CN107948120A - leak detection method and device - Google Patents

leak detection method and device Download PDF

Info

Publication number
CN107948120A
CN107948120A CN201610890539.8A CN201610890539A CN107948120A CN 107948120 A CN107948120 A CN 107948120A CN 201610890539 A CN201610890539 A CN 201610890539A CN 107948120 A CN107948120 A CN 107948120A
Authority
CN
China
Prior art keywords
request message
server
field
format
response message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610890539.8A
Other languages
Chinese (zh)
Other versions
CN107948120B (en
Inventor
李翼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201610890539.8A priority Critical patent/CN107948120B/en
Publication of CN107948120A publication Critical patent/CN107948120A/en
Application granted granted Critical
Publication of CN107948120B publication Critical patent/CN107948120B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

本申请提供一种漏洞检测方法和装置,通过在漏洞检测过程中增加将第一请求消息中JSON格式的字段转化为URL格式的字段步骤,从而,可以在现有的基于URL格式的漏洞扫描器引擎不做改变的情况下,在URL格式的字段中添加测试载荷,并将添加测试载荷后的URL格式的字段转化为JSON格式,生成第二请求消息,向服务器发送第二请求消息,从而使得服务器可以识别第二请求消息,根据服务器返回的第二请求消息对应的第二响应消息,与直接将第一请求消息发送给服务器返回的第一响应消息,进行比较,并结合漏洞知识库中的漏洞判定预设规则,获取漏洞检测结果,从而,实现基于JSON格式的自动化的漏洞检测,节约了开发成本,并且,提高漏洞检测效率。

The present application provides a vulnerability detection method and device, by adding a step of converting the field in the JSON format in the first request message into the field in the URL format during the vulnerability detection process, so that it can be used in the existing vulnerability scanner based on the URL format Without changing the engine, add the test load to the field in the URL format, convert the field in the URL format after adding the test load into JSON format, generate a second request message, and send the second request message to the server, so that The server can identify the second request message, compare the second response message corresponding to the second request message returned by the server with the first response message returned by directly sending the first request message to the server, and combine the Vulnerability determination preset rules to obtain vulnerability detection results, thereby realizing automated vulnerability detection based on JSON format, saving development costs, and improving vulnerability detection efficiency.

Description

漏洞检测方法和装置Vulnerability detection method and device

技术领域technical field

本申请涉及计算机技术,尤其涉及一种漏洞检测方法和装置。The present application relates to computer technology, in particular to a vulnerability detection method and device.

背景技术Background technique

JavaScript对象符号(JavaScript Object Notation,简称:JSON)是一种轻量级的数据交换格式,易于人阅读和编写,同时也易于机器解析和生成。JavaScript Object Notation (JavaScript Object Notation, referred to as: JSON) is a lightweight data exchange format that is easy for humans to read and write, and is also easy for machines to parse and generate.

Web漏洞检测是通过获取web应用的浏览器或者客户端向服务器发送的请求消息,根据要测试的漏洞类型,在请求消息中添加该漏洞类型对应的测试载荷,将添加测试载荷后的请求消息发送给服务器,根据服务器返回的添加测试载荷后的请求消息对应的响应消息,确定web应用是否存在该漏洞类型对应的漏洞;针对某种漏洞类型,若服务器返回的添加测试载荷后的请求消息对应的响应消息与预估的响应消息不同,则认为web应用存在该漏洞类型对应的漏洞,其中,预估的响应消息是指服务器接收到未添加测试载荷的请求消息后返回的响应消息。Web vulnerability detection is to obtain the request message sent by the browser or client of the web application to the server, according to the type of vulnerability to be tested, add the test load corresponding to the vulnerability type in the request message, and send the request message after adding the test load To the server, according to the response message corresponding to the request message after adding the test load returned by the server, determine whether there is a vulnerability corresponding to the vulnerability type in the web application; for a certain type of vulnerability, if the request message returned by the server after adding the test load corresponds to If the response message is different from the estimated response message, it is considered that the web application has a vulnerability corresponding to the vulnerability type, wherein the estimated response message refers to the response message returned by the server after receiving the request message without adding a test load.

众所周知的,目前常用的统一资源定位器(Uniform Resoure Locator,简称:URL)格式和JSON格式不同,如下所示:As we all know, the currently commonly used Uniform Resource Locator (Uniform Resoure Locator, referred to as: URL) format is different from the JSON format, as follows:

URL格式:参数名和参数值为“key1=value1&key2=value2”式样的数据组合;URL format: a combination of parameter name and parameter value in the form of "key1=value1&key2=value2";

JSON格式:参数名和参数值为“{“key1”:“value1”,“key2”:“value2”}”式样的数据组合。JSON format: a combination of parameter names and parameter values in the format of "{"key1":"value1", "key2":"value2"}".

现有的漏洞扫描器引擎普遍地基于URL格式进行自动化的请求获取和测试载荷的添加,并由此进行漏洞检测。但是,由于不能识别JSON格式,目前还没有成熟的基于JSON格式进行漏洞检测的扫描器引擎。Existing vulnerability scanner engines generally perform automated request acquisition and test load addition based on the URL format, and thereby perform vulnerability detection. However, due to the inability to recognize the JSON format, there is currently no mature scanner engine for vulnerability detection based on the JSON format.

目前,在网页(Web)架构中,浏览器和服务器之间的通信越来越多的采用JSON格式,而开发一款适于JSON格式的漏洞扫描器引擎,需要投入较多的开发成本。所以,目前的做法之一是通过人工的方式对JSON格式的数据进行漏洞排查,这样极其耗费人力。Currently, in the web architecture (Web), more and more communications between the browser and the server are in the JSON format, and developing a vulnerability scanner engine suitable for the JSON format requires a lot of development costs. Therefore, one of the current methods is to manually troubleshoot the data in JSON format, which is extremely labor-intensive.

因此,现在急需一种能够对JSON格式进行自动漏洞扫描的方法。Therefore, there is an urgent need for a method that can automatically scan the JSON format for vulnerabilities.

发明内容Contents of the invention

本申请提供一种漏洞检测方法和装置,以解决现有技术中漏洞检测的效率不高的问题。The present application provides a loophole detection method and device to solve the problem of low loophole detection efficiency in the prior art.

一个方面,本申请提供一种漏洞检测方法,包括:In one aspect, the present application provides a vulnerability detection method, including:

获取向服务器发送的第一请求消息,所述第一请求消息中包含JSON格式的字段;Obtaining a first request message sent to the server, where the first request message includes fields in JSON format;

将所述JSON格式的字段转化为统一资源定位符URL格式的字段;Converting the field in the JSON format into a field in the Uniform Resource Locator URL format;

在所述URL格式的字段中添加测试载荷;Add a test load in the field of the URL format;

将添加测试载荷后的URL格式的字段转化为JSON格式,生成第二请求消息;Convert the field in the URL format after adding the test load into JSON format, and generate the second request message;

向所述服务器发送所述第二请求消息;sending the second request message to the server;

接收所述服务器发送的针对所述第一请求消息的第一响应消息;receiving a first response message sent by the server for the first request message;

接收所述服务器发送的针对所述第二请求消息的第二响应消息;receiving a second response message sent by the server for the second request message;

根据所述第一响应消息、所述第二响应消息以及漏洞判定预设规则,获取漏洞检测结果。Acquire a vulnerability detection result according to the first response message, the second response message, and a vulnerability determination preset rule.

作为一种可实现方式,所述第一请求消息和所述第二请求消息均为超文本传输协议HTTP消息。As an implementable manner, both the first request message and the second request message are hypertext transfer protocol HTTP messages.

作为一种可实现方式,所述获取向服务器发送的第一请求消息,包括:As an implementable manner, the acquisition of the first request message sent to the server includes:

从所述服务器的日志中获取向服务器发送的第一请求消息。Obtain the first request message sent to the server from the log of the server.

作为一种可实现方式,所述获取向服务器发送的第一请求消息,包括:As an implementable manner, the acquisition of the first request message sent to the server includes:

通过Web代理获取向服务器发送的第一请求消息;Obtain the first request message sent to the server through the Web proxy;

所述向所述服务器发送所述第二请求消息,包括:The sending the second request message to the server includes:

通过所述Web代理向所述服务器发送所述第二请求消息。sending the second request message to the server through the Web proxy.

作为一种可实现方式,所述获取向服务器发送的第一请求消息,包括:As an implementable manner, the acquisition of the first request message sent to the server includes:

通过旁路数据监听的方式获取向服务器发送的第一请求消息。Obtain the first request message sent to the server by bypassing data monitoring.

作为一种可实现方式,所述将所述JSON格式的字段转化为统一资源定位符URL格式的字段之后,还包括:As an implementable manner, after converting the field in the JSON format into a field in the Uniform Resource Locator URL format, it further includes:

在所述第一请求消息中添加格式转化标识;Adding a format conversion identifier to the first request message;

所述将添加测试载荷后的URL格式的字段转化为JSON格式,生成第二请求消息之前,还包括:The field in the URL format after adding the test load is converted into JSON format, and before the second request message is generated, it also includes:

确定所述第一请求消息中包含所述格式转化标识。It is determined that the first request message includes the format conversion identifier.

作为一种可实现方式,所述根据所述第二请求消息的第一响应消息、所述第二响应消息以及漏洞判定预设规则获取漏洞检测结果,包括:As an implementable manner, the acquisition of the vulnerability detection result according to the first response message of the second request message, the second response message, and the vulnerability determination preset rules includes:

将所述第二响应消息与所述第一响应消息进行比较,并结合所述漏洞判定预设规则,获取漏洞检测结果。The second response message is compared with the first response message, and a vulnerability detection result is obtained in combination with the preset rules for determining the vulnerability.

另一方面,本申请提供一种漏洞检测装置,包括:On the other hand, the present application provides a vulnerability detection device, including:

获取模块,用于获取向服务器发送的第一请求消息,所述第一请求消息中包含JSON格式的字段;An acquisition module, configured to acquire a first request message sent to the server, where the first request message includes fields in JSON format;

格式转化模块,用于将所述JSON格式的字段转化为统一资源定位符URL格式的字段;A format conversion module, configured to convert the field in the JSON format into a field in the Uniform Resource Locator URL format;

处理模块,用于在所述URL格式的字段中添加测试载荷;A processing module, configured to add a test load to the field in the URL format;

所述格式转化模块,还用于将添加测试载荷后的URL格式的字段转化为JSON格式,生成第二请求消息;The format conversion module is also used to convert the field of URL format after adding the test load into JSON format, and generate the second request message;

发送模块,用于向所述服务器发送所述第二请求消息;a sending module, configured to send the second request message to the server;

接收模块,用于接收所述服务器发送的针对所述第一请求消息的第一响应消息;a receiving module, configured to receive a first response message sent by the server for the first request message;

接收模块,还用于接收所述服务器发送的针对所述第二请求消息的第二响应消息;A receiving module, further configured to receive a second response message sent by the server for the second request message;

所述处理模块,还用于根据所述第一响应消息、所述第二响应消息以及漏洞判定预设规则,获取漏洞检测结果。The processing module is further configured to obtain a vulnerability detection result according to the first response message, the second response message, and vulnerability determination preset rules.

作为一种可实现方式,所述第一请求消息和所述第二请求消息均为超文本传输协议HTTP消息。As an implementable manner, both the first request message and the second request message are hypertext transfer protocol HTTP messages.

作为一种可实现方式,所述获取模块具体用于从所述服务器的日志中获取向服务器发送的第一请求消息。As an implementable manner, the acquiring module is specifically configured to acquire the first request message sent to the server from a log of the server.

作为一种可实现方式,所述获取模块具体用于通过Web代理获取向服务器发送的第一请求消息;所述发送模块具体用于控制所述Web代理向所述服务器发送所述第二请求消息。As an implementable manner, the acquiring module is specifically configured to acquire the first request message sent to the server through the Web proxy; the sending module is specifically configured to control the Web proxy to send the second request message to the server .

作为一种可实现方式,所述获取模块具体用于通过旁路数据监听的方式获取向服务器发送的第一请求消息。As an implementable manner, the obtaining module is specifically configured to obtain the first request message sent to the server by bypassing data monitoring.

作为一种可实现方式,所述处理模块还用于在所述第一请求消息中添加格式转化标识;As an implementable manner, the processing module is further configured to add a format conversion identifier in the first request message;

所述处理模块还用于确定所述第一请求消息中包含所述格式转化标识。The processing module is further configured to determine that the format conversion identifier is included in the first request message.

作为一种可实现方式,所述处理模块具体用于将所述第二响应消息与所述第一响应消息进行比较,并结合所述漏洞判定预设规则,获取漏洞检测结果。As an implementable manner, the processing module is specifically configured to compare the second response message with the first response message, and obtain a vulnerability detection result in combination with the vulnerability determination preset rules.

再一方面,本申请提供一种漏洞检测装置,包括:In another aspect, the present application provides a vulnerability detection device, including:

处理器,用于获取向服务器发送的第一请求消息,所述第一请求消息中包含JSON格式的字段;A processor, configured to obtain a first request message sent to the server, where the first request message includes fields in JSON format;

所述处理器,还用于将所述JSON格式的字段转化为统一资源定位符URL格式的字段;The processor is further configured to convert the field in the JSON format into a field in the Uniform Resource Locator URL format;

所述处理器,还用于在所述URL格式的字段中添加测试载荷;The processor is also used to add a test load in the field of the URL format;

所述处理器,还用于将添加测试载荷后的URL格式的字段转化为JSON格式,生成第二请求消息;The processor is also used to convert the field in the URL format after adding the test load into a JSON format to generate a second request message;

发送接口,所述发送接口耦合至所述处理器,所述发送接口,用于向所述服务器发送所述第二请求消息;a sending interface, the sending interface is coupled to the processor, and the sending interface is configured to send the second request message to the server;

接收接口,所述接收接口耦合至所述处理器,所述接收接口,用于接收所述服务器发送的针对所述第一请求消息的第一响应消息,并接收所述服务器发送的针对所述第二请求消息的第二响应消息;A receiving interface, the receiving interface is coupled to the processor, and the receiving interface is configured to receive the first response message sent by the server for the first request message, and receive the first response message sent by the server for the a second response message to the second request message;

所述处理器,还用于根据所述第一响应消息、所述第二响应消息以及漏洞判定预设规则,获取漏洞检测结果。The processor is further configured to obtain a vulnerability detection result according to the first response message, the second response message, and a preset rule for determining a vulnerability.

作为一种可实现方式,所述处理器具体用于从所述服务器的日志中获取向服务器发送的第一请求消息。As an implementable manner, the processor is specifically configured to acquire the first request message sent to the server from a log of the server.

作为一种可实现方式,所述处理器具体用于通过Web代理获取向服务器发送的第一请求消息;As an implementable manner, the processor is specifically configured to obtain the first request message sent to the server through a Web proxy;

所述发送接口具体用于控制所述Web代理向所述服务器发送所述第二请求消息。The sending interface is specifically used to control the Web proxy to send the second request message to the server.

作为一种可实现方式,所述处理器具体用于通过旁路数据监听的方式获取向服务器发送的第一请求消息。As an implementable manner, the processor is specifically configured to obtain the first request message sent to the server by bypassing data monitoring.

作为一种可实现方式,所述处理器还用于在所述第一请求消息中添加格式转化标识;As an implementable manner, the processor is further configured to add a format conversion identifier in the first request message;

所述处理器还用于确定所述第一请求消息中包含所述格式转化标识。The processor is further configured to determine that the first request message includes the format conversion identifier.

作为一种可实现方式,所述处理器具体用于将所述第二响应消息与所述第一响应消息进行比较,并结合所述漏洞判定预设规则,获取漏洞检测结果。As an implementable manner, the processor is specifically configured to compare the second response message with the first response message, and obtain a vulnerability detection result in combination with the vulnerability determination preset rule.

本申请提供的漏洞检测方法和装置,通过在漏洞检测过程中增加将第一请求消息中JSON格式的字段转化为URL格式的字段步骤,从而,可以在现有的基于URL格式的漏洞扫描器引擎不做改变的情况下,在URL格式的字段中添加测试载荷,并将添加测试载荷后的URL格式的字段转化为JSON格式,生成第二请求消息,向服务器发送第二请求消息,从而使得服务器可以识别第二请求消息,根据服务器返回的第二请求消息对应的第二响应消息,与直接将第一请求消息发送给服务器返回的第一响应消息,进行比较,并结合漏洞知识库中的漏洞判定预设规则,获取漏洞检测结果,从而,实现基于JSON格式的自动化的漏洞检测,节约了开发成本,并且,提高漏洞检测效率。In the vulnerability detection method and device provided by the present application, by adding the step of converting the field in the JSON format in the first request message into the field in the URL format during the vulnerability detection process, it can be used in the existing vulnerability scanner engine based on the URL format In the case of no change, add the test load in the URL format field, and convert the URL format field after adding the test load into JSON format, generate the second request message, and send the second request message to the server, so that the server Can identify the second request message, compare the second response message corresponding to the second request message returned by the server with the first response message returned by directly sending the first request message to the server, and combine the vulnerabilities in the vulnerability knowledge base Determine the preset rules and obtain the vulnerability detection results, thereby realizing automatic vulnerability detection based on the JSON format, saving development costs, and improving the efficiency of vulnerability detection.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained according to these drawings without any creative effort.

图1为本申请的B/S架构示意图;Fig. 1 is a schematic diagram of the B/S architecture of the present application;

图2为本申请的C/S架构示意图;Fig. 2 is a schematic diagram of the C/S architecture of the present application;

图3为本申请漏洞检测方法实施例一的流程示意图;FIG. 3 is a schematic flow chart of Embodiment 1 of the vulnerability detection method of the present application;

图4为本申请漏洞检测方法实施例二的流程示意图;FIG. 4 is a schematic flow diagram of Embodiment 2 of the vulnerability detection method of the present application;

图5为本申请漏洞检测装置一实施例的结构示意图;5 is a schematic structural diagram of an embodiment of the vulnerability detection device of the present application;

图6为本申请漏洞检测装置另一实施例的结构示意图。FIG. 6 is a schematic structural diagram of another embodiment of the vulnerability detection device of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本发明相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本发明的一些方面相一致的装置和方法的例子。Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present invention. Rather, they are merely examples of apparatuses and methods consistent with aspects of the invention as recited in the appended claims.

应当明确,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。It should be clear that the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

在本发明实施例中使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本发明。在本发明实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。Terms used in the embodiments of the present invention are only for the purpose of describing specific embodiments, and are not intended to limit the present invention. As used in the embodiments of the present invention and the appended claims, the singular forms "a", "said" and "the" are also intended to include the plural forms unless the context clearly indicates otherwise.

应当理解,本文中使用的术语“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。It should be understood that the term "and/or" used herein is only an association relationship describing associated objects, which means that there may be three relationships, for example, A and/or B, which may mean that A exists alone, and A and B exist simultaneously. B, there are three situations of B alone. In addition, the character "/" in this article generally indicates that the contextual objects are an "or" relationship.

应当理解,尽管在本发明实施例中可能采用术语第一、第二、第三等来描述XXX,但这些XXX不应限于这些术语。这些术语仅用来将XXX彼此区分开。例如,在不脱离本发明实施例范围的情况下,第一XXX也可以被称为第二XXX,类似地,第二XXX也可以被称为第一XXX。It should be understood that although the terms first, second, third, etc. may be used to describe XXX in the embodiments of the present invention, these XXX should not be limited to these terms. These terms are only used to distinguish XXX from each other. For example, without departing from the scope of the embodiments of the present invention, the first XXX may also be called the second XXX, and similarly, the second XXX may also be called the first XXX.

取决于语境,如在此所使用的词语“如果”、“若”可以被解释成为“在……时”或“当……时”或“响应于确定”或“响应于检测”。类似地,取决于语境,短语“如果确定”或“如果检测(陈述的条件或事件)”可以被解释成为“当确定时”或“响应于确定”或“当检测(陈述的条件或事件)时”或“响应于检测(陈述的条件或事件)”。Depending on the context, the words "if", "if" as used herein may be interpreted as "at" or "when" or "in response to determining" or "in response to detecting". Similarly, depending on the context, the phrases "if determined" or "if detected (the stated condition or event)" could be interpreted as "when determined" or "in response to the determination" or "when detected (the stated condition or event) )" or "in response to detection of (a stated condition or event)".

还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的商品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种商品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的商品或者系统中还存在另外的相同要素。It should also be noted that the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a good or system comprising a set of elements includes not only those elements but also includes items not expressly listed. other elements of the product, or elements inherent in the commodity or system. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the article or system comprising said element.

这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本发明相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本发明的一些方面相一致的装置和方法的例子。Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present invention. Rather, they are merely examples of apparatuses and methods consistent with aspects of the invention as recited in the appended claims.

本申请的技术方案可应用于浏览器/服务器(Browser/Server,简称:B/S)架构或者客户端/服务器(Client/Server,简称:C/S)架构中,其中,B/S架构如图1所示,图1为本申请的B/S架构示意图,C/S架构如图2所示,图2为本申请的C/S架构示意图。在图1中,浏览器和服务器之间的通信采用JSON格式,在图2中,客户端和服务器之间的通信采用JSON格式。The technical solution of the present application can be applied to a browser/server (Browser/Server, referred to as: B/S) architecture or a client/server (Client/Server, referred to as: C/S) architecture, wherein the B/S architecture is as follows: As shown in FIG. 1, FIG. 1 is a schematic diagram of the B/S architecture of the present application, and the C/S architecture is shown in FIG. 2, and FIG. 2 is a schematic diagram of the C/S architecture of the present application. In Figure 1, the communication between the browser and the server is in JSON format, and in Figure 2, the communication between the client and the server is in JSON format.

本申请为了解决现有技术中的Web漏洞检测方法不能基于JSON格式进行漏洞检测的问题,通过在漏洞检测过程中增加URL格式与JSON格式的转化步骤,从而,可以在现有的基于URL格式的漏洞扫描器引擎不做改变的情况下,使得本申请的漏洞检测方法可以实现基于JSON格式的自动化漏洞检测。In order to solve the problem that the web vulnerability detection method in the prior art cannot detect vulnerabilities based on the JSON format, this application adds a conversion step between the URL format and the JSON format during the vulnerability detection process, so that the existing URL format-based Without changing the vulnerability scanner engine, the vulnerability detection method of the present application can realize automatic vulnerability detection based on the JSON format.

本申请还针对需要登录之后才能使用的web应用,以及无法通过爬虫技术获取客户端向服务器发送的请求消息的web应用(例如:手机端的web应用),通过人工触发发送请求消息的方式,获取请求消息。This application is also aimed at web applications that need to be logged in before they can be used, and web applications that cannot obtain the request message sent by the client to the server through crawler technology (for example: a web application on the mobile phone), and obtain the request by manually triggering the sending of the request message. information.

下面以具体地实施例对本申请的技术方案进行详细说明。下面这几个具体的实施例可以相互结合,对于相同或相似的概念或过程可能在某些实施例不再赘述。The technical solution of the present application will be described in detail below with specific embodiments. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments.

实施例一Embodiment one

图3为本申请漏洞检测方法实施例一的流程示意图,本实施例的漏洞检测方法应用于漏洞检测系统中,该漏洞检测系统中包含浏览器/客户端、web代理、第一转化模块、漏洞扫描器引擎和第二转化模块;其中,第一转化模块用于将JSON转化为URL格式,第二转化模块用于将URL格式转化为JSON格式,第一转化模块和第二转化模块可以部署在web代理中,也可以独立部署,对此,本申请不作限制;其中,漏洞扫描器引擎为基于URL格式的漏洞扫描器引擎,即:只能识别URL格式的请求消息,在进行添加测试载荷时,基于URL格式进行添加;浏览器/客户端和服务器基于JSON格式进行通信,本实施例的方法如下:Figure 3 is a schematic flow diagram of Embodiment 1 of the vulnerability detection method of the present application. The vulnerability detection method of this embodiment is applied to a vulnerability detection system, which includes a browser/client, a web proxy, a first conversion module, and a vulnerability detection system. A scanner engine and a second conversion module; wherein, the first conversion module is used to convert JSON to URL format, and the second conversion module is used to convert URL format to JSON format, and the first conversion module and the second conversion module can be deployed in In the web agent, it can also be deployed independently, and this application does not limit it; wherein, the vulnerability scanner engine is a vulnerability scanner engine based on the URL format, that is, it can only recognize request messages in the URL format, and when adding a test load , add based on the URL format; the browser/client and the server communicate based on the JSON format, the method of the present embodiment is as follows:

S301:浏览器/客户端向web代理发送第一请求消息。S301: The browser/client sends a first request message to the web proxy.

可以通过人工触发的方式触发浏览器/客户端向web代理发送第一请求消息,例如;通过点击的web应用的浏览器/客户端显示的按键,以触发向web代理发送第一请求消息。The browser/client may be manually triggered to send the first request message to the web agent, for example, by clicking on a button displayed by the browser/client of the web application to trigger sending the first request message to the web agent.

也可以通过模拟人工点击的方式自动点击浏览器/客户端显示的按键,以触发向服务器发送第一请求消息。It is also possible to automatically click a button displayed on the browser/client by simulating a manual click, so as to trigger sending the first request message to the server.

其中,第一请求消息中包含JSON格式的字段。其中,JSON格式字段如下所示:Wherein, the first request message includes fields in JSON format. Among them, the JSON format fields are as follows:

{"customerId":"","contactsMobile":"15678167514","contactsName":"tet","companyName":"123"}。{"customerId":"","contactsMobile":"15678167514","contactsName":"tet","companyName":"123"}.

S302:web代理获取第一请求消息。S302: The web agent acquires the first request message.

浏览器/客户端通过web代理与服务器进行通信,也就是浏览器或者客户端向服务器发送消息,或者,浏览器/客户端从服务器接收消息都需要通过web代理。因此,web代理可以获取向服务器发送的第一请求消息。The browser/client communicates with the server through the web proxy, that is, the browser or client sends messages to the server, or the browser/client receives messages from the server through the web proxy. Therefore, the web proxy can obtain the first request message sent to the server.

可选地,可以通过多种实现方式获取第一请求消息,除web代理之外,例如:还可以通过旁路数据监听或者从服务器的日志中获取等,对此,本申请不作限制。Optionally, the first request message can be obtained through various implementation methods, except for the web proxy, for example, it can also be obtained through bypass data monitoring or from the log of the server, etc., which is not limited in this application.

S303:web代理向服务器发送第一请求消息。S303: The web agent sends a first request message to the server.

S304:web代理接收服务器发送的针对第一请求消息的第一响应消息。S304: The web proxy receives a first response message sent by the server for the first request message.

其中,第一响应消息如下所示:Among them, the first response message is as follows:

S305:web代理向第一转化模块发送第一请求消息。S305: The web proxy sends a first request message to the first conversion module.

S306:第一转化模块将第一请求消息中的JSON格式的字段转化为URL格式的字段。S306: The first conversion module converts the fields in the JSON format in the first request message into the fields in the URL format.

解析JSON格式中的key:value序列,将key:value序列重组为URL格式,从而,实现将JSON格式的字段转化为URL格式的字段。Parse the key:value sequence in the JSON format, and reorganize the key:value sequence into the URL format, thereby realizing the conversion of the fields in the JSON format into the fields in the URL format.

例如:解析出JSON格式中的key:value序列为:“{“key1”:“value1”,“key2”:“value2”}”,则将key:value序列重组为URL格式为“key1=value1&key2=value2”。For example: parse out the key:value sequence in JSON format as: "{"key1":"value1", "key2":"value2"}", then reorganize the key:value sequence into the URL format as "key1=value1&key2= value2".

例如:将S301中的JSON格式的字段转化为URL格式的字段如下所示:For example: converting the fields in JSON format in S301 to the fields in URL format is as follows:

“customerId=&contactsMobile=15678167514&contactsName=tet&companyName=123”"customerId=&contactsMobile=15678167514&contactsName=tet&companyName=123"

S307:第一转化模块向漏洞扫描器引擎发送格式转化后的第一请求消息。S307: The first converting module sends the format-converted first request message to the vulnerability scanner engine.

S308:漏洞扫描器引擎在第一请求消息中添加测试载荷。S308: The vulnerability scanner engine adds a test payload to the first request message.

漏洞扫描器引擎在添加测试载荷时,基于URL格式进行添加,因此,将JSON格式的字段转化为URL格式的字段后,即可在URL格式的字段中添加测试载荷。When the vulnerability scanner engine adds a test payload, it adds it based on the URL format. Therefore, after converting the field in the JSON format to a field in the URL format, you can add the test payload in the field in the URL format.

漏洞类型包括:SQL注入漏洞、命令执行漏洞、跨站脚本攻击(Cross-sitescripting,简称:XSS)漏洞、任意文件下载漏洞以及文件包含漏洞等,每种漏洞类型对应一组测试载荷,一组测试载荷中包含一个或者多个测试载荷。Vulnerability types include: SQL injection vulnerabilities, command execution vulnerabilities, cross-site scripting (Cross-sitescripting, XSS) vulnerabilities, arbitrary file download vulnerabilities, and file inclusion vulnerabilities. Each vulnerability type corresponds to a set of test loads, and a set of test loads. A payload contains one or more test payloads.

针对每种测试类型,在第一请求消息中添加对应的测试载荷,以测试报错SQL注入漏洞为例,添加一个测试载荷,本次举例用“,updatexml(1,@@version,1)”作为测试载荷,在参数contactsMobile处添加后的第一请求消息中的URL字段如下所示:customerId=&contactsMobile=15678167514,updatexml(1,@@version,1)&co ntactsName=tet&companyName=123For each type of test, add the corresponding test load to the first request message. Take the test error reporting SQL injection vulnerability as an example, add a test load. This example uses ",updatexml(1,@@version,1)" as the For the test load, the URL field in the first request message added at the parameter contactsMobile is as follows: customerId=&contactsMobile=15678167514, updatexml(1,@@version,1)&co ntactsName=tet&companyName=123

S309:漏洞扫描器引擎将添加测试载荷后的第一请求消息发送给第二转化模块。S309: The vulnerability scanner engine sends the first request message after adding the test load to the second conversion module.

S310:第二转化模块将添加测试载荷后的第一请求消息中的URL格式转化为JSON格式,生成第二请求消息。S310: The second conversion module converts the URL format in the first request message after adding the test payload into a JSON format, and generates a second request message.

由于本申请的浏览器/客户端基于JSON格式与服务器进行通信,因此,服务器只能识别JSON格式的消息,因此,还需要将添加有效载荷后的URL格式的字段转化为JSON格式,生成第二请求消息。Since the browser/client of this application communicates with the server based on the JSON format, the server can only recognize messages in the JSON format. Therefore, it is also necessary to convert the field in the URL format after adding the payload into the JSON format, and generate the second request message.

第二请求消息中的JSON格式的字段如下所示:The fields in JSON format in the second request message are as follows:

{"customerId":"","contactsMobile":"15678167514,updatexml(1,@@version,1)","contactsName":"tet","companyName":"123"}{"customerId":"","contactsMobile":"15678167514,updatexml(1,@@version,1)","contactsName":"tet","companyName":"123"}

S311:第二转化模块向web代理发送第二请求消息。S311: The second conversion module sends a second request message to the web proxy.

S312:web代理向服务器发送第二请求消息。S312: The web proxy sends a second request message to the server.

S313:web代理接收服务器发送的针对第二请求消息第二响应消息。S313: The web proxy receives the second response message sent by the server for the second request message.

具体来说,一种可能的情况A为:第二响应消息,如下所示:Specifically, a possible situation A is: the second response message, as shown below:

另一种可能的情况B为:第二响应消息如下所示:Another possible situation B is: the second response message is as follows:

S314:web代理将第二响应消息和第一响应消息发送给漏洞扫描器引擎。S314: The web proxy sends the second response message and the first response message to the vulnerability scanner engine.

S315:漏洞扫描器引擎根据第一响应消息、第二响应消息以及漏洞判定预设规则,确定是否存在漏洞。S315: The vulnerability scanner engine determines whether there is a vulnerability according to the first response message, the second response message, and a vulnerability determination preset rule.

根据漏洞知识库,对比第二请求消息的响应消息和第一请求的响应消息的差别,确定web应用是否存在漏洞。According to the vulnerability knowledge base, the difference between the response message of the second request message and the response message of the first request is compared to determine whether there is a vulnerability in the web application.

结合上面的示例可知,当第二响应为S313中的情况A时,发现,第二响应消息与第一响应消息不同,第二响应消息中有SQL报错信息,即:ERRO:SELECT DISTINCT JSON.qridFROM x2 AS JSON,x2 AS x2 WHERE JSON.contactsMobile IN(1,updatexml(1,@@version,1))AND JSON.type=”AND JSON.number<='10'AND JSON.status=1ANDJSON.type=1:XPATH syntax error:'.16-log',并且错误信息中包含数据库版本信息,即:'.16-log',结合漏洞知识库,漏洞知识库中记录漏洞判定预设规则,例如:针对SQL注入漏洞类型,漏洞判定预设规则为:响应消息中包含SQL报错信息,并且报错信息中包含数据库版本信息,则判定存在SQL注入漏洞,因此,可以判定存在SQL注入漏洞。Combining the above example, it can be known that when the second response is the case A in S313, it is found that the second response message is different from the first response message, and there is SQL error information in the second response message, namely: ERRO: SELECT DISTINCT JSON.qridFROM x2 AS JSON,x2 AS x2 WHERE JSON.contactsMobile IN(1,updatexml(1,@@version,1))AND JSON.type="AND JSON.number<='10'AND JSON.status=1ANDJSON.type= 1:XPATH syntax error:'.16-log', and the error message contains the database version information, namely: '.16-log', combined with the vulnerability knowledge base, the vulnerability judgment preset rules are recorded in the vulnerability knowledge base, for example: for SQL injection vulnerability type, the default rule for vulnerability determination is: if the response message contains SQL error information, and the error information contains database version information, it is determined that there is an SQL injection vulnerability. Therefore, it can be determined that there is an SQL injection vulnerability.

当第二响应为S313中的情况B时,第二响应消息与第一响应消息相同,则可以认为不存在SQL注入漏洞。When the second response is the case B in S313, and the second response message is the same as the first response message, it can be considered that there is no SQL injection vulnerability.

上面仅是以一个测试载荷为例进行说明,针对特定测试类型,可以逐个添加该测试类型对应的一组测试载荷,得到一组第二响应消息,只要一组第二响应消息中存在至少一个与第一响应消息不同,结合漏洞知识库中的漏洞判定预设规则,分析该具体的不同内容段,可以判断存在该种特定测试类型的漏洞。The above is just a test load as an example. For a specific test type, a set of test loads corresponding to the test type can be added one by one to obtain a set of second response messages, as long as there is at least one of the second response messages in the set of second response messages. The first response message is different. Combining with the preset rules for determining the vulnerability in the vulnerability knowledge base and analyzing the specific different content segments, it can be determined that there is a vulnerability of this specific test type.

本实施例,通过在漏洞检测过程中增加将第一请求消息中JSON格式的字段转化为URL格式的字段步骤,从而,可以在现有的基于URL格式的漏洞扫描器引擎不做改变的情况下,在URL格式的字段中添加测试载荷,并将添加测试载荷后的URL格式的字段转化为JSON格式,生成第二请求消息,向服务器发送第二请求消息,从而使得服务器可以识别第二请求消息,根据服务器返回的第二请求消息对应的第二响应消息,与直接将第一请求消息发送给服务器返回的第一响应消息,进行比较,并结合漏洞知识库中的漏洞判定预设规则,获取漏洞检测结果,从而,实现基于JSON格式的自动化的漏洞检测,节约了开发成本,并且,提高漏洞检测效率。In this embodiment, by adding the step of converting the field in the JSON format in the first request message into a field in the URL format during the vulnerability detection process, the existing vulnerability scanner engine based on the URL format can be changed. , add a test load to the field in the URL format, convert the field in the URL format after adding the test load into JSON format, generate a second request message, and send the second request message to the server, so that the server can recognize the second request message , compare the second response message corresponding to the second request message returned by the server with the first response message returned by directly sending the first request message to the server, and combine the vulnerability judgment preset rules in the vulnerability knowledge base to obtain Vulnerability detection results, thereby realizing automated vulnerability detection based on the JSON format, saving development costs, and improving vulnerability detection efficiency.

在上述实施例中,各步骤中涉及到的格式转化举例如下:In the above embodiments, the format conversion involved in each step is as follows:

S301中,第一请求消息中包含JSON格式的字段如下所示:In S301, the fields in JSON format included in the first request message are as follows:

{"customerId":"","contactsMobile":"15678167514",{"customerId":"","contactsMobile":"15678167514",

"contactsName":"tet","companyName":"123"}"contactsName":"tet","companyName":"123"}

S306中,第一转化模块将S301中的JSON格式的字段转化为URL格式的字段如下所示:In S306, the first conversion module converts the field in JSON format in S301 into the field in URL format as follows:

“customerId=&contactsMobile=15678167514&contactsName=tet&companyName=123”"customerId=&contactsMobile=15678167514&contactsName=tet&companyName=123"

S308中,以测试报错SQL注入漏洞为例,添加一个测试载荷,本次举例用“,updatexml(1,@@version,1)”作为测试载荷,在参数contactsMobile处添加后的第一请求消息中的URL字段如下所示:In S308, take the test error report SQL injection vulnerability as an example, add a test load, this example uses ",updatexml(1,@@version,1)" as the test load, in the first request message after adding the parameter contactsMobile The URL field looks like this:

“customerId=&contactsMobile=15678167514,updatexml(1,@@version,1)&contactsName=tet&companyName=123”"customerId=&contactsMobile=15678167514,updatexml(1,@@version,1)&contactsName=tet&companyName=123"

S310中,第二转化模块将添加测试载荷后的第一请求消息中的URL格式转化为JSON格式,生成第二请求消息,第二请求消息中包含的JSON格式的字段,如下所示:In S310, the second conversion module converts the URL format in the first request message after adding the test load into JSON format to generate a second request message, and the fields in the JSON format contained in the second request message are as follows:

"customerId":"","contactsMobile":"15678167514,updatexml(1,@@ve rsion,1)","contactsName":"tet","companyName":"123"}"customerId":"","contactsMobile":"15678167514,updatexml(1,@@ve rsion,1)","contactsName":"tet","companyName":"123"}

实施例二Embodiment two

图4为本申请漏洞检测方法实施例二的流程示意图,实施例二与实施例一不同的是,获取第一响应消息的方式是漏洞扫描器引擎通过不添加载荷的方式获取,其中,与图3中相同的步骤,参见图3中相同步骤的详细描述,图4中不再赘述,如图4所示:Figure 4 is a schematic flow diagram of Embodiment 2 of the vulnerability detection method of the present application. The difference between Embodiment 2 and Embodiment 1 is that the way to obtain the first response message is that the vulnerability scanner engine obtains it without adding a load. For the same steps in Figure 3, refer to the detailed description of the same steps in Figure 3, and will not repeat them in Figure 4, as shown in Figure 4:

S401:浏览器/客户端向web代理发送第一请求消息。S401: The browser/client sends a first request message to the web proxy.

S402:web代理获取第一请求消息。S402: The web agent acquires the first request message.

S403:web代理向第一转化模块发送第一请求消息。S403: The web proxy sends a first request message to the first transformation module.

S404:第一转化模块将第一请求消息中的JSON格式的字段转化为URL格式的字段。S404: The first converting module converts the fields in the JSON format in the first request message into the fields in the URL format.

S405:第一转化模块向漏洞扫描器引擎发送格式转化后的第一请求消息。S405: The first converting module sends the format-converted first request message to the vulnerability scanner engine.

S406:漏洞扫描器引擎向第二转化模块发送格式转化后的第一请求消息。S406: The vulnerability scanner engine sends the format-converted first request message to the second conversion module.

漏洞扫描器引擎未在第一请求消息中添加测试载荷。The vulnerability scanner engine does not add a test payload in the first request message.

S407:第二转化模块将第一请求消息中的URL格式转化为JSON格式。S407: The second conversion module converts the URL format in the first request message into a JSON format.

S408:第二转化模块向web代理发送格式转化第一请求消息。S408: The second conversion module sends the first request message for format conversion to the web proxy.

S409:web代理向服务器发送从第二转化模块接收到的第一请求消息。S409: The web proxy sends the first request message received from the second conversion module to the server.

S410:web代理接收服务器发送的针对第一请求消息对应的第一响应消息。S410: The web proxy receives a first response message corresponding to the first request message sent by the server.

S411:漏洞扫描器引擎在第一请求消息中添加测试载荷。S411: The vulnerability scanner engine adds a test payload to the first request message.

S412:漏洞扫描器引擎将添加测试载荷后的第一请求消息发送给第二转化模块。S412: The vulnerability scanner engine sends the first request message after adding the test load to the second conversion module.

S413:第二转化模块将添加测试载荷后的第一请求消息中的URL格式转化为JSON格式,生成第二请求消息。S413: The second conversion module converts the URL format in the first request message after adding the test payload into JSON format, and generates a second request message.

S414:第二转化模块向web代理发送第二请求消息。S414: The second conversion module sends a second request message to the web proxy.

S415:web代理向服务器发送第二请求消息。S415: The web proxy sends a second request message to the server.

S416:web代理接收服务器发送的针对第二请求消息对应的第二响应消息。S416: The web proxy receives a second response message corresponding to the second request message sent by the server.

S417:web代理将第二响应消息和第一响应消息发送给漏洞扫描器引擎。S417: The web proxy sends the second response message and the first response message to the vulnerability scanner engine.

S418:漏洞扫描器引擎根据第一响应消息、第二响应消息以及漏洞判定预设规则,确定是否存在漏洞。S418: The vulnerability scanner engine determines whether there is a vulnerability according to the first response message, the second response message, and a vulnerability determination preset rule.

其中,S406-S410,与S411-S416的执行顺序不作限制,可以同时执行,也可以先执行S406-S410,再执行S411-S416,也可以先执行S411-S416,再执行S406-S410;对此,本申请不作限制。Among them, S406-S410 and S411-S416 are not limited in execution sequence, they can be executed at the same time, or S406-S410 can be executed first, and then S411-S416 can be executed, or S411-S416 can be executed first, and then S406-S410 can be executed; , this application is not limited.

本实施例与实施例一的技术方案的实现原理和技术效果类似,此处不再赘述。The implementation principles and technical effects of the technical solution in this embodiment are similar to those in Embodiment 1, and will not be repeated here.

实施例三Embodiment three

实施例三是在实施例一或实施例二的基础上,进一步地,第一转化模块进行格式转化之后还包括在第一请求消息中添加格式转化标识;第二转化模块在进行格式转化之前还包括确定第一请求消息中包含格式转化标识。Embodiment 3 is based on Embodiment 1 or Embodiment 2. Further, after the first conversion module performs format conversion, it also includes adding a format conversion identifier in the first request message; before the second conversion module performs format conversion, it also includes: It includes determining that the first request message contains the format conversion identifier.

本实施例,通过格式转化标识,标识在进行添加测试载荷之前是否进行了格式转化,以便于在添加测试载荷之后进行再次格式转化,以保证通信的正常进行。In this embodiment, the format conversion flag is used to identify whether the format conversion has been performed before adding the test load, so as to facilitate another format conversion after adding the test load to ensure normal communication.

实施例四Embodiment Four

在上述各实施例的的基础上,获取客户端/服务器发送的第一请求消息的方式,还可以通过以下几种可能的实现方式获取:On the basis of the above-mentioned embodiments, the way of obtaining the first request message sent by the client/server can also be obtained through the following possible implementation methods:

一种可能的实现方式:从服务器的日志中获取向服务器发送的第一请求消息。A possible implementation manner: Obtain the first request message sent to the server from the log of the server.

服务器的日志中会记录浏览器或者客户端发送的所有的第一请求消息,因此,可以通过从服务器的日志中获取向服务器发送的第一请求消息。通过从服务器的日志中获取第一请求消息时,无需人工触发向服务器发送第一请求消息。The log of the server will record all the first request messages sent by the browser or the client, therefore, the first request message sent to the server can be obtained from the log of the server. By acquiring the first request message from the log of the server, there is no need to manually trigger sending the first request message to the server.

另一种可能的实现方式:通过旁路数据监听的方式获取向服务器发送的第一请求消息。Another possible implementation manner: Obtain the first request message sent to the server by bypassing data monitoring.

与通过web代理获取向服务器发送的第一请求消息不同的是,旁路数据监听通常是在路由器处进行旁路数据监听。Different from obtaining the first request message sent to the server through the web proxy, the bypass data monitoring is usually performed at the router.

通过上述几种可能的实现方式均可以实现获取向服务器发送的第一请求消息。Acquiring the first request message sent to the server can be achieved through the above several possible implementation manners.

实施例五Embodiment five

在上述各实施例中,第一请求消息和第二请求消息均为超文本传输协议(HyperText Transfer Protocol,简称:HTTP)消息。In the foregoing embodiments, both the first request message and the second request message are hypertext transfer protocol (HyperText Transfer Protocol, HTTP for short) messages.

图5为本申请漏洞检测装置一实施例的结构示意图,本实施例的装置包括:获取模块501、格式转化模块502、处理模块503、发送模块504和接收模块505,其中,获取模块501用于获取向服务器发送的第一请求消息,第一请求消息中包含JSON格式的字段;格式转化模块502用于将JSON格式的字段转化为统一资源定位符URL格式的字段;处理模块503用于在URL格式的字段中添加测试载荷;格式转化模块502还用于将添加测试载荷后的URL格式的字段转化为JSON格式,生成第二请求消息;发送模块504用于向服务器发送第二请求消息;接收模块505用于接收服务器发送的针对第一请求消息的第一响应消息;并接收服务器发送的针对第二请求消息的第二响应消息;处理模块503还用于根据所述第一响应消息、所述第二响应消息以及漏洞判定预设规则,获取漏洞检测结果,获取漏洞检测结果。FIG. 5 is a schematic structural diagram of an embodiment of the vulnerability detection device of the present application. The device of this embodiment includes: an acquisition module 501, a format conversion module 502, a processing module 503, a sending module 504, and a receiving module 505, wherein the acquisition module 501 is used for Obtain the first request message sent to the server, the first request message includes a field in JSON format; the format conversion module 502 is used to convert the field in JSON format into a field in URL format; the processing module 503 is used in URL Add a test load in the field of the format; the format conversion module 502 is also used for converting the field of the URL format after adding the test load into a JSON format, and generates a second request message; the sending module 504 is used for sending the second request message to the server; receiving The module 505 is used to receive the first response message sent by the server for the first request message; and receive the second response message sent by the server for the second request message; the processing module 503 is also used for receiving the first response message according to the first response message, the Describe the second response message and the preset rule for vulnerability determination, obtain the vulnerability detection result, and obtain the vulnerability detection result.

其中,处理模块503具体用于将所述第二响应消息与所述第一响应消息进行比较,并结合所述漏洞判定预设规则,获取漏洞检测结果。Wherein, the processing module 503 is specifically configured to compare the second response message with the first response message, and obtain a vulnerability detection result in combination with the preset rule for vulnerability determination.

本实施例的装置,对应的可用于执行实施例一或实施例二所示方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment corresponds to a technical solution that can be used to implement the method shown in Embodiment 1 or Embodiment 2, and its implementation principle and technical effect are similar, and will not be repeated here.

可选地,在图5所示实施例中,获取模块501具体用于从服务器的日志中获取向服务器发送的第一请求消息。Optionally, in the embodiment shown in FIG. 5 , the obtaining module 501 is specifically configured to obtain the first request message sent to the server from a log of the server.

可选地,在图5所示实施例中,获取模块501具体用于通过Web代理获取向服务器发送的第一请求消息;发送模块504具体用于控制Web代理向所述服务器发送所述第一请求消息,并向服务器发送第二请求消息。Optionally, in the embodiment shown in FIG. 5 , the acquiring module 501 is specifically configured to acquire the first request message sent to the server through the Web proxy; the sending module 504 is specifically configured to control the Web proxy to send the first request message to the server. request message, and send a second request message to the server.

可选地,在图5所示实施例中,获取模块501具体用于通过旁路数据监听的方式获取向服务器发送的第一请求消息。Optionally, in the embodiment shown in FIG. 5 , the obtaining module 501 is specifically configured to obtain the first request message sent to the server by bypassing data monitoring.

本实施例的装置,对应的可用于执行实施例四所示方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment corresponds to a technical solution that can be used to implement the method shown in Embodiment 4, and its implementation principle and technical effect are similar, and will not be repeated here.

在图5所示实施例中,处理模块503还用于在第一请求消息中添加格式转化标识;处理模块503还用于确定第一请求消息中包含格式转化标识。In the embodiment shown in FIG. 5 , the processing module 503 is further configured to add a format conversion identifier in the first request message; the processing module 503 is further configured to determine that the first request message contains the format conversion identifier.

本实施例的装置,对应的可用于执行实施例三所示方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment corresponds to a technical solution that can be used to implement the method shown in Embodiment 3, and its implementation principle and technical effect are similar, and will not be repeated here.

在图5所示实施例中,第一请求消息和第二请求消息均为超文本传输协议HTTP消息。In the embodiment shown in FIG. 5, both the first request message and the second request message are hypertext transfer protocol HTTP messages.

本实施例的装置,对应的可用于执行实施例五所示方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment corresponds to the technical solution that can be used to implement the method shown in Embodiment 5, and its implementation principle and technical effect are similar, and will not be repeated here.

图6为本申请漏洞检测装置另一实施例的结构示意图,本实施例的装置包括:处理器601、发送接口602和接收接口603,其中,发送接口602和接收接口603耦合至处理器601,处理器601用于获取向服务器发送的第一请求消息,第一请求消息中包含JSON格式的字段;处理器601还用于将JSON格式的字段转化为统一资源定位符URL格式的字段;处理器601还用于在URL格式的字段中添加测试载荷;处理器601还用于将添加测试载荷后的URL格式的字段转化为JSON格式,生成第二请求消息;发送接口602发送接口耦合至处理器,发送接口,用于向服务器发送第二请求消息;接收接口603接收接口耦合至处理器,接收接口603用于接收所述服务器发送的针对所述第一请求消息的第一响应消息,并接收服务器发送的针对第二请求消息的第二响应消息;处理器601还用于根据第一响应消息、所述第二响应消息以及漏洞判定预设规则,获取漏洞检测结果。Fig. 6 is a schematic structural diagram of another embodiment of the vulnerability detection device of the present application. The device of this embodiment includes: a processor 601, a sending interface 602 and a receiving interface 603, wherein the sending interface 602 and the receiving interface 603 are coupled to the processor 601, The processor 601 is used to obtain the first request message sent to the server, and the first request message includes a field in JSON format; the processor 601 is also used to convert the field in JSON format into a field in URL format; the processor 601 is also used to add a test load in the field of the URL format; the processor 601 is also used to convert the field of the URL format after adding the test load into JSON format to generate a second request message; the sending interface 602 is coupled to the processor , the sending interface, configured to send the second request message to the server; the receiving interface 603 receiving interface is coupled to the processor, and the receiving interface 603 is configured to receive the first response message sent by the server for the first request message, and receive The second response message sent by the server for the second request message; the processor 601 is further configured to acquire a vulnerability detection result according to the first response message, the second response message, and a preset rule for determining a vulnerability.

其中,处理器601具体用于将所述第二响应消息与所述第一响应消息进行比较,并结合所述漏洞判定预设规则,获取漏洞检测结果。Wherein, the processor 601 is specifically configured to compare the second response message with the first response message, and obtain a vulnerability detection result in combination with the vulnerability determination preset rule.

本实施例的装置,对应的可用于执行实施例一或实施例二所示方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment corresponds to a technical solution that can be used to execute the method shown in Embodiment 1 or Embodiment 2, and its implementation principle and technical effect are similar, and will not be repeated here.

可选地,在图6所示实施例中,处理器601具体用于从服务器的日志中获取向服务器发送的第一请求消息。Optionally, in the embodiment shown in FIG. 6 , the processor 601 is specifically configured to acquire the first request message sent to the server from a log of the server.

可选地,在图6所示实施例中,处理器601具体用于通过Web代理获取向服务器发送的第一请求消息;发送接口602具体用于控制所述Web代理向服务器发送第二请求消息。Optionally, in the embodiment shown in FIG. 6, the processor 601 is specifically configured to acquire the first request message sent to the server through the Web proxy; the sending interface 602 is specifically configured to control the Web proxy to send the second request message to the server .

可选地,在图6所示实施例中,处理器601具体用于通过旁路数据监听的方式获取向服务器发送的第一请求消息。Optionally, in the embodiment shown in FIG. 6 , the processor 601 is specifically configured to obtain the first request message sent to the server by bypassing data monitoring.

本实施例的装置,对应的可用于执行实施例四所示方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment corresponds to a technical solution that can be used to implement the method shown in Embodiment 4, and its implementation principle and technical effect are similar, and will not be repeated here.

在图6所示实施例中,处理器601还用于在第一请求消息中添加格式转化标识;处理器601还用于确定第一请求消息中包含格式转化标识。In the embodiment shown in FIG. 6, the processor 601 is further configured to add a format conversion identifier in the first request message; the processor 601 is further configured to determine that the first request message includes the format conversion identifier.

本实施例的装置,对应的可用于执行实施例三所示方法的技术方案,其实现原理和技术效果类似,此处不再赘述。The device in this embodiment corresponds to a technical solution that can be used to implement the method shown in Embodiment 3, and its implementation principle and technical effect are similar, and will not be repeated here.

本申请还可提供一种处理器可读存储介质,该可读存储介质中存储有程序指令,该程序指令用于使处理器601执行上述实施例一至实施例四中的漏洞检测方法中所有步骤或部分步骤。上述可读存储介质可以是由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。The present application may also provide a processor-readable storage medium, where program instructions are stored in the readable storage medium, and the program instructions are used to make the processor 601 execute all the steps in the vulnerability detection method in the first to fourth embodiments above. or partial steps. The above-mentioned readable storage medium can be realized by any type of volatile or non-volatile storage device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.

最后应说明的是:以上各实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述各实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and are not intended to limit it; although the application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present application. scope.

Claims (20)

  1. A kind of 1. leak detection method, it is characterised in that including:
    The first request message sent to server is obtained, the field of JSON forms is included in first request message;
    The field of the JSON forms is converted into the field of uniform resource position mark URL form;
    The addition test load in the field of the URL format;
    The field for adding the URL format after testing load is converted into JSON forms, generates the second request message;
    Second request message is sent to the server;
    Receive the first response message for first request message that the server is sent;
    Receive the second response message for second request message that the server is sent;
    Preset rules are judged according to first response message, second response message and loophole, obtain Hole Detection knot Fruit.
  2. 2. according to the method described in claim 1, it is characterized in that, first request message and second request message are equal For hypertext transfer protocol HTTP message.
  3. 3. according to the method described in claim 1, it is characterized in that, it is described obtain to server send the first request message, Including:
    The first request message sent to server is obtained from the daily record of the server.
  4. 4. according to the method described in claim 1, it is characterized in that, it is described obtain to server send the first request message, Including:
    The first request message sent to server is obtained by web proxy;
    It is described to send second request message to the server, including:
    Second request message is sent to the server by the web proxy.
  5. 5. according to the method described in claim 1, it is characterized in that, it is described obtain to server send the first request message, Including:
    The first request message sent to server is obtained by way of bypass data monitoring.
  6. 6. according to claim 1-5 any one of them methods, it is characterised in that the field by the JSON forms converts After field for uniform resource position mark URL form, further include:
    Format conversion mark is added in first request message;
    It is described that the field for adding the URL format after testing load is converted into JSON forms, before generating the second request message, also Including:
    Determine to identify comprising the format conversion in first request message.
  7. 7. according to the method described in claim 1, it is characterized in that, described disappear according to the first of second request message the response Breath, second response message and loophole judge preset rules obtain Hole Detection as a result, including:
    By second response message compared with first response message, and judge preset rules with reference to the loophole, Obtain Hole Detection result.
  8. A kind of 8. Hole Detection device, it is characterised in that including:
    Acquisition module, for obtaining the first request message sent to server, JSON lattice are included in first request message The field of formula;
    Format conversion module, for the field of the JSON forms to be converted into the field of uniform resource position mark URL form;
    Processing module, for the addition test load in the field of the URL format;
    The format conversion module, is additionally operable to the field for adding the URL format after testing load being converted into JSON forms, generates Second request message;
    Sending module, is additionally operable to send second request message to the server;
    Receiving module, the first response message for first request message sent for receiving the server;
    The receiving module, the second response for second request message for being additionally operable to receive the server transmission disappear Breath;
    The processing module, is additionally operable to be judged according to first response message, second response message and loophole default Rule, obtains Hole Detection result.
  9. 9. device according to claim 8, it is characterised in that first request message and second request message are equal For hypertext transfer protocol HTTP message.
  10. 10. device according to claim 8, it is characterised in that the acquisition module is specifically used for from the server The first request message sent to server is obtained in daily record.
  11. 11. device according to claim 8, it is characterised in that the acquisition module is specifically used for obtaining by web proxy The first request message sent to server;The sending module is specifically used for control web proxy and sends institute to the server State the second request message.
  12. 12. device according to claim 8, it is characterised in that the acquisition module is specifically used for supervising by bypass data The mode listened obtains the first request message sent to server.
  13. 13. according to claim 8-12 any one of them devices, it is characterised in that the processing module is additionally operable to described Format conversion mark is added in one request message;
    The processing module is additionally operable to determine to identify comprising the format conversion in first request message.
  14. 14. device according to claim 8, it is characterised in that the processing module is specifically used for responding described second Message judges preset rules compared with first response message, and with reference to the loophole, obtains Hole Detection result.
  15. A kind of 15. Hole Detection device, it is characterised in that including:
    Processor, for obtaining the first request message sent to server, JSON forms are included in first request message Field;
    The processor, is additionally operable to the field of the JSON forms being converted into the field of uniform resource position mark URL form;
    The processor, is additionally operable to the addition test load in the field of the URL format;
    The processor, is additionally operable to the field for adding the URL format after testing load being converted into JSON forms, generation second please Seek message;
    Transmission interface, the transmission interface are coupled to the processor, the transmission interface, for sending institute to the server State the second request message;
    Receiving interface, the receiving interface are coupled to the processor, and the receiving interface, sends for receiving the server The first response message for first request message, and receive that the server sends disappears for the described second request Second response message of breath;
    The processor, is additionally operable to judge default rule according to first response message, second response message and loophole Then, Hole Detection result is obtained.
  16. 16. device according to claim 15, it is characterised in that the processor is specifically used for the day from the server The first request message sent to server is obtained in will.
  17. 17. device according to claim 15, it is characterised in that the processor is specifically used for obtaining by web proxy The first request message sent to server;
    The transmission interface is specifically used for controlling the web proxy to send second request message to the server.
  18. 18. device according to claim 15, it is characterised in that the processor is specifically used for monitoring by bypass data Mode obtain to server send the first request message.
  19. 19. according to claim 15-18 any one of them devices, it is characterised in that the processor is additionally operable to described Format conversion mark is added in one request message;
    The processor is additionally operable to determine to identify comprising the format conversion in first request message.
  20. 20. device according to claim 15, it is characterised in that the processor is specifically used for disappearing the described second response Breath judges preset rules compared with first response message, and with reference to the loophole, obtains Hole Detection result.
CN201610890539.8A 2016-10-12 2016-10-12 Vulnerability detection method and device Active CN107948120B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610890539.8A CN107948120B (en) 2016-10-12 2016-10-12 Vulnerability detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610890539.8A CN107948120B (en) 2016-10-12 2016-10-12 Vulnerability detection method and device

Publications (2)

Publication Number Publication Date
CN107948120A true CN107948120A (en) 2018-04-20
CN107948120B CN107948120B (en) 2020-11-24

Family

ID=61928285

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610890539.8A Active CN107948120B (en) 2016-10-12 2016-10-12 Vulnerability detection method and device

Country Status (1)

Country Link
CN (1) CN107948120B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446819A (en) * 2018-10-30 2019-03-08 北京知道创宇信息技术有限公司 It goes beyond one's commission leak detection method and device
CN109740355A (en) * 2019-01-03 2019-05-10 深圳前海微众银行股份有限公司 Vulnerability scanning method, server, system and proxy server
CN109981653A (en) * 2019-03-28 2019-07-05 上海中通吉网络技术有限公司 A kind of web vulnerability scanning method
CN110401634A (en) * 2019-06-24 2019-11-01 北京墨云科技有限公司 A kind of web application hole detection regulation engine implementation method and terminal
CN110460612A (en) * 2019-08-15 2019-11-15 中国平安财产保险股份有限公司 Safety detecting method, equipment, storage medium and device
CN110881043A (en) * 2019-11-29 2020-03-13 杭州迪普科技股份有限公司 Method and device for detecting web server vulnerability
CN110995684A (en) * 2019-11-26 2020-04-10 西安四叶草信息技术有限公司 Vulnerability detection method and device
CN114640530A (en) * 2022-03-24 2022-06-17 深信服科技股份有限公司 Data leakage detection method and device, electronic equipment and readable storage medium
CN115221525A (en) * 2021-04-21 2022-10-21 腾讯科技(深圳)有限公司 Vulnerability scanning method, device, equipment and storage medium
CN115357895A (en) * 2022-07-04 2022-11-18 深圳开源互联网安全技术有限公司 Method and system for quickly positioning stain data position in JSON frame based on IAST
CN118631586A (en) * 2024-08-06 2024-09-10 中国人民解放军国防科技大学 A Domain Name System Security Testing Method Based on Automatic Load Generation

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217546A (en) * 2008-01-18 2008-07-09 东南大学 Implementation method of high-efficiency security protocol denial-of-service attack detection system
CN101459548A (en) * 2007-12-14 2009-06-17 北京启明星辰信息技术股份有限公司 Script injection attack detection method and system
CN101471818A (en) * 2007-12-24 2009-07-01 北京启明星辰信息技术股份有限公司 Detection method and system for malevolence injection script web page
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
CN102468985A (en) * 2010-11-01 2012-05-23 北京神州绿盟信息安全科技股份有限公司 Method and system for performing penetration test on network security equipment
CN102508674A (en) * 2011-12-02 2012-06-20 方正国际软件有限公司 Method based on JSON (javascript serialized object notation) for passing object-oriented parameters and system
CN103678113A (en) * 2012-09-04 2014-03-26 国际商业机器公司 Self-testing of computer software application, method and system thereof
CN105049440A (en) * 2015-08-06 2015-11-11 福建天晴数码有限公司 Method and system for detecting cross-site scripting attack injection

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459548A (en) * 2007-12-14 2009-06-17 北京启明星辰信息技术股份有限公司 Script injection attack detection method and system
CN101471818A (en) * 2007-12-24 2009-07-01 北京启明星辰信息技术股份有限公司 Detection method and system for malevolence injection script web page
CN101217546A (en) * 2008-01-18 2008-07-09 东南大学 Implementation method of high-efficiency security protocol denial-of-service attack detection system
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
CN102468985A (en) * 2010-11-01 2012-05-23 北京神州绿盟信息安全科技股份有限公司 Method and system for performing penetration test on network security equipment
CN102508674A (en) * 2011-12-02 2012-06-20 方正国际软件有限公司 Method based on JSON (javascript serialized object notation) for passing object-oriented parameters and system
CN103678113A (en) * 2012-09-04 2014-03-26 国际商业机器公司 Self-testing of computer software application, method and system thereof
CN105049440A (en) * 2015-08-06 2015-11-11 福建天晴数码有限公司 Method and system for detecting cross-site scripting attack injection

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446819B (en) * 2018-10-30 2020-12-22 北京知道创宇信息技术股份有限公司 Unauthorized vulnerability detection method and device
CN109446819A (en) * 2018-10-30 2019-03-08 北京知道创宇信息技术有限公司 It goes beyond one's commission leak detection method and device
CN109740355A (en) * 2019-01-03 2019-05-10 深圳前海微众银行股份有限公司 Vulnerability scanning method, server, system and proxy server
CN109981653A (en) * 2019-03-28 2019-07-05 上海中通吉网络技术有限公司 A kind of web vulnerability scanning method
CN109981653B (en) * 2019-03-28 2021-07-23 上海中通吉网络技术有限公司 A web vulnerability scanning method
CN110401634A (en) * 2019-06-24 2019-11-01 北京墨云科技有限公司 A kind of web application hole detection regulation engine implementation method and terminal
CN110460612A (en) * 2019-08-15 2019-11-15 中国平安财产保险股份有限公司 Safety detecting method, equipment, storage medium and device
CN110460612B (en) * 2019-08-15 2022-05-20 中国平安财产保险股份有限公司 Security test method, device, storage medium and apparatus
CN110995684A (en) * 2019-11-26 2020-04-10 西安四叶草信息技术有限公司 Vulnerability detection method and device
CN110995684B (en) * 2019-11-26 2022-06-28 西安四叶草信息技术有限公司 Vulnerability detection method and device
CN110881043A (en) * 2019-11-29 2020-03-13 杭州迪普科技股份有限公司 Method and device for detecting web server vulnerability
CN110881043B (en) * 2019-11-29 2022-07-01 杭州迪普科技股份有限公司 Method and device for detecting web server vulnerability
CN115221525A (en) * 2021-04-21 2022-10-21 腾讯科技(深圳)有限公司 Vulnerability scanning method, device, equipment and storage medium
CN114640530A (en) * 2022-03-24 2022-06-17 深信服科技股份有限公司 Data leakage detection method and device, electronic equipment and readable storage medium
CN114640530B (en) * 2022-03-24 2023-12-29 深信服科技股份有限公司 Data leakage detection method and device, electronic equipment and readable storage medium
CN115357895A (en) * 2022-07-04 2022-11-18 深圳开源互联网安全技术有限公司 Method and system for quickly positioning stain data position in JSON frame based on IAST
CN115357895B (en) * 2022-07-04 2026-02-10 深圳开源互联网安全技术有限公司 A method and system for quickly locating tainted data in a JSON framework based on IAST.
CN118631586A (en) * 2024-08-06 2024-09-10 中国人民解放军国防科技大学 A Domain Name System Security Testing Method Based on Automatic Load Generation
CN118631586B (en) * 2024-08-06 2024-11-12 中国人民解放军国防科技大学 A Domain Name System Security Testing Method Based on Automatic Load Generation

Also Published As

Publication number Publication date
CN107948120B (en) 2020-11-24

Similar Documents

Publication Publication Date Title
CN107948120A (en) leak detection method and device
US10255370B2 (en) Automated compliance checking through analysis of cloud infrastructure templates
Celosia et al. Discontinued privacy: Personal data leaks in apple bluetooth-low-energy continuity protocols
CN113392402A (en) Power Internet of things protocol vulnerability detection system and method based on fuzzy test
TWI603600B (en) Determine vulnerability using runtime agent and network sniffer
US20170149937A1 (en) Internet of things communication unification and verification
US20110307956A1 (en) System and method for analyzing malicious code using a static analyzer
US20150096022A1 (en) Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses
CN105323247A (en) Intrusion detection system for mobile terminal
CN104834588B (en) The method and apparatus for detecting resident formula cross site scripting loophole
CN104573520B (en) The method and apparatus for detecting resident formula cross site scripting loophole
CN110083391A (en) Call request monitoring method, device, equipment and storage medium
CN106506630B (en) Malicious network behavior discovery method based on HTTP content consistency
CA2990611A1 (en) Systems and methods for categorization of web assets
CN111106983B (en) Method and device for detecting network connectivity
CN103581185A (en) Cloud searching and killing method, device and system for resisting anti-antivirus test
CN112385196A (en) System and method for reporting computer security incidents
CN115104336A (en) Tracking and publishing data for generating analytics
CN105184156A (en) Security threat management method and system
Westerholt et al. Asynchronous Geospatial Processing: An Event‐Driven Push‐Based Architecture for the OGC Web Processing Service
CN118659966A (en) Device configuration method, device, electronic device and storage medium
WO2022062958A1 (en) Privacy detection method and apparatus, and computer readable storage medium
US20170293773A1 (en) A report comprising a masked value
CN116248320B (en) Traffic recording methods, computer equipment, storage media and computer program products
US20190297107A1 (en) Method and apparatus for generating attack string

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant