Website login brute force crack method and system capable of identifying verification code

A verification code and verification code picture technology, applied in the direction of digital data authentication, instrument, platform integrity maintenance, etc., to achieve the effect of convenient and practical operation and high degree of automation

Inactive Publication Date: 2016-08-10
STATE GRID CORP OF CHINA +2
View PDF1 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem solved by the present invention is to provide a method and system for brute force cracking of website logins that can identify verification codes, which can solve the problem that the existing brute force cracking methods cannot handle the need to input verification codes when logging in. problem, which can realize automated security testing of websites with verification code login

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Website login brute force crack method and system capable of identifying verification code
  • Website login brute force crack method and system capable of identifying verification code
  • Website login brute force crack method and system capable of identifying verification code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0055] figure 1 It is a schematic diagram of the system framework of the embodiment of the present invention. The embodiment of the present invention can be deployed on any computer that can be networked as an independent system. The system integrates a web browser module, a web page static analysis module, a data packet dynamic interception module, a verification code identification module and a brute force cracking module. The function of each module is as follows:

[0056] The web browser module is used to access the URL input by the user and obtain the landing page;

[0057] The webpage static analysis module integrates the static analysis method described in the present invention, and is used to automatically extract the user ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a website login brute force crack method and system capable of identifying a verification code. The method comprises the steps of 1, through static webpage analysis, extracting information required for website login; 2, through dynamic webpage analysis, intercepting a login data package submitted to a website server by a client browser; 3, reading a group of user names and passwords from a brute force crack dictionary; 4, obtaining a verification code picture; 5, identifying the obtained verification code picture; 6, filling corresponding parameters in the login data package intercepted in the step 2 with a verification code identification result as well as the user names and the passwords read in the step 3, and submitting the replaced login data package to the website server; and 7, analyzing a website server response, if it is prompted that the verification code is wrong, returning to the step 4; if it is prompted that the user name or the password is wrong, returning to the step 3; and if it is prompted that the login succeeds, recording the user name and the password by which the login succeeds. According to the method and system, a website with a verification code login function can be subjected to automated security testing.

Description

technical field [0001] The present invention relates to the field of information security, in particular to a method and system for brute force cracking of website logins that can identify verification codes. Background technique [0002] In recent years, with the development of Internet technology and the recent introduction of the concept of "Internet +", more and more traditional industries have integrated the Internet to develop new forms and new formats. Today, many enterprises cannot do business without the support of information systems. More and more industries tend to adopt the B / S mode to develop application systems, and users can access application systems only through browsers. However, while web applications provide convenience, they also bring a lot of security risks. Because of its openness and ease of access, web applications have always been the key targets of hackers. According to Gartner's data, more than 75% of attacks on the current network are directed...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/36G06F21/57
CPCG06F21/36G06F21/577G06F2221/2133
Inventor 田峥田建伟薛海伟漆文辉黎曦刘洁
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap