Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Client-side dynamic url-related script string detection system using perturbation method

A client-side and string technology, applied in the computer field, can solve problems such as compatibility problems, jumps, and normal business cannot run, and achieve the effect of solving compatibility problems.

Active Publication Date: 2019-03-22
HANGZHOU DIANZI UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in some website application systems, some dynamic URLs will be generated by the client browser engine, and the technology proposed in the above-mentioned patent cannot jump these URLs.
For this kind of website application system, the method described in Chinese patent CN106657044A will intercept the URLs dynamically generated by these clients, causing some normal businesses to fail to run, that is, there is a compatibility problem between the method described in this patent and the client scripts that generate dynamic URLs
In order to further improve the protection capability of the website system and solve the compatibility problem of client-side scripts, this patent proposes a dynamic URL-related script string detection system for client-side using the perturbation method. The relationship between the URL generated in (such as loading the URL through AJAX) and the strings in the source code of the webpage script, so that these strings can be jumped during the jumping process, and the URL generated dynamically by the client script can be jumped, so as to solve customer problems. Compatibility issues with side scripts

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Client-side dynamic url-related script string detection system using perturbation method
  • Client-side dynamic url-related script string detection system using perturbation method
  • Client-side dynamic url-related script string detection system using perturbation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0068]下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。实施例一,参见图1所示,一种利用微扰法的客户端动态URL相关脚本字符串检测方法,其系统由客户端(python语言实现)、代理服务器(python语言实现),web服务器构成。其中:

[0069]客户端,用于处理代理服务器处理后返回的源码,包括用无头浏览器引擎渲染页面、用脚本处理源码以及保存处理结果。

[0070]代理服务器,用于接收客户端的请求、处理web服务器返回的数据和返回修改后的web服务器返回的数据给客户端,包括替换和查找web服务器返回的源码数据。

[0071]web服务器,用于接收代理服务器的请求,并返回资源(源码,图片,音频等网络资源)。

example 2

[0072]实例二,参见图2所示,为各模块分布图,其中的模块也是用python语言实现。

[0073]客户端包括URL检查模块、URL存储模块。

[0074]代理服务器包括URL关键字查找模块、脚本替换模块、URL地址替换模块。实施例三,参见图3所示,为代理服务器运行流程,由python脚本构成。以下为具体步骤:

[0075]步骤1:python代理服务器等待客户端发起的请求。

[0076]步骤2:python代理服务器收到请求。

[0077]步骤3:python代理服务器保存请求信息,包括POST与GET参数。

[0078]步骤4:python代理服务器对WEB服务器发起请求并接收返回的数据。

[0079]步骤5:检查保存的请求信息中是否有初始化标志,如果有执行步骤6,否则执行步骤9。

[0080]步骤6:检查初始化标志是否为真,如果为真执行步骤7,否则执行步骤8。

[0081]步骤7:python代理服务器利用URL地址替换模块把源码中的静态URL替换为空,接着执行步骤9。

[0082]步骤8:此步骤执行以下步骤

[0083]步骤8.1:python代理服务器利用URL地址替换模块把源码中的静态URL替换为空。

[0084]步骤8.2:客户端请求的文件名是否跟前面请求参数中的页面参数一致,如果一致执行步骤8.3,否则执行步骤8.4。

[0085]步骤8.3:此步骤执行以下步骤

[0086]步骤8.3.1:python代理服务器根据客户端无头浏览器引擎请求参数中的URL值,利用URL关键字查找模块与脚本替换模块分别执行查找源码(脚本部分)中的关键字,并将关键字替换成自定义的特殊字符串。

[0087]步骤8.3.2:python代理服务器利用URL地址替换模块把源码中的静态URL替换为空,接下来执行步骤9。

[0088]步骤8.4:保存数据,接下来执行步骤9。

[0089]步骤9:返回数据给客户端的无头浏览器引擎。

[0090]步骤10:等待客户端再次发起的请求。

Embodiment 4

[0091]实施例四,参见图4所示,客户端检测网页页面是否存在客户端动态URL流程,步骤如下:

[0092]步骤1:python客户端操作无头游览器引擎构建请求(POST或者GET),请求参数中带有初始化标志为真。

[0093]步骤2:python客户端向python代理服务器发起请求。

[0094]步骤3:python客户端等待代理服务器的响应。

[0095]步骤4:python客户端无头浏览器引擎接收python代理服务器返回的数据,渲染页面。

[0096]步骤5:python客户端利用客户端脚本中的URL检查模块分析渲染过后的页面,判断是否有客户端动态URL生成,并保存外部链接文件的文件名到script_files列表中。

[0097]步骤6:结束分析,返回结果。

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a client dynamic URL related script character string detection system using a perturbation method. The present invention can effectively and quickly detect whether there is a dynamic URL of the client in the web page, and further find out the relationship and position relationship with the character string of the dynamic URL web page source code (script part) of the client, and save the relationship, which can be used Based on the web active defense system based on URL jumping, these strings can be jumped during the jumping process, and the URL jumping of the client script can be dynamically generated, so as to solve the compatibility problem of the client script and achieve security. The defense also ensures the normal operation of the website business.

Description

technical field [0001] The invention belongs to the technical field of computers, and relates to a client dynamic URL-related script character string detection system and method using a perturbation method. Background technique [0002] URL, Uniform Resource Locator, uniquely identifies a resource on the World Wide Web. Usually, the URL indicating the location of the resource remains unchanged, which greatly facilitates hackers to launch attacks on the system, because the address of the attack target is always the same, such as CSRF attack, XSS injection attack, etc. In recent years, XSS, directory traversal, CSRF, and SQL attacks have had a very serious impact on network security, and these attacks are all based on URLs. For this reason, Chinese patent CN106657044A proposes a web page address jumping method for improving the security defense of the website system, and this technology can effectively improve the protection ability of the website system. However, in some we...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/08H04L29/06G06F16/955
CPCH04L63/1441H04L67/02G06F16/9566H04L67/56
Inventor 姜伟郑秋华吴挺姜明姜子敬陈媛芳王小军邵昱文陈科杰赵璐周沐柏岑朱宏林
Owner HANGZHOU DIANZI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com