CN105827664B - Leak detection method and device - Google Patents
Leak detection method and device Download PDFInfo
- Publication number
- CN105827664B CN105827664B CN201610392723.XA CN201610392723A CN105827664B CN 105827664 B CN105827664 B CN 105827664B CN 201610392723 A CN201610392723 A CN 201610392723A CN 105827664 B CN105827664 B CN 105827664B
- Authority
- CN
- China
- Prior art keywords
- page
- information
- login
- verification code
- short message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of leak detection method and devices.Wherein method includes: to obtain multiple application pages for mobile application installation kit;Identifying processing is carried out to multiple application pages, obtains enrollment page and login page;Pre-set user information and the first verification code information are input to enrollment page, to be registered;If succeeding in registration, by pre-set user information input to login page, to be logged in;If logining successfully, application programming interface information and login sessions information after mobile applications log in are obtained, according to login sessions information, Hole Detection is carried out to application programming interface information.Based on the embodiment above, realize the automatic registering and logging of mobile applications, solve the problems, such as that the application programming interface information that can not obtain logging state or acquisition application programming interface information are incomplete, to improve the integrality of mobile applications Hole Detection, the safety of mobile applications is improved.
Description
Technical field
The present invention relates to mobile internet technical fields, and in particular to a kind of leak detection method and device.
Background technique
With the development of mobile intelligent terminal, the safety problem on mobile platform also becomes increasingly conspicuous.Existing for mobile application
Security risk directly threatens the information security of mobile intelligent terminal user, in addition to the safety of mobile application client, also wraps
Include the safety for the server-side that mobile application client is connected.The security risk serious person of mobile solution service end can directly lead
Leaking data is caused, economic loss is caused.To avoid mobile solution service end, there are security risks, are detected by Vulnerability-scanning technology
Mobile solution service end application programming interface (API) security breaches.
At present there are mainly two types of mobile solution service end API leak detection methods:
One is static analysis is carried out to mobile application client, extraction server-side API information is submitted to Hole Detection and is drawn
Scanning loophole is held up, this method mainly carries out static analysis to mobile application client, extracts and services by semantic analyzer
Application programming interface information, including the address URL and corresponding parameter are held, Hole Detection engine scanning loophole is submitted to, however
Partial movement application service end API need scanning engine support using account log in after just can normally access, even if otherwise from
Client has extracted accurate API information, and scanning engine can not also detect the loophole of this part API.
Another kind is by automated testing method, and dynamic operation mobile application obtains server-side API information and submits to leakage
Hole detecting and alarm scans loophole, and this method mainly uses automated test frame, and dynamic operation mobile application passes through network
Agency obtains server-side API information, submits to Hole Detection engine scanning loophole.Wherein automated testing method is by obtaining page
Face element prime information, recognition button simulate clicking trigger network event and obtain server-side API information, but cannot achieve registration and step on
The automatic realization of record behavior, part registering functional also need mobile phone to verify.Therefore the Dynamic Extraction of automated test frame is used
The method of API information can not get the server-side API information accessed after login, also can not just detect the safety of part API
Property.
Summary of the invention
In view of the above problems, leak detection method and device of the invention are proposed, is moved in the prior art to solve
Vulnerability of application program detects incomplete problem.
According to an aspect of the invention, there is provided a kind of leak detection method, this method comprises:
For mobile application installation kit, multiple application pages are obtained;
Identifying processing is carried out to multiple application pages, obtains enrollment page and login page;
Pre-set user information and the first verification code information are input to enrollment page, to be registered;
If succeeding in registration, by pre-set user information input to login page, to be logged in;
If logining successfully, application programming interface information and login sessions letter after mobile applications log in are obtained
Breath carries out Hole Detection to application programming interface information according to login sessions information.
According to another aspect of the present invention, a kind of Hole Detection device is provided, which includes:
Application program crawler engine, for obtaining multiple application pages for mobile application installation kit;
Page processing module obtains enrollment page and login page for carrying out identifying processing to multiple application pages;
Input module, for pre-set user information and the first verification code information to be input to enrollment page, to be registered;
If succeeding in registration, by pre-set user information input to login page, to be logged in;
Application program crawler engine is further used for: after logining successfully, obtaining after mobile applications log in and applies journey
Sequence programming interface information and login sessions information;
Hole Detection module, for carrying out Hole Detection to the application programming interface according to login sessions information.
Leak detection method and device according to the present invention obtain multiple application pages for mobile application installation kit, right
Multiple application pages carry out identifying processing, obtain enrollment page and login page, and pre-set user information and the first identifying code are believed
Breath is input to enrollment page, to be registered, if succeeding in registration, by pre-set user information input to login page, to carry out
It logs in, if logining successfully, obtains application programming interface information and login sessions information after mobile applications log in, root
According to login sessions information, Hole Detection is carried out to application programming interface information.Based on the embodiment above, movement is realized
The automatic registering and logging of application program solves the application programming interface information that can not obtain logging state or obtains and answers
It is improved with the incomplete problem of Program Interfaces information to improve the integrality of mobile applications Hole Detection
The safety of mobile applications.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
It can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can be more
It becomes apparent, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows the flow chart of the embodiment one of leak detection method provided by the invention;
Fig. 2 shows the flow charts of the embodiment two of leak detection method provided by the invention;
Fig. 3 shows the functional block diagram of the embodiment one of Hole Detection device provided by the invention;
Fig. 4 shows the functional block diagram of the embodiment two of Hole Detection device provided by the invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
Fig. 1 shows the flow chart of the embodiment one of leak detection method provided by the invention.As shown in Figure 1, this implementation
The leak detection method of example, can specifically include following steps:
Step S100 obtains multiple application pages for mobile application installation kit.
Mobile application installation kit in the present embodiment can be desired be installed to that user downloads from application shop and move eventually
The application installation package at end can also be to be downloaded in mobile terminal using the browser on mobile terminal device and think to be mounted answer
It is generally speaking that user wants to judge whether there is the application installation package of loophole before the mounting with installation kit.
Each mobile application installation kit includes many application pages and interfaces, is by wechat of application installation package
Example, may include: enrollment page, login page, the address list page, Chat page, circle of friends page etc., part of interface
Safety can mobile applications login before just can detected, and the safety of part of interface can only movement answer
It can just detected after being logged in program, current embodiment require that can just detect safety after logging in mobile applications
Interface carry out Hole Detection multiple application pages are obtained from mobile application installation kit in this step.
Step S101 carries out identifying processing to multiple application pages, obtains enrollment page and login page.
Multiple application pages are obtained in the step s 100, need to carry out identifying processing to these pages, primarily to
Enrollment page and login page are identified from multiple application pages, to carry out the automatic registering and logging of mobile applications.
Pre-set user information and the first verification code information are input to enrollment page, to be registered by step S102.
Wherein, pre-set user information includes: pre-set user name character string and preset password character string, is used for mobile application journey
The registering and logging of sequence;First verification code information is used for the registration of mobile applications.
In the present embodiment, user information is preset, is moved using pre-set user information and the first verification code information
Dynamic application program registration, i.e., be input to enrollment page for pre-set user information and the first verification code information, carry out using registration.
Step S103, if succeeding in registration, by pre-set user information input to login page, to be logged in.
After succeeding in registration, the default use inputted when registering mobile applications in step S102 in enrollment page is utilized
Family information registration mobile applications specifically by pre-set user information input to login page, are logged in.
Step S104 obtains application programming interface information after mobile applications log in and steps on if logining successfully
Session information is recorded, according to login sessions information, Hole Detection is carried out to application programming interface information.
After using pre-set user information registration to login page, application programming after mobile applications log in is obtained
Interface message (API information) and login sessions information, wherein login sessions information shows that mobile applications have logged in, API letter
Breath is information accessed under mobile application logging state, according to login sessions information to application programming interface information into
Row Hole Detection can specifically match accessed API information with pre-stored vulnerability information, if API believes
Breath matches unanimously with pre-stored vulnerability information, then illustrating api interface, there are loopholes, prompts user's mobile applications simultaneously
It is dangerous, allow user to be decided whether that mobile applications are installed according to prompt.
The leak detection method provided according to that above embodiment of the present invention obtains multiple answer for mobile application installation kit
With the page, identifying processing is carried out to multiple application pages, enrollment page and login page are obtained, by pre-set user information and first
Verification code information is input to enrollment page, to be registered, if succeeding in registration, by pre-set user information input to log in page
Face, if logining successfully, obtains application programming interface information after mobile applications log in and logs in meeting to be logged in
Information is talked about, according to login sessions information, Hole Detection is carried out to application programming interface information.Based on the embodiment above,
The automatic registering and logging for realizing mobile application, solve the application programming interface information that can not obtain logging state or
The incomplete problem of application programming interface information is obtained, so that the integrality of mobile applications Hole Detection is improved,
Improve the safety of mobile applications.
Fig. 2 shows the flow charts of the embodiment two of leak detection method provided by the invention.As shown in Fig. 2, this implementation
The leak detection method of example, can specifically include following steps:
Step S200 imports mobile application installation kit and completes automatic installation and operation, executes automatic imitation and click, obtain more
A application page.
Specifically, each mobile application installation kit includes many application pages, is micro- with mobile application installation kit
For letter, it may include: enrollment page, login page, the address list page, Chat page, circle of friends page etc., to using journey
Sequence crawler engine imports mobile application installation kit and completes automatic installation and operation, executes automatic imitation by application program crawler engine
It clicks, obtains multiple application pages.
Step S201 carries out Text region processing and/or image recognition processing to multiple application pages, obtains registration page
Text box attribute information in face, login page and enrollment page and login page, record enrollment page and login page
Mapping relations.
After getting multiple application pages using step S200, identifying processing is carried out to above-mentioned multiple application pages, it is main
If carrying out Text region processing and/or image recognition processing, identification filters out the enrollment page in multiple application pages and steps on
Record the corresponding attribute information of text box in the page and the page, wherein text box attribute information is one of following information:
Username and password;Or user name, password and picture and text identifying code;Or user name, password and short message verification code, and record note
The mapping relations in album of paintings or calligraphy face and login page carry out primarily to can navigate to login page quickly after the registration is finished
It logs in.
In text box attribute information are as follows: when user name, password and short message verification code, need mobile terminal short-message verification, have
Body can step with the following method:
Step S202, triggering send short message verification code event, send to mobile terminal and obtain short message verification code request.
In the present embodiment, text box attribute information is being identified are as follows: in the case where user name, password and short message verification code,
Illustrate that registration is related to mobile terminal short-message verification, need to obtain short message verification code, short message verification code can be sent by triggering
Event sends to mobile terminal by way of to mobile terminal transmission short message and obtains short message verification code request, whole to movement
End send obtain short message verification code request after, will in etc. short message verification code state to be received.
Step S203 is received and is monitored the short-message verification that module response obtains short message verification code request and returns in mobile terminal
Code.
There is a monitoring module in the present embodiment, in mobile terminal, module is monitored after listening to and receiving short message, from short message
It identifies short message verification code, and responds and obtain short message verification code request return short message verification code, reception monitoring module returns short
Believe identifying code.
Pre-set user name character string, preset password character string and short message verification code are input to enrollment page by step S204,
To be registered.
Step S205, judgement registers whether success, if it is not, thening follow the steps S206;If so, thening follow the steps S207.
After receiving short message verification code, by pre-set user name character string, preset password character string and short message verification code
It is input to enrollment page, the login of mobile applications can be carried out by carrying out mobile applications registration if succeeding in registration,
If registration is unsuccessful, user is needed to manually complete registration.
Under normal circumstances, when mobile applications are registered, mailbox, phone number etc. is can use and carried out as user name
Registration, password can be randomly provided, such as English alphabet sum number combinatorics on words, and those skilled in the art can be according to actual needs
Pre-set user name character string and preset password character string are configured, do not illustrated here.
Step S206 returns to moving operation interface, so that user manually completes registration.
In the case where registration is failed, need to return moving operation interface to user, user, which can use, to be returned
Moving operation interface carries out mobile applications registration manually and is automatically performed after the registration is finished by application program crawler engine
Subsequent process steps.
Step S207 navigates to login page according to mapping relations, by pre-set user name character string, preset password character string
It is input to login page with the second verification code information, to be logged in.
Specifically, it is registered if completing mobile applications using step S204, in the note according to recorded in step S201
The mapping relations in album of paintings or calligraphy face and login page, navigate to login page, use pre-set user name when registering in step S204
Character string and preset password character string log in mobile applications, specifically, by pre-set user name character string, preset password character
String and the second verification code information are input to login page, to be logged in, wherein the second verification code information is used for mobile application journey
The login of sequence.
It, can be merely with after navigating to login page according to mapping relations in a kind of optional embodiment of the present invention
Pre-set user name character string, preset password character string are logged in, that is to say, that do not need using identifying code can login page,
Specifically, pre-set user name character string, preset password character string are input to login page, to be logged in.
Step S208, judges whether login succeeds, if it is not, thening follow the steps S209;If so, thening follow the steps S210.
Step S209 returns to moving operation interface, so that user manually completes login.
In the case where logging in failed, need to return moving operation interface to user, user, which can use, to be returned
Moving operation interface carries out mobile applications login manually, after completing to log in, is automatically performed by application program crawler engine
Subsequent process steps.
Step S210 obtains application programming interface information and login sessions information after mobile applications log in, root
According to the login sessions information, Hole Detection is carried out to application programming interface information.
After using pre-set user information registration to login page, obtains API information after application program logs in and log in meeting
Information is talked about, wherein login sessions information shows that mobile applications have logged in, and API information is under mobile applications logging state
Accessed information carries out Hole Detection to application programming interface information according to login sessions information, specifically, can be with
Accessed API information is matched with pre-stored vulnerability information, if API information and pre-stored vulnerability information
Matching is consistent, then illustrating api interface, there are loopholes, and prompt user's mobile applications are simultaneously dangerous, allow user according to prompt
Decide whether that mobile applications are installed.
The leak detection method provided according to that above embodiment of the present invention, realize mobile applications it is automatic registration and
It logs in, solve the application programming interface information that can not obtain logging state or obtains application programming interface information not
Complete problem, to improve the integrality of mobile applications Hole Detection;For needing short-message verification that could register
Mobile applications can send short message verification code event with automatic trigger, send to mobile terminal and obtain short message verification code request,
It receives and monitors the short message verification code that module response obtains short message verification code request and returns in mobile terminal, registered, solved
It cannot achieve the defect registered automatically in the prior art, for registration or register can not be automatically performed, return to movement
Operation interface manually completes registration or login for user, compiles so as to obtain application program after mobile applications log in
Journey interface message carries out Hole Detection to application programming interface information, so that more to the Hole Detections of mobile applications
To be comprehensive, the safety that user uses mobile applications is further improved.
Fig. 3 shows the functional block diagram of the embodiment one of Hole Detection device provided by the invention.As shown in figure 3, this reality
Hole Detection device in example is applied, can specifically include: application program crawler engine 300, page processing module 310, input module
320 and Hole Detection module 330.
Application program crawler engine 300, for obtaining multiple application pages for mobile application installation kit.
Page processing module 310 obtains enrollment page and log in page for carrying out identifying processing to multiple application pages
Face.
Input module 320, for pre-set user information and the first verification code information to be input to enrollment page, to be infused
Volume;If succeeding in registration, by pre-set user information input to login page, to be logged in.
Application program crawler engine 300 is further used for: after logining successfully, obtaining after mobile applications log in and applies
Program Interfaces information and login sessions information.
Hole Detection module 330, for being leaked to the application programming interface information according to login sessions information
Hole detection.
The Hole Detection device provided according to that above embodiment of the present invention obtains multiple answer for mobile application installation kit
With the page, identifying processing is carried out to multiple application pages, enrollment page and login page are obtained, by pre-set user information and first
Verification code information is input to enrollment page, to be registered, if succeeding in registration, by pre-set user information input to log in page
Face, if logining successfully, obtains application programming interface information after mobile applications log in and logs in meeting to be logged in
Information is talked about, according to the login sessions information, Hole Detection is carried out to application programming interface information.Based on above-mentioned embodiment party
Case realizes the automatic registering and logging of mobile applications, and the application programming of logging state can not be obtained by, which solving, connects
Message breath obtains the incomplete problem of application programming interface information, to improve mobile applications Hole Detection
Integrality improves the safety of mobile applications.
Fig. 4 shows the functional block diagram of the embodiment two of Hole Detection device provided by the invention.As shown in figure 4, this reality
Hole Detection device in example is applied, can specifically include: application program crawler engine 400, page processing module 410, input module
420 and Hole Detection module 430.
Application program crawler engine 400, for obtaining multiple application pages for mobile application installation kit.
Page processing module 410 obtains enrollment page and log in page for carrying out identifying processing to multiple application pages
Face.
Input module 420, for pre-set user information and the first verification code information to be input to enrollment page, to be infused
Volume;If succeeding in registration, by pre-set user information input to login page, to be logged in.
Application program crawler engine 400 is further used for: after logining successfully, obtaining after mobile applications log in and applies
Program Interfaces information and login sessions information.
Hole Detection module 430, for carrying out loophole inspection to application programming interface information according to login sessions information
It surveys.
Optionally, page processing module 410 is further used for: to multiple application pages carry out Text region processing and/or
Image recognition processing obtains enrollment page, the text box attribute information in login page and enrollment page and login page, note
Record the mapping relations of enrollment page and login page.
Optionally, input module 420 is further used for: navigating to login page according to mapping relations, pre-set user is believed
Breath and the second verification code information are input to login page, to be logged in.
Optionally, pre-set user information includes: pre-set user name character string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text are tested
Demonstrate,prove code;Or user name, password and short message verification code.
Optionally, if text box attribute information is user name, password and short message verification code, input module 420 is further used
In: triggering sends short message verification code event, sends to the mobile terminal and obtains short message verification code request, receives in mobile terminal
The short message verification code that module responds the acquisition short message verification code request and returns is monitored, by pre-set user name character string, is preset
Password string and short message verification code are input to the enrollment page, to be registered.
Optionally, if unregistered success or being not logged in success, device further include: interactive module 440, for returning to mobile behaviour
Make interface, so that user manually completes registration or login.
Optionally, application program crawler engine 400 is further used for: receive mobile application installation kit complete automatic installation and
Operation executes automatic imitation and clicks, obtains multiple application pages.
The Hole Detection device provided according to that above embodiment of the present invention realizes registering and step on automatically for mobile application
Record, solves the application programming interface information that can not obtain logging state or acquisition application programming interface information is endless
Whole problem, to improve the integrality of mobile applications Hole Detection;For needing what short-message verification could register to answer
With, it can be with automatic trigger transmission short message verification code event, to mobile terminal transmission acquisition short message verification code request, reception movement is whole
The short message verification code that module response obtains short message verification code request and returns is monitored in end, is registered, solves the prior art
In cannot achieve the defect registered automatically, for registration or register can not be automatically performed, return to moving operation interface, can
Registration or login are manually completed for user, so as to obtain application programming interface information after mobile applications log in,
Hole Detection is carried out to application programming interface information, so that more fully to the Hole Detections of mobile applications, into one
Step improves the safety that user uses mobile applications.
So far, although those skilled in the art will appreciate that present invention has been shown and described in detail herein multiple shows
Example property embodiment still without departing from the spirit and scope of the present invention, still can be directly true according to disclosure of invention
Determine or derive many other variations or modifications consistent with the principles of the invention.Therefore, the scope of the present invention is it should be understood that and recognize
It is set to and covers all such other variations or modifications.
It will be appreciated by those skilled in the art that embodiments of the present invention can be implemented as a kind of system, device, equipment,
Method or computer program product.In addition, the present invention is also not directed to any particular programming language, it should be appreciated that can use each
Kind programming language realizes the content that the present invention describes, and the description done above to language-specific is of the invention in order to disclose
Preferred forms.
In addition, although describing the present invention in the accompanying drawings with particular order implements operation, this is not required that or secretly
These operations must be executed in this particular order by showing, or is had to carry out operation shown in whole and be just able to achieve desired knot
Fruit.It can be omitted certain steps, multiple steps merged into a step and are executed, or a step is divided into multiple steps and is held
Row.
Method and specific implementation method of the invention are described in detail above, and give corresponding implementation
Example.Certainly, in addition to the implementation, the present invention can also have other embodiment, all to use equivalent substitution or equivalent transformation shape
At technical solution, all fall within invention which is intended to be protected.
The invention discloses: A1, a kind of leak detection method, which is characterized in that the described method includes:
For mobile application installation kit, multiple application pages are obtained;
Identifying processing is carried out to the multiple application page, obtains enrollment page and login page;
Pre-set user information and the first verification code information are input to the enrollment page, to be registered;
If succeeding in registration, by the pre-set user information input to the login page, to be logged in;
If logining successfully, application programming interface information and login sessions letter after mobile applications log in are obtained
Breath carries out Hole Detection to application programming interface information according to the login sessions information.
A2, method according to a1, which is characterized in that it is described that identifying processing is carried out to multiple application pages, it is infused
Album of paintings or calligraphy face and login page further comprise:
Text region processing and/or image recognition processing are carried out to the multiple application page, enrollment page is obtained, logs in
Text box attribute information in the page and enrollment page and login page, records the mapping of the enrollment page and login page
Relationship.
A3, the method according to A2, which is characterized in that it is described by pre-set user information input to the login page,
Further include: to be logged in
Login page is navigated to according to the mapping relations, the pre-set user information and the second verification code information are inputted
To the login page, to be logged in.
A4, the method according to A2 or A3, which is characterized in that the pre-set user information includes: pre-set user name
Symbol string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text are tested
Demonstrate,prove code;Or user name, password and short message verification code.
A5, method according to a4, which is characterized in that if text box attribute information is that user name, password and short message are tested
Code is demonstrate,proved, it is described that pre-set user information and the first verification code information are input to the enrollment page, to carry out registering further packet
It includes:
Triggering sends short message verification code event, sends to the mobile terminal and obtains short message verification code request;
It receives and monitors the short message verification code that module responds the acquisition short message verification code request and returns in mobile terminal;
Pre-set user name character string, preset password character string and short message verification code are input to the enrollment page, with into
Row registration.
A6, according to the described in any item methods of A1-A3, which is characterized in that it is described if unregistered success or being not logged in success
Method further include:
Moving operation interface is returned to, so that user manually completes registration or login.
A7, according to the described in any item methods of A1-A3, which is characterized in that it is described for mobile application installation kit, obtain more
A application page further comprises:
It imports mobile application installation kit and completes automatic installation and operation, execute automatic imitation and click, obtain multiple applications pages
Face.
The invention also discloses B8, a kind of Hole Detection device, which is characterized in that described device includes:
Application program crawler engine, for obtaining multiple application pages for mobile application installation kit;
Page processing module obtains enrollment page and log in page for carrying out identifying processing to the multiple application page
Face;
Input module, for pre-set user information and the first verification code information to be input to the enrollment page, to carry out
Registration;If succeeding in registration, by the pre-set user information input to the login page, to be logged in;
Application program crawler engine is further used for: after logining successfully, obtaining after mobile applications log in and applies journey
Sequence programming interface information and login sessions information;
Hole Detection module, for carrying out loophole to the application programming interface information according to login sessions information
Detection.
B9, the device according to B8, which is characterized in that the page processing module is further used for:
Text region processing and/or image recognition processing are carried out to the multiple application page, enrollment page is obtained, logs in
Text box attribute information in the page and enrollment page and login page, records the mapping of the enrollment page and login page
Relationship.
B10, the device according to B9, which is characterized in that the input module is further used for:
Login page is navigated to according to the mapping relations, the pre-set user information and the second verification code information are inputted
To the login page, to be logged in.
B11, the device according to B9 or B10, which is characterized in that the pre-set user information includes: pre-set user name
Character string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text are tested
Demonstrate,prove code;Or user name, password and short message verification code.
B12, the device according to B11, which is characterized in that if text box attribute information is user name, password and short message
Identifying code, the input module are further used for: triggering sends short message verification code event, and it is short to send acquisition to the mobile terminal
Believe identifying code request, receives and monitor the short-message verification that module responds the acquisition short message verification code request and returns in mobile terminal
Code, is input to the enrollment page for pre-set user name character string, preset password character string and short message verification code, to be infused
Volume.
B13, according to the described in any item devices of B8-B10, which is characterized in that if unregistered success or being not logged in success, institute
State device further include:
Interactive module, for returning to moving operation interface, so that user manually completes registration or login.
B14, according to the described in any item devices of B8-B10, which is characterized in that the application program crawler engine is further
For:
It receives mobile application installation kit and completes automatic installation and operation, execute automatic imitation and click, obtain multiple applications pages
Face.
Claims (14)
1. a kind of leak detection method, which is characterized in that the described method includes:
For mobile application installation kit, multiple application pages are obtained;
Identifying processing is carried out to the multiple application page, obtains enrollment page and login page;
Pre-set user information and the first verification code information are input to the enrollment page, to be registered;
If succeeding in registration, by the pre-set user information input to the login page, to be logged in;
If logining successfully, application programming interface information and login sessions information after mobile applications log in, root are obtained
According to the login sessions information, Hole Detection is carried out to application programming interface information.
2. being obtained the method according to claim 1, wherein carrying out identifying processing to the multiple application page
Enrollment page and login page further comprise:
Text region processing and/or image recognition processing are carried out to the multiple application page, obtain enrollment page, login page
And the text box attribute information in enrollment page and login page, the mapping for recording the enrollment page and login page are closed
System.
3. according to the method described in claim 2, it is characterized in that, described by pre-set user information input to the log in page
Face further includes: to be logged in
Login page is navigated to according to the mapping relations, the pre-set user information and the second verification code information are input to institute
Login page is stated, to be logged in.
4. according to the method in claim 2 or 3, which is characterized in that the pre-set user information includes: pre-set user name
Symbol string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text verifying
Code;Or user name, password and short message verification code.
5. according to the method described in claim 4, it is characterized in that, if text box attribute information is user name, password and short message
Identifying code, it is described that pre-set user information and the first verification code information are input to the enrollment page, register further
Include:
Triggering sends short message verification code event, sends to mobile terminal and obtains short message verification code request;
It receives and monitors the short message verification code that module responds the acquisition short message verification code request and returns in mobile terminal;
Pre-set user name character string, preset password character string and short message verification code are input to the enrollment page, to be infused
Volume.
6. method according to claim 1-3, which is characterized in that if unregistered success or being not logged in success, institute
State method further include:
Moving operation interface is returned to, so that user manually completes registration or login.
7. method according to claim 1-3, which is characterized in that it is described for mobile application installation kit, it obtains
Multiple application pages further comprise:
It imports mobile application installation kit and completes automatic installation and operation, execute automatic imitation and click, obtain multiple application pages.
8. a kind of Hole Detection device, which is characterized in that described device includes:
Application program crawler engine, for obtaining multiple application pages for mobile application installation kit;
Page processing module obtains enrollment page and login page for carrying out identifying processing to the multiple application page;
Input module, for pre-set user information and the first verification code information to be input to the enrollment page, to be registered;
If succeeding in registration, by the pre-set user information input to the login page, to be logged in;
Application program crawler engine is further used for: after logining successfully, obtaining application program after mobile applications log in and compiles
Journey interface message and login sessions information;
Hole Detection module, for carrying out Hole Detection to the application programming interface information according to login sessions information.
9. device according to claim 8, which is characterized in that the page processing module is further used for:
Text region processing and/or image recognition processing are carried out to the multiple application page, obtain enrollment page, login page
And the text box attribute information in enrollment page and login page, the mapping for recording the enrollment page and login page are closed
System.
10. device according to claim 9, which is characterized in that the input module is further used for:
Login page is navigated to according to the mapping relations, the pre-set user information and the second verification code information are input to institute
Login page is stated, to be logged in.
11. device according to claim 9 or 10, which is characterized in that the pre-set user information includes: pre-set user name
Character string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text verifying
Code;Or user name, password and short message verification code.
12. device according to claim 11, which is characterized in that if text box attribute information is user name, password and short
Believe that identifying code, the input module are further used for: triggering sends short message verification code event, sends to mobile terminal and obtains short message
Identifying code request receives and monitors the short-message verification that module responds the acquisition short message verification code request and returns in mobile terminal
Code, is input to the enrollment page for pre-set user name character string, preset password character string and short message verification code, to be infused
Volume.
13. according to the described in any item devices of claim 8-10, which is characterized in that if unregistered success or being not logged in success,
Described device further include:
Interactive module, for returning to moving operation interface, so that user manually completes registration or login.
14. according to the described in any item devices of claim 8-10, which is characterized in that the application program crawler engine is further
For:
It receives mobile application installation kit and completes automatic installation and operation, execute automatic imitation and click, obtain multiple application pages.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610392723.XA CN105827664B (en) | 2016-06-06 | 2016-06-06 | Leak detection method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610392723.XA CN105827664B (en) | 2016-06-06 | 2016-06-06 | Leak detection method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105827664A CN105827664A (en) | 2016-08-03 |
CN105827664B true CN105827664B (en) | 2019-01-29 |
Family
ID=56532798
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610392723.XA Active CN105827664B (en) | 2016-06-06 | 2016-06-06 | Leak detection method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105827664B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106295353B (en) * | 2016-08-08 | 2020-04-07 | 腾讯科技(深圳)有限公司 | Engine vulnerability detection method and detection device |
CN106453275A (en) * | 2016-09-23 | 2017-02-22 | 成都知道创宇信息技术有限公司 | Method for identifying character verification code in Web loophole scanner |
CN106685938B (en) * | 2016-12-16 | 2019-07-05 | 杭州迪普科技股份有限公司 | A kind of method and apparatus generating protection configuration for login page |
CN107682361B (en) * | 2017-10-31 | 2020-04-14 | 平安科技(深圳)有限公司 | Website vulnerability scanning method and device, computer equipment and storage medium |
CN109688122B (en) * | 2018-12-18 | 2021-04-30 | 西安四叶草信息技术有限公司 | Data acquisition method and equipment |
CN111723374B (en) * | 2020-06-05 | 2024-06-11 | 绿盟科技集团股份有限公司 | Vulnerability scanning method and device |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101369272A (en) * | 2007-08-17 | 2009-02-18 | 徐萍 | Auto-filling system and method for auto-filling registration or login information |
CN101272237B (en) * | 2008-04-22 | 2010-10-06 | 北京飞天诚信科技有限公司 | Method and system for automatically generating and filling login information |
CN104468459B (en) * | 2013-09-12 | 2018-10-02 | 深圳市腾讯计算机***有限公司 | A kind of leak detection method and device |
CN103714292B (en) * | 2014-01-15 | 2016-10-05 | 四川师范大学 | A kind of detection method of vulnerability exploit code |
CN103984900B (en) * | 2014-05-19 | 2017-03-01 | 南京赛宁信息技术有限公司 | Android application leak detection method and system |
CN104537309A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | Application program bug detection method, application program bug detection device and server |
-
2016
- 2016-06-06 CN CN201610392723.XA patent/CN105827664B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN105827664A (en) | 2016-08-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105827664B (en) | Leak detection method and device | |
US10243904B1 (en) | Determining authenticity of reported user action in cybersecurity risk assessment | |
CN110378749B (en) | Client similarity evaluation method and device, terminal equipment and storage medium | |
CN104093141B (en) | The login method of terminal applies, device, client and electronic equipment | |
CN109376078B (en) | Mobile application testing method, terminal equipment and medium | |
CN110324311A (en) | Method, apparatus, computer equipment and the storage medium of Hole Detection | |
CN108011863A (en) | Identify the method and device of Brute Force | |
CN103634317A (en) | Method and system of performing safety appraisal on malicious web site information on basis of cloud safety | |
CN105847288B (en) | A kind of identifying code treating method and apparatus | |
CN103297394B (en) | Website security detection method and device | |
CN105635178B (en) | Ensure the block type Network Access Method and device of safety | |
JP2019519008A (en) | Method, apparatus, server and computer readable storage medium for information leak inspection | |
CN109976995B (en) | Method and apparatus for testing | |
CN107135195A (en) | The detection method and device of abnormal user account | |
CN111241517A (en) | Method and device for constructing biological characteristic verification question-answer library | |
CN106550031A (en) | The method and device of data backup | |
CN104698919A (en) | Method and device for inspecting intelligent terminal | |
CN103986731A (en) | Method and device for detecting phishing web pages through picture matching | |
CN106209757A (en) | Automatically detection and convenient login method, device and the system of filling entry field | |
CN108011868A (en) | One kind slides verification method and mobile terminal | |
CN109656829A (en) | Test method and device based on docker | |
CN108156165A (en) | A kind of method and system for reporting detection by mistake | |
CN106250761B (en) | Equipment, device and method for identifying web automation tool | |
CN105337739B (en) | Safe login method, device, server and terminal | |
CA2984790C (en) | System and method for performing screen capture-based sensitive information protection within a call center environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Room 3F301, C2 Building, Suzhou 2.5 Industrial Park, 88 Dongchang Road, Suzhou Industrial Park, Jiangsu Province Applicant after: JIANGSU PAYEGIS TECHNOLOGY CO., LTD. Address before: A street in Suzhou City, Jiangsu Province Industrial Park No. 388 innovation park off No. 6 Building 5 floor Applicant before: JIANGSU PAYEGIS TECHNOLOGY CO., LTD. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |