Unlock instant, AI-driven research and patent intelligence for your innovation.

SSRF vulnerability detection method and device

A detection method and vulnerability technology, applied in the direction of computer security devices, instruments, platform integrity maintenance, etc., can solve problems such as inability to detect SSRF vulnerabilities

Active Publication Date: 2017-11-14
上海安恒时代信息技术有限公司
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of this, the object of the present invention is to provide a method and device for detecting SSRF loopholes, so as to alleviate the technical problem that SSRF loopholes cannot be detected in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SSRF vulnerability detection method and device
  • SSRF vulnerability detection method and device
  • SSRF vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] A detection method for SSRF vulnerabilities, refer to figure 1 , applied to the user terminal, the method includes:

[0053] S101. Obtain a vulnerability query request, wherein the vulnerability query request includes: the URL link to be detected, a random character string corresponding to the URL link to be detected, and the domain name of the public network server;

[0054] In the embodiment of the present invention, the SSRF vulnerability detection method is specifically a detection method executed by SSRF vulnerability detection software. When using the SSRF vulnerability detection software, the user installs the SSRF vulnerability detection software on his or her own computer. After the installation is complete, the user inputs the URL link to be detected (that is, the webpage entry to be detected), or enters an URL similar to baidu.com. Site, the SSRF vulnerability detection software has a built-in crawler, crawls all URL links to be detected on baidu.com through...

Embodiment 2

[0107] A detection device for SSRF vulnerabilities, refer to Figure 4 , applied to a user terminal, the device includes:

[0108] The obtaining module 11 is used to obtain a vulnerability query request, wherein the vulnerability query request includes: the URL link to be detected, a random character string corresponding to the URL link to be detected, and the domain name of the public network server;

[0109] The first sending module 12 is used to send a vulnerability query request to the server corresponding to the URL link to be detected, and when an SSRF loophole is found, obtain a vulnerability query result, wherein the vulnerability query result is recorded in the public network server;

[0110] The second sending module 13 is used to send a secret key query request to the verification port of the public network server, so as to query whether there is a vulnerability query result in the public network server, wherein the secret key query request is generated according to...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an SSRF vulnerability detection method and device. The detection method comprises the steps that a vulnerability query request is acquired; a vulnerability query request is sent to a server corresponding to a URL link to be detected, and a vulnerability query result is acquired when an SSRF vulnerability is found; a key query request is sent to the authentication port of a public network server to query whether the public network server has the vulnerability query result; and if the returned result returned by the public network server according to the key query request is a first preset result, the fact that the SSRF vulnerability exists in the URL link to be detected is determined. According to the SSRF vulnerability detection method provided by the invention, the method can detect whether the SSRF vulnerability exists in the URL link to be detected, and the technical problem that the SSRF vulnerability cannot be detected in the prior art is alleviated.

Description

technical field [0001] The invention relates to the technical field of web page security detection, in particular to a method and device for detecting SSRF loopholes. Background technique [0002] The SSRF (Server-Side Request Forgery) vulnerability is a new type of web application vulnerability. It is different from the CSRF (Cross-Site Request Forgery) vulnerability. It uses the server to send requests to other internal and external servers. This kind of vulnerability occurs when some web applications need to obtain data from other servers through the client-specified url, such as sharing webpage content through url address, remote picture loading or downloading, transcoding service, online translation and other functions. When the functions provided by the web application do not impose strict restrictions on the submitted url parameter values, such as request protocol restrictions, internal and external access restrictions, etc., attackers are likely to take advantage of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12G06F21/57
CPCH04L63/0236H04L63/101H04L63/1433G06F21/577H04L61/4511
Inventor 王晓天范渊黄进莫金友
Owner 上海安恒时代信息技术有限公司