Anti-injection method for browser, browser client and device

A browser client, browser technology, applied in secure communication devices, digital transmission systems, electrical components, etc., can solve problems such as inability to change, browser insecurity, and insecurity

Active Publication Date: 2015-04-22
BEIJING QIHOO TECH CO LTD +1
View PDF5 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] During the use of the browser, other programs may inject some dynamic link libraries into the browser to control the browser to execute the logic it needs, such as redirecting network requests to unsafe webpages, and automatically adding unsafe websites to favorites repeatedly , items that cannot be changed or hidden appear in the IE tab, obtain the login name and password in the web page, etc. Therefore, the dynamic link library injected by these programs is not safe for the user's browser

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anti-injection method for browser, browser client and device
  • Anti-injection method for browser, browser client and device
  • Anti-injection method for browser, browser client and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0125] refer to figure 1 , which shows a schematic flowchart of a method for preventing injection of a browser according to the present invention, which may specifically include:

[0126] Step 110, loading a window message hook function for intercepting window messages;

[0127] In the embodiment of the present invention, the CBT hook function WH_CBT is loaded, and the window messages of the WH_CBT hook function can be intercepted through the WH_CBT when the windows window is activated, created, released (closed), minimized, maximized or changed. The present invention can load the above-mentioned CBT hook function.

[0128] Preferably, the loading of the window message hook function for intercepting window messages includes:

[0129] Sub-step 112, calling the dynamic link library loading function to load the dynamic link library where the window message hook function is located, so as to load the window message hook function.

[0130] WH_CBT needs to be installed through th...

Embodiment 2

[0158] refer to figure 2 , which shows a schematic flowchart of a method for preventing injection of a browser according to the present invention, which may specifically include:

[0159] Step 210, loading a window message hook function for intercepting window messages;

[0160] Step 220, intercepting the window message in the operating system through the window message hook function;

[0161] Step 230, match the window handle name to which the window message belongs with a preset window handle list; if the window handle matches, then enter step 240;

[0162] If the window handle does not match, the window message is released.

[0163] Step 240, obtaining the verification signature of the application to which the window handle belongs;

[0164] Step 250, verify the verification signature; if the verification fails, determine that the window message is a browser hijacking window message, and enter step 260;

[0165] If the verification is successful, the window message is ...

Embodiment 3

[0171] refer to image 3 , which shows a schematic flowchart of a method for preventing injection of a browser according to the present invention, which may specifically include:

[0172] Step 310, loading a window message hook function for intercepting window messages;

[0173] Step 320, for the window message of the created window in the operating system, intercepted by the window message hook function;

[0174] In the embodiment of the present invention, it can be understood that when an application program wants to inject a dll into a browser, it needs to perform an installation process, and the installation process needs to create a window for installation first in the Windows system. In the embodiment of the present invention, only To intercept the window message of the created window, the embodiment of the present invention can only intercept the window message of the created window, and can determine whether it is the window message of the application program that inj...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an anti-injection method for a browser, and relates to the technical field of browsers. The method comprises the following steps: loading a window message hook function for intercepting a window message; intercepting a window message in an operating system through the window message hook function; judging whether the window message is a browser-hijacking window message or not; and if the window message is the browser-hijacking window message, stopping transmission of the window message. According to the anti-injection method for the browser disclosed by the invention, the window message in the operating system can be intercepted by loading a global window message hook function, and a judgment on whether the window message is the browser-hijacking window message or not is made, so that the problem of unsafety of the browser due to the injection of dll into the browser through other applications is solved, and the beneficial effects of preventing the other applications from hijacking the browser by injecting unsafe dll into the browser and enhancing the safety of the browser are achieved.

Description

technical field [0001] The invention relates to the technical field of browsers, in particular to a browser anti-injection method, a browser client and a device with the browser client. Background technique [0002] A browser refers to a software that can display the contents of HTML (HyperText Mark-up Language) files of a web server or a file system and allow users to interact with these files. A web browser mainly interacts with a web server through the HTTP protocol and obtains web pages. These web pages are specified by a URL (Uniform Resource Locator), and the file format is usually HTML. [0003] During the use of the browser, there may be other programs that inject some dynamic link libraries into the browser to control the browser to execute the logic it needs. For example, network requests are redirected to unsafe webpages, and unsafe websites are automatically added to favorites , items that cannot be changed or hidden appear in the IE tab, obtain the login name a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L9/40
Inventor 党壮梁志辉王天平
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap