Method, device and equipment for detecting weak password in login page and storage medium

By generating simulated login requests and constructing a target weak password database, the accuracy problem of weak password detection under unknown encryption methods in existing technologies is solved, and the accuracy and efficiency of weak password identification on login pages are improved.

CN115935310BActive Publication Date: 2026-06-23INSPUR SUZHOU INTELLIGENT TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
INSPUR SUZHOU INTELLIGENT TECH CO LTD
Filing Date
2022-12-06
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing methods for detecting weak passwords on login pages suffer from problems such as being bypassed by users, low matching error rates due to unknown encryption methods, and inability to conduct continuous detection. In particular, they are time-consuming and labor-intensive when the encryption method is unknown.

Method used

By generating simulated login requests through a pre-set weak password database, obtaining the processing results, and constructing a target weak password database, the database is used to identify the encryption methods used by the login page to handle weak passwords, thereby improving the accuracy of identification.

Benefits of technology

It achieves accurate identification of weak passwords in login requests under unknown encryption methods, improves the detection accuracy, and avoids server load and banning risks.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115935310B_ABST
    Figure CN115935310B_ABST
Patent Text Reader

Abstract

The application provides a login page weak password detection method, device, equipment and storage medium, and belongs to the technical field of computers. The method comprises the following steps: when performing weak password detection on a login page, using a weak password in a preset weak password library as a login parameter of the login page to generate a simulated login request; submitting the simulated login request to the login page to obtain a processing result of the login page on the simulated login request; matching the processing result with a weak password in the preset weak password dictionary; and using field data matched with the weak password in the processing result to construct a target weak password library of the login page, wherein the target weak password library is used for identifying weak passwords in login requests received by the login interface.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application belongs to the field of computer science, and specifically relates to a method, apparatus, device, and storage medium for detecting weak passwords on a login page. Background Technology

[0002] In detecting and protecting against weak passwords on websites, a common method is to use front-end JavaScript code to match the user's input password pattern, checking if the string in the password input box conforms to a preset regular expression. This method prevents users from using weak passwords by prompting them with a message or directly preventing them from clicking the login / register button. However, this method has a fatal flaw: the JavaScript can be bypassed by the user on the front end.

[0003] When detecting weak passwords, a common technique is brute-force attack. This typically requires obtaining user login request data. By analyzing the user's login request packets through proxy capture, the analysis results are used to select the location where the password needs to be replaced. The weak password dictionary is iterated through, and each weak password in the request is replaced with one of the weak passwords, and the request is replayed. The success of the request is then determined based on the return value. This determines whether the login was successful with the weak password. This method has many obvious problems. For example, the tester needs to know the specific encryption method of the password, the request may contain other data related to encryption parameters (making the encrypted password different each time), and the encryption algorithm implementation needs to be re-analyzed for each website.

[0004] Existing passive weak password detection methods mostly match based on keywords such as "username" and "password" in the request. Furthermore, when the encryption method is unknown, the matching only works for plaintext passwords. Therefore, matching login requests cannot achieve a high accuracy rate. If encrypted passwords need to be matched, the password processing method for each application needs to be reimplemented, which is time-consuming and labor-intensive.

[0005] Among existing weak password server-side detection methods, a highly accurate approach involves comparing user-stored passwords in a database with those in a weak password dictionary. However, this method requires periodic testing and cannot achieve consistently stable detection results. Summary of the Invention

[0006] This application provides a method, apparatus, device, and storage medium for detecting weak passwords on a login page.

[0007] Some embodiments of this application provide a method for detecting weak passwords on a login page, the method comprising:

[0008] When performing weak password detection on the login page, weak passwords from a preset weak password database are used as login parameters for the login page to generate a simulated login request.

[0009] The simulated login request is submitted to the login page, and the processing result of the simulated login request by the login page is obtained;

[0010] The processing result is matched with weak passwords in the preset weak password dictionary;

[0011] Using the field data in the processing result that matches the weak password, a target weak password database for the login page is constructed, wherein the target weak password database is used to identify weak passwords in the login requests received by the login interface.

[0012] Optionally, before generating a simulated login request by using weak passwords from a preset weak password database as login parameters for the login page, the method includes:

[0013] Search for login keywords on the login page and identify the login input box on the login page;

[0014] When there is a login input box control around the login input box, the input parameters in the login input box are used as login parameters.

[0015] Optionally, the step of using weak passwords from a preset weak password database as login parameters for the login page to generate a simulated login request includes:

[0016] Each weak password from the preset weak password library is used as a login parameter to fill the login input box on the login page;

[0017] A trigger command is sent to the login input box control to cause the login page to generate a login request.

[0018] Optionally, after filling the login input box with each weak password from the preset weak password database as a login parameter for the login page, the method further includes:

[0019] If a verification code input box exists on the login page, a preset verification code is filled into the login code input box.

[0020] Optionally, when a verification code input box exists on the login page, before filling the login code input box with a preset verification code, the method further includes:

[0021] When a verification code input box exists on the login page, the login page after the login parameters are entered is compared with the login page before the login parameters are entered. The input box corresponding to the identified changed page element is used as the verification code input box.

[0022] Optionally, after constructing a target weak password database for the login page using the field data matching the weak password in the processing result, wherein the target weak password database is used to identify weak passwords in login requests received by the login interface, the method further includes:

[0023] Obtain the user login request entered by the user on the login page;

[0024] The data in each field of the user login request is matched with weak passwords in the target weak password database; wherein the data in the field includes at least one of the following: username field data, password field data, and login field data;

[0025] If any of the field data matches any of the weak passwords, it is determined that the login request contains a weak password;

[0026] Display a message indicating that the login request contains a weak password.

[0027] Optionally, obtaining the processing result of the login page for the simulated login request includes:

[0028] When the login page triggers a login event, the processing result sent by the login page to the server is intercepted.

[0029] Some embodiments of this application provide a device for detecting weak passwords on a login page, the device comprising:

[0030] The simulation module is used to generate a simulated login request by using weak passwords from a preset weak password database as login parameters for the login page when performing weak password detection on the login page.

[0031] The simulated login request is submitted to the login page, and the processing result of the simulated login request by the login page is obtained;

[0032] The matching module is used to match the processing result with weak passwords in the preset weak password dictionary;

[0033] The construction module is used to construct a target weak password database for the login page using field data in the processing result that matches the weak password, wherein the target weak password database is used to identify weak passwords in the login requests received by the login interface.

[0034] Optionally, the simulation module is further configured to:

[0035] Search for login keywords on the login page and identify the login input box on the login page;

[0036] When there is a login input box control around the login input box, the input parameters in the login input box are used as login parameters.

[0037] Optionally, the simulation module is further configured to:

[0038] Each weak password from the preset weak password library is used as a login parameter to fill the login input box on the login page;

[0039] A trigger command is sent to the login input box control to cause the login page to generate a login request.

[0040] Optionally, the simulation module is further configured to:

[0041] If a verification code input box exists on the login page, a preset verification code is filled into the login code input box.

[0042] Optionally, the simulation module is further configured to:

[0043] When a verification code input box exists on the login page, the login page after the login parameters are entered is compared with the login page before the login parameters are entered. The input box corresponding to the identified changed page element is used as the verification code input box.

[0044] Optionally, the device further includes: a detection module, used for:

[0045] Obtain the user login request entered by the user on the login page;

[0046] The data in each field of the user login request is matched with weak passwords in the target weak password database; wherein the data in the field includes at least one of the following: username field data, password field data, and login field data;

[0047] If any of the field data matches any of the weak passwords, it is determined that the login request contains a weak password;

[0048] Display a message indicating that the login request contains a weak password.

[0049] Optionally, the simulation module is further configured to:

[0050] When the login page triggers a login event, the processing result sent by the login page to the server is intercepted.

[0051] Some embodiments of this application provide a computing processing device, including:

[0052] Memory containing computer-readable code;

[0053] One or more processors, when the computer-readable code is executed by the one or more processors, the computing processing device performs the weak password detection method for the login page as described above.

[0054] Some embodiments of this application provide a computer program including computer-readable code that, when executed on a computing processing device, causes the computing processing device to perform a weak password detection method for a login page as described above.

[0055] Some embodiments of this application provide a non-transient computer-readable medium storing a method for detecting weak passwords in a login page as described above.

[0056] This application provides a method, apparatus, device, and storage medium for detecting weak passwords in login pages. It uses weak passwords from a pre-set weak password database as login parameters to simulate a user sending a simulated login request to the login page. The login page then uses the processing results of the weak passwords contained in the simulated login request to construct a target weak password database specific to that login page. Since the target weak password database reflects the login page's encryption and other processing methods for weak passwords, it can accurately identify weak passwords in user-sent login requests, thus improving the accuracy of weak password identification in login requests.

[0057] The above description is only an overview of the technical solution of this application. In order to better understand the technical means of this application and to implement it in accordance with the contents of the specification, and to make the above and other objects, features and advantages of this application more obvious and understandable, the following are specific embodiments of this application. Attached Figure Description

[0058] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0059] Figure 1 The schematic diagram illustrates a flowchart of a method for detecting weak passwords on a login page provided in some embodiments of this application;

[0060] Figure 2The schematic diagram illustrates a flowchart of another method for detecting weak passwords in a login page provided in some embodiments of this application;

[0061] Figure 3 The schematic diagram illustrates a flowchart of a method for identifying weak passwords on a login page, provided in some embodiments of this application.

[0062] Figure 4 The schematic diagram illustrates the structure of a weak password detection device for a login page provided in some embodiments of this application;

[0063] Figure 5 A block diagram schematically illustrates a computing processing apparatus for performing methods according to some embodiments of this application;

[0064] Figure 6 A storage unit for holding or carrying program code implementing methods according to some embodiments of this application is illustrated schematically. Detailed Implementation

[0065] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0066] Figure 1 The schematic diagram illustrates a flowchart of a method for detecting weak passwords on a login page provided in this application, the method comprising:

[0067] Step 101: When performing weak password detection on the login page, use weak passwords from the preset weak password database as login parameters for the login page to generate a simulated login request.

[0068] It should be noted that the login page refers to the service page used to provide users with login or registration services. Users can access the server connected to the login page by entering their username, login password, and other information. A weak password refers to a password that only contains simple numbers and letters, such as "123" or "abc". Because such passwords are easily cracked, they put the user's computer at risk and are therefore not recommended for use as login passwords. A preset weak password library refers to a database of known common weak passwords or specific weak passwords specified by the user. It should be understood that the weak passwords included in this preset weak password library do not cover the password encryption methods that may exist on the login interface during this test; they are only some known unencrypted weak passwords.

[0069] In this application embodiment, considering that different login pages may use different password encryption methods, if the encryption method of the login page is unknown, directly parsing the processing result of the login parameters output by the login page can only effectively match the plaintext data with weak passwords in the preset weak password database to determine whether a weak password exists. However, it cannot effectively match the encrypted data, and cannot identify whether the decrypted data is a weak password. Therefore, some embodiments of this application simulate a user login page and use weak passwords in the preset weak password database as login parameters to generate a simulated login request, thereby simulating the process of a user entering login parameters to the login page.

[0070] Step 102: Submit the simulated login request to the login page and obtain the processing result of the simulated login request from the login page.

[0071] In this embodiment, after the system simulates a login request, the login page will perform a series of processes, including encryption, to convert the login parameters into a form that the server can parse and recognize, i.e., the processing result. Some embodiments of this application do not focus on the specific processing method of the login request by the login page, but only capture the processing result of the login page. This is because the processing result is obtained by the login page processing weak passwords in a preset weak password database, and the processing result already reflects the login page's method of handling weak passwords. It is understood that after simulating a login request input to the login page, a successful login result is often not obtained. We only need to obtain the login request. After the login request is sent, we can determine that the weak passwords used as login parameters have been processed by the front-end JS, undergoing some form of encryption or transformation, or no operation at all. By replacing the password request parameters in the login page one by one with values ​​from the preset weak password database and executing the sending of a simulated login request, we can obtain the simulated login request generated by the preset weak password database and know the processing result of the login page after processing each weak password. Furthermore, the weak passwords in the simulated login request have been processed in some way to conform to the parsing rules of the backend server.

[0072] Step 103: Match the processing result with the weak passwords in the preset weak password dictionary.

[0073] In this embodiment, the system can match the processing results output to the login page with the weak passwords previously used as login parameters based on the timing of each simulated login request. For example, weak password 1, weak password 2, and weak password 3 are used as login parameters to generate simulated login parameters and submitted to the login interface in sequence. The login page then outputs processing results 1, 2, and 3 in sequence. Therefore, processing result 1 can be matched with weak password 1, processing result 2 with weak password 2, and processing result 3 with weak password 3. Of course, this is just an example; the weak passwords can also be matched with the processing results based on data characteristics, data length, or other data matching methods. The specific settings can be configured according to actual needs and are not limited here.

[0074] Step 104: Using the field data in the processing result that matches the weak password, construct the target weak password database for the login page, wherein the target weak password database is used to identify weak passwords in the login requests received by the login interface.

[0075] In this embodiment of the application, the field data that matches the weak password in the processing result is used as the weak instruction of the login page to construct the target weak password library of the login page. Since the field data in the target weak password library is obtained by the login page through a series of processes such as encryption of the weak password, it is consistent with the login page's processing method for login passwords. By using the target weak password to match the field data in the subsequent login request to the login page, the weak password that has been encrypted by the login page can be effectively identified.

[0076] This application embodiment uses weak passwords from a preset weak password database as login parameters to simulate a user sending a simulated login request to the login page. The login page then uses the processing results of the weak passwords contained in the simulated login request to construct a target weak password database specific to the login page. Since the target weak password database can reflect a series of processing methods such as encryption of weak passwords by the login page, the weak passwords in the login request sent by the user can be accurately identified using this target weak password database, thus improving the accuracy of weak password identification in the login request.

[0077] Figure 2 The schematic diagram illustrates a flowchart of another method for detecting weak passwords on a login page provided in this application, the method comprising:

[0078] Step 201: When performing weak password detection on the login page, search for login keywords on the login page and identify the login input box on the login page.

[0079] It should be noted that the login keyword can be any keyword used to identify the login input field on the login page, such as: username, user, password, etc. The specific keyword can be set according to actual needs, and there are no restrictions here.

[0080] In the embodiments of this application, considering that there may be multiple input parameters on the login page, and some embodiments of this application only focus on the login parameters involved in the login operation, the input box identified by the login keyword on the login page can be identified by using the login keyword to search the identification information contained in the login page, i.e., the login input box.

[0081] Step 202: When there is a login input box control around the login input box, the input parameters in the login input box are used as login parameters.

[0082] In this embodiment, to further improve the accuracy of the identified login input box, it can also be determined whether there are login input box controls around the identified login input box, such as to the right or below the login input box. This login input box control is a functional control used to receive user clicks, long presses, swipes, etc., to trigger the generation and sending of login requests. If there are login input box controls around the identified login input box, it can be determined that login parameters can be entered into the login input box.

[0083] Step 203: Use each weak password in the preset weak password library as a login parameter to fill the login input box of the login page.

[0084] In this embodiment of the application, after determining the login input box, the system can arrange and combine various weak passwords in the preset weak password library to input different login parameters into the login input box.

[0085] This application embodiment identifies the login input box on the login page by searching for login keywords, and further determines whether the login input box is trustworthy based on whether there are login input box controls around it, thereby improving the accuracy of the determined login parameters.

[0086] Step 204: When the login page has a verification code input box, compare the page elements of the login page after the login parameters are entered with those of the login page before the login parameters are entered, and use the input box corresponding to the identified changed page element as the verification code input box.

[0087] In this embodiment, the verification code input box on the login page is usually displayed after the login parameters in the login input box are filled in. Therefore, by comparing the elements of the login page before and after the login parameters are entered, the input box corresponding to the newly added page element on the login page after the login parameters are entered can be used as the verification code input box, thereby making it convenient and accurate to determine the verification code input box on the login page.

[0088] Step 205: When a verification code input box exists on the login page, fill the login code input box with a preset verification code.

[0089] In the embodiments of this application, it is considered that the login page may contain a verification code. However, since some embodiments of this application do not focus on the verification result of the server's processing result of the simulated login request, the verification code can be a uniformly preset verification code, such as filling in specific characters instead of "1234", which will not trigger the server's verification mechanism. Therefore, there is no need to consider the correctness of the input verification code. Any value can be filled in as the preset verification code so that the login page can determine that the verification code has been entered and generate a simulated login request.

[0090] This application embodiment uses a preset verification code to fill the verification code input box on the login page, avoiding the situation where the login request cannot be sent due to the lack of a verification code, and improving the efficiency of simulating login request sending.

[0091] Furthermore, login requests can be marked using a preset verification code. That is, after the login page outputs the processing result, the preset verification code in the processing result can be identified to determine which simulated login request the processing result belongs to, thereby improving the accuracy of the processing result matching.

[0092] Step 206: Send a trigger command to the login input box control so that the login page generates a login request.

[0093] Step 207: Submit the simulated login request to the login page.

[0094] In this embodiment of the application, after the login parameters and / or verification code are entered, the system can simulate the user to send trigger commands such as click or long press to the login input control box, so that the login page triggers the login request sending process, generates a login request based on the entered login parameters and / or verification code, and submits the simulated login request to the login page, so that the login page performs a series of processing processes such as encrypting the login request.

[0095] Step 208: When the login page triggers a login event, intercept the processing result sent by the login page to the server.

[0096] In this embodiment of the application, considering that some embodiments of the application do not focus on the server's verification of the processing result, the system will intercept the processing result sent by the login page to the server when it detects that the login page triggers a login event for the login request, so as to avoid a large amount of server traffic and processing resources being occupied by a large number of simulated login requests.

[0097] This application embodiment intercepts the processing result sent from the login page to the server, thus preventing the simulated login request used for weak password detection from reaching the server. This has no impact on the server's functionality and performance, and will not trigger server-side IP blocking or account locking mechanisms.

[0098] Step 209: Match the processing result with the weak passwords in the preset weak password dictionary.

[0099] This step can be referred to in the detailed description of step 103, and will not be repeated here.

[0100] Step 210: Using the field data in the processing result that matches the weak password, construct the target weak password database for the login page, wherein the target weak password database is used to identify weak passwords in the login requests received by the login interface.

[0101] This step can be referred to in the detailed description of step 104, and will not be repeated here.

[0102] Optionally, refer to Figure 3 After step 104, the method further includes:

[0103] Step 301: Obtain the user login request entered by the user on the login page.

[0104] Step 302: Match the data of each field in the user login request with weak passwords in the target weak password database, wherein the data of the field includes at least one of the following: username field data, password field data, and login field data.

[0105] Step 303: If any of the field data matches any of the weak passwords, determine that the login request contains a weak password.

[0106] Step 304: Display a message indicating that the login request contains a weak password.

[0107] In this embodiment of the application, after obtaining the target weak password database through the above embodiments, the target weak password database can be used to match the field data in the login request entered by the user to detect whether there is a weak password in the login request. If a weak password is found, a prompt message can be displayed to inform the user to change the entered login password. Furthermore, the prompt message can further mark the position of the matched weak password field data to prompt the user to change it.

[0108] This application's embodiments, based on the target weak password database for login pages provided in some of the above embodiments, achieve an accuracy rate of over 99% assuming successful traffic matching. Unlike existing traffic monitoring methods, some embodiments of this application, by bypassing application requests, match the user's actual login request with the processed weak password value in the target weak password database. If the processed string appears in the request, then it is determined that:

[0109] 1. The string encryption method in this request is the same as the password encryption method.

[0110] 2. The string in this request is formed by encrypting a specific initial weak password.

[0111] Based on the above two points, it can be confirmed that the request is a login request with a weak password. As additional verification measures, keyword matching in the request, such as "username" and "password," can be used for auxiliary verification. Fields in the request URL, such as "login" and "logon," can also be used for auxiliary verification to further improve the accuracy.

[0112] By matching it against the initial weak password database, it can be determined that the username is using a specific weak password.

[0113] Figure 4 The schematic diagram illustrates the structure of a weak password detection device 40 for a login page provided in this application. The device includes:

[0114] The simulation module 401 is used to generate a simulated login request by using weak passwords in a preset weak password database as login parameters of the login page when performing weak password detection on the login page.

[0115] The simulated login request is submitted to the login page, and the processing result of the simulated login request by the login page is obtained;

[0116] Matching module 402 is used to match the processing result with weak passwords in the preset weak password dictionary;

[0117] The construction module 403 is used to construct a target weak password database for the login page using the field data in the processing result that matches the weak password, wherein the target weak password database is used to identify weak passwords in the login requests received by the login interface.

[0118] Optionally, the simulation module 401 is further configured to:

[0119] Search for login keywords on the login page and identify the login input box on the login page;

[0120] When there is a login input box control around the login input box, the input parameters in the login input box are used as login parameters.

[0121] Optionally, the simulation module 401 is further configured to:

[0122] Each weak password from the preset weak password library is used as a login parameter to fill the login input box on the login page;

[0123] A trigger command is sent to the login input box control to cause the login page to generate a login request.

[0124] Optionally, the simulation module 401 is further configured to:

[0125] If a verification code input box exists on the login page, a preset verification code is filled into the login code input box.

[0126] Optionally, the simulation module 401 is further configured to:

[0127] When a verification code input box exists on the login page, the login page after the login parameters are entered is compared with the login page before the login parameters are entered. The input box corresponding to the identified changed page element is used as the verification code input box.

[0128] Optionally, the device further includes: a detection module, used for:

[0129] Obtain the user login request entered by the user on the login page;

[0130] The data in each field of the user login request is matched with weak passwords in the target weak password database; wherein the data in the field includes at least one of the following: username field data, password field data, and login field data;

[0131] If any of the field data matches any of the weak passwords, it is determined that the login request contains a weak password;

[0132] Display a message indicating that the login request contains a weak password.

[0133] Optionally, the simulation module 401 is further configured to:

[0134] When the login page triggers a login event, the processing result sent by the login page to the server is intercepted.

[0135] This application embodiment uses weak passwords from a preset weak password database as login parameters to simulate a user sending a simulated login request to the login page. The login page then uses the processing results of the weak passwords contained in the simulated login request to construct a target weak password database specific to the login page. Since the target weak password database can reflect a series of processing methods such as encryption of weak passwords by the login page, the weak passwords in the login request sent by the user can be accurately identified using this target weak password database, thus improving the accuracy of weak password identification in the login request.

[0136] The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs. Those skilled in the art can understand and implement this without any creative effort.

[0137] The various component embodiments of this application can be implemented in hardware, or as software modules running on one or more processors, or a combination thereof. Those skilled in the art will understand that microprocessors or digital signal processors (DSPs) can be used in practice to implement some or all of the functions of some or all of the components in the computing processing device according to the embodiments of this application. This application can also be implemented as a device or apparatus program (e.g., a computer program and computer program product) for performing part or all of the methods described herein. Such an implementation of this application can be stored on a non-transient computer-readable medium, or can be in the form of one or more signals. Such signals can be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.

[0138] For example, Figure 5A computing processing apparatus is shown that can implement the methods according to this application. This computing processing apparatus conventionally includes a processor 510 and a computer program product or non-transitory computer-readable medium in the form of a memory 520. The memory 520 may be an electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read-Only Memory), EPROM, hard disk, or ROM. The memory 520 has a storage space 530 for program code 531 for performing any of the method steps described above. For example, the storage space 530 for program code may include various program codes 531 respectively for implementing the various steps in the methods described above. These program codes can be read from or written to one or more computer program products. These computer program products include program code carriers such as hard disks, CDs, memory cards, or floppy disks. Such computer program products are typically as shown in the reference. Figure 6 The portable or fixed storage unit is described above. This storage unit may have the same characteristics as... Figure 5 The memory 520 in the computing processing device is arranged similarly to storage segments, storage spaces, etc. Program code can be compressed, for example, in an appropriate form. Typically, the storage unit includes computer-readable code 531', that is, code that can be read by a processor such as 510, which, when run by the computing processing device, causes the computing processing device to perform the various steps in the methods described above.

[0139] It should be understood that although the steps in the flowcharts of the accompanying figures are shown sequentially as indicated by the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the accompanying figures may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily completed at the same time, but can be executed at different times, and their execution order is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the sub-steps or stages of other steps.

[0140] The terms "an embodiment," "embodiment," or "one or more embodiments" as used herein mean that a particular feature, structure, or characteristic described in connection with an embodiment is included in at least one embodiment of this application. Furthermore, please note that the examples of the phrase "in one embodiment" do not necessarily all refer to the same embodiment.

[0141] Numerous specific details are set forth in the specification provided herein. However, it will be understood that embodiments of this application may be practiced without these specific details. In some instances, well-known methods, structures, and techniques have not been shown in detail so as not to obscure the understanding of this specification.

[0142] In the claims, any reference signs placed between parentheses should not be construed as limiting the claims. The word "comprising" does not exclude the presence of elements or steps not listed in the claims. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. This application can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means may be embodied by the same item of hardware. The use of the words first, second, and third, etc., does not indicate any order. These words can be interpreted as names.

[0143] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this application.

Claims

1. A method for detecting weak passwords on a login page, characterized in that, The method includes: When performing weak password detection on the login page, weak passwords from a preset weak password database are used as login parameters for the login page to generate a simulated login request. The simulated login request is submitted to the login page. When the login page triggers a login event, the processing result sent by the login page to the server is intercepted to obtain the processing result of the login page on the simulated login request. The processing result is matched with weak passwords in a preset weak password dictionary; Using the field data in the processing result that matches the weak password, a target weak password database for the login page is constructed. This database is used to detect and identify weak passwords in login requests received by the login page. The field data in the target database is the result of the login page encrypting or transforming the weak password on the front end, and is used to directly match the field data in the user's login request that has already been processed by the front end. If the login request is detected to contain field data that matches the target weak password database, a prompt message indicating that the login request contains a weak password is output.

2. The method according to claim 1, characterized in that, Before generating a simulated login request by using weak passwords from a preset weak password database as login parameters for the login page, the method includes: Search for login keywords on the login page and identify the login input box on the login page; When there is a login input box control around the login input box, the input parameters in the login input box are used as login parameters.

3. The method according to claim 2, characterized in that, The step of using weak passwords from a preset weak password database as login parameters for the login page to generate a simulated login request includes: Each weak password from the preset weak password library is used as a login parameter to fill the login input box on the login page; A trigger command is sent to the login input box control to cause the login page to generate a login request.

4. The method according to claim 3, characterized in that, After using each weak password from the preset weak password library as a login parameter to fill the login input box on the login page, the method further includes: When a verification code input box exists on the login page, a preset verification code is filled into the verification code input box.

5. The method according to claim 4, characterized in that, When a verification code input box exists on the login page, before filling the verification code input box with a preset verification code, the method further includes: When a verification code input box exists on the login page, the login page after the login parameters are entered is compared with the login page before the login parameters are entered. The input box corresponding to the identified changed page element is used as the verification code input box.

6. The method according to claim 1, characterized in that, After constructing a target weak password database for the login page using the field data matching the weak password in the processing result, wherein the target weak password database is used to identify weak passwords in the login requests received by the login page, the method further includes: Obtain the user login request entered by the user on the login page; The data in each field of the user login request is matched with weak passwords in the target weak password database; wherein the data in the field includes at least one of the following: username field data, password field data, and login field data; If any of the field data matches any of the weak passwords, it is determined that the login request contains a weak password; Display a message indicating that the login request contains a weak password.

7. A device for detecting weak passwords on a login page, characterized in that, The device includes: The simulation module is used to generate a simulated login request by using weak passwords from a preset weak password database as login parameters for the login page when performing weak password detection on the login page. The simulated login request is submitted to the login page. When the login page triggers a login event, the processing result sent by the login page to the server is intercepted to obtain the processing result of the login page on the simulated login request. The matching module is used to match the processing result with weak passwords in a preset weak password dictionary; The module is used to construct a target weak password database for the login page using field data that matches the weak password in the processing result. The target weak password database is used to detect and identify weak passwords in login requests received by the login page. The field data in the target weak password database is the result of the login page encrypting or transforming the weak password on the front end, and is used to directly match the field data that has been processed by the front end in the user login request. If the login request is detected to contain field data that matches the target weak password database, a prompt message indicating that the login request contains a weak password is output.

8. A computing processing device, characterized in that, include: Memory containing computer-readable code; One or more processors, when the computer-readable code is executed by the one or more processors, the computing processing device performs the method for detecting weak passwords in a login page as described in any one of claims 1-6.

9. A non-transient computer-readable medium, characterized in that, It contains a computer program for detecting weak passwords on a login page as described in any one of claims 1-6.