将预编写的需要注入的模块的磁盘路径写入到步骤a中已经分配的内存中。b. Write the disk path of the pre-written module to be injected to the memory already allocated in step a through the WriteProcessMemory function in the Windows API function.
c、调用WindowsAPI函数中的CreateRemoteThread函数来在目标进程中创建一个线程,线程的执行逻辑就是调用WindowsAPI函数LoadLibrary来加载步骤b中通过在目标进程空间写入的注入模块的磁盘路径。c. Call the CreateRemoteThread function in the Windows API function to create a thread in the target process. The execution logic of the thread is to call the Windows API function LoadLibrary to load the disk path of the injection module written in the target process space in step b.
通过上述方式,能够将挂钩函数较为准确可行地插入至目标网站对应的超文本传输协议在加密前的流程点,也即,将挂钩函数注入至浏览器进程中。In the above manner, the hook function can be inserted into the process point before the encryption of the hypertext transfer protocol corresponding to the target website, that is, the hook function is injected into the browser process.
本申请实施例提供的上述数据明文获取方法,通过对目标网站的启动流程进行监控,在所述目标网站的网络数据被加密之前获取所述目标网站对应的明文信息,可以有效地获取加密的目标网站对应的明文信息,有助于进一步解决所述目标网站出现的问题。The data clear text obtaining method provided by the embodiment of the present application can obtain the encrypted information by acquiring the plaintext information of the target website before the network data of the target website is encrypted, by monitoring the startup process of the target website. The plaintext information corresponding to the website helps to further solve the problems of the target website.
在其它实施例中,如图3所示,所述步骤S103之后,所述方法还包括步骤S104至步骤S106,下面具体描述上述步骤。In other embodiments, as shown in FIG. 3, after the step S103, the method further includes steps S104 to S106, and the foregoing steps are specifically described below.
步骤S104,将所述明文信息写入日志文件中。Step S104: Write the plaintext information into a log file.
步骤S105,将所述明文信息打印到调试窗口以在所述调试窗口显示所述明文信息。Step S105, printing the plaintext information into a debugging window to display the plaintext information in the debugging window.
步骤S106,将所述明文信息发送给指定终端或服务器中。在一个实例中,所述指定终端可以是需要所述明文信息的开发人员对应的电子终端。Step S106: Send the plaintext information to a designated terminal or server. In one example, the designated terminal may be an electronic terminal corresponding to a developer who needs the plaintext information.
根据上述实施例中的方法,通过将所述明文信息存储、发送或显示在目标位置,能够 使开发人员便捷地获取所述明文信息,有助于开发人员进一步基于获取的明文信息定位目标网站的问题。According to the method in the foregoing embodiment, by storing, transmitting, or displaying the plaintext information at the target location, the developer can conveniently obtain the plaintext information, which is helpful for the developer to further locate the target website based on the obtained plaintext information. problem.
对应于前述数据明文获取方法,请参阅图4,是本申请较佳实施例提供的图1所示的数据明文获取装置110的功能模块示意图。本实施例中的数据明文获取装置110用于执行上述实施例中的各个步骤。所述数据明文获取装置110包括启动模块1101、监控模块1102及获取模块1103。Referring to FIG. 4, it is a schematic diagram of functional modules of the data plaintext obtaining apparatus 110 shown in FIG. 1 according to a preferred embodiment of the present application. The data plaintext obtaining apparatus 110 in this embodiment is used to execute the respective steps in the above embodiments. The data plaintext obtaining device 110 includes a booting module 1101, a monitoring module 1102, and an obtaining module 1103.
所述启动模块1101,配置成在浏览器中启动一目标网站。The startup module 1101 is configured to launch a target website in a browser.
所述监控模块1102,配置成对所述目标网站的启动流程进行监控,查找所述目标网站对应的超文本传输协议在加密前的流程点。在其它实施例中,所述启动模块1101也可以省略。所述监控模块1102监控是否有所述目标网站的启动。The monitoring module 1102 is configured to monitor a startup process of the target website to find a process point before the encryption of the hypertext transfer protocol corresponding to the target website. In other embodiments, the startup module 1101 can also be omitted. The monitoring module 1102 monitors whether there is activation of the target website.
所述获取模块1103,配置成在该流程点处获取所述目标网站对应的明文信息。The obtaining module 1103 is configured to acquire the plaintext information corresponding to the target website at the process point.
通过本实施例提供的上述数据明文获取装置,能够在目标网站的网络数据被加密之前便获取到该目标网站对应的明文信息,有助于进一步定位目标网站出现的问题。The above-mentioned data plaintext obtaining device provided by the embodiment can obtain the plaintext information corresponding to the target website before the network data of the target website is encrypted, which helps to further locate the problem of the target website.
在具体实施时,上述获取模块1103包括:插入单元,配置成在所述流程点插入执行一钩子函数;获取单元,配置成通过所述钩子函数获取所述目标网站的明文信息。In a specific implementation, the obtaining module 1103 includes: an inserting unit configured to insert and execute a hook function at the process point; and an acquiring unit configured to acquire the plaintext information of the target website by using the hook function.
在一种实施方式中,所述插入单元进一步配置成:在所述流程点插入一挂钩函数;通过所述挂钩函数将当前执行所述目标网站对应的超文本传输协议在加密前的流程跳转到预设待执行的所述钩子函数。所述获取单元进一步配置成:在对明文信息加密之前执行所述钩子函数;通过所述钩子函数获取压入堆栈的目标参数,基于所述目标参数获取加密前的网络数据包;其中,所述加密前的网络数据包包括所述目标网站的明文信息。In an embodiment, the inserting unit is further configured to: insert a hook function at the process point; and execute, by the hook function, a process jump of a hypertext transfer protocol corresponding to the target website currently being executed before encryption To the preset hook function to be executed. The obtaining unit is further configured to: execute the hook function before encrypting the plaintext information; acquire a target parameter pushed into the stack by using the hook function, and obtain a network packet before encryption based on the target parameter; wherein The network packet before encryption includes the plaintext information of the target website.
本实施例中,请参阅图5,在图4的基础上,图5还示意出所述数据明文获取装置包括:查找模块1104,配置成通过逆向的静态分析工具和动态调试工具对所述浏览器中启动网站的启动流程进行逆向分析,以得到网站进行超文本传输协议加密前的流程点。其中,所述静态分析工具可以是交互式反汇编器;所述动态调试工具可以是具有可视化界面的汇编-分析调试器。In this embodiment, referring to FIG. 5, on the basis of FIG. 4, FIG. 5 further illustrates that the data plaintext obtaining apparatus includes: a searching module 1104 configured to perform the browsing by using a reverse static analysis tool and a dynamic debugging tool. The startup process of the startup website is reverse-analyzed to obtain the process point before the website encrypts the hypertext transfer protocol. The static analysis tool may be an interactive disassembler; the dynamic debugging tool may be an assembly-analysis debugger with a visual interface.
本实施例中,所述数据明文获取装置还包括:写入模块1105、打印模块1106及发送模块1107。In this embodiment, the data plaintext obtaining device further includes: a writing module 1105, a printing module 1106, and a sending module 1107.
所述写入模块1105,配置成将所述明文信息写入日志文件中。The writing module 1105 is configured to write the plaintext information into a log file.
所述打印模块1106,配置成将所述明文信息打印到调试窗口以在所述调试窗口显示所述明文信息。The printing module 1106 is configured to print the plaintext information to a debug window to display the plaintext information in the debug window.
所述发送模块1107,配置成将所述明文信息发送给指定终端或服务器中。The sending module 1107 is configured to send the plaintext information to a designated terminal or a server.
关于本实施例的数据明文获取装置其它细节还可以进一步地参考上述方法实施例中的 描述,在此不再赘述。For further details of the data plaintext obtaining apparatus of the present embodiment, reference may be made to the description in the foregoing method embodiments, and details are not described herein again.
综上所述,本申请的数据明文获取装置,通过对目标网站的启动流程进行监控,并查找该目标网站对应的超文本传输协议在加密前的流程点,进而可从该流程点获取该目标网站对应的明文信息;与现有技术中网络抓包工具因HTTPS传输的数据被加密而难以获取到HTTPS的明文信息,难以定位网站问题的问题相比,本申请提供的这种装置能够在目标网站的网络数据被加密之前便获取到该目标网站对应的明文信息,有助于进一步定位目标网站出现的问题。In summary, the data plaintext obtaining apparatus of the present application monitors the startup process of the target website, and searches for a process point before the encryption of the hypertext transfer protocol corresponding to the target website, and then obtains the target from the process point. The plaintext information corresponding to the website; compared with the prior art, the network packet capture tool is encrypted because the data transmitted by the HTTPS is difficult to obtain the plaintext information of the HTTPS, and the problem of the website problem is difficult to locate. Before the network data of the website is encrypted, the plaintext information corresponding to the target website is obtained, which helps to further locate the problem of the target website.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,也可以通过其它的方式实现。以上所描述的装置实施例仅仅是示意性的,例如,附图中的流程图和框图显示了根据本申请的多个实施例的装置、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或代码的一部分,所述模块、程序段或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现方式中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may also be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and functionality of possible implementations of apparatus, methods, and computer program products according to various embodiments of the present application. operating. In this regard, each block of the flowchart or block diagram can represent a module, a program segment, or a portion of code that includes one or more of the Executable instructions. It should also be noted that, in some alternative implementations, the functions noted in the blocks may also occur in a different order than those illustrated in the drawings. For example, two consecutive blocks may be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending upon the functionality involved. It is also noted that each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts, can be implemented in a dedicated hardware-based system that performs the specified function or action. Or it can be implemented by a combination of dedicated hardware and computer instructions.
另外,在本申请各个实施例中的各功能模块可以集成在一起形成一个独立的部分,也可以是各个模块单独存在,也可以两个或两个以上模块集成形成一个独立的部分。In addition, each functional module in each embodiment of the present application may be integrated to form a separate part, or each module may exist separately, or two or more modules may be integrated to form a separate part.
所述功能如果以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并 不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。The functions, if implemented in the form of software functional modules and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including The instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. . It should be noted that, in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities or operations. There is any such actual relationship or order between them. Furthermore, the term "comprises" or "comprises" or "comprises" or any other variations thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device that comprises a plurality of elements includes not only those elements but also Other elements, or elements that are inherent to such a process, method, item, or device. An element defined by the phrase "comprising a ...", without further limitation, does not exclude the presence of additional identical elements in the process, method, article or device that comprises the element.
以上所述仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步定义和解释。The above description is only the preferred embodiment of the present application, and is not intended to limit the present application, and various changes and modifications may be made to the present application. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of this application are intended to be included within the scope of the present application. It should be noted that similar reference numerals and letters indicate similar items in the following figures. Therefore, once an item is defined in one figure, it is not necessary to further define and explain it in the subsequent figures.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应所述以权利要求的保护范围为准。The foregoing is only a specific embodiment of the present application, but the scope of protection of the present application is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present application. It should be covered by the scope of protection of this application. Therefore, the scope of protection of the present application should be determined by the scope of the claims.
工业实用性:Industrial applicability:
通过应用本申请的技术方案,能够在目标网站的网络数据被加密之前便获取到该目标网站对应的明文信息,有助于进一步定位目标网站出现的问题。By applying the technical solution of the present application, the plaintext information corresponding to the target website can be obtained before the network data of the target website is encrypted, which helps to further locate the problem of the target website.

Claims (16)

  1. 一种数据明文获取方法,应用于电子终端,所述电子终端中安装有浏览器,其特征在于,所述数据明文获取方法包括:A data plaintext obtaining method is applied to an electronic terminal, and a browser is installed in the electronic terminal, wherein the data clear text obtaining method includes:
    在所述浏览器中启动一目标网站后对所述目标网站的启动流程进行监控,查找所述目标网站对应的超文本传输协议在加密前的流程点;After starting a target website in the browser, monitoring a startup process of the target website, and searching for a process point before the encryption of the hypertext transfer protocol corresponding to the target website;
    在该流程点处获取所述目标网站对应的明文信息。Obtaining the plaintext information corresponding to the target website at the process point.
  2. 如权利要求1所述的数据明文获取方法,其特征在于,所述在该流程点处获取所述目标网站对应的明文信息的步骤包括:The method for obtaining the plaintext information of the target website according to claim 1, wherein the step of acquiring the plaintext information corresponding to the target website at the process point comprises:
    在所述流程点插入执行一钩子函数,通过所述钩子函数获取所述目标网站的明文信息。Inserting a hook function at the process point, and acquiring the plaintext information of the target website by using the hook function.
  3. 如权利要求2所述的数据明文获取方法,其特征在于,所述在所述流程点插入执行一钩子函数的步骤,包括:The data plaintext acquisition method according to claim 2, wherein the step of inserting a hook function at the process point comprises:
    在所述流程点插入一挂钩函数;Inserting a hook function at the process point;
    通过所述挂钩函数将当前执行所述目标网站对应的超文本传输协议在加密前的流程跳转到预设待执行的所述钩子函数。The hypertext transfer protocol corresponding to the target website currently being executed is jumped to the hook function preset to be executed by the hook function.
  4. 如权利要求2所述的数据明文获取方法,其特征在于,所述通过所述钩子函数获取所述目标网站的明文信息的步骤,包括:The method of claim 2, wherein the step of acquiring the plaintext information of the target website by using the hook function comprises:
    在对明文信息加密之前执行所述钩子函数;Executing the hook function before encrypting the plaintext information;
    通过所述钩子函数获取压入堆栈的目标参数,基于所述目标参数获取加密前的网络数据包;其中,所述加密前的网络数据包包括所述目标网站的明文信息。And obtaining, by the hook function, a target parameter that is pushed into the stack, and acquiring a network packet before encryption according to the target parameter; wherein the network packet before encryption includes plaintext information of the target website.
  5. 如权利要求2所述的数据明文获取方法,其特征在于,所述在所述流程点插入执行一钩子函数,通过所述钩子函数获取所述目标网站的明文信息的步骤之前,所述方法还包括:The data plaintext obtaining method according to claim 2, wherein the method further comprises: before the step of inserting a hook function at the process point, and acquiring the plaintext information of the target website by using the hook function, the method further include:
    通过逆向的静态分析工具和逆向的动态调试工具对所述浏览器中启动网站的启动流程进行逆向分析,以得到网站进行超文本传输协议加密前的流程点。Reverse analysis of the startup process of the startup website in the browser is performed by a reverse static analysis tool and a reverse dynamic debugging tool to obtain a process point before the website performs hypertext transfer protocol encryption.
  6. 如权利要求5所述的数据明文获取方法,其特征在于,所述静态分析工具是交互式反汇编器;所述动态调试工具是具有可视化界面的汇编-分析调试器。The data plaintext acquisition method according to claim 5, wherein the static analysis tool is an interactive disassembler; and the dynamic debugging tool is an assembly-analysis debugger having a visual interface.
  7. 如权利要求1-6任意一项所述的数据明文获取方法,其特征在于,所述在该流程点处获取所述目标网站对应的明文信息的步骤之后,所述方法还包括:The method for obtaining a plaintext data according to any one of claims 1-6, wherein after the step of acquiring the plaintext information corresponding to the target website at the process point, the method further includes:
    将所述明文信息写入日志文件中;或者,Write the plaintext information into a log file; or,
    将所述明文信息打印到调试窗口以在所述调试窗口显示所述明文信息;或者,Printing the plaintext information to a debug window to display the plaintext information in the debug window; or
    将所述明文信息发送给指定终端或服务器中。Send the plaintext information to a specified terminal or server.
  8. 一种数据明文获取装置,应用于电子终端,所述电子终端中安装有浏览器,其特征在于,所述数据明文获取装置包括:A data plaintext obtaining device is applied to an electronic terminal, and a browser is installed in the electronic terminal, wherein the data clear text obtaining device comprises:
    监控模块,配置成在浏览器中启动一目标网站后对所述目标网站的启动流程进行监控,查找所述目标网站对应的超文本传输协议在加密前的流程点;The monitoring module is configured to monitor a startup process of the target website after starting a target website in the browser, and search for a process point before the encryption of the hypertext transfer protocol corresponding to the target website;
    获取模块,用于在该流程点处获取所述目标网站对应的明文信息。The obtaining module is configured to obtain the plaintext information corresponding to the target website at the process point.
  9. 如权利要求8所述的数据明文获取装置,其特征在于,所述获取模块包括:The data plaintext obtaining apparatus according to claim 8, wherein the obtaining module comprises:
    插入单元,配置成在所述流程点插入执行一钩子函数;Inserting a unit configured to insert and execute a hook function at the process point;
    获取单元,配置成通过所述钩子函数获取所述目标网站的明文信息。And an obtaining unit configured to acquire the plaintext information of the target website by using the hook function.
  10. 如权利要求9所述的数据明文获取装置,其特征在于,所述插入单元配置成:在所述流程点插入一挂钩函数;通过所述挂钩函数将当前执行所述目标网站对应的超文本传输协议在加密前的流程跳转到预设待执行的所述钩子函数。The data plaintext obtaining apparatus according to claim 9, wherein the inserting unit is configured to: insert a hook function at the flow point; and perform hypertext transfer corresponding to the target website currently by the hook function The protocol before the encryption jumps to the hook function that is preset to be executed.
  11. 如权利要求9所述的数据明文获取装置,其特征在于,所述获取单元配置成:在对明文信息加密之前执行所述钩子函数;通过所述钩子函数获取压入堆栈的目标参数,基于所述目标参数获取加密前的网络数据包;其中,所述加密前的网络数据包包括所述目标网站的明文信息。The data plaintext obtaining apparatus according to claim 9, wherein the obtaining unit is configured to: execute the hook function before encrypting the plaintext information; acquire the target parameter of the push stack by the hook function, based on The target parameter obtains a network packet before encryption; wherein the network packet before encryption includes plaintext information of the target website.
  12. 如权利要求2所述的数据明文获取装置,其特征在于,所述数据明文获取装置还包括:The data plaintext obtaining apparatus according to claim 2, wherein the data plaintext obtaining apparatus further comprises:
    查找模块,配置成通过逆向的静态分析工具和逆向的动态调试工具对所述浏览器中启动网站的启动流程进行逆向分析,以得到网站进行超文本传输协议加密前的流程点。The search module is configured to perform reverse analysis on the startup process of the startup website in the browser by using a reverse static analysis tool and a reverse dynamic debugging tool to obtain a process point before the website performs hypertext transfer protocol encryption.
  13. 如权利要求12所述的数据明文获取方法,其特征在于,所述静态分析工具是交互式反汇编器;所述动态调试工具是具有可视化界面的汇编-分析调试器。The data plaintext acquisition method according to claim 12, wherein the static analysis tool is an interactive disassembler; and the dynamic debugging tool is an assembly-analysis debugger having a visual interface.
  14. 如权利要求8-13任意一项所述的数据明文获取装置,其特征在于,所述数据明文获取装置还包括:The data plaintext obtaining apparatus according to any one of claims 8 to 13, wherein the data plaintext obtaining apparatus further comprises:
    写入模块,配置成将所述明文信息写入日志文件中;Writing to the module, configured to write the plaintext information into a log file;
    打印模块,配置成将所述明文信息打印到调试窗口以在所述调试窗口显示所述明文信息;a printing module configured to print the plaintext information to a debug window to display the plaintext information in the debug window;
    发送模块,配置成将所述明文信息发送给指定终端或服务器中。The sending module is configured to send the plaintext information to the designated terminal or the server.
  15. 一种电子终端,其特征在于,An electronic terminal characterized in that
    包括:include:
    存储器;Memory
    处理器;processor;
    安装/存储于所述存储器并由所述处理器执行的权利要求8-14任一项所述的数据明文 获取装置。A data plaintext obtaining apparatus according to any one of claims 8 to 14 installed/stored in the memory and executed by the processor.
  16. 一种可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序在执行时实现上述权利要求1-7中任意一项所述的数据明文获取方法。A readable storage medium having stored thereon a computer program, wherein the computer program, when executed, implements the data plaintext acquisition method according to any one of claims 1-7.
PCT/CN2018/085151 2017-06-23 2018-04-28 Method and device for obtaining data plaintext, electronic terminal, and readable storage medium WO2018233379A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710487605.1 2017-06-23
CN201710487605.1A CN107277019B (en) 2017-06-23 2017-06-23 Data plaintext acquisition method and device, electronic terminal and readable storage medium

Publications (1)

Publication Number Publication Date
WO2018233379A1 true WO2018233379A1 (en) 2018-12-27

Family

ID=60069138

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/085151 WO2018233379A1 (en) 2017-06-23 2018-04-28 Method and device for obtaining data plaintext, electronic terminal, and readable storage medium

Country Status (2)

Country Link
CN (1) CN107277019B (en)
WO (1) WO2018233379A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107277019B (en) * 2017-06-23 2020-05-12 武汉斗鱼网络科技有限公司 Data plaintext acquisition method and device, electronic terminal and readable storage medium
CN110233818B (en) * 2018-03-19 2023-05-12 财付通支付科技有限公司 Method, apparatus and computer readable storage medium for testing data message anomaly
CN109508437B (en) * 2018-11-21 2021-05-04 深信服科技股份有限公司 Search website auditing method, system, gateway equipment and storage medium
CN111447064B (en) * 2020-03-06 2021-08-06 电子科技大学 Password reverse firewall method suitable for certificateless encryption
US11288075B2 (en) 2020-03-27 2022-03-29 Sysdig, Inc. Dynamic instrumentation via user-level mechanisms
US20230136524A1 (en) * 2021-10-29 2023-05-04 Sysdig, Inc. Dynamic instrumentation to capture cleartext from transformed communications

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685108A (en) * 2012-03-31 2012-09-19 奇智软件(北京)有限公司 Method and device for adding and deciphering webpage enciphered data
CN104765884A (en) * 2015-04-30 2015-07-08 哈尔滨工业大学 Fingerprint extraction method and fingerprint identification method of HTTPS web pages
CN105516169A (en) * 2015-12-23 2016-04-20 北京奇虎科技有限公司 Method and device for detecting website security
CN106209606A (en) * 2016-08-31 2016-12-07 北京深思数盾科技股份有限公司 A kind of use the method for WEB mail, terminal and system safely
CN107277019A (en) * 2017-06-23 2017-10-20 武汉斗鱼网络科技有限公司 Data clear text acquisition methods, device, electric terminal and readable storage medium storing program for executing

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101814053B (en) * 2010-03-29 2013-03-13 中国人民解放军信息工程大学 Method for discovering binary code vulnerability based on function model
CN104156481A (en) * 2014-08-26 2014-11-19 北京软安科技有限公司 Android encryption communication detection device and method based on dynamic linking library injection
CN106709325B (en) * 2016-11-11 2020-09-25 腾讯科技(深圳)有限公司 Method and device for monitoring program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685108A (en) * 2012-03-31 2012-09-19 奇智软件(北京)有限公司 Method and device for adding and deciphering webpage enciphered data
CN104765884A (en) * 2015-04-30 2015-07-08 哈尔滨工业大学 Fingerprint extraction method and fingerprint identification method of HTTPS web pages
CN105516169A (en) * 2015-12-23 2016-04-20 北京奇虎科技有限公司 Method and device for detecting website security
CN106209606A (en) * 2016-08-31 2016-12-07 北京深思数盾科技股份有限公司 A kind of use the method for WEB mail, terminal and system safely
CN107277019A (en) * 2017-06-23 2017-10-20 武汉斗鱼网络科技有限公司 Data clear text acquisition methods, device, electric terminal and readable storage medium storing program for executing

Also Published As

Publication number Publication date
CN107277019B (en) 2020-05-12
CN107277019A (en) 2017-10-20

Similar Documents

Publication Publication Date Title
WO2018233379A1 (en) Method and device for obtaining data plaintext, electronic terminal, and readable storage medium
US10216601B2 (en) Agent dynamic service
WO2016033966A1 (en) Protection method and device for application data
CN109873735B (en) Performance test method and device for H5 page and computer equipment
EP3213193B1 (en) Monitoring and correlating a binary process in a distributed business transaction
US20150281035A1 (en) Monitoring of Node.JS Applications
US10491629B2 (en) Detecting sensitive data sent from client device to third-party
US20180159724A1 (en) Automatic task tracking
CN111163094B (en) Network attack detection method, network attack detection device, electronic device, and medium
CN111163095A (en) Network attack analysis method, network attack analysis device, computing device, and medium
US20170147483A1 (en) Tracking asynchronous entry points for an application
US10223407B2 (en) Asynchronous processing time metrics
US10191844B2 (en) Automatic garbage collection thrashing monitoring
CN112187869A (en) Remote debugging system and method of IOT device, electronic device and storage medium
US10831883B1 (en) Preventing application installation using system-level messages
WO2019134278A1 (en) Chat encryption method and apparatus, chat decryption method and apparatus, electronic terminal and readable storage medium
US10503929B2 (en) Visually configurable privacy enforcement
CN114756833A (en) Code obfuscation method, apparatus, device, medium, and program product
US9858549B2 (en) Business transaction resource usage tracking
US8479160B2 (en) Debugging client-side code
US20200250310A1 (en) System and method for application exploration
CN110851754A (en) Webpage access method and system, computer system and computer readable storage medium
US9998348B2 (en) Monitoring a business transaction utilizing PHP engines
KR101305755B1 (en) Appatatus and method for filtering execution of script based on address
KR100846123B1 (en) Method for keyboard security and storage medium recording keyboard security driver using the method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18820316

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18820316

Country of ref document: EP

Kind code of ref document: A1