Hypertext transfer protocol secure testing method and device, software program and storage medium

By intercepting and configuring protocols using network testing components, and establishing connections using virtual application technology and multi-process parallel components, the problem of universality in hypertext transfer security protocol detection is solved, and efficient detection across operating systems is achieved.

CN116633832BActive Publication Date: 2026-06-05TENCENT TECHNOLOGY (SHENZHEN) CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
TENCENT TECHNOLOGY (SHENZHEN) CO LTD
Filing Date
2022-02-11
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In existing technologies, the detection of Hypertext Transfer Security Protocol (HTTP) requires obtaining the terminal's operating permissions, and different testing methods are needed for different terminal operating systems, resulting in poor detection versatility.

Method used

The network testing component acquires information transmission data packets, intercepts them when the protocol layer information is Hypertext Transfer Security Protocol (HTTP), configures Secure Sockets Protocol (SSL) or Transport Layer Security (TLS), and establishes client trust using virtual application technology and multi-process parallel components to achieve connection and testing with the server.

Benefits of technology

It improves the detection efficiency of the Hypertext Transfer Security Protocol, making it more versatile and adaptable to network environments of different operating systems.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116633832B_ABST
    Figure CN116633832B_ABST
Patent Text Reader

Abstract

The application provides a hypertext transfer protocol secure testing method, comprising the following steps: a network testing component acquires information transmission data packets and detects protocol layer information of the data packets; when it is determined that the type of the protocol layer information is a hypertext transfer protocol secure, the information transmission data packets are intercepted; the network testing component configures a secure sockets layer protocol or a transmission layer security protocol based on the intercepted information transmission data packets; a connection with a server end is established through the secure sockets layer protocol or the transmission layer security protocol; and the network testing component tests the hypertext transfer protocol secure based on the connection with the client and the connection with the server end. The application also provides a hypertext transfer protocol secure testing device, a software program and a storage medium, so that the universality of the detection of the hypertext transfer protocol secure is stronger.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to network simulation processing technology, and more particularly to methods, apparatus, software programs and storage media for testing Hypertext Transfer Security Protocol (HTTP). Background Technology

[0002] In related technologies, terminals such as mobile phones and tablets can access the Internet via Wireless Local Area Networks (WLANs) and transmit information using the Hypertext Transfer Protocol (HTTP). To ensure the accuracy of information transmission using HTTP, it is necessary to test the HTTP protocol to guarantee its correct operation. However, testing the HTTP protocol in related technologies requires obtaining operational permissions from the terminal, and different testing methods are needed for different terminal operating systems, which hinders the improvement of the universality of HTTP protocol testing. Summary of the Invention

[0003] In view of this, embodiments of the present invention provide a method, apparatus, software program, and storage medium for testing Hypertext Transfer Security Protocol (HTTP), which can test HTTP through network testing components, improve the detection efficiency of HTTP, and make the detection of HTTP more universal and adaptable to network environments of different types of operating systems.

[0004] The technical solution of this invention is implemented as follows:

[0005] This invention provides a method for testing Hypertext Transfer Security Protocol (HTTP), including:

[0006] The network testing component acquires information transmission data packets and detects the protocol layer information of the data packets;

[0007] When the type of the protocol layer information is determined to be Hypertext Transfer Security Protocol, the information transmission data packet is intercepted;

[0008] The network testing component configures a secure socket protocol or a transport layer security protocol based on the intercepted information transmission data packets.

[0009] When the certificate of the network testing component passes the test, the network testing component uses virtual application technology and a multi-process parallel component to send the certificate test result of the network testing component to the client, so that the client trusts the certificate of the network testing component and establishes a connection with the network testing component.

[0010] Establish a connection with the server using the Secure Sockets Protocol or Transport Layer Security Protocol;

[0011] The network testing component tests the Hypertext Transfer Security Protocol based on the connection with the client and the connection with the server.

[0012] This invention also provides a Hypertext Transfer Security Protocol (HTTP) testing device, comprising:

[0013] The information transmission module is used to obtain information transmission data packets from the network testing component and to detect the protocol layer information of the data packets;

[0014] The information processing module is used to intercept the information transmission data packet when it is determined that the type of the protocol layer information is Hypertext Transfer Security Protocol.

[0015] The information processing module is used to configure a secure socket protocol or a transport layer security protocol based on the intercepted information transmission data packets.

[0016] The information processing module is used to, when the certificate of the network testing component passes the test, use virtual application technology and a multi-process parallel component to send the certificate test result of the network testing component to the client, so that the client trusts the certificate of the network testing component and establishes a connection with the network testing component.

[0017] The information processing module is used to establish a connection with the server through the Secure Sockets Protocol or the Transport Layer Security Protocol.

[0018] The information processing module is used by the network testing component to test the Hypertext Transfer Security Protocol based on the connection with the client and the connection with the server.

[0019] In the above scheme,

[0020] The information transmission module is used by the network testing component to receive the handshake request sent by the client;

[0021] The information transmission module is used to respond to the handshake request, the network testing component creates a Hypertext Transfer Security Protocol service process, and receives the first encrypted data sent by the client;

[0022] The information transmission module is used by the network testing component to decrypt the first encrypted data to obtain the first data.

[0023] In the above scheme,

[0024] The information transmission module is used by the network testing component to establish a communication connection with the server through the Secure Sockets Protocol or the Transport Layer Security Protocol, and to send the first data, which has undergone secondary encryption, to the server through the communication connection.

[0025] The information transmission module is used by the network testing component to receive the second encrypted data sent by the server.

[0026] The information transmission module is used by the network testing component to decrypt the second encrypted data to obtain the second data, and to perform secondary encryption processing on the second data based on an encryption protocol that matches the handshake request;

[0027] The information transmission module is used to send the second data, which has undergone secondary encryption, to the client.

[0028] In the above scheme,

[0029] The information transmission module is used to establish a connection between the network testing component and the multi-process parallel component when it is necessary to check the certificate of the network testing component.

[0030] The information transmission module is used to send the certificate of the network testing component to the multi-process parallel component through the information transmission data packet, so that the multi-process parallel component can detect the certificate of the network testing component.

[0031] In the above scheme,

[0032] The information transmission module is used to respond to the handshake request, and the network testing component intercepts all Hypertext Transfer Security Protocol (HTTP) requests sent by the client.

