WO2020206662A1 - Procédé et dispositif anti-piratage de navigateur, équipement électronique et support de stockage - Google Patents

Procédé et dispositif anti-piratage de navigateur, équipement électronique et support de stockage Download PDF

Info

Publication number
WO2020206662A1
WO2020206662A1 PCT/CN2019/082334 CN2019082334W WO2020206662A1 WO 2020206662 A1 WO2020206662 A1 WO 2020206662A1 CN 2019082334 W CN2019082334 W CN 2019082334W WO 2020206662 A1 WO2020206662 A1 WO 2020206662A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
webpage
hijacking
web page
value
Prior art date
Application number
PCT/CN2019/082334
Other languages
English (en)
Chinese (zh)
Inventor
赵剑萍
Original Assignee
深圳市欢太科技有限公司
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市欢太科技有限公司, Oppo广东移动通信有限公司 filed Critical 深圳市欢太科技有限公司
Priority to CN201980089741.2A priority Critical patent/CN113348655B/zh
Priority to PCT/CN2019/082334 priority patent/WO2020206662A1/fr
Publication of WO2020206662A1 publication Critical patent/WO2020206662A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • This application relates to the technical field of browsers, and more specifically to a browser anti-hijacking method, device, electronic equipment and storage medium.
  • this application proposes a browser anti-hijacking method, device, electronic equipment and storage medium to improve the above problems.
  • an embodiment of the present application provides a browser anti-hijacking method, the method includes: the browser receives webpage data; obtains the amount of legal data in the webpage data as the first value; and obtains the The actual data amount of the web page data is used as the second value; if the first value is different from the second value, it is determined that the web page corresponding to the web page data is hijacked, and the web page is subjected to anti-hijacking processing.
  • an embodiment of the present application provides a browser anti-hijacking device.
  • the device includes: a data receiving module for the browser to receive webpage data; a first data acquisition module for acquiring data in the webpage data The data volume of legal data is used as the first value; the second data acquisition module is used to obtain the actual data volume of the web page data as the second value; the anti-hijacking processing module is used to determine if the first value is different from the If the second value is different, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
  • an embodiment of the present application provides an electronic device, including: one or more processors; a memory; and one or more programs.
  • the one or more programs are stored in the memory and configured to be executed by the one or more processors, and the one or more programs are configured to execute the aforementioned method.
  • an embodiment of the present application provides a computer-readable storage medium in which program code is stored, and the program code can be invoked by a processor to execute the above-mentioned method.
  • the browser anti-hijacking method, device, electronic device, and storage medium provided by the embodiments of this application compare the amount of legal data in the webpage with the amount of actual data. If the two data amounts are different, it can be determined The web page is hijacked, and the anti-hijacking process is performed to improve the security of the web page.
  • Fig. 1 shows a flowchart of a browser anti-hijacking method provided by an embodiment of the present application.
  • Fig. 2 shows a flowchart of a browser anti-hijacking method provided by another embodiment of the present application.
  • Fig. 3 shows a schematic diagram of a multi-frame webpage provided by an embodiment of the present application.
  • Fig. 4 shows a flowchart of a browser anti-hijacking method provided by another embodiment of the present application.
  • FIGS 5 to 7 respectively output schematic flow diagrams of different anti-hijacking methods in the embodiments of the present application.
  • Fig. 8 shows a functional module diagram of a browser anti-hijacking device provided by an embodiment of the present application.
  • Fig. 9 shows a structural block diagram of an electronic device provided by an embodiment of the present application.
  • Fig. 10 is a storage unit for storing or carrying program code for implementing the browser anti-hijacking method according to the embodiment of the present application.
  • the browser may be hijacked.
  • Hijackers such as operators, third-party web pages or hijacking software may attack the user's browser, such as tampering with the web page by changing the display mode and display content of the web page. , Or cause the browser to be redirected to a malicious webpage when visiting a normal website, and the browser homepage or search page is modified to the website address designated by the hijacker.
  • the hijacking of all web pages relies on the HTTPS security protocol of the web page to achieve data encryption protection.
  • this security protocol is actually not secure enough, and it can also be hijacked by the server in disguise.
  • the disguised server gives the disguised encryption key.
  • the data decrypted by the browser is actually the hijacked data from the camouflage server.
  • the browser cannot know that the web page is hijacked and cannot fully achieve the purpose of anti-hijacking. It simply reduces the probability of hijacking.
  • the anti-hijacking method cannot recover the hijacked data, and can only add mistakes.
  • the inventor proposes the browser anti-hijacking method, device, electronic device, and storage medium provided by the embodiments of the application.
  • the browser anti-hijacking method By comparing the amount of legal data in the web page with the actual amount of data, it is judged whether the web page is hijacked. Undertake anti-hijacking processing.
  • specific embodiments will be used to describe in detail the browser anti-hijacking method, device, electronic equipment, and storage medium provided by the embodiments of the present application.
  • Fig. 1 shows a browser anti-hijacking method provided by an embodiment of the present application, which can be applied to a browser in an electronic device. Specifically, the method includes:
  • Step S110 the browser receives web page data.
  • the browser can initiate a web page acquisition request to the server, and receive various data information of the web page returned by the browser.
  • the webpage obtaining request may be an encrypted request, such as a data obtaining request of the https protocol.
  • the obtained data information may include one or more of codes, texts, pictures, etc., which is not limited in the embodiment of the present application. If the webpage is not hijacked, the webpage data received by the browser is the data returned by the server; if the webpage is hijacked, the actual webpage data received by the browser is different from the data returned by the server.
  • Step S120 Obtain the data amount of legal data in the webpage data as the first value.
  • Step S130 Obtain the actual data amount of the webpage data as the second value.
  • the browser can obtain the data amount of legal data in the received webpage data, and define the obtained data amount as the first value; obtain the actual amount of received webpage data, which is defined as the second value.
  • the legal data of the webpage is the original data of the webpage, or the data of the webpage written by the programmer for the webpage, or the data that the webpage itself should have if it is not hijacked, or the server responds to the browser's webpage acquisition request The data returned.
  • the amount of data indicates the size of the data, or the amount of data, or the number of bytes of the data, or the storage space that the data needs to occupy.
  • Step S140 If the first value is different from the second value, determine that the webpage corresponding to the webpage data is hijacked, and perform anti-hijacking processing on the webpage.
  • FIG. 1 Another embodiment of the present application provides a browser anti-hijacking method, which includes a method for determining the amount of legal data. See Figure 2.
  • the method includes:
  • Step S210 the browser receives web page data.
  • Step S220 Obtain the data of the recorded data amount in the web page data as stored value data.
  • Step S230 Parse the data amount of the webpage data from the stored value data as the data amount of the legal data in the webpage data, and use the data amount as the first value.
  • Step S240 Obtain the actual data amount of the webpage data as the second value.
  • the browser receives the web page data, and can obtain the amount of legal data in it.
  • the amount of data of the webpage is written in the legal data of the webpage. That is to say, after the programmer completes the legal data of the webpage, he can write the data of the webpage into the legal data.
  • the data that records the size of the legal data in the webpage may be defined as stored value data.
  • Write the amount of data in the legal data of the webpage which can be written into the stored value data.
  • the data of the legal data in the webpage data can be obtained by analyzing the stored value data in the webpage data. the amount. For example, a tag is set as the stored value data in a webpage. After the webpage is written, the webpage has a data volume of 20M, and the programmer writes the data of 20M into the tag. Through the analysis of the tag, the legal data of the webpage can be obtained as 20M.
  • the data of the recorded data amount can be obtained, and the data amount of the legal data of the web page can be analyzed from the data. And, the amount of data can be stored for later comparison.
  • the acquisition and analysis process can be completed by the browser kernel.
  • the browser kernel obtains stored value data from the web page data through the web page data analysis module, and parses the data amount of legal data from the stored value data, and stores it in In the data storage module of the browser.
  • the stored value data may be data encrypted according to a preset encryption algorithm.
  • the browser can decrypt the stored value data according to the preset encryption algorithm, and then obtain the amount of legal data in the webpage data from the decrypted stored value data.
  • the specific algorithm of the preset encryption algorithm is not limited in the embodiments of the present application, and it may be an encryption algorithm that is known to the browser but unknown to the hijacker.
  • the specific algorithm of the preset encryption algorithm has not been publicly announced, so the hijacker does not know the encryption algorithm used by the stored value data, even if the hijacker writes it when tampering with the legal data of the webpage.
  • the amount of changed data such as the increased amount of data written to it, the browser analyzes the amount of data written by the hijacker through a preset encryption algorithm, and the result of the analysis should also be garbled, which will not affect the amount of legal data. Of access.
  • the browser then counts the actual data volume of the web page data.
  • the specific statistical method is not limited. For example, the amount of storage space occupied by the received webpage data can be counted, and the calculation can be based on the webpage data receiving speed and receiving time.
  • Step S250 If the first value is different from the second value, determine that the webpage corresponding to the webpage data is hijacked, and perform anti-hijacking processing on the webpage.
  • the size of the legal data in the webpage is recorded by stored value data, and then the data size recorded by the handling data is compared with the actual received data size to determine whether the webpage is hijacked. If hijacked, anti-hijacking is handled.
  • the webpage may include multiple parts, and each part has its own corresponding independent webpage data.
  • the embodiment of the present application takes a frame webpage as an example for description.
  • a framed web page includes multiple frames in a web page, or more than one page is displayed in the same browser window, and each page acts as a frame.
  • Each frame is independent of other frames and has its own independent web page data.
  • the tag frame defines the HTML document placed in the frame.
  • FIG. 3 shows a schematic diagram of a framed webpage, where the webpage 110 includes three frames, namely a first frame 101, a second frame 102, and a third frame 103.
  • the data volume of the legal data of each frame can be compared with the actual data volume to determine whether the frame is hijacked, so as to determine whether to perform anti-hijacking processing on the webpage or the frame.
  • the web page data can be data information of a frame
  • the first value is the amount of legal data received by the frame
  • the second value is the actual web page received after the frame is received. The amount of data. That is, in this embodiment, for each frame, as shown in Figure 4, the following steps are performed:
  • Step S310 The browser receives the webpage data of the frame.
  • Step S320 Obtain the data amount of the legal data in the webpage data as the first value.
  • Step S330 Obtain the actual data amount of the webpage data as the second value.
  • Step S340 If the first value is different from the second value, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
  • the browser can receive the web page data of the frame.
  • the stored value data can be analyzed to obtain the data volume of the legal data in the frame, As the first value of the frame.
  • the actual data amount of the received frame's webpage data can be obtained, and the actual data amount is used as the second value of the frame.
  • first value and the second value are different. If the first value is the same as the second value, it indicates that the frame is not hijacked, and there is no need to perform anti-hijacking processing on the frame, and the frame can be processed normally, such as performing operations such as rendering and displaying. If the first value and the second value of each frame in the webpage indicate that none of the frames have been hijacked, the webpage has not been hijacked.
  • the first value of a frame is different from the second value, it indicates that the data in the frame has been tampered with. It can be determined that the frame is hijacked, and at the same time, it can be determined that the web page is hijacked, and anti-hijacking processing is performed on the web page.
  • the anti-hijacking processing for the webpage may be an anti-hijacking processing for the frame to reduce the amount of data processing. That is, when it is determined that the first value and the second value in the webpage data of a certain frame are different, the frame corresponding to the webpage data is subjected to anti-hijacking processing.
  • the anti-hijacking processing of the framework may be to reacquire the data of the framework from the server to restore the data of the framework.
  • the anti-hijacking processing of the framework may include the following steps:
  • Step S3411 Obtain the URL information of the frame.
  • Each frame has its link address, that is, has its website information, and the website information can be used to request legal data of the frame from the browser. Therefore, when it is determined that a certain frame is hijacked, that is, by comparing the amount of legal data in the web page data with the actual amount, it is determined that the frame is hijacked, and the URL information of the frame can be obtained.
  • the specific acquisition method is not limited in the embodiment of the present application.
  • the web address information of the frame is parsed from the web page data of the frame.
  • Step S3421 Initiate a webpage acquisition request carrying the website information to the server, so that the server returns the framed webpage data according to the webpage acquisition request.
  • the address of the server can be parsed to determine the server for obtaining legal data. Therefore, you can initiate a web page acquisition request to the server and also acquire the legal data of the frame. When the server receives the request for obtaining the webpage, it returns the webpage data of the frame again.
  • Step S3431 Obtain new webpage data of the frame from the server, and replace the webpage data of the frame.
  • the web page data After receiving the web page data returned by the server, the web page data is replaced with the original web page data of the frame to realize the recovery of the hijacked web page data in the frame.
  • an anti-hijacking mark may be carried in the webpage acquisition request, and the anti-hijacking mark indicates that the webpage data of the browser is hijacked, and a new copy of the webpage data corresponding to the website information needs to be obtained from the server.
  • the anti-hijacking mark can only be a mark known to the legitimate server. If an illegal server hijacks the web page acquisition request, the anti-hijacking mark cannot be correctly identified because the existence of the anti-hijacking mark cannot be correctly identified. Parse the request for the web page.
  • the anti-hijacking mark added in the web page acquisition request can be used by the server to add an anti-hijacking response mark to the returned web page data according to the anti-hijacking mark, so that when the browser receives the web page data, it will be based on the anti-hijacking response.
  • the mark is determined to be the data returned by the legitimate server. Therefore, in this embodiment of the present application, when the browser receives the web page data returned by the server in response to the web page acquisition request carrying the anti-hijacking flag, it can determine whether the received web page data carries the anti-hijacking flag. If it is carried, it is determined that the web page data returned by the legitimate server can be replaced, that is, the original web page data in the frame is replaced with new web page data.
  • the webpage acquisition request may be an encrypted data acquisition request, such as an https request, which may carry an anti-hijacking mark and URL information on the request header.
  • the server receives the request, it can find the original data of the URL information from the server-side database based on the anti-hijacking flag and URL information, that is, the legal data corresponding to the URL information, and then return it to the browser after being encrypted and compressed, and Add an anti-hijacking response flag in the response header.
  • the browser kernel receives the corresponding response data, it decrypts and decompresses the received encrypted compressed package according to the anti-hijacking mark and URL information to obtain the original data.
  • the browser kernel replaces the previously hijacked data with the acquired data. , To achieve the purpose of anti-hijacking.
  • an anti-hijacking reminder may be performed, such as displaying a hijacking reminder label to inform the user that the current web page is hijacked.
  • the anti-hijacking label can also specify which frame is hijacked, so that the user can know the specific hijacking situation of the frame in the webpage.
  • the anti-hijacking reminder may disappear after the user responds, and it is learned that the webpage data of the frame is retrieved and replaced after it disappears.
  • step S310 to step S340 may be executed again to display the legitimate data.
  • the browser performs anti-hijacking processing on a frame for a preset number of consecutive times, all it obtains is the hijacked webpage data, indicating that the frame is more likely to be hijacked, and the request for obtaining webpage data for the frame can be suspended .
  • the process of anti-hijacking the frame when it is determined that a certain frame is hijacked, in the process of anti-hijacking the frame, it can continue to determine whether other frames are hijacked and whether anti-hijacking processing is required, thereby improving the protection against webpages.
  • the processing speed of hijacking Of course, after the anti-hijacking process is performed on the frame that is determined to be hijacked, the judgment on whether other frames have been hijacked can be continued.
  • the relevant hijacking information can be uploaded to the backend server, which can be used to record the hijacking situation, count which frameworks are hijacked, the probability of hijacking, etc., for subsequent tracking and optimization Provide data support. For example, optimize the framework with a high probability of being hijacked to reduce the probability of being hijacked.
  • the background server is a server used to perform statistics on hijacking information, and may be the same as or different from the server that obtains legal webpage data. If the hijacking information fails to be uploaded for many times, such as uploading failed three times, the hijacking information can be saved locally and re-uploaded when the network condition is detected next time.
  • anti-hijacking processing on a web page includes:
  • Step S3412 Obtain the URL information of the webpage.
  • Step S3422 Initiate a webpage acquisition request carrying the website address information to the server, so that the server returns all webpage data of the webpage according to the webpage acquisition request.
  • Step S3432 Obtain new webpage data of the webpage from the server, and replace the webpage data of the webpage.
  • the webpage itself corresponds to a web site information.
  • the first frame 101, the second frame 102 and the third frame 103 respectively correspond to web site information.
  • the web page 110 itself also corresponds to a web site information, which is a link to the web page 110 itself. address.
  • a server for obtaining the overall webpage data of the webpage can be found, and all data information in the webpage can be obtained from the server.
  • the browser can obtain the website address information of the webpage, and the specific obtaining method is not limited. For example, the data stored in the website address information of the webpage is analyzed to obtain the website address information of the webpage.
  • the browser obtains and replaces all the webpage data of the webpage, in order to prevent the re-obtained webpage data from being hijacked, it can judge whether the webpage is hijacked again.
  • the anti-hijacking processing on the web page includes:
  • Step S3413 Obtain the website address information of the webpage, and continue to determine whether other frames that are not determined to be hijacked are hijacked.
  • Step S3423 Initiate a webpage acquisition request carrying the website address information to the server, so that the server returns all webpage data of the webpage according to the webpage acquisition request.
  • Step S3433 Obtain new webpage data of the webpage from the server, and replace the webpage data of the hijacked frame.
  • the original webpage data of the hijacked frame is replaced with the webpage data belonging to the hijacked frame. Also, cache the web page data obtained from the server.
  • the web page data of the hijacked frame can be obtained from the cached web page data, and the original web page data of the hijacked frame Replace it.
  • this implementation may be performed when there are other frames in the webpage that are not determined to be hijacked, and then it may happen that the frame determined to be hijacked needs to be replaced with webpage data.
  • the process from step S3413 to step S3433 is executed to perform anti-hijacking processing. Therefore, in this embodiment, when more than one frame is hijacked, for other hijacked frames other than the first determined to be hijacked, when performing anti-hijacking processing, you do not need to request data from the server, but directly Use locally cached web page data for replacement, which reduces the number of interactions with the server and improves data processing efficiency.
  • the locally cached webpage data can be deleted to reduce the pressure of local data storage on the browser.
  • various implementations can be referred to each other, and the same or similar parts can be applied to each other.
  • an encrypted acquisition request can be sent; an acquisition request carrying an anti-hijacking flag can be sent for the server to return according to the anti-hijacking flag.
  • An anti-hijacking response mark is added to the web page data; it can be judged whether the received web page data carries an anti-hijacking mark. If it is, the received web page data is considered valid, and the newly received web page data is used for the hijacked frame To replace the web page data.
  • a judgment process of whether the frame is hijacked is executed.
  • the browser processes the data of the webpage while receiving it.
  • the data volume of the legal data in the webpage data of the frame is compared with the actual data volume of the webpage data. If the two data volumes are the same, it is determined that the frame is not hijacked; if the two data volumes are different, it is determined that the frame is hijacked.
  • the browser can process multiple frames in parallel to increase the processing speed. That is to say, after receiving the web page data of a frame, judge whether the frame is hijacked or not and anti-hijack processing; if the web page data of other frames are received at this time, the other received frames will also start The judgment of whether to hijack and the handling of anti-hijacking.
  • the browser can perform hijacking judgment and anti-hijacking processing serially to reduce processing pressure while maximizing the processing speed. That is to say, when the browser finishes receiving the web page data of a frame, if it does not judge whether to hijack or anti-hijack other frames at this time, it will start to judge whether the frame is hijacked and anti-hijack processing; If there are other frameworks in the judgment of whether to hijack and anti-hijacking at this time, wait until the browser completes the judgment of whether the previously received frame is hijacked and the anti-hijacking process, and then judges whether the frame is hijacked And the handling of anti-hijacking.
  • the browser can also perform hijacking judgment serially, and anti-hijacking processing serially. That is to say, at the same time, a frame is judged whether to hijack, and a frame is processed at the same time. When the judgment of whether the frame is hijacked is completed, the judgment of whether the next frame is hijacked is performed; when the anti-hijacking processing of the already framed frame is completed, the anti-hijacking processing of the next hijacked frame is performed.
  • the web page may be hijacked or not hijacked. If it is necessary to judge whether each frame of a webpage is hijacked or not, it needs to be judged multiple times, while for webpages that are not hijacked, the multiple judgments are not necessary. Therefore, in the embodiment of the present application, in order to reduce meaningless judgments, it is possible to find which frame is hijacked when it is determined that the webpage is hijacked, so as to perform anti-hijacking processing on the frame.
  • the first value is different from the second value in each frame, it is determined that the webpage corresponding to the webpage data is hijacked.
  • the first total value which represents the size of all legal data in the webpage
  • the sum of the second values corresponding to all the frames is calculated as the second total value.
  • the total value represents the size of the total data actually received by the web page. It is understandable that when the main frame of the webpage is received, it indicates that the data of the webpage is loaded.
  • the first total value calculated at this time includes the amount of legal data of all frames; the second total value calculated at this time includes The amount of data received by all frames in the web page.
  • first total value and the second total value are the same. If the first total value is the same as the second total value, it means that the data in the webpage has not been hijacked, and it is not necessary to hijack each frame Judgment and anti-hijacking processing; if the first total value is different from the second total value, it means that the webpage is hijacked and the data of the frame has been tampered with. At this time, the first value and the second value can be compared for each frame Whether they are the same, if the first value is different from the second value, it is determined that the frame is hijacked and an anti-hijacking process is performed.
  • the webpage may specifically have data recording the total legal data size of the webpage, and the data recording the legal data size of the webpage is defined as the total stored value data.
  • the total stored value data of the web page can be obtained, and the total legal data size in the web page from the total stored value data is used as the first total value.
  • the size of the total data received by the webpage is determined as the second total value. Compare whether the first total value and the second total value are the same. If they are the same, it means that the webpage is not hijacked; if they are different, it means that the webpage is hijacked.
  • the webpage may include multiple parts, such as multiple frames as exemplified in the preceding embodiments; the webpage may also have only one part, that is, all data information of the webpage is A whole.
  • the web page data is defined as all data of the web page. Therefore, when the webpage is hijacked or not and the anti-hijacking process is performed, after receiving all the data of the webpage, the browser obtains the amount of legal data in the webpage data as the first value, which is the total amount of the webpage. The amount of legal data. The actual amount of data in the web page data is obtained as the second value, and the second value represents the total received data amount of the web page. Compare whether the first value and the second value are the same.
  • anti-hijacking processing when performing anti-hijacking processing on the webpage, anti-hijacking processing is performed on the entire webpage.
  • an anti-hijacking flag may be carried in a webpage acquisition request for use
  • the server adds an anti-hijacking response mark to the returned webpage data according to the anti-hijacking mark. It can be judged whether the received webpage data carries an anti-hijacking mark; if it is, the webpage data is replaced.
  • the webpage is taken as a whole, and the data amount of legal data in all webpage data and the actual data amount are compared to judge whether the webpage is hijacked. If it is determined that the webpage is hijacked, the webpage as a whole is used for anti-hijacking processing, thereby reducing the number of judgments and anti-hijacking processing times, and reducing the pressure of data processing.
  • the server during the anti-hijacking process, if the browser cannot access the server, such as network interruption, poor network quality, etc., the server cannot be connected to the server, the server initiates a web page acquisition request to the server, or it cannot After receiving the web page data returned by the server according to the web page obtaining request, the data of the web page cannot be restored.
  • the browser cannot obtain the new webpage data from the server for other reasons, for example, if the server does not find the webpage data corresponding to the URL information carried in the browser's webpage obtaining request, it can return an error message to the browser to inform The browser cannot find the corresponding web page data. At this time, the browser can determine that the web page data cannot be obtained from the server for anti-hijacking data recovery.
  • the execution of the hijacked webpage data can be stopped. Specifically, the execution of the webpage data can be stopped by stopping the execution of the script function corresponding to the hijacked webpage data.
  • the execution of the webpage data of the frame can be stopped, such as stopping the execution of the script function corresponding to the frame; or the execution of all webpage data of the webpage can be stopped, such as stopping the execution of the webpage Execution of script functions.
  • the execution of all webpage data of the webpage can be stopped, such as stopping the execution of the script function of the webpage.
  • a webpage hijacking reminder label can be displayed to remind the user that the webpage is hijacked.
  • the URL information, data size, etc. of the hijacked frame can also be obtained and written into the reminder tag, and a prompt box of the reminder tag pops up on the display page of the browser to remind the user in which frame the data has been tampered with.
  • the pop-up prompt box can also be used to remind the user that the webpage is hijacked, and it is not necessary to remind the user that the frame is hijacked.
  • the reminder tag may be created by a script inside the webpage.
  • the device 400 includes: a data receiving module 410, configured to receive webpage data by a browser; and a first data acquiring module 420, configured to Obtain the data volume of legal data in the webpage data as the first value; the second data acquisition module 430 is used to obtain the actual data volume of the webpage data as the second value; the anti-hijacking processing module 440 is used for If the first value is different from the second value, it is determined that the webpage corresponding to the webpage data is hijacked, and anti-hijacking processing is performed on the webpage.
  • the first data acquisition module 420 may be used to acquire data of the amount of recorded data in the webpage data as stored value data; and parse the data amount of the webpage data from the stored value data as the webpage The amount of legal data in the data.
  • the stored value data is data encrypted according to a preset encryption algorithm
  • the first data acquisition module 420 may decrypt the stored value data according to the preset encryption algorithm.
  • the web page may include multiple frames.
  • the device may also include a comparison module for calculating the sum of the first numerical values corresponding to all frames as the first total value; calculating the sum of the second numerical values corresponding to all frames as the second total value; comparing the first total Whether the value is the same as the second total value.
  • each frame is processed by the data receiving module 410, the first data acquiring module 420, the second data acquiring module 430, and the anti-hijacking processing module 440.
  • the anti-hijacking processing module 440 may be used to perform anti-hijacking processing on the frame corresponding to the webpage data; or for performing anti-hijacking processing on the entire webpage.
  • the anti-hijacking processing module 440 performing anti-hijacking processing on the frame corresponding to the webpage data may include: obtaining the website address information of the frame corresponding to the webpage data; and initiating a webpage obtaining request carrying the website address information to the server, to The server is used for returning the webpage data of the frame according to the webpage obtaining request; obtaining new webpage data of the frame from the server and replacing the webpage data of the frame.
  • the anti-hijacking processing module 440 performing anti-hijacking processing on the webpage as a whole may include: obtaining the website address information of the webpage; and initiating a webpage obtaining request carrying the website address information to the server for the server according to the webpage The obtaining request returns all the webpage data of the webpage; obtaining new webpage data of the webpage from the server, and replacing the webpage data of the webpage.
  • the anti-hijacking processing module 440 may be configured to carry an anti-hijacking mark in the web page acquisition request, so that the server adds an anti-hijacking response mark to the returned web page data according to the anti-hijacking mark.
  • the anti-hijacking processing module 440 can also be used to determine whether the received web page data carries an anti-hijacking mark; if it does, replace the web page data.
  • the anti-hijacking processing module 440 when the anti-hijacking processing module 440 performs anti-hijacking processing on the frame corresponding to the web page data, it can also be used to stop the frame corresponding to the frame if the server cannot be accessed or the new web page data cannot be obtained from the server. Execution of script functions.
  • the anti-hijacking processing module 440 performs anti-hijacking processing on the webpage, if the server cannot be accessed, or the new webpage data cannot be obtained from the server, stopping the execution of all webpage data of the webpage.
  • the anti-hijacking processing module 440 may also be used to display a web page hijacking reminder label.
  • the webpage data itself can be detected and monitored, the monitored hijacked page can be fed back and reported, and the hijacked page can be anti-hijacked, and the normal page can be restored.
  • the webpage can be protected on the basis of https data
  • the data itself has been double-layered for security detection, which greatly improves the security of web page data.
  • the web page After the web page is hijacked, the web page itself detects and warns the user, and tries to perform anti-hijacking operations to restore the normal page, which greatly reduces the risk of user leakage, improves the security of the browser, and avoids user property losses , And reduce other behaviors that harm the interests of users.
  • the coupling between the modules may be electrical, mechanical or other forms of coupling.
  • each functional module in each embodiment of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module.
  • the above-mentioned integrated modules can be implemented in the form of hardware or software functional modules.
  • FIG. 9 shows a structural block diagram of an electronic device 500 provided by an embodiment of the present application.
  • the electronic device 500 may be an electronic device capable of running application programs such as a smart phone, a tablet computer, a desktop computer, an e-reader, etc.
  • the electronic device may be connected to a server through a network, and request webpage data from the server to the server, and upload and hijack the server. Information etc.
  • the electronic device has one or more processors 510 (only one is shown in the figure), a memory 520, and one or more programs.
  • the one or more programs are stored in the memory 520 and configured to be executed by the one or more processors 510.
  • the one or more programs are configured to execute the methods described in the foregoing embodiments.
  • the one or more programs may be application programs and various quick applications respectively.
  • the processor 510 may include one or more processing cores.
  • the processor 510 uses various interfaces and lines to connect various parts of the entire electronic device 500, and executes by running or executing instructions, programs, code sets, or instruction sets stored in the memory 520, and calling data stored in the memory 520.
  • the processor 510 may use at least one of digital signal processing (Digital Signal Processing, DSP), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA), and Programmable Logic Array (Programmable Logic Array, PLA).
  • DSP Digital Signal Processing
  • FPGA Field-Programmable Gate Array
  • PLA Programmable Logic Array
  • the processor 510 may integrate one or a combination of a central processing unit (CPU), a graphics processing unit (GPU), a modem, and the like.
  • the CPU mainly processes the operating system, user interface, and application programs; the GPU is used for rendering and drawing of display content; the modem is used for processing wireless communication. It can be understood that the above-mentioned modem may not be integrated into the processor 510, but may be implemented by a communication chip alone.
  • the memory 520 may include random access memory (RAM) or read-only memory (Read-Only Memory).
  • the memory 520 may be used to store instructions, programs, codes, code sets or instruction sets.
  • the memory 520 may include a storage program area and a storage data area, where the storage program area may store instructions for implementing an operating system, instructions for implementing at least one function, instructions for implementing each of the foregoing method embodiments, and the like.
  • the storage data area can also be data created by the electronic device in use (such as phone book, audio and video data, chat record data), etc.
  • the electronic device 500 may also include a display screen for displaying the video to be displayed.
  • FIG. 10 shows a structural block diagram of a computer-readable storage medium provided by an embodiment of the present application.
  • the computer-readable storage medium 600 stores program code, and the program code can be invoked by a processor to execute the method described in the foregoing method embodiment.
  • the computer-readable storage medium 600 may be an electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM.
  • the computer-readable storage medium 600 includes a non-transitory computer-readable storage medium.
  • the computer-readable storage medium 600 has a storage space for the program code 610 for executing any method steps in the above methods. These program codes can be read out from or written into one or more computer program products.
  • the program code 610 may be compressed in a suitable form, for example.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention se rapporte au domaine technique des navigateurs et concerne un procédé et un dispositif anti-piratage de navigateur, un équipement électronique, et un support de stockage. Le procédé consiste à : recevoir des données de page Web par un navigateur ; obtenir le volume de données légal dans les données de page Web en tant que première valeur numérique ; obtenir le volume de données réel des données de page Web en tant que deuxième valeur numérique ; si la première valeur numérique est différente de la deuxième valeur numérique, déterminer qu'une page Web correspondant aux données de page Web est piratée et effectuer un traitement anti-piratage sur la page Web pour améliorer la sécurité de la page Web.
PCT/CN2019/082334 2019-04-11 2019-04-11 Procédé et dispositif anti-piratage de navigateur, équipement électronique et support de stockage WO2020206662A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980089741.2A CN113348655B (zh) 2019-04-11 2019-04-11 浏览器反劫持方法、装置、电子设备及存储介质
PCT/CN2019/082334 WO2020206662A1 (fr) 2019-04-11 2019-04-11 Procédé et dispositif anti-piratage de navigateur, équipement électronique et support de stockage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/082334 WO2020206662A1 (fr) 2019-04-11 2019-04-11 Procédé et dispositif anti-piratage de navigateur, équipement électronique et support de stockage

Publications (1)

Publication Number Publication Date
WO2020206662A1 true WO2020206662A1 (fr) 2020-10-15

Family

ID=72751843

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/082334 WO2020206662A1 (fr) 2019-04-11 2019-04-11 Procédé et dispositif anti-piratage de navigateur, équipement électronique et support de stockage

Country Status (2)

Country Link
CN (1) CN113348655B (fr)
WO (1) WO2020206662A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116912669A (zh) * 2023-09-11 2023-10-20 中国物品编码中心 一种网页劫持监测方法、系统、电子设备和存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102011009358A1 (de) * 2011-01-25 2012-07-26 Xamine GmbH Verfahren zum Aufspüren missbräuchlicher Anzeigen-Umleitung im Internet
CN104125121A (zh) * 2014-08-15 2014-10-29 携程计算机技术(上海)有限公司 网络劫持行为的检测系统及方法
CN107124430A (zh) * 2017-06-08 2017-09-01 腾讯科技(深圳)有限公司 页面劫持监控方法、装置、系统和存储介质
CN107547524A (zh) * 2017-08-09 2018-01-05 百度在线网络技术(北京)有限公司 一种网页检测方法、装置和设备
CN108111561A (zh) * 2016-11-25 2018-06-01 腾讯科技(深圳)有限公司 一种数据下载方法及其设备

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006221242A (ja) * 2005-02-08 2006-08-24 Fujitsu Ltd 認証情報詐取防止システム、プログラム及び方法
WO2009075007A1 (fr) * 2007-12-12 2009-06-18 Duaxes Corporation Dispositif de commande de communication et procédé de commande de communication
US20140380477A1 (en) * 2011-12-30 2014-12-25 Beijing Qihoo Technology Company Limited Methods and devices for identifying tampered webpage and inentifying hijacked web address
CN102624713B (zh) * 2012-02-29 2016-01-06 深信服网络科技(深圳)有限公司 网站篡改识别的方法及装置
CN104125215B (zh) * 2014-06-30 2018-01-05 新浪网技术(中国)有限公司 网站域名劫持检测方法和系统
CN104767747A (zh) * 2015-03-30 2015-07-08 微梦创科网络科技(中国)有限公司 点击劫持安全检测方法和装置
CN106911693B (zh) * 2017-02-27 2020-11-10 百度在线网络技术(北京)有限公司 用于检测网页内容劫持的方法、装置和终端设备
CN108171082B (zh) * 2017-12-06 2021-04-30 新华三信息安全技术有限公司 一种网页探测方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102011009358A1 (de) * 2011-01-25 2012-07-26 Xamine GmbH Verfahren zum Aufspüren missbräuchlicher Anzeigen-Umleitung im Internet
CN104125121A (zh) * 2014-08-15 2014-10-29 携程计算机技术(上海)有限公司 网络劫持行为的检测系统及方法
CN108111561A (zh) * 2016-11-25 2018-06-01 腾讯科技(深圳)有限公司 一种数据下载方法及其设备
CN107124430A (zh) * 2017-06-08 2017-09-01 腾讯科技(深圳)有限公司 页面劫持监控方法、装置、系统和存储介质
CN107547524A (zh) * 2017-08-09 2018-01-05 百度在线网络技术(北京)有限公司 一种网页检测方法、装置和设备

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116912669A (zh) * 2023-09-11 2023-10-20 中国物品编码中心 一种网页劫持监测方法、系统、电子设备和存储介质
CN116912669B (zh) * 2023-09-11 2023-11-28 中国物品编码中心 一种网页劫持监测方法、系统、电子设备和存储介质

Also Published As

Publication number Publication date
CN113348655B (zh) 2023-01-06
CN113348655A (zh) 2021-09-03

Similar Documents

Publication Publication Date Title
US10567529B2 (en) Unified tracking data management
US10484424B2 (en) Method and system for security protection of account information
US20140041029A1 (en) Method and system for processing website address risk detection
US9479519B1 (en) Web content fingerprint analysis to detect web page issues
US11940982B2 (en) Systems and methods for locating application specific data
US11637863B2 (en) Detection of user interface imitation
CN111008348A (zh) 反爬虫方法、终端、服务器及计算机可读存储介质
CN107566392B (zh) 一种报错型sql注入的检测方法、代理服务器和存储介质
CN108809943B (zh) 网站监控方法及其装置
US11870808B1 (en) Mobile device security application for malicious website detection based on representative image
CN106446075A (zh) 页面请求处理方法及装置
CN113469866A (zh) 数据处理方法、装置和服务器
WO2021253252A1 (fr) Procédé et appareil de test de page web, dispositif électronique et support de stockage
CN107180194B (zh) 基于视觉分析系统进行漏洞检测的方法及装置
WO2020206662A1 (fr) Procédé et dispositif anti-piratage de navigateur, équipement électronique et support de stockage
CN106612283B (zh) 一种识别下载文件来源的方法及装置
CN112769792B (zh) 一种isp攻击检测方法、装置、电子设备及存储介质
WO2016180229A1 (fr) Procédé et dispositif de traitement de données de terminal
US11997118B1 (en) Scripting attack detection and mitigation using content security policy violation reports
CN111367898A (zh) 数据处理方法、装置、系统、电子设备及存储介质
CN115632885B (zh) 蜜罐制作方法、装置、电子设备及可读存储介质
CN117370176A (zh) 应用安全测试方法、装置、计算机设备和存储介质
CN117118727A (zh) 命令注入攻击检测方法、装置、计算机设备和存储介质
CN117118740A (zh) 网络安全分析方法、装置、通信设备及存储介质
CN116915438A (zh) 文件检测方法、装置、设备、存储介质和程序产品

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19924606

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25/02/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19924606

Country of ref document: EP

Kind code of ref document: A1