Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Simulator-based android application server side Web vulnerability detection method

A technology of vulnerability detection and application services, applied in the direction of electrical components, transmission systems, etc., can solve problems such as time-consuming and labor-intensive, high reverse difficulty, waste of detection resources, etc., to achieve the effect of avoiding processing methods, low cost, and easy to use

Inactive Publication Date: 2017-01-25
成都知道创宇信息技术有限公司
View PDF6 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Traditional static detection needs to reverse the APP first to obtain the APP source code before proceeding to the next step, and most important APPs will reinforce and pack the APP, which leads to the fact that sometimes the APP cannot be reversed to obtain the source code, or the reverse is too difficult. High, if the source code cannot be obtained due to insufficient technology, etc., it is impossible to carry out the next step of detection
After successful reverse engineering, static code review and analysis is required to extract all requests to the server in the APP, which requires a lot of experience and effort, and is time-consuming and labor-intensive.
[0004] In addition, in many APPs, the URL requested by the server is spliced ​​through parameters. It is necessary to track the direction of the code to obtain the value of the corresponding parameter to complete the splicing of the URL, and even some parameters are based on actual conditions. The dynamic reading of the running environment cannot be obtained by tracking the code, which leads to the fact that the extracted request may be incomplete, resulting in a problem with the detection effect
Some APPs may contain some invalid URLs. In fact, these URLs are not requested by the APP. Traditional methods may also extract these server-side URLs, and cost detection resources to detect, resulting in a waste of detection resources.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Simulator-based android application server side Web vulnerability detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. like figure 1 As shown, the processing flow includes: 1) start the vulnerability detection agent module, start the Android emulator and configure the network; 2) write the APK Monitor module, connect the Android emulator and monitor the directory, and the APK Monitor module uses a Python script to specify the directory Monitor new files; 3) Download batch or individual Android application installation files, ie APK files, to a specified directory through a Python script; 4) APK Monitor monitors the APK files in the directory, automatically installs them through the ADB command, and traverses Trigger the Activity of the APP to execute the functions of the APP; 5) Capture all the requests of the APP to the server through the agent of the vulnerability detection agent module; 6) The vulnerability detection agent module performs vulnerabili...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a simulator-based android application server side Web vulnerability detection method, comprising the following steps of: starting a vulnerability detection agent module, starting an android simulator and configuring a network; composing an APK (Android Package) Monitor module, connecting the android simulator and monitoring a directory; installing files to batches of or single android application by virtue of a Python script; when the APK Monitor monitors an APK file in the directory, installing the file automatically by virtue of an ADB (Android Debug Bridge) command; capturing all requirements of an APP (application) for a server side by virtue of agency of the vulnerability detection agent module; performing, by the vulnerability detection agent module, vulnerability detection on the captured requirements; uninstalling the APP after completion of execution of the APK Monitor, and continuously monitoring an appointed directory; and outputting a detection result by the vulnerability detection agent module. By use of the method disclosed by the invention, Web vulnerabilities of an android APP server side can be detected fully automatically, and meanwhile batch detection is supported without manual intervention, and automatic detection of all APPs of a certain android APP market is supported to obtain an analysis statistical result.

Description

technical field [0001] The invention relates to the fields of simulated operation of Android applications, ADB command operations, vulnerability detection and the like by using an Android simulator, and in particular relates to a simulator-based Android application server Web vulnerability detection method. Background technique [0002] Different Android APPs provide different functions to promote the development of the mobile Internet and make our lives more convenient, but the widespread use of APPs and their own loopholes also pose a threat to our mobile life and privacy security. The APP replaces the website to realize the services that we obtain daily by accessing the web application in the way of the client. In fact, its backend also communicates with the server for data transmission. [0003] In the traditional security detection of APP server requests, most of them use static analysis to obtain the source code of APP through reverse APP, mainly including APP unpackin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1433H04L63/1416
Inventor 张祖优
Owner 成都知道创宇信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com