[0033] The information transmission module is used to parse the server name indication extension information carried in the handshake request;

[0034] The information transmission module is used to determine the domain name certificate corresponding to the Hypertext Transfer Security Protocol request based on the server name indication extension information.

[0035] In the above scheme,

[0036] The information transmission module is used to determine the network latency parameters of the Hypertext Transfer Security Protocol based on the connection with the game client and the connection with the server when the client is a game client.

[0037] The information transmission module is used to determine the quality of each link based on the network latency parameters of the Hypertext Transfer Security Protocol corresponding to each link in the client.

[0038] The information transmission module is used to parse the target game process running by the game client and obtain the priority of different tasks in the target game process;

[0039] The information transmission module is used to configure a matching link for the task according to the priority of the different tasks, so as to realize the transmission of information of the target game process through the configured link.

[0040] In the above scheme,

[0041] The information transmission module is used to determine the identification information of the target object when the target game process is a cloud game;

[0042] The information transmission module is used to determine the data source cluster that matches the identification information based on the cloud server network;

[0043] The information transmission module is used to store the cloud gaming history information of users matching the target object in the cloud gaming server according to the data source cluster. The cloud gaming history information of the users includes the test results of the Hypertext Transfer Security Protocol corresponding to the cloud game.

[0044] This invention also provides a software program, the software program comprising:

[0045] Memory, used to store executable instructions;

[0046] A processor, used to execute executable instructions stored in the memory, implements a preceding hypertext transfer security protocol test method.

[0047] This invention also provides a computer-readable storage medium storing executable instructions, which, when executed by a processor, implement a preceding hypertext transfer security protocol testing method.

[0048] The embodiments of the present invention have the following beneficial effects:

[0049] This invention employs a network testing component to acquire information transmission data packets and detect the protocol layer information of these packets. When the type of the protocol layer information is determined to be Hypertext Transfer Security (HTTP), the information transmission data packets are intercepted. Based on the intercepted information transmission data packets, the network testing component configures a Secure Sockets Interface (SSL) protocol or a Transport Layer Security (TLS) protocol. A connection is established with the server through the SSL protocol or TLS protocol. Based on the connections with the client and the server, the network testing component tests the HTTP / 12 protocol. This improves the detection efficiency of HTTP / 12 protocol, making its detection more universal and adaptable to network environments of different operating systems. Attached Figure Description

[0050] Figure 1 This is a schematic diagram of the usage environment of the Hypertext Transfer Security Protocol testing method provided in the embodiments of the present invention;

[0051] Figure 2 This is a schematic diagram of the composition structure of the Hypertext Transfer Security Protocol testing device provided in an embodiment of the present invention;

[0052] Figure 3 This is an optional flowchart illustrating the Hypertext Transfer Security Protocol (HTTP) testing method provided in an embodiment of the present invention.

[0053] Figure 4 This is an optional flowchart illustrating the Hypertext Transfer Security Protocol (HTTP) testing method provided in an embodiment of the present invention.

[0054] Figure 5 This is a schematic diagram illustrating the startup configuration of the multi-process parallel component in an embodiment of the present invention;

[0055] Figure 6A This is a schematic diagram of the domain name certificate generation process in an embodiment of the present invention;

[0056] Figure 6B This is a schematic diagram of the domain name certificate generation process in an embodiment of the present invention;

[0057] Figure 7 This is a schematic diagram illustrating the process of establishing a connection with the server in an embodiment of the present invention;

[0058] Figure 8 This is an optional flowchart illustrating the Hypertext Transfer Security Protocol (HTTP) testing method provided in an embodiment of the present invention.

[0059] Figure 9 This is a schematic diagram illustrating the test report display effect in an embodiment of the present invention. Detailed Implementation

[0060] To make the objectives, technical solutions, and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings. The described embodiments should not be regarded as limitations on the present invention. All other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0061] In the following description, references are made to “some embodiments,” which describe a subset of all possible embodiments. However, it is understood that “some embodiments” may be the same subset or different subsets of all possible embodiments and may be combined with each other without conflict.

[0062] In the implementation of this application, the collection and processing of relevant data should strictly comply with the requirements of relevant laws and regulations, obtain the informed consent or separate consent of the personal information subject, and carry out subsequent data use and processing within the scope of laws and regulations and the authorization of the personal information subject.

[0063] Before providing a further detailed description of the embodiments of the present invention, the nouns and terms involved in the embodiments of the present invention will be explained, and the nouns and terms involved in the embodiments of the present invention shall be interpreted as follows.

[0064] 1) In response to, used to indicate the conditions or states on which the operation performed depends. When the conditions or states on which it depends are met, one or more operations performed may be performed in real time or with a set delay. Unless otherwise specified, there is no restriction on the order in which the multiple operations are performed.

[0065] 2) Based on, used to indicate the conditions or states on which the operation is performed depends. When the conditions or states on which it depends are met, one or more operations can be performed in real time or with a set delay. Unless otherwise specified, there is no restriction on the order in which the multiple operations are performed.

[0066] 3) Cloud technology refers to a hosting technology that unifies hardware, software, and network resources within a wide area network (WAN) or local area network (LAN) to achieve data computation, storage, processing, and sharing. It encompasses network technologies, information technologies, integration technologies, management platform technologies, and application technologies based on cloud computing business models. These technologies can form resource pools, allowing for flexible and convenient on-demand use. Cloud computing technology will become a crucial support. Backend services of technical network systems require substantial computing and storage resources, such as video websites, image websites, and many portal websites. With the rapid development and application of the internet industry, every item may have its own identification mark in the future, requiring data to be transmitted to backend systems for logical processing. Data at different levels will be processed separately, and various industry data will require robust system support, which can only be achieved through cloud computing.

[0067] 4) Cloud gaming: This refers to games that run on cloud server devices. The game screen rendered by the cloud device is encoded and transmitted to the user terminal via the network. The user terminal decodes the encoded file and renders it on the display screen. Thus, users do not need to install the game locally, but only need to establish a communication network connection with the cloud to complete the game interaction process.

[0068] 5) Multi-instance App: Based on virtual application technology, it can copy existing applications into this app. Unlike the original application, it can be opened a second time, and data is not shared with the original application.

[0069] 6) A Man-in-the-Middle (MITM) attack occurs when an attacker establishes independent connections with both ends of a communication and exchanges received data, making both ends believe they are communicating directly through a private connection. In reality, the attacker has complete control over the entire session. In a MITM attack, the attacker can intercept the conversation and insert new content. A MITM attack is an attack lacking mutual authentication. Most encryption protocols incorporate specific authentication methods to prevent MITM attacks. For example, the SSL protocol verifies that the certificates used by one or both parties in a communication are issued by an authoritative and trusted digital certificate authority and performs two-way authentication.

[0070] 7) URL: Uniform Resource Locator, is a concise representation of the location and access method of a resource that can be obtained from the Internet. It is the address of a standard resource on the Internet. Every file on the Internet has a unique URL.

[0071] 8) MAC address: Media Access Control, also known as MAC address or hardware address, is used to define the location of a network device. The MAC address is integrated into the network card and is unique.

[0072] 9) Domain name: A domain name is a name of a computer or group of computers on a network consisting of a string of names separated by dots. It has a one-to-one correspondence with an IP address.

[0073] Before introducing the Hypertext Transfer Security Protocol (HTTP) testing method provided in this application, we will first use a game program as an example to explain the traditional HTTP / 10 testing methods. In traditional techniques, to test the HTTP / 10 in a game, the following three methods can be used:

[0074] 1) Extract terminal information to obtain root access, or only use terminals with systems lower than Android 7.0. Then save the self-signed certificate in the system certificate directory or user certificate directory, and use packet capture tools to decrypt HTTPS requests. The drawback of this method is that obtaining root access to the terminal will increase the risk of terminal use, and it is also limited by the terminal type and operating system, making it unsuitable for testing Hypertext Transfer Security Protocol (HTTP).

[0075] 2) Use a formal server certificate, or embed a trusted certificate in the app developed by the testing unit, and then use packet capture tools to decrypt HTTPS requests. The drawback of this method is that it can only perform Hypertext Transfer Security Protocol (HTTP) testing on a fixed app of the testing unit, has poor versatility, and cannot be extended to support all applications for black-box decryption and analysis testing.

[0076] 3) Using reverse engineering techniques, find the interface through which the application process sends HTTP requests in the Hypertext Transfer Security Protocol (HTTP) test, take over the data of the interface, and print out the content sent each time the application sends a packet for testing. The drawback of this method is that the reverse engineering technique is highly demanding, resulting in high costs for HTTP test.

[0077] To address the aforementioned shortcomings, this invention provides a method for testing Hypertext Transfer Security Protocol (HTTP). By using a network testing component, the detection efficiency of HTTP is improved, making the detection of HTTP more universal and adaptable to network environments of different operating systems.

[0078] Figure 1 This is a schematic diagram illustrating a usage scenario of the Hypertext Transfer Security Protocol (HTTP) testing method provided in this embodiment of the invention. (See attached diagram.) Figure 1The Hypertext Transfer Security Protocol (HTTP) testing method provided in this invention can be applied to a network system, which includes a client, an HTTP testing device, and a server. Examples of the hardware or software implementation of the HTTP testing device are provided below. Figure 2 The same applies, and will be explained in detail later.

[0079] The client can run on various types of terminal devices; this application does not impose specific restrictions. Various types of clients can run on the terminal, and during client operation, communication with the server is achieved through the Hypertext Transfer Protocol (HTTP) to transmit information. To implement the HTTP testing method provided in this application, a network testing component can be used. This component can be encapsulated in a weak network testing app and installed on the terminal, or it can be called as a mini-program within an instant messaging client.

[0080] Taking cloud gaming client acceleration as an example, the network testing component can be encapsulated in a professional gaming terminal or in different mobile electronic devices; this application does not impose specific limitations. When the application is a game program, the network testing component can be encapsulated in a weak network testing app. During cloud gaming client operation, the game itself runs on a cloud server device. The game screen rendered by the cloud device is encoded and transmitted to the user terminal via the network. The user terminal decodes the encoded file and renders it onto the display screen. Thus, the user does not need to install the game locally; they only need to establish a communication network connection with the cloud to complete the game interaction process. The cloud gaming architecture includes a terminal and a cloud server. The terminal receives user control operations for the game process and sends the corresponding control commands to the cloud server. The cloud server controls the game process and sends the video stream during the game to the terminal for playback. In the cloud gaming architecture, the terminal is primarily responsible for receiving and rendering game video and audio from the corresponding server during gameplay. It also transmits user actions (including but not limited to actions performed by the user via mouse, keyboard, gamepad, voice commands, and touch commands) to the server through a signaling channel. The server then forwards this information to the corresponding mouse driver, sound card driver, and keyboard driver processes, thereby controlling the cloud game. The game accelerator, by executing the gateway device testing method provided in this application, can automatically determine the status of each gateway device under test and select the most suitable gateway device to connect to the wireless LAN. Data transmission between the cloud gaming client and server needs to be completed via the Hypertext Transfer Protocol (HTTP). Testing the HTTP protocol can detect the availability of different ports and configure appropriate communication links for different tasks on the cloud gaming client.

[0081] Based on the above description, in Figure 1 In the illustrated usage scenario, the terminals (including terminals 10-1 and 10-2) are non-networked devices equipped with a client for connecting to the internet. When multiple wireless LANs 300 pass the authentication of the Hypertext Transfer Security Protocol testing device 200, the terminals (including terminals 10-1 and 10-2) access the wireless LAN 300. The wireless LAN 300 can be a wide area network (WAN), a local area network (LAN), or a combination of both, using a wireless link to achieve data transmission. The wireless LAN 300 can connect to the internet 400, enabling the terminals (including terminals 10-1 and 10-2) to connect to the internet 400 through the wireless LAN 300.

[0082] As an example, the terminal (terminal 10-1 and / or terminal 10-2) is used to acquire and output the wireless local area network resources of the area where the non-networked device is located. When the Hypertext Transfer Security Protocol testing device 200 can sort all the wireless local area networks in the wireless local area network resources based on the status of each wireless local area network in the wireless local area network resources; based on the sorting result of the wireless local area networks in the wireless local area network resources, the access information of the wireless local area networks is saved to the corresponding identification database and presented to the user in the display interface. The terminal (terminal 10-1 and / or terminal 10-2) selects according to the sorting result and accesses the corresponding wireless local area network according to the access information of the wireless local area network, so as to realize the connection with the Internet 400 through the connected wireless local area network.

[0083] The terminals (including terminals 10-1 and 10-2) are also used to receive access information from at least one wireless local area network (WLAN) from the Hypertext Transfer Security Protocol (HTTP) testing device 200, and to store the access information of at least one WLAN in a corresponding storage medium.

[0084] The structure of the Hypertext Transfer Security Protocol (HTTP) testing device according to an embodiment of the present invention will be described in detail below. The HTTP testing device can be implemented in various forms, such as terminals with network management functions, such as smartphones, tablets, and desktop computers, or servers with network management functions. Figure 2 This is a schematic diagram of the composition structure of the Hypertext Transfer Security Protocol testing device provided in an embodiment of the present invention. It can be understood that... Figure 2 The diagram shows only an exemplary structure of the Hypertext Transfer Security Protocol (HTTP) test apparatus, not the entire structure; implementation is possible as needed. Figure 2 The structure shown may be part or all of the structure.

[0085] The Hypertext Transfer Security Protocol (HTTP) testing apparatus provided in this embodiment of the invention includes at least one processor 201, a memory 202, a user interface 203, and at least one network interface 204. The various components in the HTTP / 10 testing apparatus 20 are coupled together via a bus system 205. It can be understood that the bus system 205 is used to implement communication between these components. In addition to a data bus, the bus system 205 also includes a power bus, a control bus, and a status signal bus. However, for clarity, in… Figure 2 The general labeled all buses as Bus System 205.

[0086] The user interface 203 may include a monitor, keyboard, mouse, trackball, click wheel, buttons, touchpad, or touch screen.

[0087] It is understood that memory 202 can be volatile memory or non-volatile memory, or both. In this embodiment of the invention, memory 202 is capable of storing data to support the operation of a terminal (such as terminal 10-1). Examples of this data include any computer programs used to operate on the terminal (such as terminal 10-1), such as operating systems and applications. The operating system includes various system programs, such as the framework layer, core library layer, driver layer, etc., used to implement various basic services and handle hardware-based tasks. Applications can include various applications.

[0088] In some embodiments, the Hypertext Transfer Security Protocol (HTTP) testing device provided in this invention can be implemented in hardware. For example, the HTTP testing device can be a processor in the form of a hardware decoding processor, programmed to execute the HTTP testing method provided in this invention. For instance, the hardware decoding processor can be one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field-Programmable Gate Arrays (FPGAs), or other electronic components.

[0089] The Hypertext Transfer Security Protocol (HTTP) testing device provided in this embodiment of the invention is implemented in software. The HTTP testing device provided in this embodiment of the invention can be directly embodied as a combination of software modules executed by the processor 201. The software modules can be located in a storage medium, which is located in the memory 202. The processor 201 reads the executable instructions included in the software modules in the memory 202 and combines them with necessary hardware (e.g., including the processor 201 and other components connected to the bus 205) to complete the HTTP testing method provided in this embodiment of the invention.

[0090] For example, Figure 2 A hypertext transfer security protocol testing device stored in memory 202 is shown. This device can be software in the form of programs and plugins, and includes the following software modules: an information transmission module 2081 and an information processing module 2082. When the software modules in the hypertext transfer security protocol testing device are read into RAM and executed by processor 201, the hypertext transfer security protocol testing method provided in this embodiment of the invention will be implemented. The following description, in conjunction with... Figure 2The Hypertext Transfer Security Protocol (HTTP) test apparatus shown illustrates the functions of each software module.

[0091] The information transmission module 2081 is used to obtain information transmission data packets from the network testing component and to detect the protocol layer information of the data packets.

[0092] The information processing module 2082 is used to intercept the information transmission data packet when it is determined that the type of the protocol layer information is Hypertext Transfer Security Protocol.

[0093] The information processing module 2082 is used to establish a connection with the server through the Secure Sockets Protocol or the Transport Layer Security Protocol.

[0094] The information processing module 2082 is used by the network testing component to test the Hypertext Transfer Security Protocol based on the connection with the client and the connection with the server.

[0095] according to Figure 2 The Hypertext Transfer Protocol (HTTP) testing apparatus shown in this application, in one aspect, also provides a computer program product or computer program, which includes computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform various embodiments and combinations of embodiments provided in the various optional implementations of the above-described HTTP testing method.

[0096] In some embodiments, the computer-readable storage medium may be a memory such as FRAM, ROM, PROM, EPROM, EEPROM, flash memory, magnetic surface memory, optical disk, or CD-ROM; or it may be a variety of devices including one or any combination of the above-mentioned memories.

[0097] The server in this embodiment of the invention can be a standalone physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms. The terminal and server can be directly or indirectly connected via wired or wireless communication, and this application does not impose any limitations on this.

[0098] In some embodiments of the present invention, terminal 10-1, terminal 10-2, and server system 200 can all be node devices in a cloud server system, capable of sharing the acquired and generated information with other node devices in the cloud server system, thereby realizing information sharing among multiple node devices.

[0099] This invention can also be used to test the Hypertext Transfer Security Protocol (HTTP) based on cloud technology. Cloud technology is a general term for network technology, information technology, integration technology, management platform technology, and application technology applied based on the cloud computing business model. It can form a resource pool, be used on demand, and is flexible and convenient. Cloud computing technology will become an important support. Cloud computing refers to the delivery and use model of IT infrastructure, which means obtaining the required resources through the network in an on-demand and easily scalable manner. In a broader sense, cloud computing refers to the delivery and use model of services, which means obtaining the required services through the network in an on-demand and easily scalable manner. These services can be IT and software, Internet-related, or other services. Cloud computing is a product of the development and integration of traditional computer and network technologies such as grid computing, distributed computing, parallel computing, utility computing, network storage technologies, virtualization, and load balancing. With the development of the Internet, real-time data streams, and the diversification of connected devices, as well as the demand for search services, social networks, mobile commerce, and open collaboration, cloud computing has developed rapidly. Unlike previous parallel and distributed computing, the emergence of cloud computing will drive a revolutionary change in the entire Internet model and enterprise management model from a conceptual perspective.

[0100] Cloud storage is a new concept that extends and develops from cloud computing. A distributed cloud storage system (hereinafter referred to as a storage system) refers to a storage system that uses cluster applications, grid technology, and distributed storage file systems to aggregate a large number of storage devices of various types (storage devices are also called storage nodes) in a network to work together through application software or application interfaces to provide data storage and business access functions. Currently, the storage method of a storage system is as follows: create logical volumes. When creating a logical volume, physical storage space is allocated to each logical volume. This physical storage space may be composed of disks from one or several storage devices. When a client stores data on a logical volume, it stores the data on the file system. The file system divides the data into many parts, each part being an object. The object contains not only data but also additional information such as data identifiers (ID, ID entity). The file system writes each object to the physical storage space of the logical volume and records the storage location information of each object. Therefore, when a client requests access to data, the file system can allow the client to access the data based on the storage location information of each object. The process by which a storage system allocates physical storage space to a logical volume is as follows: the physical storage space is pre-divided into strips according to the capacity estimate of the objects stored in the logical volume (this estimate often has a large margin relative to the actual capacity of the objects to be stored) and the grouping of Redundant Array of Independent Disks (RAID). A logical volume can be understood as a strip, thus allocating physical storage space to the logical volume.

[0101] See Figure 3 , Figure 3 This is an optional flowchart illustrating the Hypertext Transfer Security Protocol (HTTP) testing method provided in an embodiment of the present invention. It can be understood that... Figure 3 The steps shown can be performed by various electronic devices running the Hypertext Transfer Protocol Security (HTTP) testing device, such as computers, smartphones, or network game consoles with network connectivity and management capabilities. The HTTP testing device can be integrated into a weak network detection app to test the HTTP protocols of different clients on the terminal. The following steps focus on... Figure 3 The steps shown are explained.

[0102] Step 301: The network testing component acquires the information transmission data packet and detects the protocol layer information of the data packet.

[0103] Step 302: When it is determined that the type of the protocol layer information is Hypertext Transfer Security Protocol, the information transmission data packet is intercepted.

[0104] Step 303: The network testing component configures a secure socket protocol or transport layer security protocol based on the intercepted information transmission data packets.

[0105] Step 304: When the certificate of the network testing component passes the test, the network testing component uses virtual application technology and a multi-process parallel component to send the certificate test result of the network testing component to the client, so that the client trusts the certificate of the network testing component and establishes a connection with the network testing component.

[0106] In some embodiments of the present invention, before performing Hypertext Transfer Security Protocol (HTTP) testing, it is first necessary to check the certificate of the network testing component using a multi-process parallel component, see [link to relevant documentation]. Figure 4 , Figure 4 An optional flowchart of the Hypertext Transfer Security Protocol (HTTP) testing method provided in this embodiment of the invention is shown, which specifically includes the following steps:

[0107] Step 401: Obtain the information transmission data packet of the client through a multi-process parallel component.

[0108] The information transmission data packet can be a pcap format file. Each pcap file has only one file header, which occupies a total of 24 (B) bytes and includes 7 different fields: 1) Magic (4B): marks the beginning of the file and is used to identify the file and byte order. The value can be 0xa1b2c3d4 or 0xd4c3b2a1. If it is 0xa1b2c3d4, it means that it is big endian mode and each byte is read in the original order. If it is 0xd4c3b2a1, it means that it is little endian mode and the byte reading order must be swapped. 2) Major (2B): Major version number of the current file, usually 0x0200; 3) Minor (2B): Minor version number of the current file, usually 0x0400; 4) ThisZone (4B): Local standard event; 5) SigFigs (4B): Precision of timestamp; 6) SnapLen (4B): Maximum storage length, sets the maximum length of captured data packets. If all data packets are to be captured, set the value to 65535; 7) LinkType (4B): Link type.

[0109] When acquiring data packets transmitted from the client, different packet capture processes can be triggered based on the game type for already activated game programs. For example, in VR game scenarios, resource files can be obtained by loading a packet capture process matching the VR game. These resource files may include game models, levels, characters, sounds, and animations. For mini-games in instant messaging clients, since mini-games generally use JS, TS, and AS, and are actually compiled into JS for execution with JavaScript function hijacking, the corresponding packet capture process can be used to enable performance statistics via the Laya.Stat.enable() function. This allows for the capture of relevant performance parameters such as FPS, loaded memory, drawCall, and triangle count of the game engine, which are then saved in the game terminal. Obtaining game resource files through packet capture processes allows for better testing of the game data transmission process via the Hypertext Transfer Protocol (HTTP), enabling the selection of more suitable information transmission links for different games to ensure the stability of game process information transmission.

[0110] Step 402: The multi-process parallel component establishes a connection with the network testing component, obtains the certificate of the network testing component, and checks the certificate of the network testing component.

[0111] Among them, the multi-process parallel component can be a multi-instance application using virtual application technology. When the server type is a cloud server, the multi-instance component can perform its functions through the cloud multi-instance in the cloud detection network. Since the network testing component QNET server uses a self-signed certificate and private key for encryption, the multi-instance application trusts the certificate in its application configuration. Because the multi-instance application is based on virtual application technology, it can simulate any application in the terminal. The simulated application (the tested application) and the multi-instance application have the same application configuration and permissions, so they will also trust the certificate of the network testing component QNET. Thus, the detection efficiency of the Hypertext Transfer Security Protocol can be improved, and it can adapt to the network environment of different types of operating systems.

[0112] Step 403: When the certificate of the network testing component passes the test, the multi-process parallel component sends the certificate test result of the network testing component to the client through the information transmission data packet, so that the client trusts the certificate of the network testing component.

[0113] refer to Figure 5 , Figure 5This is a schematic diagram illustrating the startup configuration of a multi-process parallel component in an embodiment of the present invention. The multi-process parallel component can be represented as a multi-instance application (MIB). Based on virtual application technology, the MIB can copy existing applications into its own instance. Unlike the original application, it can be opened a second time, but data exchange with the original application is impossible. Since the network testing component's certificate (e.g., a self-signed certificate) and private key are encrypted, and the MIB trusts the network testing component's certificate during the application configuration phase, and because the MIB is based on virtual application technology, it can call any client running on the terminal. The called client and the MIB have the same application configuration and permissions. Therefore, sending the certificate detection result of the network testing component to the client enables the client to trust the network testing component's certificate, ensuring that the Hypertext Transfer Security Protocol (HTTP) can be tested in different environments.

[0114] In some embodiments of the present invention, when obtaining a Hypertext Transfer Protocol (HTTP) certificate, since the HTTP certificate needs to be issued and configured for the domain name, and the network testing component contains a configured root certificate, the domain name certificate is also trusted by the client through the domain name certificate issued by the root certificate. (Refer to...) Figure 6A , Figure 6A This is a schematic diagram of the domain name certificate generation process in an embodiment of the present invention, which specifically includes the following steps:

[0115] Step 6001: The network testing component intercepts all HTTPS requests.

[0116] Step 6002: The network testing component parses the SNI extension in the handshake packet.

[0117] Step 6003: The network testing component generates and reads the domain name certificate.

[0118] In some embodiments of the present invention, the Secure Sockets Layer (SSL) in HTTPS transmission is located between the application layer and the transport layer. If it is determined that the layer above the transport layer in the traffic data packet is SSL, then the handshake packet with the SSL layer protocol type "clienthello" is filtered out from the traffic data packet. When the parsed handshake packet includes a Server Name Indicator (SNI) field, the domain name corresponding to the server name field is parsed from the handshake packet, and it is determined that the domain name corresponding to the server name field is the domain name requested by the requester.

[0119] In some embodiments of the present invention, after the network testing component parses the handshake packet, it checks whether the handshake packet includes an SNI extended field. If it does, the domain name corresponding to the server name field can be parsed from the handshake packet.

[0120] For example, the SNI extension field, defined in RFC 4366, is a technology used to improve SSL / TLS and is enabled in SSL 3.0 / TLS 1.0. It allows the requesting party to submit the requested domain name through the SNI extension field when initiating an SSL handshake request (specifically, during the ClientHello phase of the SSL request), enabling the server to switch to the correct domain name and provide services based on it. In this embodiment of the invention, the network testing component uses this principle to extract the requested domain name from the Server Name field in the SNI extension field, thus ensuring that the network testing component can obtain the domain name during the handshake and generate a domain name certificate.

[0121] Step 6004: The network testing component performs a handshake interaction.

[0122] Step 6005: The network testing component performs HTTPS decryption interaction to obtain the domain name and domain certificate for each HTTPS request.

[0123] In some embodiments of the present invention, reference is made to Figure 6B , Figure 6B This is a schematic diagram of the domain name certificate generation process in an embodiment of the present invention, which specifically includes the following steps:

[0124] Step 601: In response to the handshake request, the network testing component intercepts all Hypertext Transfer Security Protocol (HTTP) requests sent by the client.

[0125] Step 602: Parse the server name indication extension information carried in the handshake request.

[0126] Step 603: Based on the server name indication extension information, determine the domain name certificate corresponding to the Hypertext Transfer Security Protocol request.

[0127] Because Transport Layer Security (TLS) carries Server Name Indication (SMI) information, an extended TLS networking protocol, it allows the client to inform the server's hostname at the start of the handshake process. It also allows multiple certificates to be used on servers with the same IP address and TCP port number, rather than requiring all websites to use the same certificate. Therefore, by using the extended SMI, a domain certificate corresponding to the TLS request can be generated immediately after the client sends the TLS request, ensuring black-box operation of TLS testing and improving the efficiency of TLS testing.

[0128] After the network testing component establishes a connection with the client, proceed to step 305.

[0129] Step 305: Establish a connection with the server using the Secure Sockets Protocol or Transport Layer Security Protocol.

[0130] In some embodiments of the present invention, reference is made to Figure 7 , Figure 7 This is a schematic diagram illustrating the process of establishing a connection with the server in an embodiment of the present invention, specifically including the following steps:

[0131] Step 701: The network testing component receives the handshake request sent by the client;

[0132] Step 702: In response to the handshake request, the network testing component creates a Hypertext Transfer Security Protocol (HTTP) service process and receives the first encrypted data sent by the client;

[0133] Step 703: The network testing component decrypts the first encrypted data to obtain the first data.

[0134] Step 704: The network testing component establishes a communication connection with the server through the Secure Sockets Protocol or the Transport Layer Security Protocol, and sends the first data, which has undergone secondary encryption, to the server through the communication connection.

[0135] Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are security protocols that provide security and data integrity for network communication. TLS and SSL encrypt network connections between the transport and application layers. Specifically, in one embodiment of this application, when the application is a game process, the type of accelerated traffic information can be Transmission Control Protocol (TCP) traffic, User Datagram Protocol (UDP) traffic, Hypertext Transfer Protocol (HTTP) traffic, and Encrypted Hypertext Transfer Protocol (HTTP) traffic. The window unit for TCP traffic is bytes, not segments. The sending window of the data transmission end cannot exceed the receiving window value given by the receiving end. The flow control mechanism controls the packet loss rate, primarily to allow the data transmission end to understand the current receiving capacity of the data receiving end and flexibly adjust the transmission rate.

[0136] UDP traffic is a connectionless, unreliable datagram transmission protocol. UDP traffic simply transmits datagrams to be sent to the network and receives datagrams from the network without establishing a connection with a remote UDP module. UDP provides services to user network applications, such as the Network File System (NFS) and Simple Network Management Protocol (SNMP). UDP preserves application-defined message boundaries; it neither concatenates messages from two applications nor splits a message from a single application into multiple parts.

[0137] Step 705: The network testing component receives the second encrypted data sent by the server.

[0138] Step 706: The network testing component decrypts the second encrypted data to obtain the second data, and performs secondary encryption on the second data based on the encryption protocol that matches the handshake request;

[0139] Step 707: Send the second data, which has undergone secondary encryption, to the client.

[0140] After the network testing component establishes connections with both the terminal and the server, step 305 can be executed to test the Hypertext Transfer Security Protocol.

[0141] Step 306: The network testing component tests the Hypertext Transfer Security Protocol based on the connection with the client and the connection with the server.

[0142] In some embodiments of the present invention, when the target game process is a cloud game, the identification information of the target object can be determined; based on the cloud server network, a data source cluster matching the identification information can be determined; according to the data source cluster, the cloud game history information of the user matching the target object can be stored in the cloud game server, wherein the user's cloud game history information includes the Hypertext Transfer Security Protocol (HTTP) test results corresponding to the cloud game. Thus, the user's cloud game history information can also be accessed by other applications (e.g., game emulators or motion-sensing game devices). Of course, the HTTP test results matching different types of games can also be migrated to online multiplayer FPS games or role-playing cloud games in instant messaging processes to improve the efficiency of HTTP test and reduce redundant testing.

[0143] To better illustrate the Hypertext Transfer Protocol (HTTP) testing method provided in this application, we will take an Android device requiring the loading of an instant messaging application and a game program as an example. It should be noted that when using this method to test network processing in cloud gaming, the cloud game's computation is performed by a cloud server, which then transmits the resulting video stream to the terminal for playback. In other words, the terminal is responsible for video playback during cloud gaming. Cloud gaming does not place high demands on the terminal's computing power, and stuttering is unlikely during video playback. However, the cloud server performs a large amount of computation during game operation, making it prone to stuttering. Therefore, the video stream generated by the cloud server itself is inherently prone to stuttering, while the terminal does not experience stuttering during playback. Thus, the HTTP testing method provided in this application can also be used to test the transmission of video stream information from the cloud server in cloud gaming. (Reference) Figure 8 , Figure 8 An optional flowchart of the Hypertext Transfer Security Protocol (HTTP) testing method provided in this embodiment of the invention is shown, which specifically includes the following steps:

[0144] Step 801: Configure the Hypertext Transfer Security Protocol (HTTP) test parameters for the Android device.

[0145] Step 802: The Android device uses the network testing component QNET to intercept and detect data packets transmitted by the Android device's game client and instant messaging client.

[0146] Step 803: Using the network testing component QNET, and with the Hypertext Transfer Security Protocol (HTTP) test parameters, establish connections between the game client and the instant messaging client and the corresponding server.

[0147] Step 804: The network testing component determines the network latency parameters of the Hypertext Transfer Security Protocol based on the connection with the game client and the connection with the server.

[0148] Step 805: Determine the quality of each link based on the network latency parameters of the Hypertext Transfer Security Protocol corresponding to each link in the client.

[0149] Step 806: Analyze the target game process running by the game client to obtain the priority of different tasks in the target game process.

[0150] Step 807: Configure matching links for the tasks according to their priorities, so as to transmit information of the target game process through the configured links and generate test reports for display.

[0151] refer to Figure 9 , Figure 9 This is a schematic diagram of the test report display effect in an embodiment of the present invention. The generated test report includes the test parameters configured in the Hypertext Transfer Security Protocol test. Referring to Table 1, it includes at least the following information: the ID number of each data packet, the corresponding ID number in the pcap, the data uplink processing identifier and the data downlink processing identifier, the delay time, and the size of each data packet.

[0152]

[0153] Table 1

[0154] The test report can be saved as .csv and .html files. The .csv file contains all the data from the tests shown in Table 1, while the .html file contains uplink latency, downlink latency, packet loss trends, average latency, packet loss rate, and traffic statistics for different clients. It can be directly opened and displayed using an Android device's browser. Figure 9 The test report records the results, which can be used by Android devices to transmit information about the target game process through the configured link. This ensures that the test results of the Hypertext Transfer Protocol are updated in a timely manner, making the information transmission using the Hypertext Transfer Protocol more stable and adaptable to different network environments.

[0155] In summary, the embodiments of the present invention have the following technical effects:

[0156] This invention employs a network testing component to acquire information transmission data packets and detect the protocol layer information of these packets. When the type of the protocol layer information is determined to be Hypertext Transfer Security (HTTP), the information transmission data packets are intercepted. Based on the intercepted information transmission data packets, the network testing component configures a Secure Sockets Protocol (SSL) or a Transport Layer Security (TLS) protocol. A connection is established with the server through the SSL or TLS protocol. Based on the connections with the client and the server, the network testing component tests the HTTP / 12 protocol. This improves the detection efficiency of HTTP / 12 and enhances its versatility, enabling it to adapt to network environments of different operating systems.

[0157] The above description is merely an embodiment of the present invention and is not intended to limit the scope of protection of the present invention. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of the present invention should be included within the scope of protection of the present invention.

Claims

1. A method for testing Hypertext Transfer Security Protocol (HTTP), characterized in that, The method includes: The network testing component acquires information transmission data packets and detects the protocol layer information of the data packets; When the type of the protocol layer information is determined to be Hypertext Transfer Security Protocol, the information transmission data packet is intercepted; The network testing component configures a secure socket protocol or a transport layer security protocol based on the intercepted information transmission data packets. When the certificate of the network testing component passes the detection, the network testing component uses virtual application technology and a multi-process parallel component to send the certificate detection result to the client, so that the client trusts the certificate of the network testing component and establishes a connection with the network testing component. The multi-process parallel component is a multi-instance application based on virtual application technology. The network testing component uses the certificate and private key for encryption, and the multi-instance application trusts the certificate in its application configuration. The multi-instance application calls a client running in the terminal based on the virtual application technology. The called client has the same application configuration and permissions as the multi-instance application, so that the client trusts the certificate of the network testing component. Establish a connection with the server using the Secure Sockets Protocol or Transport Layer Security Protocol; The network testing component tests the Hypertext Transfer Security Protocol based on the connection with the client and the connection with the server.

2. The method according to claim 1, characterized in that, Before the network testing component acquires the information transmission data packet, the method further includes: The network testing component receives the handshake request sent by the client; In response to the handshake request, the network testing component creates a Hypertext Transfer Security Protocol (HTTP) service process and receives the first encrypted data sent by the client; The network testing component decrypts the first encrypted data to obtain the first data.

3. The method according to claim 2, characterized in that, Establishing a connection with the server via the Secure Sockets Protocol or Transport Layer Security (TLS) protocol includes: The network testing component establishes a communication connection with the server through the Secure Sockets Protocol or the Transport Layer Security Protocol, and sends the first data, which has undergone double encryption, to the server through the communication connection. The network testing component receives the second encrypted data sent by the server. The network testing component decrypts the second encrypted data to obtain the second data, and performs secondary encryption on the second data based on an encryption protocol that matches the handshake request; The second data, which has undergone secondary encryption, is sent to the client.

4. The method according to claim 1, characterized in that, The method further includes: When it is necessary to check the certificate of the network testing component, the network testing component establishes a connection with the multi-process parallel component; The network testing component sends its certificate to the multi-process parallel component via the information transmission data packet, so that the multi-process parallel component can detect the certificate of the network testing component.

5. The method according to claim 2, characterized in that, The method further includes: In response to the handshake request, the network testing component intercepts all Hypertext Transfer Security Protocol (HTTP) requests sent by the client; Parse the server name indication extension information carried in the handshake request; Based on the server name indication extended information, the domain name certificate corresponding to the Hypertext Transfer Security Protocol request is determined.

6. The method according to claim 1, characterized in that, The network testing component tests the Hypertext Transfer Security Protocol (HTTP) based on the connection with the client and the connection with the server, including: When the client is a game client The network testing component determines the network latency parameters of the Hypertext Transfer Security Protocol based on the connection with the game client and the connection with the server. The quality of each link is determined based on the network latency parameters of the Hypertext Transfer Security Protocol corresponding to each link in the client. The target game process running on the game client is parsed to obtain the priority of different tasks in the target game process; Based on the priority of the different tasks, a matching link is configured for each task to enable the transmission of information about the target game process through the configured link.

7. The method according to claim 6, characterized in that, The method further includes: When the target game process is a cloud game, determine the identification information of the target object; Based on the cloud server network, determine the data source cluster that matches the identification information; Based on the data source cluster, cloud gaming history information of users matching the target object is stored in the cloud gaming server, wherein the user's cloud gaming history information includes the test results of the Hypertext Transfer Security Protocol corresponding to the cloud game.

8. A testing device for a hypertext transfer security protocol, characterized in that, The device includes: The information transmission module is used by the network testing component to acquire information transmission data packets and to detect the protocol layer information of the data packets. The information processing module is used to intercept the information transmission data packet when it is determined that the type of the protocol layer information is Hypertext Transfer Security Protocol. The information processing module is used to configure a secure socket protocol or a transport layer security protocol based on the intercepted information transmission data packets. The information processing module is configured to, when the certificate of the network testing component passes the detection, use virtual application technology and a multi-process parallel component to send the certificate detection result of the network testing component to the client, so that the client trusts the certificate of the network testing component and establishes a connection with the network testing component; wherein, the multi-process parallel component is a multi-instance application based on virtual application technology, the network testing component uses a self-signed certificate and private key for encryption, and the multi-instance application trusts the self-signed certificate in its application configuration; the multi-instance application calls a client running in the terminal based on the virtual application technology, and the called client has the same application configuration and permissions as the multi-instance application, so that the client trusts the self-signed certificate of the network testing component; The information processing module is used to establish a connection with the server through the Secure Sockets Protocol or the Transport Layer Security Protocol. The information processing module is used by the network testing component to test the Hypertext Transfer Security Protocol based on the connection with the client and the connection with the server.

9. The apparatus according to claim 8, characterized in that, The information transmission module is also used before the network testing component acquires the information transmission data packet. The network testing component receives the handshake request sent by the client; In response to the handshake request, the network testing component creates a Hypertext Transfer Security Protocol (HTTP) service process and receives the first encrypted data sent by the client; The network testing component decrypts the first encrypted data to obtain the first data.

10. The apparatus according to claim 9, characterized in that, The information transmission module is also used for: The network testing component establishes a communication connection with the server through the Secure Sockets Protocol or the Transport Layer Security Protocol, and sends the first data, which has undergone double encryption, to the server through the communication connection. The network testing component receives the second encrypted data sent by the server. The network testing component decrypts the second encrypted data to obtain the second data, and performs secondary encryption on the second data based on an encryption protocol that matches the handshake request; The second data, which has undergone secondary encryption, is sent to the client.

11. The apparatus according to claim 8, characterized in that, The information transmission module is also used for: When it is necessary to check the certificate of the network testing component, the network testing component establishes a connection with the multi-process parallel component; The network testing component sends its certificate to the multi-process parallel component via the information transmission data packet, so that the multi-process parallel component can detect the certificate of the network testing component.

12. The apparatus according to claim 9, characterized in that, The information transmission module is also used for: In response to the handshake request, the network testing component intercepts all Hypertext Transfer Security Protocol (HTTP) requests sent by the client; Parse the server name indication extension information carried in the handshake request; Based on the server name indication extended information, the domain name certificate corresponding to the Hypertext Transfer Security Protocol request is determined.

13. The apparatus according to claim 8, characterized in that, The information transmission module is also used for: When the client is a game client The network testing component determines the network latency parameters of the Hypertext Transfer Security Protocol based on the connection with the game client and the connection with the server. The quality of each link is determined based on the network latency parameters of the Hypertext Transfer Security Protocol corresponding to each link in the client. The target game process running on the game client is parsed to obtain the priority of different tasks in the target game process; Based on the priority of the different tasks, a matching link is configured for each task to enable the transmission of information about the target game process through the configured link.

14. The apparatus according to claim 13, characterized in that, The information transmission module is also used for: When the target game process is a cloud game, determine the identification information of the target object; Based on the cloud server network, determine the data source cluster that matches the identification information; Based on the data source cluster, cloud gaming history information of users matching the target object is stored in the cloud gaming server, wherein the user's cloud gaming history information includes the test results of the Hypertext Transfer Security Protocol corresponding to the cloud game.

15. A computer program product, comprising a computer program or instructions, characterized in that, When the computer program or instructions are executed by the processor, they implement the Hypertext Transfer Security Protocol testing method according to any one of claims 1 to 7.

16. An electronic device, characterized in that, The electronic device includes: Memory, used to store executable instructions; A processor, when executing executable instructions stored in the memory, implements the Hypertext Transfer Security Protocol testing method according to any one of claims 1 to 7.

17. A computer-readable storage medium storing executable instructions, characterized in that, When the executable instructions are executed by the processor, they implement the Hypertext Transfer Security Protocol testing method according to any one of claims 1 to 7.