WO2020206662A1 - Browser anti-hijacking method and device, electronic equipment and storage medium - Google Patents

Browser anti-hijacking method and device, electronic equipment and storage medium Download PDF

Info

Publication number
WO2020206662A1
WO2020206662A1 PCT/CN2019/082334 CN2019082334W WO2020206662A1 WO 2020206662 A1 WO2020206662 A1 WO 2020206662A1 CN 2019082334 W CN2019082334 W CN 2019082334W WO 2020206662 A1 WO2020206662 A1 WO 2020206662A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
webpage
hijacking
web page
value
Prior art date
Application number
PCT/CN2019/082334
Other languages
French (fr)
Chinese (zh)
Inventor
赵剑萍
Original Assignee
深圳市欢太科技有限公司
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市欢太科技有限公司, Oppo广东移动通信有限公司 filed Critical 深圳市欢太科技有限公司
Priority to PCT/CN2019/082334 priority Critical patent/WO2020206662A1/en
Priority to CN201980089741.2A priority patent/CN113348655B/en
Publication of WO2020206662A1 publication Critical patent/WO2020206662A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • This application relates to the technical field of browsers, and more specifically to a browser anti-hijacking method, device, electronic equipment and storage medium.
  • this application proposes a browser anti-hijacking method, device, electronic equipment and storage medium to improve the above problems.
  • an embodiment of the present application provides a browser anti-hijacking method, the method includes: the browser receives webpage data; obtains the amount of legal data in the webpage data as the first value; and obtains the The actual data amount of the web page data is used as the second value; if the first value is different from the second value, it is determined that the web page corresponding to the web page data is hijacked, and the web page is subjected to anti-hijacking processing.
  • an embodiment of the present application provides a browser anti-hijacking device.
  • the device includes: a data receiving module for the browser to receive webpage data; a first data acquisition module for acquiring data in the webpage data The data volume of legal data is used as the first value; the second data acquisition module is used to obtain the actual data volume of the web page data as the second value; the anti-hijacking processing module is used to determine if the first value is different from the If the second value is different, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
  • an embodiment of the present application provides an electronic device, including: one or more processors; a memory; and one or more programs.
  • the one or more programs are stored in the memory and configured to be executed by the one or more processors, and the one or more programs are configured to execute the aforementioned method.
  • an embodiment of the present application provides a computer-readable storage medium in which program code is stored, and the program code can be invoked by a processor to execute the above-mentioned method.
  • the browser anti-hijacking method, device, electronic device, and storage medium provided by the embodiments of this application compare the amount of legal data in the webpage with the amount of actual data. If the two data amounts are different, it can be determined The web page is hijacked, and the anti-hijacking process is performed to improve the security of the web page.
  • Fig. 1 shows a flowchart of a browser anti-hijacking method provided by an embodiment of the present application.
  • Fig. 2 shows a flowchart of a browser anti-hijacking method provided by another embodiment of the present application.
  • Fig. 3 shows a schematic diagram of a multi-frame webpage provided by an embodiment of the present application.
  • Fig. 4 shows a flowchart of a browser anti-hijacking method provided by another embodiment of the present application.
  • FIGS 5 to 7 respectively output schematic flow diagrams of different anti-hijacking methods in the embodiments of the present application.
  • Fig. 8 shows a functional module diagram of a browser anti-hijacking device provided by an embodiment of the present application.
  • Fig. 9 shows a structural block diagram of an electronic device provided by an embodiment of the present application.
  • Fig. 10 is a storage unit for storing or carrying program code for implementing the browser anti-hijacking method according to the embodiment of the present application.
  • the browser may be hijacked.
  • Hijackers such as operators, third-party web pages or hijacking software may attack the user's browser, such as tampering with the web page by changing the display mode and display content of the web page. , Or cause the browser to be redirected to a malicious webpage when visiting a normal website, and the browser homepage or search page is modified to the website address designated by the hijacker.
  • the hijacking of all web pages relies on the HTTPS security protocol of the web page to achieve data encryption protection.
  • this security protocol is actually not secure enough, and it can also be hijacked by the server in disguise.
  • the disguised server gives the disguised encryption key.
  • the data decrypted by the browser is actually the hijacked data from the camouflage server.
  • the browser cannot know that the web page is hijacked and cannot fully achieve the purpose of anti-hijacking. It simply reduces the probability of hijacking.
  • the anti-hijacking method cannot recover the hijacked data, and can only add mistakes.
  • the inventor proposes the browser anti-hijacking method, device, electronic device, and storage medium provided by the embodiments of the application.
  • the browser anti-hijacking method By comparing the amount of legal data in the web page with the actual amount of data, it is judged whether the web page is hijacked. Undertake anti-hijacking processing.
  • specific embodiments will be used to describe in detail the browser anti-hijacking method, device, electronic equipment, and storage medium provided by the embodiments of the present application.
  • Fig. 1 shows a browser anti-hijacking method provided by an embodiment of the present application, which can be applied to a browser in an electronic device. Specifically, the method includes:
  • Step S110 the browser receives web page data.
  • the browser can initiate a web page acquisition request to the server, and receive various data information of the web page returned by the browser.
  • the webpage obtaining request may be an encrypted request, such as a data obtaining request of the https protocol.
  • the obtained data information may include one or more of codes, texts, pictures, etc., which is not limited in the embodiment of the present application. If the webpage is not hijacked, the webpage data received by the browser is the data returned by the server; if the webpage is hijacked, the actual webpage data received by the browser is different from the data returned by the server.
  • Step S120 Obtain the data amount of legal data in the webpage data as the first value.
  • Step S130 Obtain the actual data amount of the webpage data as the second value.
  • the browser can obtain the data amount of legal data in the received webpage data, and define the obtained data amount as the first value; obtain the actual amount of received webpage data, which is defined as the second value.
  • the legal data of the webpage is the original data of the webpage, or the data of the webpage written by the programmer for the webpage, or the data that the webpage itself should have if it is not hijacked, or the server responds to the browser's webpage acquisition request The data returned.
  • the amount of data indicates the size of the data, or the amount of data, or the number of bytes of the data, or the storage space that the data needs to occupy.
  • Step S140 If the first value is different from the second value, determine that the webpage corresponding to the webpage data is hijacked, and perform anti-hijacking processing on the webpage.
  • FIG. 1 Another embodiment of the present application provides a browser anti-hijacking method, which includes a method for determining the amount of legal data. See Figure 2.
  • the method includes:
  • Step S210 the browser receives web page data.
  • Step S220 Obtain the data of the recorded data amount in the web page data as stored value data.
  • Step S230 Parse the data amount of the webpage data from the stored value data as the data amount of the legal data in the webpage data, and use the data amount as the first value.
  • Step S240 Obtain the actual data amount of the webpage data as the second value.
  • the browser receives the web page data, and can obtain the amount of legal data in it.
  • the amount of data of the webpage is written in the legal data of the webpage. That is to say, after the programmer completes the legal data of the webpage, he can write the data of the webpage into the legal data.
  • the data that records the size of the legal data in the webpage may be defined as stored value data.
  • Write the amount of data in the legal data of the webpage which can be written into the stored value data.
  • the data of the legal data in the webpage data can be obtained by analyzing the stored value data in the webpage data. the amount. For example, a tag is set as the stored value data in a webpage. After the webpage is written, the webpage has a data volume of 20M, and the programmer writes the data of 20M into the tag. Through the analysis of the tag, the legal data of the webpage can be obtained as 20M.
  • the data of the recorded data amount can be obtained, and the data amount of the legal data of the web page can be analyzed from the data. And, the amount of data can be stored for later comparison.
  • the acquisition and analysis process can be completed by the browser kernel.
  • the browser kernel obtains stored value data from the web page data through the web page data analysis module, and parses the data amount of legal data from the stored value data, and stores it in In the data storage module of the browser.
  • the stored value data may be data encrypted according to a preset encryption algorithm.
  • the browser can decrypt the stored value data according to the preset encryption algorithm, and then obtain the amount of legal data in the webpage data from the decrypted stored value data.
  • the specific algorithm of the preset encryption algorithm is not limited in the embodiments of the present application, and it may be an encryption algorithm that is known to the browser but unknown to the hijacker.
  • the specific algorithm of the preset encryption algorithm has not been publicly announced, so the hijacker does not know the encryption algorithm used by the stored value data, even if the hijacker writes it when tampering with the legal data of the webpage.
  • the amount of changed data such as the increased amount of data written to it, the browser analyzes the amount of data written by the hijacker through a preset encryption algorithm, and the result of the analysis should also be garbled, which will not affect the amount of legal data. Of access.
  • the browser then counts the actual data volume of the web page data.
  • the specific statistical method is not limited. For example, the amount of storage space occupied by the received webpage data can be counted, and the calculation can be based on the webpage data receiving speed and receiving time.
  • Step S250 If the first value is different from the second value, determine that the webpage corresponding to the webpage data is hijacked, and perform anti-hijacking processing on the webpage.
  • the size of the legal data in the webpage is recorded by stored value data, and then the data size recorded by the handling data is compared with the actual received data size to determine whether the webpage is hijacked. If hijacked, anti-hijacking is handled.
  • the webpage may include multiple parts, and each part has its own corresponding independent webpage data.
  • the embodiment of the present application takes a frame webpage as an example for description.
  • a framed web page includes multiple frames in a web page, or more than one page is displayed in the same browser window, and each page acts as a frame.
  • Each frame is independent of other frames and has its own independent web page data.
  • the tag frame defines the HTML document placed in the frame.
  • FIG. 3 shows a schematic diagram of a framed webpage, where the webpage 110 includes three frames, namely a first frame 101, a second frame 102, and a third frame 103.
  • the data volume of the legal data of each frame can be compared with the actual data volume to determine whether the frame is hijacked, so as to determine whether to perform anti-hijacking processing on the webpage or the frame.
  • the web page data can be data information of a frame
  • the first value is the amount of legal data received by the frame
  • the second value is the actual web page received after the frame is received. The amount of data. That is, in this embodiment, for each frame, as shown in Figure 4, the following steps are performed:
  • Step S310 The browser receives the webpage data of the frame.
  • Step S320 Obtain the data amount of the legal data in the webpage data as the first value.
  • Step S330 Obtain the actual data amount of the webpage data as the second value.
  • Step S340 If the first value is different from the second value, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
  • the browser can receive the web page data of the frame.
  • the stored value data can be analyzed to obtain the data volume of the legal data in the frame, As the first value of the frame.
  • the actual data amount of the received frame's webpage data can be obtained, and the actual data amount is used as the second value of the frame.
  • first value and the second value are different. If the first value is the same as the second value, it indicates that the frame is not hijacked, and there is no need to perform anti-hijacking processing on the frame, and the frame can be processed normally, such as performing operations such as rendering and displaying. If the first value and the second value of each frame in the webpage indicate that none of the frames have been hijacked, the webpage has not been hijacked.
  • the first value of a frame is different from the second value, it indicates that the data in the frame has been tampered with. It can be determined that the frame is hijacked, and at the same time, it can be determined that the web page is hijacked, and anti-hijacking processing is performed on the web page.
  • the anti-hijacking processing for the webpage may be an anti-hijacking processing for the frame to reduce the amount of data processing. That is, when it is determined that the first value and the second value in the webpage data of a certain frame are different, the frame corresponding to the webpage data is subjected to anti-hijacking processing.
  • the anti-hijacking processing of the framework may be to reacquire the data of the framework from the server to restore the data of the framework.
  • the anti-hijacking processing of the framework may include the following steps:
  • Step S3411 Obtain the URL information of the frame.
  • Each frame has its link address, that is, has its website information, and the website information can be used to request legal data of the frame from the browser. Therefore, when it is determined that a certain frame is hijacked, that is, by comparing the amount of legal data in the web page data with the actual amount, it is determined that the frame is hijacked, and the URL information of the frame can be obtained.
  • the specific acquisition method is not limited in the embodiment of the present application.
  • the web address information of the frame is parsed from the web page data of the frame.
  • Step S3421 Initiate a webpage acquisition request carrying the website information to the server, so that the server returns the framed webpage data according to the webpage acquisition request.
  • the address of the server can be parsed to determine the server for obtaining legal data. Therefore, you can initiate a web page acquisition request to the server and also acquire the legal data of the frame. When the server receives the request for obtaining the webpage, it returns the webpage data of the frame again.
  • Step S3431 Obtain new webpage data of the frame from the server, and replace the webpage data of the frame.
  • the web page data After receiving the web page data returned by the server, the web page data is replaced with the original web page data of the frame to realize the recovery of the hijacked web page data in the frame.
  • an anti-hijacking mark may be carried in the webpage acquisition request, and the anti-hijacking mark indicates that the webpage data of the browser is hijacked, and a new copy of the webpage data corresponding to the website information needs to be obtained from the server.
  • the anti-hijacking mark can only be a mark known to the legitimate server. If an illegal server hijacks the web page acquisition request, the anti-hijacking mark cannot be correctly identified because the existence of the anti-hijacking mark cannot be correctly identified. Parse the request for the web page.
  • the anti-hijacking mark added in the web page acquisition request can be used by the server to add an anti-hijacking response mark to the returned web page data according to the anti-hijacking mark, so that when the browser receives the web page data, it will be based on the anti-hijacking response.
  • the mark is determined to be the data returned by the legitimate server. Therefore, in this embodiment of the present application, when the browser receives the web page data returned by the server in response to the web page acquisition request carrying the anti-hijacking flag, it can determine whether the received web page data carries the anti-hijacking flag. If it is carried, it is determined that the web page data returned by the legitimate server can be replaced, that is, the original web page data in the frame is replaced with new web page data.
  • the webpage acquisition request may be an encrypted data acquisition request, such as an https request, which may carry an anti-hijacking mark and URL information on the request header.
  • the server receives the request, it can find the original data of the URL information from the server-side database based on the anti-hijacking flag and URL information, that is, the legal data corresponding to the URL information, and then return it to the browser after being encrypted and compressed, and Add an anti-hijacking response flag in the response header.
  • the browser kernel receives the corresponding response data, it decrypts and decompresses the received encrypted compressed package according to the anti-hijacking mark and URL information to obtain the original data.
  • the browser kernel replaces the previously hijacked data with the acquired data. , To achieve the purpose of anti-hijacking.
  • an anti-hijacking reminder may be performed, such as displaying a hijacking reminder label to inform the user that the current web page is hijacked.
  • the anti-hijacking label can also specify which frame is hijacked, so that the user can know the specific hijacking situation of the frame in the webpage.
  • the anti-hijacking reminder may disappear after the user responds, and it is learned that the webpage data of the frame is retrieved and replaced after it disappears.
  • step S310 to step S340 may be executed again to display the legitimate data.
  • the browser performs anti-hijacking processing on a frame for a preset number of consecutive times, all it obtains is the hijacked webpage data, indicating that the frame is more likely to be hijacked, and the request for obtaining webpage data for the frame can be suspended .
  • the process of anti-hijacking the frame when it is determined that a certain frame is hijacked, in the process of anti-hijacking the frame, it can continue to determine whether other frames are hijacked and whether anti-hijacking processing is required, thereby improving the protection against webpages.
  • the processing speed of hijacking Of course, after the anti-hijacking process is performed on the frame that is determined to be hijacked, the judgment on whether other frames have been hijacked can be continued.
  • the relevant hijacking information can be uploaded to the backend server, which can be used to record the hijacking situation, count which frameworks are hijacked, the probability of hijacking, etc., for subsequent tracking and optimization Provide data support. For example, optimize the framework with a high probability of being hijacked to reduce the probability of being hijacked.
  • the background server is a server used to perform statistics on hijacking information, and may be the same as or different from the server that obtains legal webpage data. If the hijacking information fails to be uploaded for many times, such as uploading failed three times, the hijacking information can be saved locally and re-uploaded when the network condition is detected next time.
  • anti-hijacking processing on a web page includes:
  • Step S3412 Obtain the URL information of the webpage.
  • Step S3422 Initiate a webpage acquisition request carrying the website address information to the server, so that the server returns all webpage data of the webpage according to the webpage acquisition request.
  • Step S3432 Obtain new webpage data of the webpage from the server, and replace the webpage data of the webpage.
  • the webpage itself corresponds to a web site information.
  • the first frame 101, the second frame 102 and the third frame 103 respectively correspond to web site information.
  • the web page 110 itself also corresponds to a web site information, which is a link to the web page 110 itself. address.
  • a server for obtaining the overall webpage data of the webpage can be found, and all data information in the webpage can be obtained from the server.
  • the browser can obtain the website address information of the webpage, and the specific obtaining method is not limited. For example, the data stored in the website address information of the webpage is analyzed to obtain the website address information of the webpage.
  • the browser obtains and replaces all the webpage data of the webpage, in order to prevent the re-obtained webpage data from being hijacked, it can judge whether the webpage is hijacked again.
  • the anti-hijacking processing on the web page includes:
  • Step S3413 Obtain the website address information of the webpage, and continue to determine whether other frames that are not determined to be hijacked are hijacked.
  • Step S3423 Initiate a webpage acquisition request carrying the website address information to the server, so that the server returns all webpage data of the webpage according to the webpage acquisition request.
  • Step S3433 Obtain new webpage data of the webpage from the server, and replace the webpage data of the hijacked frame.
  • the original webpage data of the hijacked frame is replaced with the webpage data belonging to the hijacked frame. Also, cache the web page data obtained from the server.
  • the web page data of the hijacked frame can be obtained from the cached web page data, and the original web page data of the hijacked frame Replace it.
  • this implementation may be performed when there are other frames in the webpage that are not determined to be hijacked, and then it may happen that the frame determined to be hijacked needs to be replaced with webpage data.
  • the process from step S3413 to step S3433 is executed to perform anti-hijacking processing. Therefore, in this embodiment, when more than one frame is hijacked, for other hijacked frames other than the first determined to be hijacked, when performing anti-hijacking processing, you do not need to request data from the server, but directly Use locally cached web page data for replacement, which reduces the number of interactions with the server and improves data processing efficiency.
  • the locally cached webpage data can be deleted to reduce the pressure of local data storage on the browser.
  • various implementations can be referred to each other, and the same or similar parts can be applied to each other.
  • an encrypted acquisition request can be sent; an acquisition request carrying an anti-hijacking flag can be sent for the server to return according to the anti-hijacking flag.
  • An anti-hijacking response mark is added to the web page data; it can be judged whether the received web page data carries an anti-hijacking mark. If it is, the received web page data is considered valid, and the newly received web page data is used for the hijacked frame To replace the web page data.
  • a judgment process of whether the frame is hijacked is executed.
  • the browser processes the data of the webpage while receiving it.
  • the data volume of the legal data in the webpage data of the frame is compared with the actual data volume of the webpage data. If the two data volumes are the same, it is determined that the frame is not hijacked; if the two data volumes are different, it is determined that the frame is hijacked.
  • the browser can process multiple frames in parallel to increase the processing speed. That is to say, after receiving the web page data of a frame, judge whether the frame is hijacked or not and anti-hijack processing; if the web page data of other frames are received at this time, the other received frames will also start The judgment of whether to hijack and the handling of anti-hijacking.
  • the browser can perform hijacking judgment and anti-hijacking processing serially to reduce processing pressure while maximizing the processing speed. That is to say, when the browser finishes receiving the web page data of a frame, if it does not judge whether to hijack or anti-hijack other frames at this time, it will start to judge whether the frame is hijacked and anti-hijack processing; If there are other frameworks in the judgment of whether to hijack and anti-hijacking at this time, wait until the browser completes the judgment of whether the previously received frame is hijacked and the anti-hijacking process, and then judges whether the frame is hijacked And the handling of anti-hijacking.
  • the browser can also perform hijacking judgment serially, and anti-hijacking processing serially. That is to say, at the same time, a frame is judged whether to hijack, and a frame is processed at the same time. When the judgment of whether the frame is hijacked is completed, the judgment of whether the next frame is hijacked is performed; when the anti-hijacking processing of the already framed frame is completed, the anti-hijacking processing of the next hijacked frame is performed.
  • the web page may be hijacked or not hijacked. If it is necessary to judge whether each frame of a webpage is hijacked or not, it needs to be judged multiple times, while for webpages that are not hijacked, the multiple judgments are not necessary. Therefore, in the embodiment of the present application, in order to reduce meaningless judgments, it is possible to find which frame is hijacked when it is determined that the webpage is hijacked, so as to perform anti-hijacking processing on the frame.
  • the first value is different from the second value in each frame, it is determined that the webpage corresponding to the webpage data is hijacked.
  • the first total value which represents the size of all legal data in the webpage
  • the sum of the second values corresponding to all the frames is calculated as the second total value.
  • the total value represents the size of the total data actually received by the web page. It is understandable that when the main frame of the webpage is received, it indicates that the data of the webpage is loaded.
  • the first total value calculated at this time includes the amount of legal data of all frames; the second total value calculated at this time includes The amount of data received by all frames in the web page.
  • first total value and the second total value are the same. If the first total value is the same as the second total value, it means that the data in the webpage has not been hijacked, and it is not necessary to hijack each frame Judgment and anti-hijacking processing; if the first total value is different from the second total value, it means that the webpage is hijacked and the data of the frame has been tampered with. At this time, the first value and the second value can be compared for each frame Whether they are the same, if the first value is different from the second value, it is determined that the frame is hijacked and an anti-hijacking process is performed.
  • the webpage may specifically have data recording the total legal data size of the webpage, and the data recording the legal data size of the webpage is defined as the total stored value data.
  • the total stored value data of the web page can be obtained, and the total legal data size in the web page from the total stored value data is used as the first total value.
  • the size of the total data received by the webpage is determined as the second total value. Compare whether the first total value and the second total value are the same. If they are the same, it means that the webpage is not hijacked; if they are different, it means that the webpage is hijacked.
  • the webpage may include multiple parts, such as multiple frames as exemplified in the preceding embodiments; the webpage may also have only one part, that is, all data information of the webpage is A whole.
  • the web page data is defined as all data of the web page. Therefore, when the webpage is hijacked or not and the anti-hijacking process is performed, after receiving all the data of the webpage, the browser obtains the amount of legal data in the webpage data as the first value, which is the total amount of the webpage. The amount of legal data. The actual amount of data in the web page data is obtained as the second value, and the second value represents the total received data amount of the web page. Compare whether the first value and the second value are the same.
  • anti-hijacking processing when performing anti-hijacking processing on the webpage, anti-hijacking processing is performed on the entire webpage.
  • an anti-hijacking flag may be carried in a webpage acquisition request for use
  • the server adds an anti-hijacking response mark to the returned webpage data according to the anti-hijacking mark. It can be judged whether the received webpage data carries an anti-hijacking mark; if it is, the webpage data is replaced.
  • the webpage is taken as a whole, and the data amount of legal data in all webpage data and the actual data amount are compared to judge whether the webpage is hijacked. If it is determined that the webpage is hijacked, the webpage as a whole is used for anti-hijacking processing, thereby reducing the number of judgments and anti-hijacking processing times, and reducing the pressure of data processing.
  • the server during the anti-hijacking process, if the browser cannot access the server, such as network interruption, poor network quality, etc., the server cannot be connected to the server, the server initiates a web page acquisition request to the server, or it cannot After receiving the web page data returned by the server according to the web page obtaining request, the data of the web page cannot be restored.
  • the browser cannot obtain the new webpage data from the server for other reasons, for example, if the server does not find the webpage data corresponding to the URL information carried in the browser's webpage obtaining request, it can return an error message to the browser to inform The browser cannot find the corresponding web page data. At this time, the browser can determine that the web page data cannot be obtained from the server for anti-hijacking data recovery.
  • the execution of the hijacked webpage data can be stopped. Specifically, the execution of the webpage data can be stopped by stopping the execution of the script function corresponding to the hijacked webpage data.
  • the execution of the webpage data of the frame can be stopped, such as stopping the execution of the script function corresponding to the frame; or the execution of all webpage data of the webpage can be stopped, such as stopping the execution of the webpage Execution of script functions.
  • the execution of all webpage data of the webpage can be stopped, such as stopping the execution of the script function of the webpage.
  • a webpage hijacking reminder label can be displayed to remind the user that the webpage is hijacked.
  • the URL information, data size, etc. of the hijacked frame can also be obtained and written into the reminder tag, and a prompt box of the reminder tag pops up on the display page of the browser to remind the user in which frame the data has been tampered with.
  • the pop-up prompt box can also be used to remind the user that the webpage is hijacked, and it is not necessary to remind the user that the frame is hijacked.
  • the reminder tag may be created by a script inside the webpage.
  • the device 400 includes: a data receiving module 410, configured to receive webpage data by a browser; and a first data acquiring module 420, configured to Obtain the data volume of legal data in the webpage data as the first value; the second data acquisition module 430 is used to obtain the actual data volume of the webpage data as the second value; the anti-hijacking processing module 440 is used for If the first value is different from the second value, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
  • the first data acquisition module 420 may be used to acquire data of the amount of recorded data in the webpage data as stored value data; and parse the data amount of the webpage data from the stored value data as the webpage The amount of legal data in the data.
  • the stored value data is data encrypted according to a preset encryption algorithm
  • the first data acquisition module 420 may decrypt the stored value data according to the preset encryption algorithm.
  • the web page may include multiple frames.
  • the device may also include a comparison module for calculating the sum of the first numerical values corresponding to all frames as the first total value; calculating the sum of the second numerical values corresponding to all frames as the second total value; comparing the first total Whether the value is the same as the second total value.
  • each frame is processed by the data receiving module 410, the first data acquiring module 420, the second data acquiring module 430, and the anti-hijacking processing module 440.
  • the anti-hijacking processing module 440 may be used to perform anti-hijacking processing on the frame corresponding to the webpage data; or for performing anti-hijacking processing on the entire webpage.
  • the anti-hijacking processing module 440 performing anti-hijacking processing on the frame corresponding to the webpage data may include: obtaining the website address information of the frame corresponding to the webpage data; and initiating a webpage obtaining request carrying the website address information to the server, to The server is used for returning the webpage data of the frame according to the webpage obtaining request; obtaining new webpage data of the frame from the server and replacing the webpage data of the frame.
  • the anti-hijacking processing module 440 performing anti-hijacking processing on the webpage as a whole may include: obtaining the website address information of the webpage; and initiating a webpage obtaining request carrying the website address information to the server for the server according to the webpage The obtaining request returns all the webpage data of the webpage; obtaining new webpage data of the webpage from the server, and replacing the webpage data of the webpage.
  • the anti-hijacking processing module 440 may be configured to carry an anti-hijacking mark in the web page acquisition request, so that the server adds an anti-hijacking response mark to the returned web page data according to the anti-hijacking mark.
  • the anti-hijacking processing module 440 can also be used to determine whether the received web page data carries an anti-hijacking mark; if it does, replace the web page data.
  • the anti-hijacking processing module 440 when the anti-hijacking processing module 440 performs anti-hijacking processing on the frame corresponding to the web page data, it can also be used to stop the frame corresponding to the frame if the server cannot be accessed or the new web page data cannot be obtained from the server. Execution of script functions.
  • the anti-hijacking processing module 440 performs anti-hijacking processing on the webpage, if the server cannot be accessed, or the new webpage data cannot be obtained from the server, stopping the execution of all webpage data of the webpage.
  • the anti-hijacking processing module 440 may also be used to display a web page hijacking reminder label.
  • the webpage data itself can be detected and monitored, the monitored hijacked page can be fed back and reported, and the hijacked page can be anti-hijacked, and the normal page can be restored.
  • the webpage can be protected on the basis of https data
  • the data itself has been double-layered for security detection, which greatly improves the security of web page data.
  • the web page After the web page is hijacked, the web page itself detects and warns the user, and tries to perform anti-hijacking operations to restore the normal page, which greatly reduces the risk of user leakage, improves the security of the browser, and avoids user property losses , And reduce other behaviors that harm the interests of users.
  • the coupling between the modules may be electrical, mechanical or other forms of coupling.
  • each functional module in each embodiment of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module.
  • the above-mentioned integrated modules can be implemented in the form of hardware or software functional modules.
  • FIG. 9 shows a structural block diagram of an electronic device 500 provided by an embodiment of the present application.
  • the electronic device 500 may be an electronic device capable of running application programs such as a smart phone, a tablet computer, a desktop computer, an e-reader, etc.
  • the electronic device may be connected to a server through a network, and request webpage data from the server to the server, and upload and hijack the server. Information etc.
  • the electronic device has one or more processors 510 (only one is shown in the figure), a memory 520, and one or more programs.
  • the one or more programs are stored in the memory 520 and configured to be executed by the one or more processors 510.
  • the one or more programs are configured to execute the methods described in the foregoing embodiments.
  • the one or more programs may be application programs and various quick applications respectively.
  • the processor 510 may include one or more processing cores.
  • the processor 510 uses various interfaces and lines to connect various parts of the entire electronic device 500, and executes by running or executing instructions, programs, code sets, or instruction sets stored in the memory 520, and calling data stored in the memory 520.
  • the processor 510 may use at least one of digital signal processing (Digital Signal Processing, DSP), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA), and Programmable Logic Array (Programmable Logic Array, PLA).
  • DSP Digital Signal Processing
  • FPGA Field-Programmable Gate Array
  • PLA Programmable Logic Array
  • the processor 510 may integrate one or a combination of a central processing unit (CPU), a graphics processing unit (GPU), a modem, and the like.
  • the CPU mainly processes the operating system, user interface, and application programs; the GPU is used for rendering and drawing of display content; the modem is used for processing wireless communication. It can be understood that the above-mentioned modem may not be integrated into the processor 510, but may be implemented by a communication chip alone.
  • the memory 520 may include random access memory (RAM) or read-only memory (Read-Only Memory).
  • the memory 520 may be used to store instructions, programs, codes, code sets or instruction sets.
  • the memory 520 may include a storage program area and a storage data area, where the storage program area may store instructions for implementing an operating system, instructions for implementing at least one function, instructions for implementing each of the foregoing method embodiments, and the like.
  • the storage data area can also be data created by the electronic device in use (such as phone book, audio and video data, chat record data), etc.
  • the electronic device 500 may also include a display screen for displaying the video to be displayed.
  • FIG. 10 shows a structural block diagram of a computer-readable storage medium provided by an embodiment of the present application.
  • the computer-readable storage medium 600 stores program code, and the program code can be invoked by a processor to execute the method described in the foregoing method embodiment.
  • the computer-readable storage medium 600 may be an electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM.
  • the computer-readable storage medium 600 includes a non-transitory computer-readable storage medium.
  • the computer-readable storage medium 600 has a storage space for the program code 610 for executing any method steps in the above methods. These program codes can be read out from or written into one or more computer program products.
  • the program code 610 may be compressed in a suitable form, for example.

Abstract

Disclosed are a browser anti-hijacking method and device, an electronic equipment and a storage medium, relating to the technical field of the browsers. The method comprises: receiving webpage data by a browser; obtaining the volume of legal data in the webpage data as a first numerical value; obtaining the actual data volume of the webpage data as a second numerical value; if the first numerical value is different from the second numerical value, determining that a webpage corresponding to the webpage data is hijacked and performing anti-hijacking processing on the webpage to improve the security of the webpage.

Description

浏览器反劫持方法、装置、电子设备及存储介质Browser anti-hijacking method, device, electronic equipment and storage medium 技术领域Technical field
本申请涉及浏览器技术领域,更具体地,涉及一种浏览器反劫持方法、装置、电子设备及存储介质。This application relates to the technical field of browsers, and more specifically to a browser anti-hijacking method, device, electronic equipment and storage medium.
背景技术Background technique
随着经济和社会的发展,上网的人数越来越多,导致网页千变万化,经常出现浏览器网页被运营商或者第三方网页劫持的情况,对于用户的数据安全和财产安全造成威胁,因此,浏览器进行反劫持就显得非常重要了。With the development of economy and society, the number of people surfing the Internet is increasing, leading to ever-changing web pages. It is often the case that browser web pages are hijacked by operators or third-party web pages, which poses threats to users’ data security and property security. Therefore, browsing Anti-hijacking by the device is very important.
发明内容Summary of the invention
鉴于上述问题,本申请提出了一种浏览器反劫持方法、装置、电子设备及存储介质,以改善上述问题。In view of the above problems, this application proposes a browser anti-hijacking method, device, electronic equipment and storage medium to improve the above problems.
第一方面,本申请实施例提供了一种浏览器反劫持方法,所述方法包括:浏览器接收网页数据;获取所述网页数据中的合法数据的数据量,作为第一数值;获取所述网页数据的实际数据量,作为第二数值;若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理。In the first aspect, an embodiment of the present application provides a browser anti-hijacking method, the method includes: the browser receives webpage data; obtains the amount of legal data in the webpage data as the first value; and obtains the The actual data amount of the web page data is used as the second value; if the first value is different from the second value, it is determined that the web page corresponding to the web page data is hijacked, and the web page is subjected to anti-hijacking processing.
第二方面,本申请实施例提供了一种浏览器反劫持装置,所述装置包括:数据接收模块,用于浏览器接收网页数据;第一数据获取模块,用于获取所述网页数据中的合法数据的数据量,作为第一数值;第二数据获取模块,用于获取所述网页数据的实际数据量,作为第二数值;反劫持处理模块,用于若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理。In a second aspect, an embodiment of the present application provides a browser anti-hijacking device. The device includes: a data receiving module for the browser to receive webpage data; a first data acquisition module for acquiring data in the webpage data The data volume of legal data is used as the first value; the second data acquisition module is used to obtain the actual data volume of the web page data as the second value; the anti-hijacking processing module is used to determine if the first value is different from the If the second value is different, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
第三方面,本申请实施例提供了一种电子设备,包括:一个或多个处理器;存储器;一个或多个程序。其中所述一个或多个程序被存储在所述存储器中并被配置为由所述一个或多个处理器执行,所述一个或多个程序配置用于执行上述的方法。In a third aspect, an embodiment of the present application provides an electronic device, including: one or more processors; a memory; and one or more programs. The one or more programs are stored in the memory and configured to be executed by the one or more processors, and the one or more programs are configured to execute the aforementioned method.
第四方面,本申请实施例提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有程序代码,所述程序代码可被处理器调用执行上述的方法。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium in which program code is stored, and the program code can be invoked by a processor to execute the above-mentioned method.
本申请实施例提供的浏览器反劫持方法、装置、电子设备及存储介质,通过网页中合法数据的数据量与实际数据的数据量进行比对,在两个数据量不同的情况下,可以确定网页被劫持,进行反劫持处理,从而提高网页的安全性。The browser anti-hijacking method, device, electronic device, and storage medium provided by the embodiments of this application compare the amount of legal data in the webpage with the amount of actual data. If the two data amounts are different, it can be determined The web page is hijacked, and the anti-hijacking process is performed to improve the security of the web page.
附图说明Description of the drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of the present application, the following will briefly introduce the drawings needed in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those skilled in the art, other drawings can be obtained based on these drawings without creative work.
图1示出了本申请一实施例提供的浏览器反劫持方法的流程图。Fig. 1 shows a flowchart of a browser anti-hijacking method provided by an embodiment of the present application.
图2示出了本申请另一实施例提供的浏览器反劫持方法的流程图。Fig. 2 shows a flowchart of a browser anti-hijacking method provided by another embodiment of the present application.
图3示出了本申请实施例提供的多框架网页的一种示意图。Fig. 3 shows a schematic diagram of a multi-frame webpage provided by an embodiment of the present application.
图4示出了本申请又一实施例提供的浏览器反劫持方法的流程图。Fig. 4 shows a flowchart of a browser anti-hijacking method provided by another embodiment of the present application.
图5-图7分别输出了本申请实施例中不同的反劫持方式的流程示意图。Figures 5 to 7 respectively output schematic flow diagrams of different anti-hijacking methods in the embodiments of the present application.
图8示出了本申请实施例提供的浏览器反劫持装置的功能模块图。Fig. 8 shows a functional module diagram of a browser anti-hijacking device provided by an embodiment of the present application.
图9示出了本申请实施例提供的电子设备的结构框图。Fig. 9 shows a structural block diagram of an electronic device provided by an embodiment of the present application.
图10是本申请实施例的用于保存或者携带实现根据本申请实施例的浏览器反劫持方法的程序代码的存储单元。Fig. 10 is a storage unit for storing or carrying program code for implementing the browser anti-hijacking method according to the embodiment of the present application.
具体实施方式detailed description
为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。In order to enable those skilled in the art to better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application.
在浏览器的网页浏览过程中,浏览器可能会被劫持,运营商、第三方网页或者劫持软件等劫持者可能对用户的浏览器进行攻击,如通过更改网页的显示方式和显示内容等篡改网页,或者使浏览器在访问正常网站时被转向到恶意网页,浏览器主页或搜索页等被修改为劫持者指定的网站地址等。During the web browsing process of the browser, the browser may be hijacked. Hijackers such as operators, third-party web pages or hijacking software may attack the user's browser, such as tampering with the web page by changing the display mode and display content of the web page. , Or cause the browser to be redirected to a malicious webpage when visiting a normal website, and the browser homepage or search page is modified to the website address designated by the hijacker.
通常的,所有网页的劫持都依赖网页的HTTPS安全协议来达到数据加密保护,但是,这种安全协议其实还是不够安全,也可以被服务器伪装进行劫持,由伪装的服务器给伪装的加密密匙,浏览器解密后的数据其实也是伪装服务器出发的被劫持的数据,浏览器不能获知网页被劫持,不能完全达到防劫持的目的,只是简单的降低了被劫持的概率。另外,该防劫持的方式对于被劫持后的数据无法恢复,只能错上加错。Generally, the hijacking of all web pages relies on the HTTPS security protocol of the web page to achieve data encryption protection. However, this security protocol is actually not secure enough, and it can also be hijacked by the server in disguise. The disguised server gives the disguised encryption key. The data decrypted by the browser is actually the hijacked data from the camouflage server. The browser cannot know that the web page is hijacked and cannot fully achieve the purpose of anti-hijacking. It simply reduces the probability of hijacking. In addition, the anti-hijacking method cannot recover the hijacked data, and can only add mistakes.
发明人发现,对于访问正常网站时被转向到恶意网页,浏览器主页或搜索页等被修改为劫持者指定的网站地址等情况,浏览器实际访问的网址与想要访 问的网址不同,可以直接判定浏览器被劫持。此时,若浏览器在能获得想要访问的网址的情况下,可以通过该想要访问的网址向服务器获取数据。The inventor found that when visiting a normal website, it is redirected to a malicious webpage, the homepage or search page of the browser is modified to the website address specified by the hijacker, etc., the actual website visited by the browser is different from the website you want to visit, you can directly It is determined that the browser is hijacked. At this time, if the browser can obtain the web address that it wants to visit, it can obtain data from the server through the web address that it wants to visit.
而对于网页被篡改的劫持,在网页的合法数据的基础上添加数据、删除数据、替换数据等操作,都会导致网页中数据量发生变化,也就是说,浏览器实际接收到的网页数据的数据量,相对于网页的合法数据的数据量不同。因此,当浏览器实际接收到的网页数据的数据量,相对于网页的合法数据的数据量出现不同,可以判定网页被劫持,可以进行反劫持处理。As for the hijacking of webpages being tampered with, operations such as adding data, deleting data, and replacing data on the basis of the legal data of the webpage will cause the amount of data in the webpage to change, that is to say, the data of the webpage data actually received by the browser The amount of data is different from the amount of legal data on the web page. Therefore, when the amount of webpage data actually received by the browser is different from the amount of legal data of the webpage, it can be determined that the webpage is hijacked and anti-hijacking processing can be performed.
因此,发明人提出了本申请实施例提供的浏览器反劫持方法、装置、电子设备及存储介质,通过网页中合法数据量与实际数据量的对比,判断网页是否被劫持,在被劫持的情况下进行反劫持处理。下面将通过具体实施例对本申请实施例提供的浏览器反劫持方法、装置、电子设备及存储介质进行详细说明。Therefore, the inventor proposes the browser anti-hijacking method, device, electronic device, and storage medium provided by the embodiments of the application. By comparing the amount of legal data in the web page with the actual amount of data, it is judged whether the web page is hijacked. Undertake anti-hijacking processing. In the following, specific embodiments will be used to describe in detail the browser anti-hijacking method, device, electronic equipment, and storage medium provided by the embodiments of the present application.
图1示出了本申请实施例提供的浏览器反劫持方法,该方法可以应用于电子设备中的浏览器。具体的,该方法包括:Fig. 1 shows a browser anti-hijacking method provided by an embodiment of the present application, which can be applied to a browser in an electronic device. Specifically, the method includes:
步骤S110:浏览器接收网页数据。Step S110: the browser receives web page data.
浏览器可以向服务器发起网页获取请求,接收浏览器返回的网页的各种数据信息。该网页获取请求可以是加密的请求,如https协议的数据获取请求。获得的数据信息可以包括代码、文字、图片等一种或多种,本申请实施例中并不限定。若该网页未遭到劫持,则浏览器接收到的网页数据为服务器返回的数据;若该网页遭到劫持,则浏览器接收到的实际的网页数据相对服务器返回的数据有不同。The browser can initiate a web page acquisition request to the server, and receive various data information of the web page returned by the browser. The webpage obtaining request may be an encrypted request, such as a data obtaining request of the https protocol. The obtained data information may include one or more of codes, texts, pictures, etc., which is not limited in the embodiment of the present application. If the webpage is not hijacked, the webpage data received by the browser is the data returned by the server; if the webpage is hijacked, the actual webpage data received by the browser is different from the data returned by the server.
步骤S120:获取所述网页数据中的合法数据的数据量,作为第一数值。Step S120: Obtain the data amount of legal data in the webpage data as the first value.
步骤S130:获取所述网页数据的实际数据量,作为第二数值。Step S130: Obtain the actual data amount of the webpage data as the second value.
若浏览器的网页被劫持,内容被篡改,则该网页的合法数据的数据量与浏览器实际接收到的网页数据的数据量不同。因此,浏览器可以获取接收的网页数据中合法数据的数据量,定义获取到的数据量为第一数值;获取接收的网页数据的实际数量,定义为第二数值。If the webpage of the browser is hijacked and the content is tampered with, the amount of legal data of the webpage is different from the amount of webpage data actually received by the browser. Therefore, the browser can obtain the data amount of legal data in the received webpage data, and define the obtained data amount as the first value; obtain the actual amount of received webpage data, which is defined as the second value.
其中,网页的合法数据为网页原始数据,或者说程序人员为该网页编写的该网页的数据,或者说未被劫持的情况下网页本身应该有的数据,或者说服务器响应浏览器的网页获取请求所返回的数据。数据量表示数据的大小,或者说数据的多少,或者说数据的字节数,或者说数据需要占据的存储空间等。Among them, the legal data of the webpage is the original data of the webpage, or the data of the webpage written by the programmer for the webpage, or the data that the webpage itself should have if it is not hijacked, or the server responds to the browser's webpage acquisition request The data returned. The amount of data indicates the size of the data, or the amount of data, or the number of bytes of the data, or the storage space that the data needs to occupy.
步骤S140:若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理。Step S140: If the first value is different from the second value, determine that the webpage corresponding to the webpage data is hijacked, and perform anti-hijacking processing on the webpage.
比较合法数据的数据量与实际接收到的网页的数据量之间是否相同。若不同,表明该网页被篡改,对该网页进行反劫持处理。Compare whether the amount of legal data is the same as that of the actual received web page. If they are different, it indicates that the webpage has been tampered with, and the webpage is processed against hijacking.
本申请实施例提供的浏览器反劫持方法中,通过网页的合法数据的数据量与实际接收到的数据量是否相同对该网页是否被劫持进行判断,使浏览器能准确获知网页是否被劫持,并在被劫持的情况下进行反劫持处理,提高网页的安全性。In the browser anti-hijacking method provided by the embodiment of the present application, whether the amount of legal data of the webpage is the same as the amount of data actually received is judged whether the webpage is hijacked, so that the browser can accurately know whether the webpage is hijacked, And in the case of being hijacked, conduct anti-hijacking processing to improve the security of the webpage.
本申请另一实施例提供了一种浏览器反劫持方法,该方法中,包括对合法数据的数据量的确定方式。请参见图2,该方法包括:Another embodiment of the present application provides a browser anti-hijacking method, which includes a method for determining the amount of legal data. See Figure 2. The method includes:
步骤S210:浏览器接收网页数据。Step S210: the browser receives web page data.
步骤S220:获取所述网页数据中记录数据量的数据,作为储值数据。Step S220: Obtain the data of the recorded data amount in the web page data as stored value data.
步骤S230:从该储值数据中解析出所述网页数据的数据量,作为所述网页数据中合法数据的数据量,以该数据量作为第一数值。Step S230: Parse the data amount of the webpage data from the stored value data as the data amount of the legal data in the webpage data, and use the data amount as the first value.
步骤S240:获取所述网页数据的实际数据量,作为第二数值。Step S240: Obtain the actual data amount of the webpage data as the second value.
浏览器接收到网页数据,可以获取其中合法数据的数据量。The browser receives the web page data, and can obtain the amount of legal data in it.
具体的,在网页的合法数据中写入有网页的数据量。也就是说,程序人员在编写完成网页的合法数据后,可以将该网页的数据量写入到该合法数据中。Specifically, the amount of data of the webpage is written in the legal data of the webpage. That is to say, after the programmer completes the legal data of the webpage, he can write the data of the webpage into the legal data.
其中,可以是在网页的合法数据中专门有记录数据大小的数据,如一个标签、一段字节等,本申请实施例中可以定义该记录网页中合法数据大小的数据为储值数据。在网页的合法数据中写入数据量,可以是将该网页的合法数据的数据量写入到储值数据中,通过对网页数据中储值数据的解析就可以获得网页数据中合法数据的数据量。例如,在网页中设置一个标签作为储值数据,该网页编写完成后,该网页有20M的数据量,则程序人员将20M这一数据写入到该标签。通过对该标签的解析,即可获得该网页的合法数据为20M。Among them, it may be data that specifically records the size of the data in the legal data of the webpage, such as a label, a segment of bytes, etc. In the embodiment of the application, the data that records the size of the legal data in the webpage may be defined as stored value data. Write the amount of data in the legal data of the webpage, which can be written into the stored value data. The data of the legal data in the webpage data can be obtained by analyzing the stored value data in the webpage data. the amount. For example, a tag is set as the stored value data in a webpage. After the webpage is written, the webpage has a data volume of 20M, and the programmer writes the data of 20M into the tag. Through the analysis of the tag, the legal data of the webpage can be obtained as 20M.
因此,接收到网页数据,可以获取其中记录数据量的数据,从该数据中解析网页的合法数据的数据量。并且,可以将该数据量进行存储以用于后面比对。其中,该获取及解析过程可以由浏览器内核完成,如浏览器内核通过网页数据解析模块从网页数据中获取储值数据,并从储值数据中解析出合法数据的数据量,将该存储在浏览器的数据储存模块中。Therefore, after receiving the web page data, the data of the recorded data amount can be obtained, and the data amount of the legal data of the web page can be analyzed from the data. And, the amount of data can be stored for later comparison. Among them, the acquisition and analysis process can be completed by the browser kernel. For example, the browser kernel obtains stored value data from the web page data through the web page data analysis module, and parses the data amount of legal data from the stored value data, and stores it in In the data storage module of the browser.
可选的,在本申请实施例中,该储值数据可以是根据预设加密算法加密的数据。浏览器可以根据该预设加密算法对储值数据进行解密,再从解密后的储 值数据中获取该网页数据中合法数据的数据量。Optionally, in this embodiment of the present application, the stored value data may be data encrypted according to a preset encryption algorithm. The browser can decrypt the stored value data according to the preset encryption algorithm, and then obtain the amount of legal data in the webpage data from the decrypted stored value data.
其中,该预设加密算法具体为何种算法在本申请实施例中并不限定,可以是对浏览器可知,而对劫持者不可知的加密算法。也就是说,该预设加密算法具体为何种算法并未公开声明,从而劫持者不知道该储值数据所使用的加密算法,即使劫持者在向对网页的合法数据进行篡改时写入了其改变的数据量,如写入了其增加的数据量,浏览器通过预设加密算法对该劫持者写入的数据量进行解析,解析的结果也应当为乱码,不会影响合法数据的数据量的获取。Wherein, the specific algorithm of the preset encryption algorithm is not limited in the embodiments of the present application, and it may be an encryption algorithm that is known to the browser but unknown to the hijacker. In other words, the specific algorithm of the preset encryption algorithm has not been publicly announced, so the hijacker does not know the encryption algorithm used by the stored value data, even if the hijacker writes it when tampering with the legal data of the webpage. The amount of changed data, such as the increased amount of data written to it, the browser analyzes the amount of data written by the hijacker through a preset encryption algorithm, and the result of the analysis should also be garbled, which will not affect the amount of legal data. Of access.
浏览器再统计该网页数据的实际的数据量。具体统计方式并不限定,例如,可以统计接收到的网页数据所占存储空间大小、根据网页数据接收速度以及接收时间计算等。The browser then counts the actual data volume of the web page data. The specific statistical method is not limited. For example, the amount of storage space occupied by the received webpage data can be counted, and the calculation can be based on the webpage data receiving speed and receiving time.
步骤S250:若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理。Step S250: If the first value is different from the second value, determine that the webpage corresponding to the webpage data is hijacked, and perform anti-hijacking processing on the webpage.
比较第一数值与第二数值是否相同。若不同,表明该网页数据中合法数据的数据量与实际接收到的数据量不同,说明该网页被劫持,可以进行对应的反劫持处理。Compare whether the first value and the second value are the same. If they are different, it indicates that the amount of legal data in the webpage data is different from the amount of data actually received, indicating that the webpage has been hijacked and corresponding anti-hijacking processing can be performed.
本申请实施例中,通过储值数据记录网页中合法数据的大小,再比较该处置数据所记录的数据大小与实际接收到的数据大小,以确定网页是否被劫持。若被劫持,则进行反劫持处理。In the embodiment of the present application, the size of the legal data in the webpage is recorded by stored value data, and then the data size recorded by the handling data is compared with the actual received data size to determine whether the webpage is hijacked. If hijacked, anti-hijacking is handled.
在本申请实施例中,网页中可以包括多个部分,每个部分都有自身对应的独立的网页数据,本申请实施例以框架网页为例进行说明。框架网页在一个网页中包括多个框架,或者说在同一个浏览器窗口中显示不止一个页面,每个页面作为一个框架。每个框架独立于其他框架,拥有自身独立的网页数据。例如,可以通过框架结构标签定义如何将窗口分割为框架,可以通过框架标签定义每个框架中的网页数据,如,通过框架结构标签frameset定义如何将网页分割为框架,通过每个框架对应的框架标签frame定义放置在该框架中的HTML文档。例如图3示出了一种框架网页的示意图,其中网页110包括三个框架,分别为第一框架101、第二框架102以及第三框架103。In the embodiment of the present application, the webpage may include multiple parts, and each part has its own corresponding independent webpage data. The embodiment of the present application takes a frame webpage as an example for description. A framed web page includes multiple frames in a web page, or more than one page is displayed in the same browser window, and each page acts as a frame. Each frame is independent of other frames and has its own independent web page data. For example, you can define how to divide a window into frames through the frame structure tag, and define the web page data in each frame through the frame tag. For example, define how to divide the web page into frames through the frame structure tag frameset, and pass the corresponding frame of each frame The tag frame defines the HTML document placed in the frame. For example, FIG. 3 shows a schematic diagram of a framed webpage, where the webpage 110 includes three frames, namely a first frame 101, a second frame 102, and a third frame 103.
本申请另一实施例提供了一种浏览器反劫持方法。在该实施例中,可以将每个框架的合法数据的数据量以及实际的数据量进行比对,判断该框架是否被劫持,从而确定是否对该网页或者该框架进行反劫持处理。也就是说,在该实施例中,网页数据可以是一个框架的数据信息,第一数值为该框架接收到的合法数据的数据量,第二数值为该框架完成接收后,实际接收到的网页数据的数 据量。也就是说,在该实施例中,对于每一个框架,如图4所示,执行如下所述步骤:Another embodiment of the present application provides a browser anti-hijacking method. In this embodiment, the data volume of the legal data of each frame can be compared with the actual data volume to determine whether the frame is hijacked, so as to determine whether to perform anti-hijacking processing on the webpage or the frame. That is to say, in this embodiment, the web page data can be data information of a frame, the first value is the amount of legal data received by the frame, and the second value is the actual web page received after the frame is received. The amount of data. That is, in this embodiment, for each frame, as shown in Figure 4, the following steps are performed:
步骤S310:浏览器接收该框架的网页数据。Step S310: The browser receives the webpage data of the frame.
步骤S320:获取所述网页数据中的合法数据的数据量,作为第一数值。Step S320: Obtain the data amount of the legal data in the webpage data as the first value.
步骤S330:获取所述网页数据的实际数据量,作为第二数值。Step S330: Obtain the actual data amount of the webpage data as the second value.
步骤S340:若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理。Step S340: If the first value is different from the second value, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
对于任意一个框架,浏览器可以接收该框架的网页数据。当接收到记录该框架中合法数据的数据量的数据,也就是说接收到该框架的网页数据中的储值数据,可以对该储值数据进行解析,获得该框架中合法数据的数据量,作为该框架的第一数值。For any frame, the browser can receive the web page data of the frame. When receiving the data recording the data volume of the legal data in the frame, that is to say, the stored value data in the web page data of the frame is received, the stored value data can be analyzed to obtain the data volume of the legal data in the frame, As the first value of the frame.
当该框架中的数据接收完成,可以获取接收到的框架的网页数据的实际数据量,以该实际的数据量作为该框架的第二数值。When the data in the frame is received, the actual data amount of the received frame's webpage data can be obtained, and the actual data amount is used as the second value of the frame.
比较第一数值和第二数值是否不同。若第一数值与第二数值相同,表明该框架未被劫持,不需要对该框架进行反劫持处理,该框架可以进行正常处理,如进行渲染、显示等操作。若该网页中每个框架的第一数值和第二数值,表示所有框架都没有被劫持,该网页未被劫持。Compare whether the first value and the second value are different. If the first value is the same as the second value, it indicates that the frame is not hijacked, and there is no need to perform anti-hijacking processing on the frame, and the frame can be processed normally, such as performing operations such as rendering and displaying. If the first value and the second value of each frame in the webpage indicate that none of the frames have been hijacked, the webpage has not been hijacked.
若某框架的第一数值与第二数值不同,表明该框架中的数据被篡改,可以判定该框架被劫持,同时可以判定该网页被劫持,对该网页进行反劫持处理。If the first value of a frame is different from the second value, it indicates that the data in the frame has been tampered with. It can be determined that the frame is hijacked, and at the same time, it can be determined that the web page is hijacked, and anti-hijacking processing is performed on the web page.
作为一种实施方式,由于每个框架都有自己的网页数据,若判定某框架被劫持,对网页的反劫持处理可以是针对该框架的反劫持处理,以减少数据的处理量。也就是说,当判定某框架的网页数据中第一数值以及第二数值不同,对该网页数据对应的框架进行反劫持处理。其中,对该框架的反劫持处理可以是重新从服务器获取该框架的数据,以对该框架的数据进行恢复。具体的,如图5所示,对框架的反劫持处理可以包括如下步骤:As an implementation manner, since each frame has its own webpage data, if it is determined that a certain frame is hijacked, the anti-hijacking processing for the webpage may be an anti-hijacking processing for the frame to reduce the amount of data processing. That is, when it is determined that the first value and the second value in the webpage data of a certain frame are different, the frame corresponding to the webpage data is subjected to anti-hijacking processing. Wherein, the anti-hijacking processing of the framework may be to reacquire the data of the framework from the server to restore the data of the framework. Specifically, as shown in Figure 5, the anti-hijacking processing of the framework may include the following steps:
步骤S3411:获取该框架的网址信息。Step S3411: Obtain the URL information of the frame.
每个框架都具有其链接地址,即具有其网址信息,该网址信息可以用于向浏览器请求该框架的合法数据。因此,当判定某框架被劫持,也就是说,通过网页数据中合法数据的数据量与实际的数量的比对,判定该框架被劫持,可以获取该框架的网址信息。具体获取方式在本申请实施例中并不限定,如从该框架的网页数据中解析出该框架的网址信息。Each frame has its link address, that is, has its website information, and the website information can be used to request legal data of the frame from the browser. Therefore, when it is determined that a certain frame is hijacked, that is, by comparing the amount of legal data in the web page data with the actual amount, it is determined that the frame is hijacked, and the URL information of the frame can be obtained. The specific acquisition method is not limited in the embodiment of the present application. For example, the web address information of the frame is parsed from the web page data of the frame.
步骤S3421:向服务器发起携带所述网址信息的网页获取请求,以用于所述服务器根据所述网页获取请求返回所述框架的网页数据。Step S3421: Initiate a webpage acquisition request carrying the website information to the server, so that the server returns the framed webpage data according to the webpage acquisition request.
根据该网址信息可以解析出服务器的地址,从而确定进行合法数据获取的服务器。因此,可以向服务器发起网页获取请求,也获取该框架的合法数据。当服务器接收到该网页获取请求时,重新返回该框架的网页数据。According to the URL information, the address of the server can be parsed to determine the server for obtaining legal data. Therefore, you can initiate a web page acquisition request to the server and also acquire the legal data of the frame. When the server receives the request for obtaining the webpage, it returns the webpage data of the frame again.
步骤S3431:从服务器获取所述框架的新的网页数据,替换所述框架的网页数据。Step S3431: Obtain new webpage data of the frame from the server, and replace the webpage data of the frame.
接收到服务器返回的网页数据后,将该网页数据替换框架原有的网页数据,实现对框架中被劫持的网页数据的恢复。After receiving the web page data returned by the server, the web page data is replaced with the original web page data of the frame to realize the recovery of the hijacked web page data in the frame.
可选的,在该实施方式中,可以在网页获取请求中携带反劫持标记,该反劫持标记表示浏览器的网页数据被劫持,需要从服务器重新一份该网址信息对应的网页数据。其中,该反劫持标记可以仅为合法服务器所知的一种标记,若非法的服务器劫持到该网页获取请求,无法正确地识别到该反劫持标记,因为该反劫持标记的存在也无法正确地解析该网页获取请求。Optionally, in this implementation manner, an anti-hijacking mark may be carried in the webpage acquisition request, and the anti-hijacking mark indicates that the webpage data of the browser is hijacked, and a new copy of the webpage data corresponding to the website information needs to be obtained from the server. Among them, the anti-hijacking mark can only be a mark known to the legitimate server. If an illegal server hijacks the web page acquisition request, the anti-hijacking mark cannot be correctly identified because the existence of the anti-hijacking mark cannot be correctly identified. Parse the request for the web page.
另外,在网页获取请求中添加的反劫持标记可以用于服务器根据该反劫持标记在返回的网页数据中添加反劫持响应标记,从而使浏览器接收到该网页数据时,根据其中的反劫持响应标记确定为合法服务器返回的数据。因此,在本申请实施例中,浏览器接收到服务器响应携带反劫持标记的网页获取请求返回的网页数据时,可以判断接收到的网页数据中是否携带有反劫持标记。若携带有,判定为合法服务器返回的网页数据,可以对网页数据进行替换,即将框架中原来的网页数据替换为新的网页数据。In addition, the anti-hijacking mark added in the web page acquisition request can be used by the server to add an anti-hijacking response mark to the returned web page data according to the anti-hijacking mark, so that when the browser receives the web page data, it will be based on the anti-hijacking response. The mark is determined to be the data returned by the legitimate server. Therefore, in this embodiment of the present application, when the browser receives the web page data returned by the server in response to the web page acquisition request carrying the anti-hijacking flag, it can determine whether the received web page data carries the anti-hijacking flag. If it is carried, it is determined that the web page data returned by the legitimate server can be replaced, that is, the original web page data in the frame is replaced with new web page data.
可选的,网页获取请求可以是一种加密的数据获取请求,如https请求,可以在请求头上携带反劫持标记以及网址信息。当服务器接收到该请求时,可以根据反劫持标记和网址信息从服务器端的数据库中查到该网址信息的原始数据,即该网址信息对应的合法数据,然后经过加密压缩后返回给浏览器,并在响应头中添加一个反劫持响应标记。浏览器内核接收到对应的响应数据后,根据反劫持标记和网址信息把收到的加密压缩包进行解密和解压得到原始的数据,由浏览器内核把之前劫持的数据完全替换到获取到的数据,达到反劫持的目的。Optionally, the webpage acquisition request may be an encrypted data acquisition request, such as an https request, which may carry an anti-hijacking mark and URL information on the request header. When the server receives the request, it can find the original data of the URL information from the server-side database based on the anti-hijacking flag and URL information, that is, the legal data corresponding to the URL information, and then return it to the browser after being encrypted and compressed, and Add an anti-hijacking response flag in the response header. After the browser kernel receives the corresponding response data, it decrypts and decompresses the received encrypted compressed package according to the anti-hijacking mark and URL information to obtain the original data. The browser kernel replaces the previously hijacked data with the acquired data. , To achieve the purpose of anti-hijacking.
可选的,在本申请实施例中,当判定某框架被劫持,可以进行防劫持提醒,如显示劫持提醒标签,以告知用户当前网页被劫持。另外,该防劫持标签还可以具体指示到哪一个框架被劫持,以使用户获知网页中框架的具体劫持情况。Optionally, in this embodiment of the application, when it is determined that a certain frame is hijacked, an anti-hijacking reminder may be performed, such as displaying a hijacking reminder label to inform the user that the current web page is hijacked. In addition, the anti-hijacking label can also specify which frame is hijacked, so that the user can know the specific hijacking situation of the frame in the webpage.
可选的,该防劫持提醒可以在用户进行响应后消失,获知在重新获得该框架的网页数据并替换后消失。Optionally, the anti-hijacking reminder may disappear after the user responds, and it is learned that the webpage data of the frame is retrieved and replaced after it disappears.
可选的,在该实施方式中,在重新获得被劫持的框架的网页数据并替换后,可以再次执行步骤S310至步骤S340的判断比对过程,以显示的为合法数据。Optionally, in this implementation manner, after the web page data of the hijacked frame is retrieved and replaced, the judgment and comparison process from step S310 to step S340 may be executed again to display the legitimate data.
可选的,若浏览器在连续预设次数对某框架进行反劫持处理,都获得的是被劫持的网页数据,说明该框架被劫持的几率较大,可以暂停该框架的网页数据的获取请求。Optionally, if the browser performs anti-hijacking processing on a frame for a preset number of consecutive times, all it obtains is the hijacked webpage data, indicating that the frame is more likely to be hijacked, and the request for obtaining webpage data for the frame can be suspended .
可选的,在该实施方式中,当判定某框架被劫持,在对该框架进行反劫持处理的过程中,可以继续判断其他框架是否被劫持,是否需要进行反劫持处理,从而提高对网页防劫持的处理速度。当然,也可以在对判定被劫持的框架进行反劫持处理后,再继续进行其他框架是否被劫持的判断。Optionally, in this implementation, when it is determined that a certain frame is hijacked, in the process of anti-hijacking the frame, it can continue to determine whether other frames are hijacked and whether anti-hijacking processing is required, thereby improving the protection against webpages. The processing speed of hijacking. Of course, after the anti-hijacking process is performed on the frame that is determined to be hijacked, the judgment on whether other frames have been hijacked can be continued.
可选的,在判定某框架被劫持后,可以将相关的劫持信息上传到后台服务器,可以用于对劫持情况进行记录,统计哪些框架出现劫持,出现劫持的概率等,给后续的跟踪以及优化提供数据支持。如对被劫持几率高的框架进行优化处理,减少被劫持的几率。其中,该后台服务器是用于对劫持信息进行统计的服务器,可以与获取合法的网页数据的服务器相同或不同。若劫持信息多次上传失败,如三次上传失败,则可以将该劫持信息保存在本地,在下次检测到网络状况良好的情况下重新上传。Optionally, after determining that a framework is hijacked, the relevant hijacking information can be uploaded to the backend server, which can be used to record the hijacking situation, count which frameworks are hijacked, the probability of hijacking, etc., for subsequent tracking and optimization Provide data support. For example, optimize the framework with a high probability of being hijacked to reduce the probability of being hijacked. Wherein, the background server is a server used to perform statistics on hijacking information, and may be the same as or different from the server that obtains legal webpage data. If the hijacking information fails to be uploaded for many times, such as uploading failed three times, the hijacking information can be saved locally and re-uploaded when the network condition is detected next time.
作为另一种实施方式,当判定某个框架被劫持,则表明该网页被劫持,该网页中其他框架被劫持的可能性也较大。为了提高数据的处理速度,可以不再对网页中其他框架进行是否劫持的判断,并且进行对网页的反劫持处理。在对网页进行反劫持处理时,对网页整体进行反劫持处理。也就是说,当判定某一框架被劫持,则对整个网页进行反劫持处理,重新向服务器获取整个网页的网页数据并替换。具体的,如图6所示,对网页进行反劫持处理包括:As another implementation manner, when it is determined that a certain frame is hijacked, it indicates that the webpage is hijacked, and other frames in the webpage are more likely to be hijacked. In order to improve the data processing speed, it is no longer necessary to judge whether other frames in the web page are hijacked, and perform anti-hijacking processing on the web page. When carrying out anti-hijacking processing on a web page, anti-hijacking processing is performed on the entire web page. In other words, when it is determined that a certain frame is hijacked, the entire webpage is processed for anti-hijacking, and the webpage data of the entire webpage is obtained from the server and replaced. Specifically, as shown in Figure 6, anti-hijacking processing on a web page includes:
步骤S3412:获取所述网页的网址信息。Step S3412: Obtain the URL information of the webpage.
步骤S3422:向服务器发起携带所述网址信息的网页获取请求,以用于所述服务器根据所述网页获取请求返回所述网页的所有网页数据。Step S3422: Initiate a webpage acquisition request carrying the website address information to the server, so that the server returns all webpage data of the webpage according to the webpage acquisition request.
步骤S3432:从服务器获取所述网页的新的网页数据,替换所述网页的网页数据。Step S3432: Obtain new webpage data of the webpage from the server, and replace the webpage data of the webpage.
网页本身对应一个网址信息,如图3中第一框架101、第二框架102以及第三框架103分别对应有网址信息,网页110本身也对应有一个网址信息,该 网址信息为网页110本身的链接地址。通过该网址信息可以找寻到用于获取该网页的整体的网页数据的服务器,并从该服务器获取到网页中所有的数据信息。浏览器可以获取网页的网址信息,具体获取方式并不限定,例如对存储网页的网址信息的数据进行解析,获得该网页的网址信息。The webpage itself corresponds to a web site information. As shown in Figure 3, the first frame 101, the second frame 102 and the third frame 103 respectively correspond to web site information. The web page 110 itself also corresponds to a web site information, which is a link to the web page 110 itself. address. Through the URL information, a server for obtaining the overall webpage data of the webpage can be found, and all data information in the webpage can be obtained from the server. The browser can obtain the website address information of the webpage, and the specific obtaining method is not limited. For example, the data stored in the website address information of the webpage is analyzed to obtain the website address information of the webpage.
再向服务器发起携带该网址信息的网页获取请求,从而使接收到该网页获取请求的服务器向浏览器返回所有的网页数据浏览器获取到网页的所有网页数据后,将网页中所有的网页数据替换为新获取的网页数据。也就是说,网页中所有的框架的网页数据被替换为新获取的网页数据。Then initiate a web page acquisition request carrying the URL information to the server, so that the server that receives the web page acquisition request returns all the web page data to the browser. After the browser obtains all the web page data of the web page, it replaces all the web page data in the web page Is the newly acquired web page data. In other words, the web page data of all frames in the web page are replaced with newly acquired web page data.
可选的,浏览器获取到网页的所有网页数据并进行替换后,为了避免重新获得的网页数据也被劫持,可以再次进行网页是否被劫持的判断。Optionally, after the browser obtains and replaces all the webpage data of the webpage, in order to prevent the re-obtained webpage data from being hijacked, it can judge whether the webpage is hijacked again.
作为又一种实施方式,当判定某个框架被劫持,则表明该网页被劫持,该网页中其他框架被劫持的可能性也较大。为了提高数据的处理速度,在对网页进行反劫持处理时,从服务器获取整个网页的所有网页数据,并用所有的网页数据中被劫持框架的网页数据对被劫持的框架进行替换。具体的,如图7所示,对网页进行反劫持处理包括:As another implementation manner, when it is determined that a certain frame is hijacked, it indicates that the web page is hijacked, and the possibility of other frames in the web page being hijacked is also higher. In order to increase the data processing speed, when anti-hijacking processing is performed on a web page, all web page data of the entire web page is obtained from the server, and the web page data of the hijacked frame in all web page data is used to replace the hijacked frame. Specifically, as shown in Figure 7, the anti-hijacking processing on the web page includes:
步骤S3413:获取所述网页的网址信息,并继续判断其他未确定是否被劫持的框架是否被劫持。Step S3413: Obtain the website address information of the webpage, and continue to determine whether other frames that are not determined to be hijacked are hijacked.
步骤S3423:向服务器发起携带所述网址信息的网页获取请求,以用于所述服务器根据所述网页获取请求返回所述网页的所有网页数据。Step S3423: Initiate a webpage acquisition request carrying the website address information to the server, so that the server returns all webpage data of the webpage according to the webpage acquisition request.
步骤S3433:从服务器获取所述网页的新的网页数据,替换所述被劫持的框架的网页数据。Step S3433: Obtain new webpage data of the webpage from the server, and replace the webpage data of the hijacked frame.
在该实施方式中,当判定某一框架被劫持,则其他框架被劫持的可能性较大,可以先获取整个网页的所有网页数据,从而获取到各个框架的网页数据。并且,该获取网页数据的过程与其他框架是否被劫持的判断过程可以并列进行,以提高数据处理速度。In this embodiment, when it is determined that a certain frame is hijacked, other frames are more likely to be hijacked, and all webpage data of the entire webpage can be obtained first, so as to obtain the webpage data of each frame. Moreover, the process of obtaining webpage data and the process of judging whether other frames are hijacked can be performed in parallel to increase the data processing speed.
当从服务器获取到网页所有的网页数据后,用其中属于该被劫持框架的网页数据替换该被劫持框架的原有的网页数据。并且,将从服务器获得的网页数据缓存。After all the webpage data of the webpage is obtained from the server, the original webpage data of the hijacked frame is replaced with the webpage data belonging to the hijacked frame. Also, cache the web page data obtained from the server.
当在继续判断是否有框架被劫持的过程中,若判断到有其他框架被劫持,则可以从缓存的网页数据中获取该被劫持框架的网页数据,对该被劫持框架的 原有的网页数据进行替换。In the process of continuing to determine whether a frame is hijacked, if it is determined that other frames are hijacked, the web page data of the hijacked frame can be obtained from the cached web page data, and the original web page data of the hijacked frame Replace it.
可选的,该实施方式可以是在网页中还有其他未确定是否被劫持的框架的情况下进行,后续才可能出现判定为被劫持的框架需要进行网页数据的替换。具体的,当网页中出现第一个判定为被劫持的框架时,且该框架不是最后一个被判断是否被劫持的框架,则执行步骤S3413至步骤S3433的过程进行反劫持处理。从而,在该实施方式中,当不止一个框架被劫持时,对于除第一个判定被劫持的框架以外的其他被劫持框架,进行反劫持处理时,可以不必再向服务器请求数据,而是直接使用本地缓存的网页数据进行替换,降低了与服务器的交互次数,提高了数据的处理效率。Optionally, this implementation may be performed when there are other frames in the webpage that are not determined to be hijacked, and then it may happen that the frame determined to be hijacked needs to be replaced with webpage data. Specifically, when the first frame determined to be hijacked appears in the webpage, and the frame is not the last frame determined to be hijacked, the process from step S3413 to step S3433 is executed to perform anti-hijacking processing. Therefore, in this embodiment, when more than one frame is hijacked, for other hijacked frames other than the first determined to be hijacked, when performing anti-hijacking processing, you do not need to request data from the server, but directly Use locally cached web page data for replacement, which reduces the number of interactions with the server and improves data processing efficiency.
另外,当网页中出现第一个判定为被劫持的框架,但是该框架为该网页中最后一个被判断是否被劫持的框架,则可以只获取该框架的网页数据,对该框架原来的网页数据进行替换,以减少数据的处理量,提高处理速度。In addition, when the first frame judged to be hijacked appears in the webpage, but the frame is the last frame judged to be hijacked in the webpage, you can only obtain the webpage data of the frame and the original webpage data of the frame Replace to reduce the amount of data processing and increase the processing speed.
可选的,在该实施方式中,在所有框架都进行劫持处理后,可以删除本地缓存的网页数据,以减少浏览器的本地数据存储压力。Optionally, in this implementation manner, after all frames are hijacked, the locally cached webpage data can be deleted to reduce the pressure of local data storage on the browser.
在本申请实施例中,各个实施方式之间可以相互参照,其中相同或相似的部分可以彼此适用。例如,在浏览器向服务器发送携带网页的网址信息的网页获取请求时,可以发送加密的获取请求;可以发送携带反劫持标记的获取请求,以用于所述服务器根据所述反劫持标记在返回的所述网页数据中添加反劫持响应标记;可以判断接收到的网页数据中是否携带有反劫持标记,若携带有,认为接收到的网页数据有效,用新接收到的网页数据对被劫持框架的网页数据进行替换。In the embodiments of the present application, various implementations can be referred to each other, and the same or similar parts can be applied to each other. For example, when a browser sends a webpage acquisition request carrying web site information to a server, an encrypted acquisition request can be sent; an acquisition request carrying an anti-hijacking flag can be sent for the server to return according to the anti-hijacking flag. An anti-hijacking response mark is added to the web page data; it can be judged whether the received web page data carries an anti-hijacking mark. If it is, the received web page data is considered valid, and the newly received web page data is used for the hijacked frame To replace the web page data.
另外,为了提高数据处理速度,在本申请实施例中,可以是,当接收到一个框架的网页数据,则对该框架执行是否被劫持的判断过程。也就是说,浏览器对网页的数据进行边接收边处理,当接收完一个框架的数据,则获取该框架的网页数据中合法数据的数据量以及该网页数据的实际数据量进行比对,若两个数据量相同,则判定该框架未被劫持;若两个数据量不同,则判定该框架被劫持。In addition, in order to increase the data processing speed, in the embodiment of the present application, when web page data of a frame is received, a judgment process of whether the frame is hijacked is executed. In other words, the browser processes the data of the webpage while receiving it. When the data of a frame is received, the data volume of the legal data in the webpage data of the frame is compared with the actual data volume of the webpage data. If the two data volumes are the same, it is determined that the frame is not hijacked; if the two data volumes are different, it is determined that the frame is hijacked.
可选的,浏览器可以多个框架并行处理,以提高处理速度。也就是说,在接收完一个框架的网页数据时,对该框架进行是否劫持的判断以及反劫持的处理;若此时又有其他框架的网页数据接收完成,则其他接收完成的框架也开始进行是否劫持的判断以及反劫持的处理。Optionally, the browser can process multiple frames in parallel to increase the processing speed. That is to say, after receiving the web page data of a frame, judge whether the frame is hijacked or not and anti-hijack processing; if the web page data of other frames are received at this time, the other received frames will also start The judgment of whether to hijack and the handling of anti-hijacking.
可选的,浏览器可以串行进行劫持的判断以及反劫持处理,在尽量提高处 理速度的情况下减小处理压力。也就是说,浏览器在接收完一个框架的网页数据时,若此时未对其他框架进行是否劫持的判断以及反劫持的处理,则开始对该框架进行是否劫持的判断以及反劫持的处理;若此时有其他框架在进行是否劫持的判断以及反劫持的处理,则等待,直到浏览器对之前接收的框架完成是否劫持的判断以及反劫持的处理后,再对该框架进行是否劫持的判断以及反劫持的处理。Optionally, the browser can perform hijacking judgment and anti-hijacking processing serially to reduce processing pressure while maximizing the processing speed. That is to say, when the browser finishes receiving the web page data of a frame, if it does not judge whether to hijack or anti-hijack other frames at this time, it will start to judge whether the frame is hijacked and anti-hijack processing; If there are other frameworks in the judgment of whether to hijack and anti-hijacking at this time, wait until the browser completes the judgment of whether the previously received frame is hijacked and the anti-hijacking process, and then judges whether the frame is hijacked And the handling of anti-hijacking.
可选的,浏览器也可以是劫持的判断串行进行,反劫持的处理串行进行。也就是说,在同一时间对一个框架进行是否劫持的判断,在同一时间对一个框架进行反劫持的处理。当完成对已框架的是否劫持的判断后再进行下一个框架的是否劫持判断;当完成对已框架的反劫持处理后,再进行下一个被劫持框架的反劫持处理。Optionally, the browser can also perform hijacking judgment serially, and anti-hijacking processing serially. That is to say, at the same time, a frame is judged whether to hijack, and a frame is processed at the same time. When the judgment of whether the frame is hijacked is completed, the judgment of whether the next frame is hijacked is performed; when the anti-hijacking processing of the already framed frame is completed, the anti-hijacking processing of the next hijacked frame is performed.
在浏览器的网页浏览过程中,网页可能被劫持,也可能未被劫持。若对网页的每个框架都进行是否劫持的判断,需要判断多次,而对于未被劫持的网页,则该多次判断必要性不大。因此,在本申请实施例中,为了减少无意义的判断,可以在确定网页被劫持的情况下,再寻找哪一个框架被劫持,从而对框架进行反劫持处理。During the web browsing of the browser, the web page may be hijacked or not hijacked. If it is necessary to judge whether each frame of a webpage is hijacked or not, it needs to be judged multiple times, while for webpages that are not hijacked, the multiple judgments are not necessary. Therefore, in the embodiment of the present application, in order to reduce meaningless judgments, it is possible to find which frame is hijacked when it is determined that the webpage is hijacked, so as to perform anti-hijacking processing on the frame.
作为一种实施方式,在每个框架进行若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理之前,可以先计算所有框架对应的第一数值之和,作为第一总值,该第一总值表示网页中所有的合法数据的大小;计算所有框架对应的第二数值之和,作为第二总值,该第二总值表示网页实际接收到的总的数据的大小。可以理解的,当网页的主框架完成接收,则表明该网页的数据加载完成,此时计算的第一总值包括到了所有框架的合法数据的数据量;此时计算到的第二总值包括到了网页中所有框架接收到的数据的数据量。As an implementation manner, if the first value is different from the second value in each frame, it is determined that the webpage corresponding to the webpage data is hijacked. Before performing anti-hijacking processing on the webpage, it is possible to calculate all The sum of the first values corresponding to the frames is used as the first total value, which represents the size of all legal data in the webpage; the sum of the second values corresponding to all the frames is calculated as the second total value. The total value represents the size of the total data actually received by the web page. It is understandable that when the main frame of the webpage is received, it indicates that the data of the webpage is loaded. The first total value calculated at this time includes the amount of legal data of all frames; the second total value calculated at this time includes The amount of data received by all frames in the web page.
比较所述第一总值与所述第二总值是否相同,若第一总值与所述第二总值相同,表示该网页中的数据未被劫持,可以不必对每个框架进行是否劫持的判断以及反劫持的处理;若第一总值与所述第二总值不同,表示网页被劫持,其中有框架的数据被篡改,此时可以对每一个框架比较第一数值与第二数值是否相同,若所述第一数值与所述第二数值不同,判定该框架被劫持,进行反劫持处理。Compare whether the first total value and the second total value are the same. If the first total value is the same as the second total value, it means that the data in the webpage has not been hijacked, and it is not necessary to hijack each frame Judgment and anti-hijacking processing; if the first total value is different from the second total value, it means that the webpage is hijacked and the data of the frame has been tampered with. At this time, the first value and the second value can be compared for each frame Whether they are the same, if the first value is different from the second value, it is determined that the frame is hijacked and an anti-hijacking process is performed.
作为另一种实施方式,在网页中可以专门有记录该网页总的合法数据大小的数据,定义该记录该网页合法数据大小的数据为总储值数据。当网页加载完 成,可以获取该网页的总储值数据,从该总储值数据中该网页中总的合法数据的大小,作为第一总值。再确定该网页接收到的总的数据的大小,作为第二总值。比较第一总值与第二总值是否相同,若相同,表明网页未被劫持;若不同,表明网页被劫持。As another implementation manner, the webpage may specifically have data recording the total legal data size of the webpage, and the data recording the legal data size of the webpage is defined as the total stored value data. When the web page is loaded, the total stored value data of the web page can be obtained, and the total legal data size in the web page from the total stored value data is used as the first total value. The size of the total data received by the webpage is determined as the second total value. Compare whether the first total value and the second total value are the same. If they are the same, it means that the webpage is not hijacked; if they are different, it means that the webpage is hijacked.
在本实施例中,通过网页中各个框架的合法数据的数据量与实际接收到的数据量的比对,实现对网页的各个框架进行是否被劫持的判断,从而在被劫持的情况下进行相应的反劫持处理。该方案中,既实现了对劫持的发现,也实现了对劫持数据的恢复,大大的降低了用户泄密的风险,提高了浏览器的安全性,避免了用户财产损失。In this embodiment, by comparing the amount of legal data in each frame of the web page with the amount of data actually received, it is possible to determine whether each frame of the web page is hijacked, so as to make a corresponding response in the case of hijacking. Anti-hijacking processing. In this solution, both the discovery of hijacking and the recovery of hijacked data are realized, which greatly reduces the risk of user leakage, improves the security of the browser, and avoids user property losses.
本申请还提供了一实施例,在该实施例中,网页可以包括多个部分,如前述实施例举例说明的多个框架;该网页也可以是只有一个部分,即该网页的所有数据信息为一个整体。This application also provides an embodiment. In this embodiment, the webpage may include multiple parts, such as multiple frames as exemplified in the preceding embodiments; the webpage may also have only one part, that is, all data information of the webpage is A whole.
在该实施例中,定义网页数据为网页的所有数据。从而,对该网页进行是否劫持的判断以及反劫持的处理时,浏览器接收完网页的所有数据后,获取网页数据中合法数据的数据量,作为第一数值,该第一数值为网页中总的合法数据的数据量。在获取该网页数据中的实际数据量,作为第二数值,该第二数值表示总共接收到的该网页的数据量。比较第一数值与所述第二数值是否相同,若相同,表示该网页未被劫持,可以进行后续的正常处理,如渲染、显示等;若第一数值与所述第二数值不同,判定该网页数据对应的网页被劫持,对该网页进行反劫持处理。In this embodiment, the web page data is defined as all data of the web page. Therefore, when the webpage is hijacked or not and the anti-hijacking process is performed, after receiving all the data of the webpage, the browser obtains the amount of legal data in the webpage data as the first value, which is the total amount of the webpage. The amount of legal data. The actual amount of data in the web page data is obtained as the second value, and the second value represents the total received data amount of the web page. Compare whether the first value and the second value are the same. If they are the same, it means that the webpage has not been hijacked, and subsequent normal processing such as rendering and display can be performed; if the first value is different from the second value, it is determined The webpage corresponding to the webpage data is hijacked, and the webpage is processed against hijacking.
其中,该实施例中,对该网页进行反劫持处理时,对该网页整体进行反劫持处理。也就说,可以获取所述网页的网址信息;向服务器发起携带所述网址信息的网页获取请求,以用于所述服务器根据所述网页获取请求返回所述网页的所有网页数据;从服务器获取所述网页的新的网页数据,替换所述网页的网页数据。Wherein, in this embodiment, when performing anti-hijacking processing on the webpage, anti-hijacking processing is performed on the entire webpage. In other words, it is possible to obtain the website address information of the webpage; initiate a webpage obtaining request carrying the website address information to the server for the server to return all webpage data of the webpage according to the webpage obtaining request; obtain from the server The new webpage data of the webpage replaces the webpage data of the webpage.
可以理解的,该实施例与前述实施例的相同或相似的部分可以相互参照,本实施例可以不再赘述,例如,在该实施例中,网页获取请求中可以携带反劫持标记,以用于所述服务器根据所述反劫持标记在返回的所述网页数据中添加反劫持响应标记。可以判断接收到的网页数据中是否携带有反劫持标记;若携带有,对网页数据进行替换等。It is understandable that the same or similar parts of this embodiment and the previous embodiment can be referred to each other, and this embodiment may not be repeated. For example, in this embodiment, an anti-hijacking flag may be carried in a webpage acquisition request for use The server adds an anti-hijacking response mark to the returned webpage data according to the anti-hijacking mark. It can be judged whether the received webpage data carries an anti-hijacking mark; if it is, the webpage data is replaced.
在本申请实施例中,以网页作为一个整体,通过所有网页数据中合法数据的数据量以及实际的数据量进行比对,从而对网页是否被劫持进行判断。若判 定网页被劫持,则以该网页作为一个整体进行反劫持处理,从而减少了判断次数以及反劫持处理次数,降低数据处理压力。In the embodiment of the present application, the webpage is taken as a whole, and the data amount of legal data in all webpage data and the actual data amount are compared to judge whether the webpage is hijacked. If it is determined that the webpage is hijacked, the webpage as a whole is used for anti-hijacking processing, thereby reducing the number of judgments and anti-hijacking processing times, and reducing the pressure of data processing.
在本申请的各个实施例中,在进行反劫持处理时,若浏览器无法访问服务器,如网络中断、网络质量差等原因下与服务器无法取得连接,则服务器向服务器发起网页获取请求,或者无法接收到服务器根据网页获取请求返回的网页数据,则无法进行网页的数据恢复。In each embodiment of the present application, during the anti-hijacking process, if the browser cannot access the server, such as network interruption, poor network quality, etc., the server cannot be connected to the server, the server initiates a web page acquisition request to the server, or it cannot After receiving the web page data returned by the server according to the web page obtaining request, the data of the web page cannot be restored.
另外,若浏览器因为其他原因无法从服务器获得所述新的网页数据,例如,服务器没有找到浏览器的网页获取请求中携带的网址信息对应的网页数据,可以向浏览器返回一个错误信息以告知浏览器无法找到相应网页数据。此时,浏览器可以确定无法从服务器获得网页数据进行反劫持的数据恢复。In addition, if the browser cannot obtain the new webpage data from the server for other reasons, for example, if the server does not find the webpage data corresponding to the URL information carried in the browser's webpage obtaining request, it can return an error message to the browser to inform The browser cannot find the corresponding web page data. At this time, the browser can determine that the web page data cannot be obtained from the server for anti-hijacking data recovery.
在无法进行网页的数据恢复的情况下,为了避免被劫持的网页数据继续运行带来危害,可以停止对被劫持的网页数据的执行。具体的,可以通过停止被劫持的网页数据对应的脚本函数的执行停止网页数据的执行。In the case that webpage data cannot be recovered, in order to avoid the harm caused by the continued operation of the hijacked webpage data, the execution of the hijacked webpage data can be stopped. Specifically, the execution of the webpage data can be stopped by stopping the execution of the script function corresponding to the hijacked webpage data.
可选的,若判定某个框架被劫持,可以停止该框架的网页数据的执行,如停止该框架对应的脚本函数的执行;也可以停止该网页的所有网页数据的执行,如停止该网页的脚本函数的执行。Optionally, if it is determined that a certain frame is hijacked, the execution of the webpage data of the frame can be stopped, such as stopping the execution of the script function corresponding to the frame; or the execution of all webpage data of the webpage can be stopped, such as stopping the execution of the webpage Execution of script functions.
可选的,当判定某一网页被劫持,可以停止该网页的所有网页数据的执行,如停止该网页的脚本函数的执行。Optionally, when it is determined that a certain webpage is hijacked, the execution of all webpage data of the webpage can be stopped, such as stopping the execution of the script function of the webpage.
另外,还可以显示网页劫持提醒标签,用于提醒用户该网页被劫持。可选的,还可以获取被劫持的框架的网址信息、数据大小等写入到提醒标签内,在浏览器的显示页面弹出该提醒标签的提示框,提醒用户在哪个框架的数据篡改。当然,弹出的提示框也可以是提醒用户该网页被劫持,而不一定要提醒用户到那个框架被劫持。其中,该提醒标签可以是在网页内部由脚本创建。In addition, a webpage hijacking reminder label can be displayed to remind the user that the webpage is hijacked. Optionally, the URL information, data size, etc. of the hijacked frame can also be obtained and written into the reminder tag, and a prompt box of the reminder tag pops up on the display page of the browser to remind the user in which frame the data has been tampered with. Of course, the pop-up prompt box can also be used to remind the user that the webpage is hijacked, and it is not necessary to remind the user that the frame is hijacked. Wherein, the reminder tag may be created by a script inside the webpage.
因此,通过劫持提醒标签以及网页数据的停止执行,可以提醒用户并且可以锁定网页数据,防止用户数据泄露和财产的损失。Therefore, by hijacking the reminder tag and stopping execution of webpage data, users can be reminded and webpage data can be locked, preventing user data leakage and property loss.
本申请实施例还提供了一种浏览器反劫持装置400,如图8所述,所述装置400包括:数据接收模块410,用于浏览器接收网页数据;第一数据获取模块420,用于获取所述网页数据中的合法数据的数据量,作为第一数值;第二数据获取模块430,用于获取所述网页数据的实际数据量,作为第二数值;反劫持处理模块440,用于若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理。An embodiment of the application also provides a browser anti-hijacking device 400. As shown in FIG. 8, the device 400 includes: a data receiving module 410, configured to receive webpage data by a browser; and a first data acquiring module 420, configured to Obtain the data volume of legal data in the webpage data as the first value; the second data acquisition module 430 is used to obtain the actual data volume of the webpage data as the second value; the anti-hijacking processing module 440 is used for If the first value is different from the second value, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
可选的,第一数据获取模块420可以用于获取所述网页数据中记录数据量 的数据,作为储值数据;从该储值数据中解析出所述网页数据的数据量,作为所述网页数据中合法数据的数据量。Optionally, the first data acquisition module 420 may be used to acquire data of the amount of recorded data in the webpage data as stored value data; and parse the data amount of the webpage data from the stored value data as the webpage The amount of legal data in the data.
可选的,储值数据为根据预设加密算法加密的数据,第一数据获取模块420可以根据预设加密算法,对该储值数据进行解密。Optionally, the stored value data is data encrypted according to a preset encryption algorithm, and the first data acquisition module 420 may decrypt the stored value data according to the preset encryption algorithm.
可选的,网页可以包括多个框架。该装置还可以包括比较模块,用于计算所有框架对应的第一数值之和,作为第一总值;计算所有框架对应的第二数值之和,作为第二总值;比较所述第一总值与所述第二总值是否相同。在比较结果为不同的情况下,再通过数据接收模块410、第一数据获取模块420、二数据获取模块430以及反劫持处理模块440对每个框架进行处理。Optionally, the web page may include multiple frames. The device may also include a comparison module for calculating the sum of the first numerical values corresponding to all frames as the first total value; calculating the sum of the second numerical values corresponding to all frames as the second total value; comparing the first total Whether the value is the same as the second total value. In the case that the comparison result is different, each frame is processed by the data receiving module 410, the first data acquiring module 420, the second data acquiring module 430, and the anti-hijacking processing module 440.
可选的,反劫持处理模块440可以用于对所述网页数据对应的框架进行反劫持处理;或者用于对所述网页整体进行反劫持处理。Optionally, the anti-hijacking processing module 440 may be used to perform anti-hijacking processing on the frame corresponding to the webpage data; or for performing anti-hijacking processing on the entire webpage.
可选的,反劫持处理模块440对所述网页数据对应的框架进行反劫持处理可以包括:获取所述网页数据对应的框架的网址信息;向服务器发起携带所述网址信息的网页获取请求,以用于所述服务器根据所述网页获取请求返回所述框架的网页数据;从服务器获取所述框架的新的网页数据,替换所述框架的网页数据。Optionally, the anti-hijacking processing module 440 performing anti-hijacking processing on the frame corresponding to the webpage data may include: obtaining the website address information of the frame corresponding to the webpage data; and initiating a webpage obtaining request carrying the website address information to the server, to The server is used for returning the webpage data of the frame according to the webpage obtaining request; obtaining new webpage data of the frame from the server and replacing the webpage data of the frame.
可选的,反劫持处理模块440对网页整体进行反劫持处理可以包括:获取所述网页的网址信息;向服务器发起携带所述网址信息的网页获取请求,以用于所述服务器根据所述网页获取请求返回所述网页的所有网页数据;从服务器获取所述网页的新的网页数据,替换所述网页的网页数据。Optionally, the anti-hijacking processing module 440 performing anti-hijacking processing on the webpage as a whole may include: obtaining the website address information of the webpage; and initiating a webpage obtaining request carrying the website address information to the server for the server according to the webpage The obtaining request returns all the webpage data of the webpage; obtaining new webpage data of the webpage from the server, and replacing the webpage data of the webpage.
可选的,反劫持处理模块440可以用于在网页获取请求中携带反劫持标记,以用于所述服务器根据所述反劫持标记在返回的所述网页数据中添加反劫持响应标记。反劫持处理模块440还可以用于判断接收到的网页数据中是否携带有反劫持标记;若携带有,对网页数据进行替换。Optionally, the anti-hijacking processing module 440 may be configured to carry an anti-hijacking mark in the web page acquisition request, so that the server adds an anti-hijacking response mark to the returned web page data according to the anti-hijacking mark. The anti-hijacking processing module 440 can also be used to determine whether the received web page data carries an anti-hijacking mark; if it does, replace the web page data.
可选的,反劫持处理模块440对所述网页数据对应的框架进行反劫持处理时,还可以用于若无法访问服务器,或者无法从服务器获得所述新的网页数据,停止所述框架对应的脚本函数的执行。Optionally, when the anti-hijacking processing module 440 performs anti-hijacking processing on the frame corresponding to the web page data, it can also be used to stop the frame corresponding to the frame if the server cannot be accessed or the new web page data cannot be obtained from the server. Execution of script functions.
可选的,反劫持处理模块440对网页进行反劫持处理可以是,若无法访问服务器,或者无法从服务器获得所述新的网页数据,停止所述网页所有网页数据的执行。Optionally, the anti-hijacking processing module 440 performs anti-hijacking processing on the webpage, if the server cannot be accessed, or the new webpage data cannot be obtained from the server, stopping the execution of all webpage data of the webpage.
可选的,反劫持处理模块440还可以用于显示网页劫持提醒标签。Optionally, the anti-hijacking processing module 440 may also be used to display a web page hijacking reminder label.
本申请实施例中,可以在网页数据本身进行检测和监控,对监控的劫持页 面进行反馈上报,并对劫持的页面进行反劫持操作,恢复正常的页面,可以在https数据保护的基础上对于网页数据本身安全检测进行了双层保护,大大的提高了网页数据的安全性。对于网页被劫持后,由网页自身进行检测并预警提示用户,并尝试进行反劫持操作,恢复正常的页面,大大的降低了用户泄密的风险,提高了浏览器的安全性,避免了用户财产损失,以及减少了其他损害用户利益的行为。In the embodiment of this application, the webpage data itself can be detected and monitored, the monitored hijacked page can be fed back and reported, and the hijacked page can be anti-hijacked, and the normal page can be restored. The webpage can be protected on the basis of https data The data itself has been double-layered for security detection, which greatly improves the security of web page data. After the web page is hijacked, the web page itself detects and warns the user, and tries to perform anti-hijacking operations to restore the normal page, which greatly reduces the risk of user leakage, improves the security of the browser, and avoids user property losses , And reduce other behaviors that harm the interests of users.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述的各个方法实施例之间可以相互参照;每个方法实施例中各个实施方式之间也可以相互参照。上述描述装置和模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for convenience and brevity of description, the various method embodiments described above may refer to each other; each method embodiment may also refer to each other in each method embodiment. For the specific working process of the above described device and module, reference may be made to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,模块相互之间的耦合可以是电性,机械或其它形式的耦合。In the several embodiments provided in this application, the coupling between the modules may be electrical, mechanical or other forms of coupling.
另外,在本申请各个实施例中的各功能模块可以集成在一个处理模块中,也可以是各个模块单独物理存在,也可以两个或两个以上模块集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。In addition, each functional module in each embodiment of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module. The above-mentioned integrated modules can be implemented in the form of hardware or software functional modules.
请参考图9,其示出了本申请实施例提供的一种电子设备500的结构框图。该电子设备500可以是智能手机、平板电脑、台式电脑、电子阅读器等能够运行应用程序的电子设备,该电子设备可以与服务器进行网络连接,并且从服务器向服务器请求网页数据,向服务器上传劫持信息等。该电子设备一个或多个处理器510(图中仅示出一个),存储器520以及一个或多个程序。其中,所述一个或多个程序被存储在所述存储器520中,并被配置为由所述一个或多个处理器510执行。所述一个或多个程序配置用于执行前述实施例所描述的方法。Please refer to FIG. 9, which shows a structural block diagram of an electronic device 500 provided by an embodiment of the present application. The electronic device 500 may be an electronic device capable of running application programs such as a smart phone, a tablet computer, a desktop computer, an e-reader, etc. The electronic device may be connected to a server through a network, and request webpage data from the server to the server, and upload and hijack the server. Information etc. The electronic device has one or more processors 510 (only one is shown in the figure), a memory 520, and one or more programs. The one or more programs are stored in the memory 520 and configured to be executed by the one or more processors 510. The one or more programs are configured to execute the methods described in the foregoing embodiments.
在本申请实施例中,该一个或多个程序可以分别为应用程序以及各个快应用。In the embodiment of the present application, the one or more programs may be application programs and various quick applications respectively.
处理器510可以包括一个或者多个处理核。处理器510利用各种接口和线路连接整个电子设备500内的各个部分,通过运行或执行存储在存储器520内的指令、程序、代码集或指令集,以及调用存储在存储器520内的数据,执行电子设备500的各种功能和处理数据。可选地,处理器510可以采用数字信号处理(Digital Signal Processing,DSP)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)、可编程逻辑阵列 (Programmable Logic Array,PLA)中的至少一种硬件形式来实现。处理器510可集成中央处理器(Central Processing Unit,CPU)、图像处理器(Graphics Processing Unit,GPU)和调制解调器等中的一种或几种的组合。其中,CPU主要处理操作系统、用户界面和应用程序等;GPU用于负责显示内容的渲染和绘制;调制解调器用于处理无线通信。可以理解的是,上述调制解调器也可以不集成到处理器510中,单独通过一块通信芯片进行实现。The processor 510 may include one or more processing cores. The processor 510 uses various interfaces and lines to connect various parts of the entire electronic device 500, and executes by running or executing instructions, programs, code sets, or instruction sets stored in the memory 520, and calling data stored in the memory 520. Various functions and processing data of the electronic device 500. Optionally, the processor 510 may use at least one of digital signal processing (Digital Signal Processing, DSP), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA), and Programmable Logic Array (Programmable Logic Array, PLA). A kind of hardware form to realize. The processor 510 may integrate one or a combination of a central processing unit (CPU), a graphics processing unit (GPU), a modem, and the like. Among them, the CPU mainly processes the operating system, user interface, and application programs; the GPU is used for rendering and drawing of display content; the modem is used for processing wireless communication. It can be understood that the above-mentioned modem may not be integrated into the processor 510, but may be implemented by a communication chip alone.
存储器520可以包括随机存储器(Random Access Memory,RAM),也可以包括只读存储器(Read-Only Memory)。存储器520可用于存储指令、程序、代码、代码集或指令集。存储器520可包括存储程序区和存储数据区,其中,存储程序区可存储用于实现操作系统的指令、用于实现至少一个功能的指令、用于实现上述各个方法实施例的指令等。存储数据区还可以电子设备在使用中所创建的数据(比如电话本、音视频数据、聊天记录数据)等。The memory 520 may include random access memory (RAM) or read-only memory (Read-Only Memory). The memory 520 may be used to store instructions, programs, codes, code sets or instruction sets. The memory 520 may include a storage program area and a storage data area, where the storage program area may store instructions for implementing an operating system, instructions for implementing at least one function, instructions for implementing each of the foregoing method embodiments, and the like. The storage data area can also be data created by the electronic device in use (such as phone book, audio and video data, chat record data), etc.
另外,该电子设备500还可以包括显示屏,用于对待显示视频进行显示。In addition, the electronic device 500 may also include a display screen for displaying the video to be displayed.
请参考图10,其示出了本申请实施例提供的一种计算机可读存储介质的结构框图。该计算机可读存储介质600中存储有程序代码,所述程序代码可被处理器调用执行上述方法实施例中所描述的方法。Please refer to FIG. 10, which shows a structural block diagram of a computer-readable storage medium provided by an embodiment of the present application. The computer-readable storage medium 600 stores program code, and the program code can be invoked by a processor to execute the method described in the foregoing method embodiment.
计算机可读存储介质600可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。可选地,计算机可读存储介质600包括非易失性计算机可读介质(non-transitory computer-readable storage medium)。计算机可读存储介质600具有执行上述方法中的任何方法步骤的程序代码610的存储空间。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。程序代码610可以例如以适当形式进行压缩。The computer-readable storage medium 600 may be an electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM. Optionally, the computer-readable storage medium 600 includes a non-transitory computer-readable storage medium. The computer-readable storage medium 600 has a storage space for the program code 610 for executing any method steps in the above methods. These program codes can be read out from or written into one or more computer program products. The program code 610 may be compressed in a suitable form, for example.
最后应说明的是:以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不驱使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the application, not to limit them; although the application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions recorded in the foregoing embodiments are modified, or some of the technical features are equivalently replaced; these modifications or replacements do not drive the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (20)

  1. 一种浏览器反劫持方法,其特征在于,所述方法包括:A browser anti-hijacking method, characterized in that the method includes:
    浏览器接收网页数据;The browser receives web page data;
    获取所述网页数据中的合法数据的数据量,作为第一数值;Acquiring the amount of legal data in the webpage data as the first value;
    获取所述网页数据的实际数据量,作为第二数值;Acquiring the actual data amount of the webpage data as the second value;
    若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理。If the first value is different from the second value, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
  2. 根据权利要求1所述的方法,其特征在于,所述获取所述网页数据中的合法数据的数据量,包括:The method according to claim 1, wherein said obtaining the amount of legal data in the webpage data comprises:
    获取所述网页数据中记录数据量的数据,作为储值数据;Acquiring data of the amount of recorded data in the web page data as stored value data;
    从该储值数据中解析出所述网页数据的数据量,作为所述网页数据中合法数据的数据量。The data amount of the webpage data is parsed from the stored value data as the data amount of the legal data in the webpage data.
  3. 根据权利要求2所述的方法,其特征在于,所述储值数据为根据预设加密算法加密的数据,所述从该储值数据中解析出所述网页数据的数据量之前,还包括:根据预设加密算法,对该储值数据进行解密。The method according to claim 2, wherein the stored value data is data encrypted according to a preset encryption algorithm, and before the data amount of the webpage data is parsed from the stored value data, the method further comprises: Decrypt the stored value data according to the preset encryption algorithm.
  4. 根据权利要求1-3任一项所述的方法,其特征在于,所述网页包括多个框架,所述网页数据为任意一个框架的数据,对于任意一个框架,执行所述浏览器接收网页数据的步骤至所述若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理的步骤。The method according to any one of claims 1-3, wherein the web page includes multiple frames, the web page data is data of any one frame, and for any one frame, the browser is executed to receive the web page data From the steps to the step of determining that the webpage corresponding to the webpage data is hijacked if the first value is different from the second value, and performing anti-hijacking processing on the webpage.
  5. 根据权利要求4所述的方法,其特征在于,所述若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理之前,还包括:The method according to claim 4, wherein if the first value is different from the second value, it is determined that the webpage corresponding to the webpage data is hijacked, and before the anti-hijacking process is performed on the webpage, Also includes:
    计算所有框架对应的第一数值之和,作为第一总值;Calculate the sum of the first values corresponding to all frames as the first total value;
    计算所有框架对应的第二数值之和,作为第二总值;Calculate the sum of the second values corresponding to all frames as the second total value;
    比较所述第一总值与所述第二总值是否相同,Comparing whether the first total value and the second total value are the same,
    若不同,对于每一个框架,执行所述若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理的步骤。If they are different, for each frame, perform the step of determining that the webpage corresponding to the webpage data is hijacked if the first value is different from the second value, and performing anti-hijacking processing on the webpage.
  6. 根据权利要求1-3任一项所述的方法,其特征在于,所述网页包括多个框架,所述网页数据为框架的数据,当接收到一个框架的网页数据,则对该框架执行所述获取所述网页数据中的合法数据的数据量的步骤至若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理的步骤。The method according to any one of claims 1 to 3, wherein the web page includes multiple frames, and the web page data is data of the frame, and when the web page data of a frame is received, all the frames are executed. From the step of obtaining the data amount of the legal data in the webpage data to if the first value is different from the second value, it is determined that the webpage corresponding to the webpage data is hijacked, and the webpage is subjected to anti-hijacking processing step.
  7. 根据权利要求4-6任一项所述的方法,其特征在于,所述对所述网页进行反劫持处理,包括:The method according to any one of claims 4-6, wherein the anti-hijacking processing on the webpage comprises:
    对所述网页数据对应的框架进行反劫持处理。Perform anti-hijacking processing on the frame corresponding to the webpage data.
  8. 根据权利要求7所述的方法,其特征在于,所述对所述网页数据对应的框架进行反劫持处理,包括:8. The method according to claim 7, wherein the anti-hijacking processing on the frame corresponding to the webpage data comprises:
    获取所述网页数据对应的框架的网址信息;Obtaining the URL information of the frame corresponding to the webpage data;
    向服务器发起携带所述网址信息的网页获取请求,以用于所述服务器根据所述网页获取请求返回所述框架的网页数据;Initiating a webpage acquisition request carrying the website information to the server, so that the server returns the webpage data of the frame according to the webpage acquisition request;
    从服务器获取所述框架的新的网页数据,替换所述框架的网页数据。Obtain the new web page data of the frame from the server, and replace the web page data of the frame.
  9. 根据权利要求7或8所述的方法,其特征在于,所述对所述网页数据对应的框架进行反劫持处理,包括:The method according to claim 7 or 8, wherein the anti-hijacking processing on the frame corresponding to the webpage data comprises:
    若无法访问服务器,或者无法从服务器获得新的网页数据,停止所述框架的网页数据的执行。If the server cannot be accessed, or new web page data cannot be obtained from the server, the execution of the web page data of the frame is stopped.
  10. 根据权利要求4-6任一项所述的方法,其特征在于,所述对所述网页进行反劫持处理,包括:The method according to any one of claims 4-6, wherein the anti-hijacking processing on the webpage comprises:
    对所述网页整体进行反劫持处理。Perform anti-hijacking processing on the entire web page.
  11. 根据权利要求1-3任一项所述的方法,其特征在于,所述网页数据为所述网页的所有数据,所述对所述网页进行反劫持处理包括:对所述网页整体进行反劫持处理。The method according to any one of claims 1-3, wherein the webpage data is all data of the webpage, and the anti-hijacking processing on the webpage comprises: anti-hijacking the entire webpage deal with.
  12. 根据权利要求10或11所述的方法,其特征在于,所述对所述网页整体进行反劫持处理,包括:The method according to claim 10 or 11, wherein the performing anti-hijacking processing on the entire webpage comprises:
    获取所述网页的网址信息;Obtaining the URL information of the webpage;
    向服务器发起携带所述网址信息的网页获取请求,以用于所述服务器根据所述网页获取请求返回所述网页的所有网页数据;Initiating a webpage acquisition request carrying the web address information to a server, so that the server returns all webpage data of the webpage according to the webpage acquisition request;
    从服务器获取所述网页的新的网页数据,替换所述网页的网页数据。Obtain new webpage data of the webpage from the server, and replace the webpage data of the webpage.
  13. 根据权利要求1-8或者10-12任一项所述的方法,其特征在于,所述对所述网页进行反劫持处理,包括:The method according to any one of claims 1-8 or 10-12, wherein the anti-hijacking processing on the webpage comprises:
    若无法访问服务器,或者无法从服务器获得新的网页数据,停止所述网页所有网页数据的执行。If the server cannot be accessed or new webpage data cannot be obtained from the server, the execution of all webpage data of the webpage is stopped.
  14. 根据权利要求9或13所述的方法,其特征在于,所述对所述网页进行反劫持处理还包括:The method according to claim 9 or 13, wherein the anti-hijacking processing on the webpage further comprises:
    显示网页劫持提醒标签。Show webpage hijacking reminder label.
  15. 根据权利要求8或12所述的方法,其特征在于,所述网页获取请求中携带反劫持标记,以用于所述服务器根据所述反劫持标记在返回的所述网页数据中添加反劫持响应标记。The method according to claim 8 or 12, wherein the web page acquisition request carries an anti-hijacking flag for the server to add an anti-hijacking response to the returned web page data according to the anti-hijacking flag mark.
  16. 根据权利要求15所述的方法,其特征在于,在对网页数据进行替换之前,还包括:判断接收到的网页数据中是否携带有反劫持标记;The method according to claim 15, characterized in that, before replacing the web page data, the method further comprises: determining whether the received web page data carries an anti-hijacking mark;
    若携带有,对网页数据进行替换。If there is, replace the web page data.
  17. 根据权利要求1-16任一项所述的方法,其特征在于,在所述网页包括多个框架,所述网页数据为框架的数据的情况下,若所述第一数值与所述第二数值相同,判定所述网页数据对应的框架未被劫持;The method according to any one of claims 1-16, wherein when the webpage includes multiple frames and the webpage data is frame data, if the first value and the second value are If the value is the same, it is determined that the frame corresponding to the web page data is not hijacked;
    在所述网页数据为网页的所有数据的情况下,若所述第一数值与所述第二数值相同,判定所述网页未被劫持。In the case where the webpage data is all data of the webpage, if the first value is the same as the second value, it is determined that the webpage is not hijacked.
  18. 一种浏览器反劫持装置,其特征在于,所述装置包括:A browser anti-hijacking device, characterized in that the device includes:
    数据接收模块,用于浏览器接收网页数据;Data receiving module for the browser to receive web page data;
    第一数据获取模块,用于获取所述网页数据中的合法数据的数据量,作为第一数值;The first data acquisition module is configured to acquire the data amount of the legal data in the webpage data as the first value;
    第二数据获取模块,用于获取所述网页数据的实际数据量,作为第二数值;The second data acquisition module is configured to acquire the actual data amount of the webpage data as the second value;
    反劫持处理模块,用于若所述第一数值与所述第二数值不同,判定所述网页数据对应的网页被劫持,对所述网页进行反劫持处理。The anti-hijacking processing module is configured to determine that the webpage corresponding to the webpage data is hijacked if the first value is different from the second value, and perform anti-hijacking processing on the webpage.
  19. 一种电子设备,其特征在于,包括:An electronic device, characterized in that it comprises:
    一个或多个处理器;One or more processors;
    存储器;Memory
    一个或多个程序,其中所述一个或多个程序被存储在所述存储器中并被配置为由所述一个或多个处理器执行,所述一个或多个程序配置用于执行如权利要求1-17任一项所述的方法。One or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, and the one or more programs are configured to execute as claimed The method of any one of 1-17.
  20. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有程序代码,所述程序代码可被处理器调用执行如权利要求1-17任一项所述的方法。A computer-readable storage medium, wherein a program code is stored in the computer-readable storage medium, and the program code can be invoked by a processor to execute the method according to any one of claims 1-17.
PCT/CN2019/082334 2019-04-11 2019-04-11 Browser anti-hijacking method and device, electronic equipment and storage medium WO2020206662A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2019/082334 WO2020206662A1 (en) 2019-04-11 2019-04-11 Browser anti-hijacking method and device, electronic equipment and storage medium
CN201980089741.2A CN113348655B (en) 2019-04-11 2019-04-11 Anti-hijacking method and device for browser, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/082334 WO2020206662A1 (en) 2019-04-11 2019-04-11 Browser anti-hijacking method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2020206662A1 true WO2020206662A1 (en) 2020-10-15

Family

ID=72751843

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/082334 WO2020206662A1 (en) 2019-04-11 2019-04-11 Browser anti-hijacking method and device, electronic equipment and storage medium

Country Status (2)

Country Link
CN (1) CN113348655B (en)
WO (1) WO2020206662A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116912669A (en) * 2023-09-11 2023-10-20 中国物品编码中心 Webpage hijacking monitoring method, system, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102011009358A1 (en) * 2011-01-25 2012-07-26 Xamine GmbH A method for detecting improper ad redirection on the Internet
CN104125121A (en) * 2014-08-15 2014-10-29 携程计算机技术(上海)有限公司 Network hijacking behavior detecting system and method
CN107124430A (en) * 2017-06-08 2017-09-01 腾讯科技(深圳)有限公司 Pagejack monitoring method, device, system and storage medium
CN107547524A (en) * 2017-08-09 2018-01-05 百度在线网络技术(北京)有限公司 A kind of page detection method, device and equipment
CN108111561A (en) * 2016-11-25 2018-06-01 腾讯科技(深圳)有限公司 A kind of data download method and its equipment

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006221242A (en) * 2005-02-08 2006-08-24 Fujitsu Ltd Authentication information fraud prevention system, program, and method
JP4319246B2 (en) * 2007-12-12 2009-08-26 デュアキシズ株式会社 Communication control device and communication control method
WO2013097742A1 (en) * 2011-12-30 2013-07-04 北京奇虎科技有限公司 Methods and devices for identifying tampered webpage and identifying hijacked website
CN102624713B (en) * 2012-02-29 2016-01-06 深信服网络科技(深圳)有限公司 The method of website tamper Detection and device
CN104125215B (en) * 2014-06-30 2018-01-05 新浪网技术(中国)有限公司 Website domain name kidnaps detection method and system
CN104767747A (en) * 2015-03-30 2015-07-08 微梦创科网络科技(中国)有限公司 Click jacking safety detection method and device
CN106911693B (en) * 2017-02-27 2020-11-10 百度在线网络技术(北京)有限公司 Method and device for detecting hijacking of webpage content and terminal equipment
CN108171082B (en) * 2017-12-06 2021-04-30 新华三信息安全技术有限公司 Webpage detection method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102011009358A1 (en) * 2011-01-25 2012-07-26 Xamine GmbH A method for detecting improper ad redirection on the Internet
CN104125121A (en) * 2014-08-15 2014-10-29 携程计算机技术(上海)有限公司 Network hijacking behavior detecting system and method
CN108111561A (en) * 2016-11-25 2018-06-01 腾讯科技(深圳)有限公司 A kind of data download method and its equipment
CN107124430A (en) * 2017-06-08 2017-09-01 腾讯科技(深圳)有限公司 Pagejack monitoring method, device, system and storage medium
CN107547524A (en) * 2017-08-09 2018-01-05 百度在线网络技术(北京)有限公司 A kind of page detection method, device and equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116912669A (en) * 2023-09-11 2023-10-20 中国物品编码中心 Webpage hijacking monitoring method, system, electronic equipment and storage medium
CN116912669B (en) * 2023-09-11 2023-11-28 中国物品编码中心 Webpage hijacking monitoring method, system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN113348655A (en) 2021-09-03
CN113348655B (en) 2023-01-06

Similar Documents

Publication Publication Date Title
US10567529B2 (en) Unified tracking data management
US10484424B2 (en) Method and system for security protection of account information
US9479519B1 (en) Web content fingerprint analysis to detect web page issues
US11940982B2 (en) Systems and methods for locating application specific data
US20140304588A1 (en) Creating page snapshots
US11637863B2 (en) Detection of user interface imitation
CN111008348A (en) Anti-crawler method, terminal, server and computer readable storage medium
CN107566392B (en) Detection method for error reporting type SQL injection, proxy server and storage medium
US11870808B1 (en) Mobile device security application for malicious website detection based on representative image
CN106446075A (en) Page request processing method and apparatus
CN113469866A (en) Data processing method and device and server
WO2021253252A1 (en) Method and apparatus for testing webpage, and electronic device and storage medium
CN107180194B (en) Method and device for vulnerability detection based on visual analysis system
WO2020206662A1 (en) Browser anti-hijacking method and device, electronic equipment and storage medium
CN106612283B (en) Method and device for identifying source of downloaded file
CN114826727B (en) Flow data acquisition method, device, computer equipment and storage medium
WO2016180229A1 (en) Terminal data processing method and device
CN111367898A (en) Data processing method, device, system, electronic equipment and storage medium
CN112769792B (en) ISP attack detection method and device, electronic equipment and storage medium
CN115632885B (en) Honeypot manufacturing method, honeypot manufacturing device, electronic equipment and readable storage medium
CN117370176A (en) Application security test method, device, computer equipment and storage medium
CN117118727A (en) Command injection attack detection method, device, computer equipment and storage medium
CN117118740A (en) Network security analysis method, device, communication equipment and storage medium
CN116915438A (en) File detection method, apparatus, device, storage medium, and program product
CN114448678A (en) Illegal external connection monitoring system and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19924606

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25/02/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19924606

Country of ref document: EP

Kind code of ref document: A1