Message management method and device, and computer readable storage medium
By parsing the message data pairs between the client and the server on the server side, generating a set of plaintext lengths and comparing them, the problem of being unable to parse encrypted URL addresses in existing technologies is solved, thereby achieving accuracy and reducing risk in network security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- WUHAN GREENET INFORMATION SERVICE
- Filing Date
- 2022-12-30
- Publication Date
- 2026-06-26
Smart Images

Figure CN116389617B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network technology, and in particular to a message management method, apparatus and computer-readable storage medium. Background Technology
[0002] With the rapid development of computer networks, more and more people prefer to use the internet for entertainment, work, and leisure. In this context, it is necessary to identify and parse network traffic packets to extract the information carried by the packets. Based on this information, it is possible to determine whether a user's online behavior may pose a security risk (e.g., it may cause serious consequences such as financial loss or leakage of personal information) and take timely protective measures to effectively ensure the user's online security.
[0003] A URL (Uniform Resource Locator) is used to identify the location of a network resource and is usually set in encrypted form within the network resource address. Currently, network traffic is typically analyzed using traditional DPI (Deep Packet Inspection) technology. However, because traditional DPI technology can only parse the plaintext content of the accessed network resource address and cannot parse the encrypted content (i.e., the URL address), it is impossible to accurately obtain the network resource address accessed by the user, and therefore it is impossible to determine whether the accessed network resource address is secure, resulting in a high risk of network security. Summary of the Invention
[0004] This application provides a message management method, apparatus, and computer-readable storage medium to alleviate the current technical problem of high network security risks.
[0005] To address the aforementioned technical problems, this application provides the following technical solution:
[0006] This application provides a message management method applied to a server, the message management method comprising:
[0007] When the connection response message meets the message conditions, the message data pair generated by the client and the server during the communication process is obtained; wherein, the message data pair includes the request message sent by the client to the server, and the response message returned by the server to the client based on the request message, and the response message includes at least an encrypted resource locator;
[0008] The response message is extracted from the message data pair, and the ciphertext length corresponding to the encrypted resource locator is determined based on the response message length corresponding to the response message.
[0009] Based on the ciphertext length, a plaintext length set is generated; wherein, the plaintext length set includes the plaintext length corresponding to the encrypted resource locator;
[0010] The plaintext length set is compared with the locator length set to obtain the comparison result; wherein, the locator length set includes the locator length corresponding to the target resource locator.
[0011] Prior to the step of obtaining the message data pair generated by the client and the server during communication when the connection response message meets the message conditions, the method further includes:
[0012] When a connection request message is received from a client, a connection response message is sent to the client based on the connection request message;
[0013] Extract key field information from the connection response message.
[0014] The step of obtaining the message data pair generated by the client and the server during communication when the connection response message meets the message conditions includes:
[0015] When the key field information meets the field conditions, it is determined that the connection response message meets the message conditions; wherein, the key field information includes encryption algorithm suite information and protocol version information;
[0016] Obtain the message data pairs generated by the client and the server during the communication process.
[0017] The step of determining that the connection response message meets the message conditions when the key field information meets the field conditions includes:
[0018] When the encryption algorithm represented by the encryption algorithm suite information satisfies the ciphertext reference length condition, and the protocol represented by the protocol version information does not include the preset transport protocol, it is determined that the key field information satisfies the field condition, and it is determined that the connection response message satisfies the message condition; wherein, the preset transport protocol includes the HTTP 2.0 protocol and the TLS 1.3 protocol.
[0019] The method further includes, before the step of extracting the response message from the message data pair and determining the ciphertext length corresponding to the encrypted resource locator based on the response message length, the method further includes:
[0020] The message length difference is determined based on the encryption algorithm; wherein the message length difference includes the difference between the reference plaintext length and the reference ciphertext length.
[0021] The step of extracting the response message from the message data pair and determining the ciphertext length corresponding to the encrypted resource locator based on the response message length includes:
[0022] The response message is extracted from the message data pair, and the length of the response message corresponding to the response message is determined; the response message length includes the response header length and the response body length.
[0023] A message length threshold is determined based on the message length difference, and the response body length is extracted from the response length based on the message length threshold.
[0024] The length of the response body is used as the length of the ciphertext corresponding to the encrypted resource locator.
[0025] The step of generating a plaintext length set based on the ciphertext length includes:
[0026] Subtract the message length difference from the ciphertext length corresponding to the encrypted resource locator in each response message to obtain the plaintext length corresponding to the encrypted resource locator in each response message;
[0027] A set of plaintext lengths is generated based on the plaintext length corresponding to the encrypted resource locator in each response message.
[0028] Prior to the step of comparing the plaintext length set with the locator length set to obtain the comparison result, the method further includes:
[0029] Get all resource locators;
[0030] The target resource locator is determined from all the resource locators; wherein the original locator corresponding to the target resource locator has a fixed and unique length;
[0031] A set of locator lengths is generated based on the locator length corresponding to the target resource locator; wherein, the set of locator lengths includes the original locator length and the locator length corresponding to the target resource locator after data processing.
[0032] This application embodiment also provides a message management device applied to a server, the message management device comprising:
[0033] The acquisition module is used to acquire a message data pair generated between the client and the server during communication when the connection response message meets the message conditions; wherein, the message data pair includes a request message sent by the client to the server, and a response message returned by the server to the client based on the request message, and the response message includes at least an encrypted resource locator.
[0034] The determining module is used to extract the response message from the message data pair and determine the ciphertext length corresponding to the encrypted resource locator based on the response message length corresponding to the response message;
[0035] A generation module is used to generate a plaintext length set based on the ciphertext length; wherein the plaintext length set includes the plaintext length corresponding to the encrypted resource locator;
[0036] The comparison module is used to compare the plaintext length set with the locator length set to obtain a comparison result; wherein, the locator length set includes the locator length corresponding to the target resource locator.
[0037] This application also provides a computer-readable storage medium storing a plurality of instructions adapted for loading by a processor to execute the steps in any of the above-described message management methods.
[0038] This application provides a message management method, apparatus, and computer-readable storage medium applied to a server. When a connection response message meets the message conditions, the method acquires message data pairs generated between the client and the server during communication. These message data pairs include a request message sent by the client to the server and a response message returned by the server to the client based on the request message. The response message includes at least an encrypted resource locator. The method then extracts the response message from the message data pairs and determines the ciphertext length corresponding to the encrypted resource locator based on the response message length. Based on the ciphertext length, a plaintext length set containing the plaintext lengths corresponding to the encrypted resource locators in each response message is generated. Finally, the plaintext length set is compared with a locator length set containing the locator lengths corresponding to the target resource locator to obtain a comparison result. Based on the response message in the message data pair, a plaintext length set containing the plaintext length before encryption of the encrypted resource locator can be generated. By comparing the plaintext length set with the locator length set containing the target resource locator, it can be determined whether the encrypted resource locator is the target resource locator. Therefore, it is possible to accurately know whether the network resource address accessed by the user is secure, thereby effectively reducing network security risks. Attached Figure Description
[0039] The technical solution and other beneficial effects of this application will become apparent from the following detailed description of specific embodiments in conjunction with the accompanying drawings.
[0040] Figure 1 This is a flowchart illustrating the message management method provided in the embodiments of this application.
[0041] Figure 2 This is a schematic diagram of a scenario for the message management method provided in the embodiments of this application.
[0042] Figure 3 This is a schematic diagram of the message management device provided in the embodiments of this application. Detailed Implementation
[0043] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0044] This application provides a message management method, apparatus, and computer-readable storage medium.
[0045] like Figure 1 As shown, Figure 1 This is a flowchart illustrating the message management method provided in an embodiment of this application, which is applied to the server. The specific process can be as follows:
[0046] S101. When the connection response message meets the message conditions, obtain the message data pair generated by the client and the server during the communication process. The message data pair includes the request message sent by the client to the server, and the response message returned by the server to the client based on the request message. The response message includes at least an encrypted resource locator.
[0047] The connection response message is a message used to respond to connection requests. The request message and response message in the message data pair correspond one-to-one, and the encrypted resource locator includes the encrypted URL address.
[0048] Specifically, to ensure data confidentiality and integrity during communication between the client and server, the TLS (Transport Layer Security) protocol is typically used to establish a connection between the client and server (which can be a long connection or a short connection). During connection establishment, the client first sends a ClientHello message to the server. Upon receiving this message, the server returns a ServerHello message to the client and a certificate (containing the public key and other authentication information) to the client for verification. If the client confirms the certificate's validity, it indicates trust in the server. Next, the client generates a random string as a communication key and encrypts the communication key and encryption algorithm using its public key before sending it to the server. The server decrypts the encryption algorithm using its private key. At this point, the server and client have established a connection, and both parties can use the communication key and the agreed-upon encryption algorithm to encrypt and transmit messages. Optionally, in this embodiment, the connection establishment process described above is stored in the TLS handshake record module, and the request messages and response messages generated by the client and server after the connection is established (i.e. the communication process) are matched one-to-one to generate message data pairs, and the message data pairs are stored in the TLS data record module.
[0049] In this embodiment, the ClientHello message is used as a connection request message, and the ServerHello message is used as a connection response message. The ClientHello message has an SNI extended field, which carries the domain name of the network resource being accessed. The ServerHello message carries an encryption algorithm suite. Additionally, the ServerHello message has ALPN extended fields and Supported_Versions extended fields. The ALPN extended field carries application layer protocol information, and the Supported_Versions extended field carries secure transport protocol information. Specifically, when the server receives the ClientHello message from the client, it sends a ServerHello message to the client based on the ClientHello message and extracts key field information (e.g., encryption algorithm suite information, application layer protocol information, and secure transport protocol information) from the ServerHello message.
[0050] Furthermore, in this embodiment, to ensure the effectiveness and reliability of subsequent ciphertext parsing, before obtaining the message data generated by the client and server during communication, it is necessary to analyze the key field information in the connection response message. Only when the key field information meets the field conditions is the connection response message determined to meet the message conditions, and the message data pairs generated by the client and server during communication obtained. Optionally, the message data pairs generated by the client and server have already been stored in the TLS data recording module in the above steps, so the message data pairs can be read from the TLS data recording module.
[0051] In determining whether key field information meets the field conditions: when the encryption algorithm suite information represents an encryption algorithm that meets the ciphertext reference length condition, and the protocol version information (including application layer protocol information and secure transmission protocol information) represents a protocol that does not include a preset transmission protocol, the key field information is determined to meet the field conditions.
[0052] Optionally, the ciphertext reference length conditions include: ① For plaintext data of a preset length, the length of the ciphertext data generated after multiple encryptions is unique, and the lengths of the plaintext data and the ciphertext data correspond one-to-one; ② For multiple plaintext data with different lengths, the lengths of their corresponding ciphertext data are all different. For example, if the length of the first plaintext data is A, the lengths of the ciphertext data obtained after multiple encryptions of the first plaintext data are A1, A2, ..., An, where A1 = A2, ... = An; if there are first plaintext data and second plaintext data with different lengths, the length of the first plaintext data is A, the length of the second plaintext data is B (A≠B), the length of the first ciphertext data corresponding to the first plaintext data is A1, and the length of the second ciphertext data corresponding to the second plaintext data is B1, where A1≠B1.
[0053] The default transport protocol can be HTTP / 2 and / or TLS / 1.3. For example, in the ALPN and Supported_Versions extended fields of the ServerHello message, if the content of ALPN is h2, it means that the application layer protocol used is HTTP / 2.0, and if the content of Supported_Versions is 0x0304, it means that the secure transport protocol used is TLS / 1.3.
[0054] Furthermore, if the client and server use the HTTP pipeline mechanism for data transmission, meaning the client sends the next request message to the server before the server returns the response message, this will cause the correspondence between request messages and response messages to be disordered. Therefore, in this case, the connection response message is also judged not to meet the message conditions.
[0055] S102. Extract the response message from the message data pair, and determine the ciphertext length corresponding to the encrypted resource locator based on the response message length.
[0056] In this embodiment, before extracting the response message from the message data pair, the message length difference is determined in advance based on the encryption algorithm extracted from the encryption algorithm suite information. Optionally, the message length difference includes the difference between the length of the reference plaintext (including any plaintext data) and the length of the reference ciphertext (i.e., the ciphertext data formed after encrypting the reference plaintext based on the encryption algorithm).
[0057] For example, the encryption algorithm suite is
[0058] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 extracts AES_128_GCM, which uses the AEAD mode encryption algorithm. This encryption algorithm has a 16-byte authentication identifier. In addition, based on the TLS protocol specification, there is an 8-byte random number before the ciphertext. Therefore, the length of the ciphertext data in the TLS record will be 24 bytes longer than the length of the plaintext data. That is to say, the difference in message length is 24 bytes.
[0059] Specifically, in this embodiment, the response message is first extracted from the message data pair, and the length of the response message (including the response header length and response body length) is determined. For example, there are a first message data pair and a second message data pair. The first response message is extracted from the first message data pair, and the second response message is extracted from the second message data pair. The response message length corresponding to the first response message is (348, 29), and the response message length corresponding to the second response message is (16408, 356, 598). Then, the message length threshold is determined based on the message length difference, and the response body length is extracted from the response length according to the message length threshold. The response body length is then used as the ciphertext length corresponding to the encrypted resource locator.
[0060] In determining the response body length, considering that the response header and response body in the response message are transmitted by different TLS records, and the upper limit of the data size transmitted by each TLS record is 16KB (i.e., 16384 bytes), in this embodiment, the sum of the message length difference and the upper limit of the data size is used as the message length threshold. The response message length is compared with the message length threshold, and the first part of the response message length that is less than the message length threshold and the part before that part are used as the response header length, and the rest is used as the response body length. For example, if the message length difference is 24 and the message length threshold is 24 + 16384 = 16408, the response message length corresponding to the first response message is (348, 29). Since 348 is the first part less than the message length threshold, 348 is used as the response header length and 29 is used as the response body length. That is, the ciphertext length corresponding to the encrypted resource locator in the first response message is (29). The response message length corresponding to the second response message is (16408, 356, 598). Since 16408 is equal to the message length threshold, 356 is determined as the first part less than the message length threshold. Therefore, 16408 and 356 are used as the response header length and 598 is used as the response body length. That is, the ciphertext length corresponding to the encrypted resource locator in the second response message is (598).
[0061] S103. Based on the ciphertext length, generate a plaintext length set, which includes the plaintext length corresponding to the encrypted resource locator.
[0062] In order to accurately parse the URL address accessed by the user, it is necessary to first determine the plaintext length (i.e., the length of the URL address in bytes before encryption) corresponding to the encrypted resource locator.
[0063] Specifically, in this embodiment, the ciphertext length corresponding to the encrypted resource locator in each response message is first subtracted from the message length difference to obtain the plaintext length corresponding to the encrypted resource locator in each response message. Then, a plaintext length set is generated based on the plaintext length corresponding to the encrypted resource locator in each response message. For example, if the message length difference is 24, the ciphertext length corresponding to the encrypted resource locator in the first response message is (29), so the plaintext length corresponding to the encrypted resource locator in the first response message is (5); the ciphertext length corresponding to the encrypted resource locator in the second response message is (598), so the plaintext length corresponding to the encrypted resource locator in the second response message is (574). Therefore, the plaintext length set is: {5, 574}.
[0064] It should be noted that if the plaintext length corresponding to the encrypted resource locator in the response message consists of two or more parts, the values of each part of the plaintext length corresponding to the encrypted resource locator need to be added together, and the summed length is taken as the actual plaintext length corresponding to the encrypted resource locator. For example, if the plaintext length corresponding to the encrypted resource locator in the third response message is (136, 598), the values of each part of the plaintext length corresponding to the encrypted resource locator are added together: 136 + 598 = 734. Therefore, the actual plaintext length corresponding to the encrypted resource locator in the third response message is (734).
[0065] S104. Compare the plaintext length set with the locator length set to obtain the comparison result. The locator length set includes the locator length corresponding to the target resource locator.
[0066] The target resource locator includes a preset URL address, the locator length represents the byte length corresponding to the target resource locator, and the comparison result represents the intersection information of the plaintext length set and the locator length.
[0067] Specifically, in practical applications, it is necessary to analyze network traffic information to determine whether the network resource address accessed by the user has network security risks (e.g., whether it is an illegal website), so that protective measures can be taken in a timely manner to avoid serious consequences such as property loss and information leakage for the user. In this embodiment, the comparison result includes a first comparison result or a second comparison result. The first comparison result indicates that the intersection of the plaintext length set and the locator length set is a non-empty set, and the second comparison result indicates that the intersection of the plaintext length set and the locator length set is an empty set. Optionally, the domain name of the network resource address corresponding to the target resource locator can be determined first, and compared with the domain name of the network resource address carried in the SNI extension field of the ClientHello message. If the two are the same, the plaintext length set and the locator length set are then compared. For example, the network resource address corresponding to the target resource locator is https: / / anobody.tk / favicon.ico, and its domain name is anobody.tk. The domain name of the network resource address carried in the SNI extension field of the ClientHello message is also anobody.tk. Since they are the same, the plaintext length set is compared with the locator length set.
[0068] If the comparison result is the first comparison result, it means that the URL address in the network resource address accessed by the user is a preset URL address; if the comparison result is the second comparison result, it means that the URL address in the network resource address accessed by the user does not belong to the preset URL address. Optionally, the URL address in the illegal website address can be used as the target resource locator.
[0069] Specifically, prior to step S104 above, the following is also included:
[0070] Get all resource locators;
[0071] The target resource locator is determined from all resource locators; the original locator corresponding to the target resource locator has a fixed and unique length.
[0072] A set of locator lengths is generated based on the locator length corresponding to the target resource locator; wherein, the set of locator lengths includes the original locator length and the locator length corresponding to the target resource locator after data processing.
[0073] The total resource locator includes all URLs in all website addresses managed by the server, and the target resource locator includes URLs in illegal website addresses. To ensure the accuracy of the comparison results, the original locator length (i.e., the byte length of the target resource locator in its unprocessed state) of the target resource locator needs to be fixed and unique. In addition, in practical applications, considering that the URLs in the network resource addresses accessed by users may undergo various data processing (e.g., compression, deformation, etc.) in addition to being encrypted, this embodiment simulates the locator length of the target resource locator after data processing in advance, and stores the target resource locator, its corresponding original locator length, and its corresponding locator length after data processing in the locator length set.
[0074] It should be noted that when simulating the locator length corresponding to the target resource locator after data processing (e.g., compression), since the server randomly configures relevant parameters (e.g., compression quality, compression ratio, etc.) in the compression algorithm, it is easy to cause different locator lengths after compressing the same target resource locator multiple times using the same compression algorithm. Therefore, in this embodiment, a transmission encoding (e.g., Accept-Encoding: gzip, Accept-Encoding: br, etc.) can be set to obtain the locator lengths obtained by the server after compressing the target resource locator based on different compression programs (e.g., gzip, br, etc.).
[0075] For example, the original locator length of the target resource locator favicon.ico is 5958. After gzip compression and br compression, the locator lengths are 866 and 574 respectively. Therefore, the following set of locator lengths is generated:
[0076] {5958, 866, 574}, In addition, the plaintext length set is: {5, 574}. Comparing the plaintext length set with the locator length set, the first comparison result indicates that the URL address accessed by the user includes favicon.ico, and favicon.ico has been compressed by br during the access process.
[0077] Optionally, if the server determines that the URL accessed by the user includes a target resource locator (RPL), indicating that the user may be accessing an illegal website, it can block the user's network access to ensure online security and display an alert message to warn the user to immediately stop accessing the site. For example... Figure 2 As shown, after the user enters the website address in the URL search interface 2001 and clicks the jump button 2002, the server begins to parse this access behavior. When it determines that the URL address accessed by the user includes the target resource locator, it determines that the website accessed by the user is an illegal website, so the access is blocked and an alarm prompt interface 2003 is displayed.
[0078] As described above, the message management method provided in this application, applied to the server, obtains the message data pair generated between the client and the server during communication when the connection response message meets the message conditions. This message data pair includes a request message and a corresponding response message. The response message includes at least an encrypted resource locator (RPL). The response message is then extracted from the message data pair, and the ciphertext length corresponding to the encrypted RPL is determined based on the response message length. A plaintext length set containing the plaintext lengths corresponding to the encrypted RPLs in each response message is then generated based on the ciphertext lengths. Finally, the plaintext length set is compared with a locator length set containing the locator length corresponding to the target resource locator to obtain a comparison result. Based on the response message in the message data pair, a plaintext length set containing the plaintext length before encryption of the encrypted resource locator can be generated. By comparing this plaintext length set with the locator length set containing the locator length of the target resource locator, it can be determined whether the encrypted resource locator is the target resource locator. Therefore, it is possible to accurately determine whether the network resource address accessed by the user is secure, thereby effectively reducing network security risks.
[0079] Based on the methods described in the above embodiments, this embodiment will be further described from the perspective of a message management device.
[0080] Please see Figure 3 , Figure 3 This application provides a detailed description of a message management device, which is applied to a server. The message management device may include: an acquisition module 10, a determination module 20, a generation module 30, and a comparison module 40, wherein:
[0081] (1) Get module 10
[0082] The acquisition module 10 is used to acquire the message data pair generated by the client and the server during the communication process when the connection response message meets the message conditions; wherein, the message data pair includes a request message sent by the client to the server, and a response message returned by the server to the client based on the request message, and the response message includes at least an encrypted resource locator.
[0083] Specifically, the acquisition module 10 is used for:
[0084] When the key field information meets the field conditions, it is determined that the connection response message meets the message conditions; among which, the key field information includes encryption algorithm suite information and protocol version information;
[0085] Obtain message data pairs generated during communication between the client and the server.
[0086] Specifically, the acquisition module 10 is also used for:
[0087] When the encryption algorithm represented by the encryption algorithm suite information meets the ciphertext reference length condition, and the protocol represented by the protocol version information does not include the preset transport protocol, it is determined that the key field information meets the field condition, and the connection response message meets the message condition; wherein, the preset transport protocol includes the HTTP 2.0 protocol and the TLS 1.3 protocol.
[0088] (2) Determine module 20
[0089] The determination module 20 is used to extract the response message from the message data pair and determine the ciphertext length corresponding to the encrypted resource locator based on the response message length.
[0090] Specifically, the determining module 20 is used for:
[0091] Extract the response message from the message data pair and determine the length of the response message; the response message length includes the response header length and the response body length.
[0092] The message length threshold is determined based on the message length difference, and the response body length is extracted from the response length based on the message length threshold.
[0093] Use the response body length as the ciphertext length corresponding to the encrypted resource locator.
[0094] (3) Generation module 30
[0095] The generation module 30 is used to generate a plaintext length set based on the ciphertext length; wherein the plaintext length set includes the plaintext length corresponding to the encrypted resource locator.
[0096] Specifically, the generation module 30 is used for:
[0097] Subtract the message length difference from the ciphertext length corresponding to the encrypted resource locator in each response message to obtain the plaintext length corresponding to the encrypted resource locator in each response message;
[0098] A set of plaintext lengths is generated based on the plaintext length corresponding to the encrypted resource locator in each response message.
[0099] (4) Comparison module 40
[0100] The comparison module 40 is used to compare the plaintext length set with the locator length set to obtain the comparison result; wherein, the locator length set includes the locator length corresponding to the target resource locator.
[0101] The comparison results include a first comparison result or a second comparison result. The first comparison result indicates that the intersection of the plaintext length set and the locator length set is a non-empty set, and the second comparison result indicates that the intersection of the plaintext length set and the locator length set is an empty set.
[0102] In practice, the above modules can be implemented as independent entities or combined in any way to be implemented as the same or several entities. For the specific implementation of the above modules, please refer to the previous method implementation examples, which will not be repeated here.
[0103] As described above, the message management device provided in this application is applied to the server. When the connection response message meets the message conditions, the acquisition module 10 first acquires the message data pair generated by the client and the server during the communication process. The message data pair includes a request message and a corresponding response message. The response message includes at least an encrypted resource locator. Then, the response message is extracted from the message data pair, and the determination module 20 determines the ciphertext length corresponding to the encrypted resource locator based on the response message length. Then, the generation module 30 generates a plaintext length set containing the plaintext length corresponding to the encrypted resource locator in each response message based on the ciphertext length. Finally, the comparison module 40 compares the plaintext length set with the locator length set containing the locator length corresponding to the target resource locator to obtain the comparison result. Based on the response message in the message data pair, a plaintext length set containing the plaintext length before encryption of the encrypted resource locator can be generated. By comparing the plaintext length set with the locator length set containing the target resource locator, it can be determined whether the encrypted resource locator is the target resource locator. Therefore, it is possible to accurately know whether the network resource address accessed by the user is secure, thereby effectively reducing network security risks.
[0104] Accordingly, embodiments of the present invention also provide a message management system, including any of the message management devices provided in the embodiments of the present invention, which can be integrated into electronic devices.
[0105] Specifically, when the connection response message meets the message conditions, the message data pair generated by the client and the server during the communication process is obtained. The message data pair includes a request message sent by the client to the server and a response message returned by the server to the client based on the request message. The response message includes at least an encrypted resource locator. The response message is extracted from the message data pair, and the ciphertext length corresponding to the encrypted resource locator is determined based on the response message length. Based on the ciphertext length, a plaintext length set is generated, which includes the plaintext length corresponding to the encrypted resource locator. The plaintext length set is compared with the locator length set to obtain the comparison result, where the locator length set includes the locator length corresponding to the target resource locator.
[0106] The specific implementation details of each of the above devices can be found in the preceding embodiments, and will not be repeated here.
[0107] Since the message management system can include any of the message management devices provided in the embodiments of the present invention, it can achieve the beneficial effects that any of the message management devices provided in the embodiments of the present invention can achieve, as detailed in the preceding embodiments, and will not be repeated here.
[0108] Those skilled in the art will understand that all or part of the steps in the various methods of the above embodiments can be implemented by instructions, or by instructions controlling related hardware. These instructions can be stored in a computer-readable storage medium and loaded and executed by a processor. Therefore, embodiments of the present invention provide a storage medium storing multiple instructions that can be loaded by a processor to execute the steps in any of the message management methods provided by the embodiments of the present invention.
[0109] The storage medium may include: read-only memory (ROM), random access memory (RAM), disk or optical disk, etc.
[0110] Since the instructions stored in the storage medium can execute the steps of any message management method provided in the embodiments of the present invention, the beneficial effects that any message management method provided in the embodiments of the present invention can achieve can be realized, as detailed in the preceding embodiments, and will not be repeated here.
[0111] For details on the implementation of each of the above operations, please refer to the previous examples, which will not be repeated here.
[0112] In summary, although the present application has disclosed the preferred embodiments as described above, the above preferred embodiments are not intended to limit the present application. Those skilled in the art can make various modifications and refinements without departing from the spirit and scope of the present application. Therefore, the scope of protection of the present application shall be determined by the scope defined in the claims.
Claims
1. A message management method, characterized in that, Applied to the server side, the message management method includes: When the connection response message meets the message conditions, the message data pair generated by the client and the server during the communication process is obtained; wherein, the message data pair includes the request message sent by the client to the server, and the response message returned by the server to the client based on the request message, and the response message includes at least an encrypted resource locator; The response message is extracted from the message data pair, and the ciphertext length corresponding to the encrypted resource locator is determined based on the response message length corresponding to the response message. Based on the ciphertext length, a plaintext length set is generated; wherein, the plaintext length set includes the plaintext length corresponding to the encrypted resource locator; The plaintext length set is compared with the locator length set to obtain the comparison result; wherein, the locator length set includes the locator length corresponding to the target resource locator; The method further includes, before the step of extracting the response message from the message data pair and determining the ciphertext length corresponding to the encrypted resource locator based on the response message length, the method further includes: The message length difference is determined based on the encryption algorithm; wherein, the message length difference includes the difference between the reference plaintext length and the reference ciphertext length; The step of extracting the response message from the message data pair and determining the ciphertext length corresponding to the encrypted resource locator based on the response message length includes: The response message is extracted from the message data pair, and the length of the response message corresponding to the response message is determined; the response message length includes the response header length and the response body length. A message length threshold is determined based on the message length difference, and the response body length is extracted from the response length according to the message length threshold; the sum of the message length difference and the upper limit of the data size of each transmitted response message is used as the message length threshold. The length of the response body is used as the length of the ciphertext corresponding to the encrypted resource locator. The step of generating a plaintext length set based on the ciphertext length includes: Subtract the message length difference from the ciphertext length corresponding to the encrypted resource locator in each response message to obtain the plaintext length corresponding to the encrypted resource locator in each response message; A set of plaintext lengths is generated based on the plaintext length corresponding to the encrypted resource locator in each response message.
2. The message management method according to claim 1, characterized in that, Before the step of obtaining the message data pair generated by the client and the server during communication when the connection response message meets the message conditions, the method further includes: When a connection request message is received from a client, a connection response message is sent to the client based on the connection request message; Extract key field information from the connection response message.
3. The message management method according to claim 2, characterized in that, The step of obtaining the message data pair generated by the client and the server during communication when the connection response message meets the message conditions includes: When the key field information meets the field conditions, it is determined that the connection response message meets the message conditions; wherein, the key field information includes encryption algorithm suite information and protocol version information; Obtain the message data pairs generated by the client and the server during the communication process.
4. The message management method according to claim 3, characterized in that, The step of determining that the connection response message meets the message conditions when the key field information meets the field conditions includes: When the encryption algorithm represented by the encryption algorithm suite information satisfies the ciphertext reference length condition, and the protocol represented by the protocol version information does not include the preset transport protocol, it is determined that the key field information satisfies the field condition, and it is determined that the connection response message satisfies the message condition; wherein, the preset transport protocol includes the HTTP 2.0 protocol and the TLS 1.3 protocol.
5. The message management method according to claim 1, characterized in that, Before the step of comparing the plaintext length set with the locator length set to obtain the comparison result, the method further includes: Get all resource locators; The target resource locator is determined from all the resource locators; wherein the original locator corresponding to the target resource locator has a fixed and unique length; A set of locator lengths is generated based on the locator length corresponding to the target resource locator; wherein, the set of locator lengths includes the original locator length and the locator length corresponding to the target resource locator after data processing.
6. A message management device, characterized in that, Applied to the server side, the message management device includes: The acquisition module is used to acquire a message data pair generated between the client and the server during communication when the connection response message meets the message conditions; wherein, the message data pair includes a request message sent by the client to the server, and a response message returned by the server to the client based on the request message, and the response message includes at least an encrypted resource locator. The determining module is used to extract the response message from the message data pair and determine the ciphertext length corresponding to the encrypted resource locator based on the response message length corresponding to the response message; A generation module is used to generate a plaintext length set based on the ciphertext length; wherein the plaintext length set includes the plaintext length corresponding to the encrypted resource locator in each response message; The comparison module is used to compare the plaintext length set with the locator length set to obtain a comparison result; wherein, the locator length set includes the locator length corresponding to the target resource locator; The determining module is further configured to: determine a message length difference based on an encryption algorithm; wherein the message length difference includes the difference between the reference plaintext length and the reference ciphertext length; extract the response message from the message data pair and determine the response message length corresponding to the response message; the response message length includes the response header length and the response body length; determine a message length threshold based on the message length difference and extract the response body length from the response length according to the message length threshold; use the sum of the message length difference and the upper limit of the data size of each transmitted response message as the message length threshold; and use the response body length as the ciphertext length corresponding to the encrypted resource locator. The generation module is further configured to subtract the message length difference from the ciphertext length corresponding to the encrypted resource locator in each response message to obtain the plaintext length corresponding to the encrypted resource locator in each response message; and generate a plaintext length set based on the plaintext length corresponding to the encrypted resource locator in each response message.
7. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a plurality of instructions adapted for loading by a processor to perform the steps of the message management method according to any one of claims 1 to 5.