CN115221529B - Method and system for injecting abnormity of front-end webpage - Google Patents
Method and system for injecting abnormity of front-end webpage Download PDFInfo
- Publication number
- CN115221529B CN115221529B CN202211116656.0A CN202211116656A CN115221529B CN 115221529 B CN115221529 B CN 115221529B CN 202211116656 A CN202211116656 A CN 202211116656A CN 115221529 B CN115221529 B CN 115221529B
- Authority
- CN
- China
- Prior art keywords
- injection
- exception
- instruction
- abnormal
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/128—Restricting unauthorised execution of programs involving web programs, i.e. using technology especially used in internet, generally interacting with a web browser, e.g. hypertext markup language [HTML], applets, java
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method and a system for injecting an exception into a front-end webpage, wherein the method comprises the following steps: setting an injection tool package, wherein the injection tool package comprises a basic exception type, a trusted third party tool type and a user-defined script type; receiving an exception injection instruction, injecting the exception into a browser through an injection toolkit according to the exception injection instruction, loading a webpage containing the injection toolkit by the browser, acquiring the exception to be injected according to the exception injection instruction, running the exception and displaying the exception to the page; and refreshing the injection toolkit, continuing injection if a new injection instruction exists, and removing injection if no injection instruction exists. The method integrates the front-end abnormal injection toolkit, introduces the injection toolkit through the webpage to select injection types, simulates various front-end abnormal scenes, and quickly realizes injection schemes of various front-end abnormal scenes, so that the front end can also perform daily safety test, fault drilling, development fault simulation and the like, and the technical significance of hot plug and hot plug is realized.
Description
Technical Field
The application relates to an exception injection method, in particular to a full-scene exception injection method for a front-end webpage.
Background
The internet market is increasingly huge, related technical means are gradually enriched, and the accompanying requirements are gradually diversified. Technical managers in various enterprises begin to think about how to ensure that the service provides uninterrupted, stable, reliable and credible service for users in the operation process, so that various products simulating abnormity and simulating system attack through tools are produced. At present, the prevention for the front-end problem is weak, and the research and development for the front-end injection tool are rare. However, the problem of the front-end failure is also important, for example, a page is crashed, a jump is redirected to a phishing website, or the monitoring discovery rate of the front-end failure is low, which depends on the feedback of a client and manual discovery, and when the front-end failure occurs, the discovery duration and the repair duration of the failure are both long.
At present, the front-end abnormal injection function in the market still has great defects, such as less design scenes, complex operation, lack of experimental simulation, difficulty in expanding and precipitating scenes and the like. Moreover, the injection capabilities are biased to a single browser and a single user, and the situation that a full stack user injects an exception at the same time and the platform cannot be realized cannot be achieved.
Disclosure of Invention
In order to enable the front-end abnormal injection to carry out the injection of a whole scene and the injection of a whole stack, the application provides an abnormal injection method of a front-end webpage.
An exception injection method for a front-end webpage comprises the following steps:
setting an injection tool package, wherein the injection tool package comprises a basic abnormal type, a trusted third party tool type and a user-defined script type;
receiving an abnormality injection instruction, injecting the abnormality into a browser through an injection toolkit according to the abnormality injection instruction, loading a webpage containing the injection toolkit by the browser, acquiring the abnormality needing to be injected according to the abnormality injection instruction, operating the abnormality and displaying the abnormality to a page;
and refreshing the injection toolkit, continuing injection if a new injection instruction exists, and removing injection if no injection instruction exists.
Further, the exception injection instruction includes instruction information, exception information, and machine information, where the instruction information, exception information, or machine information includes exception parameters, and the exception parameters include an exception scenario ID, a machine ID, and a type selection of an injection toolkit.
Further, running the exception and displaying the exception to a page specifically includes:
receiving an abnormal parameter in an abnormal injection instruction, and judging whether the abnormal parameter can be executed or not; introducing the injection tool packs through the head files of the web pages, and selecting one type of the injection tool packs; and assembling the execution parameters of the selected type, converting the execution parameters into corresponding execution instructions, executing exception, and returning to the front end to display an exception page.
Further, if the exception injection fails, other types in the injection tool kit are reselected, the execution parameters are reassembled, the execution parameters are converted into corresponding execution instructions, the exception is executed, and the front end is returned to display the exception page.
Further, after receiving the exception injection instruction, the method further comprises: and storing or deleting the corresponding abnormal injection instruction in the database.
Further, the basic exception types comprise JS injection errors, XSS cross-domain attacks, resource exceptions, request exceptions or set server IP exceptions, SQL injection type template exceptions or CRLF injection errors
Further, the trusted third party tool type includes an npm packet type or a script type.
The method further comprises an exception canceling method, wherein the exception canceling method is used for receiving an exception canceling instruction, deleting a corresponding exception injection instruction, canceling exception injection and displaying a page with exception canceling injection.
The invention also discloses an abnormal injection system for realizing the method, which comprises a user side and an injection end;
the user side comprises a browser, the injection end comprises a console and a front-end server, and the user side receives an abnormal injection instruction pulled from the injection end and injects an abnormality through the abnormal injection instruction;
the front-end server stores an injection tool package, wherein the injection tool package comprises a basic exception type, a trusted third party tool type and a user-defined script type;
the console receives an abnormal injection instruction and stores the abnormal injection instruction;
the browser acquires an instruction needing to be injected with an exception from a console, loads a webpage containing an injection tool package from a front-end server, acquires the exception needing to be injected from the injection tool package according to the exception injection instruction, runs the exception and displays the exception to the webpage, refreshes the injection tool, continues to inject if a new injection instruction exists, and releases injection if no injection instruction exists.
The beneficial effects of the invention are as follows:
the method integrates the front-end abnormal injection toolkit, and introduces the injection toolkit through the webpage to select injection abnormal types and injection methods, so as to simulate various front-end abnormal scenes, and can quickly realize injection schemes of various front-end abnormal scenes, so that the front end can also perform daily safety test, fault drilling, development fault simulation and the like, and the technical significance of 'hot plug and hot plug' is realized. And moreover, the integration of the injection toolkit reduces the technical threshold, improves the working efficiency, shortens the project period and has practical landing practical significance.
In addition, the injection toolkit in the scheme can be infinitely expanded, abnormal contents can be updated, the front-end abnormal test of the platform is realized, and various abnormal injections are supported.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow diagram of the process.
Detailed Description
In order to make the purpose, features and advantages of the present application more obvious and understandable, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the embodiments described below are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
The invention is further elucidated with reference to the drawings and the embodiments.
Example 1
An exception injection method for a front-end webpage is shown in fig. 1, and includes the following steps:
s1, setting an injection tool package, wherein the injection tool package comprises three types of tool packages, namely a basic exception type, a trusted third party tool type and a user-defined script type. The injection toolkit is stored in the front-end server, and the user end needs to access the injection toolkit. The number of the front-end servers is generally multiple, each front-end server accesses a corresponding application, and the more the front-end servers are, the more the applications are.
And S2, receiving an exception injection instruction, and injecting the exception into the browser through an injection toolkit according to the exception injection instruction. And the user side receives the abnormal injection instruction and injects the abnormality according to the abnormal injection instruction.
The browser pulls an abnormal injection instruction from the console and loads a webpage containing an injection toolkit from the front-end server; and the browser acquires the exception needing to be injected from the injection toolkit according to the exception injection instruction, runs the exception by using the injection toolkit and displays the exception to a front-end page.
And S3, refreshing the injection toolkit, continuing injection if a new injection instruction exists, and removing injection if no injection instruction exists.
The basic exception types in the step S1 comprise JS injection errors, XSS cross-domain attacks, resource exceptions, request exceptions or set server IP exceptions, SQL injection type template exceptions or CRLF injection errors. The request exception comprises fake websocket request, fake/modified interface response and mobile end app crash.
The trusted third party tool type includes an npm packet type or a script type. The Npm package is a toolkit for large enterprises having full-time personnel to maintain open sources, such as byte or ali developed foreign tools, whistle tools.
Step S2 also includes storing an exception injection instruction. And selecting a storage mode of the instruction according to the configuration of the user sending the exception injection request, converting the instruction into an instruction mode corresponding to a third-party tool for storage if the third-party tool is a trusted third-party tool, and directly storing the instruction in the console if the third-party tool is a basic exception type or a custom script type.
The exception injection instruction comprises instruction information, exception information and machine information. The instruction information, the exception information or the machine information comprises exception parameters, and the exception parameters comprise exception scene ID, machine ID and type selection of the injection tool kit. The instruction information and the exception information have a corresponding relationship, for example, instruction 1 indicates that JS injection is wrong. The exception parameter is a part of information, and the parameter is called when executing, for example, the machine information includes a machine ID and machine state information, the machine ID refers to an ID of the front-end server, the parameter is called to participate in executing the exception task, and the machine state information is stored in the console and needs to be called when other needs exist. The machine information is manually configured into the console.
In step S2, the browser pulls an exception injection instruction from the console, so as to implement injection and operation display of the front-end exception, which specifically includes:
and S21, receiving the abnormal parameters in the abnormal injection instruction, and judging whether the abnormal parameters can be executed or not. The exception parameters include an exception scenario ID, a machine ID, and a type selection of an injection toolkit, which is numbered as a tool parameter. The abnormality scene ID is an abnormality type number, and for example, the JS injection error ID is 1.
And S22, introducing the injection toolkit through the header file of the webpage, and selecting one type of the injection toolkit, such as a basic exception type. Generally, three types of injection kits are set as priorities, basic exception types are set as default choices, and one of the tools is automatically selected according to the priorities.
The header file refers to a < head > element in webpage HTML, and scripts (scripts), style files (CSS) and various meta information can be inserted into the < head > element; the element tags that can be added in the header area are of the types < title >, < style >, < meta >, < link >, < script >, < noscript >, < base >, etc.
And S23, assembling the execution parameters of the selected types, converting the execution parameters into corresponding execution instructions, executing the exception, and returning to the front end to display an exception page. Different types of tools in the injection tool kit have different execution parameters, different execution parameter groups can be provided for the same exception scene, and the exception instruction is executed according to the execution parameter group corresponding to the selected type. For example, if the execution request is abnormal, the web page request is intercepted and the request content is replaced by the request state, the error content and the like in the execution parameters, so that the fault purpose is realized.
And S24, if the abnormal injection fails, reselecting other types in the injection tool kit, reassembling the execution parameters, converting the execution parameters into corresponding execution instructions, executing the abnormal operation, and returning to a front-end display abnormal page.
This step is an alternative step, which is initiated when the injection fails, looks at other channels in the injection toolkit, redraws the execution type, and assembles the execution parameter execution instruction in the execution type.
And S3, removing the abnormal injection after no new abnormal injection instruction exists, and displaying the page after the injection is removed.
And S3, a natural release step in the injection process, wherein the scheme also comprises an instruction release method, the console receives the abnormal release instruction and deletes the corresponding abnormal injection instruction, so that the abnormal injection is released, and the page of the abnormal release injection is displayed.
The method integrates the front-end abnormal injection toolkit, introduces the injection toolkit through the webpage to select the injection method and the abnormal type, simulates various front-end abnormal scenes, can quickly realize the injection scheme of various front-end abnormal scenes, is convenient for the front end to carry out daily safety test, fault drilling, development fault simulation and the like, and realizes the technical significance of hot plug and hot plug. And moreover, the integration of the injection toolkit reduces the technical threshold, improves the working efficiency, shortens the project period and has practical landing practical significance.
In addition, the injection toolkit in the scheme can be expanded infinitely, abnormal contents can be updated, the front-end abnormal test of the platform is realized, and various abnormal injections are supported.
Example 2
An anomaly injection system for implementing the method of embodiment 1, comprising:
a user side and an injection side; as shown in fig. 1, the user side includes a browser, the injection end includes a console and a front-end server, and the user side requests the injection end to perform exception injection, receives an exception injection command pulled from the injection end, and injects an exception through the exception injection command.
The front-end server is a front-end application machine for deploying business operation, one system comprises a plurality of front-end servers, the machine ID refers to the ID of each front-end server, each front-end server stores an injection tool package, and the injection tool package comprises a basic exception type, a trusted third-party tool type and a user-defined script type. The front-end server is here a linux front-end server.
The basic exception types comprise JS injection errors, XSS cross-domain attacks, resource exceptions, request exceptions or set server IP exceptions, SQL injection type template exceptions or CRLF injection errors. The request exception comprises a fake websocket request, a fake/modified interface response and a mobile-end app crash.
The trusted third party tool type includes an npm packet type or a script type. The Npm package is a toolkit for large enterprises having full-time personnel to maintain open sources, such as byte or ali developed foreign tools, whistle tools.
The console is connected with two parties in a butt joint mode, a first interface is provided for receiving the abnormal injection instruction, and the abnormal injection instruction is converted into an instruction corresponding to a trusted third party according to user configuration selection and stored or directly stored in a database. And providing a second interface for the browser to pull the abnormal injection instruction so that the browser obtains instruction information.
The browser is connected with two parties in a butt joint mode and comprises a front-end server and a console. And loading a webpage containing the injection tool from the front-end server, and acquiring the exception needing to be injected from the console. And the browser runs the exception according to the instruction through an exception type running method in the injection toolkit, displays the exception to a page, refreshes the injection tool, continues to inject if a new injection instruction exists, and releases the injection if no injection instruction exists.
The specific operations in the browser include:
step 1, receiving an abnormal parameter in an abnormal injection instruction stored in a control console, and judging whether the abnormal parameter can be executed or not. The abnormal parameters comprise an abnormal scene ID, a machine ID and type selection of an injection tool package, the machine ID is the ID of a front-end server, each front-end server corresponds to different applications, the different applications are realized by different front-end servers, the servers corresponding to the IDs are used for carrying out abnormal tests, and the type selection of the injection tool package is numbered and used as tool parameters. The abnormal scene ID is an abnormal type number, and for example, the JS injection error ID is 1.
And 2, introducing the injection tool packages stored in the front-end server through the header files of the webpage, and selecting one type of the injection tool packages, such as a basic exception type. Generally, three types of injection kits are set as priorities, a basic exception type is set as a default selection, and one of the tools is automatically selected according to the priority.
And 3, assembling the execution parameters of the selected types, converting the execution parameters into corresponding execution instructions, executing the exception, and returning to the front end to display an exception page. Different types of tools in the injection tool kit have different execution parameters, different execution parameter groups exist for the same exception scene, and the exception instruction is executed according to the execution parameter group corresponding to the selected type. For example, if the execution request is abnormal, the web page request is intercepted and the request content is replaced by the request state, the error content and the like in the execution parameters, so that the fault purpose is realized.
And 4, if the abnormal injection fails, reselecting other types in the injection toolkit, reassembling the execution parameters, converting the execution parameters into corresponding execution instructions, executing the abnormal operation, and returning to the front-end display abnormal page.
Example 3
The present application discloses a storage medium storing a computer program for storing a computer program that can execute the abnormality injection method in embodiment 1. The computer programs are stored in the browser, the console, and the front-end server, respectively.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising" is interpreted when employed as a transitional word in a claim. Furthermore, any use of the term "or" in the specification of the claims is intended to mean a "non-exclusive or".
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
In the context of this application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless section, wire section, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Claims (10)
1. An exception injection method for a front-end webpage is characterized by comprising the following steps:
setting an injection tool package, wherein the injection tool package comprises a basic abnormal type, a trusted third party tool type and a user-defined script type;
receiving an abnormality injection instruction, injecting the abnormality into a browser through an injection toolkit according to the abnormality injection instruction, loading a webpage containing the injection toolkit by the browser, acquiring the abnormality needing to be injected according to the abnormality injection instruction, operating the abnormality and displaying the abnormality to a page;
and refreshing the injection toolkit, continuing injection if a new injection instruction exists, and removing injection if no injection instruction exists.
2. The method for injecting the exception into the front-end webpage according to claim 1, wherein the exception injection instruction includes instruction information, exception information, and machine information, the instruction information, the exception information, or the machine information includes exception parameters, and the exception parameters include an exception scenario ID, a machine ID, and a type selection of an injection toolkit.
3. The method for injecting the exception into the front-end webpage according to claim 2, wherein the running of the exception and the presentation to the page specifically include:
receiving an abnormal parameter in an abnormal injection instruction, and judging whether the abnormal parameter can be executed or not; introducing the injection toolkits through a header file of a webpage, and selecting one type of the injection toolkits; and assembling the execution parameters of the selected type, converting the execution parameters into corresponding execution instructions, executing exception, and returning to the front end to display an exception page.
4. The method for injecting exceptions in the front-end webpage of claim 3, further comprising: if the abnormal injection fails, the type in the injection tool package is reselected, the execution parameters are reassembled, the execution parameters are converted into corresponding execution instructions, the abnormal operation is executed, and the front end is returned to display an abnormal page.
5. The method for injecting an exception into a front-end webpage according to claim 1, wherein after receiving the exception injection command, the method further comprises: and storing or deleting the corresponding abnormal injection instruction in the database.
6. The method for injecting the anomaly of the front-end webpage according to claim 1, wherein the basic anomaly types include JS injection errors, XSS cross-domain attacks, resource anomalies, request anomalies or set server IP anomalies, SQL injection type template anomalies, or CRLF injection errors.
7. The method of claim 1, wherein the trusted third party tool type comprises an npm packet type or a script type.
8. The method for injecting the exception into the front-end webpage according to claim 1, further comprising an exception removing method for receiving the exception removing instruction, deleting the corresponding exception injecting instruction, removing the exception injection, and displaying the page with the exception removed from the injection.
9. An exception injection system is characterized by comprising a user side and an injection side;
the user side comprises a browser, the injection end comprises a control console and a front-end server, and the user side receives an abnormal injection instruction pulled from the injection end and injects an abnormality through the abnormal injection instruction;
the front-end server stores an injection tool package, wherein the injection tool package comprises a basic exception type, a trusted third party tool type and a user-defined script type;
the console receives an abnormal injection instruction and stores the abnormal injection instruction;
the browser acquires an instruction needing to be injected with an exception from a console, loads a webpage containing an injection tool package from a front-end server, acquires the exception needing to be injected from the injection tool package according to the exception injection instruction, runs the exception and displays the exception to the webpage, refreshes the injection tool, continues to inject if a new injection instruction exists, and releases injection if no injection instruction exists.
10. A storage medium storing a computer program, characterized in that the computer program, when executed by a processor, implements the method according to any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211116656.0A CN115221529B (en) | 2022-09-14 | 2022-09-14 | Method and system for injecting abnormity of front-end webpage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211116656.0A CN115221529B (en) | 2022-09-14 | 2022-09-14 | Method and system for injecting abnormity of front-end webpage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115221529A CN115221529A (en) | 2022-10-21 |
| CN115221529B true CN115221529B (en) | 2022-12-27 |
Family
ID=83617766
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211116656.0A Active CN115221529B (en) | 2022-09-14 | 2022-09-14 | Method and system for injecting abnormity of front-end webpage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115221529B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8949990B1 (en) * | 2007-12-21 | 2015-02-03 | Trend Micro Inc. | Script-based XSS vulnerability detection |
| CN104361076A (en) * | 2014-11-12 | 2015-02-18 | 腾讯科技(成都)有限公司 | Method and device for processing abnormality of browser |
| CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN104881607A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN108268365A (en) * | 2016-12-30 | 2018-07-10 | 腾讯科技(深圳)有限公司 | Abnormal task method for implanting, device and system |
| CN109525567A (en) * | 2018-11-01 | 2019-03-26 | 郑州云海信息技术有限公司 | A kind of detection method and system for implementing parameter injection attacks for website |
| CN110083352A (en) * | 2019-03-20 | 2019-08-02 | 平安普惠企业管理有限公司 | JS code injection method, apparatus, computer equipment and storage medium |
| CN111523123A (en) * | 2020-04-26 | 2020-08-11 | 北京信息科技大学 | Intelligent website vulnerability detection method |
| CN112306862A (en) * | 2020-10-14 | 2021-02-02 | 北京健康之家科技有限公司 | Front-end automatic test system and method, storage medium and computing equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101775518B1 (en) * | 2016-02-23 | 2017-09-06 | 한국전자통신연구원 | Method of prividing browser using browser process for each access permission and apparatus using the same |
| CN107301345B (en) * | 2017-06-06 | 2019-12-06 | 新浪网技术(中国)有限公司 | Method, system and device for preventing XSS attack |
| CN107423194B (en) * | 2017-06-30 | 2021-01-22 | 创新先进技术有限公司 | Front-end abnormal alarm processing method, device and system |
| US11361072B2 (en) * | 2019-09-30 | 2022-06-14 | Mcafee, Llc | Runtime detection of browser exploits via injected scripts |
-
2022
- 2022-09-14 CN CN202211116656.0A patent/CN115221529B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8949990B1 (en) * | 2007-12-21 | 2015-02-03 | Trend Micro Inc. | Script-based XSS vulnerability detection |
| CN104361076A (en) * | 2014-11-12 | 2015-02-18 | 腾讯科技(成都)有限公司 | Method and device for processing abnormality of browser |
| CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN104881607A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN108268365A (en) * | 2016-12-30 | 2018-07-10 | 腾讯科技(深圳)有限公司 | Abnormal task method for implanting, device and system |
| CN109525567A (en) * | 2018-11-01 | 2019-03-26 | 郑州云海信息技术有限公司 | A kind of detection method and system for implementing parameter injection attacks for website |
| CN110083352A (en) * | 2019-03-20 | 2019-08-02 | 平安普惠企业管理有限公司 | JS code injection method, apparatus, computer equipment and storage medium |
| CN111523123A (en) * | 2020-04-26 | 2020-08-11 | 北京信息科技大学 | Intelligent website vulnerability detection method |
| CN112306862A (en) * | 2020-10-14 | 2021-02-02 | 北京健康之家科技有限公司 | Front-end automatic test system and method, storage medium and computing equipment |
Non-Patent Citations (1)
| Title |
|---|
| 基于 Chopping 的 Web 应用 SQL 注入漏洞检测方法;尤枫 等;《计算机系统应用》;20080131;第27卷(第1期);第86-91页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115221529A (en) | 2022-10-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106095677B (en) | The RESTful Webservice automatic interface testing methods realized based on Robot Framework | |
| US6446120B1 (en) | Configurable stresser for a web server | |
| US9015832B1 (en) | Application auditing through object level code inspection | |
| CN102902618B (en) | The method of mobile device application development debugging and device | |
| US7984332B2 (en) | Distributed system checker | |
| US8949996B2 (en) | Transforming unit tests for security testing | |
| CN112187585B (en) | Network protocol testing method and device | |
| US20110289489A1 (en) | Concurrent cross browser testing | |
| CN111552633A (en) | Interface exception call testing method, device, computer equipment and storage medium | |
| CN101217425A (en) | Method and device for web testing | |
| CN115328758B (en) | A performance testing method and system for industrial software with large data volumes | |
| US9442822B2 (en) | Providing a visual representation of a sub-set of a visual program | |
| CN111694757B (en) | Application program testing method and device, electronic equipment and computer readable storage medium | |
| CN104796240A (en) | Fuzz testing system for stateful network protocol | |
| CN103023710A (en) | Safety test system and method | |
| CN110750458A (en) | Big data platform testing method and device, readable storage medium and electronic equipment | |
| CN106033393A (en) | Method and system for testing application program, and mobile terminal | |
| KR101443071B1 (en) | Error Check System of Webpage | |
| CN113626047B (en) | FLUME automatic deployment system and method | |
| US10474558B2 (en) | Collaborative application testing | |
| US20130124971A1 (en) | Real time web script refresh using asynchronous polling without full web page reload | |
| CN115221529B (en) | Method and system for injecting abnormity of front-end webpage | |
| CN111431739B (en) | QualNet-oriented dynamic fault setting method for simulation communication network | |
| Hine et al. | Scalable emulation of enterprise systems | |
| CN112565244A (en) | Active risk monitoring method, system and equipment for website projects |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |