CN105827664B - Leak detection method and device - Google Patents

Leak detection method and device Download PDF

Info

Publication number
CN105827664B
CN105827664B CN201610392723.XA CN201610392723A CN105827664B CN 105827664 B CN105827664 B CN 105827664B CN 201610392723 A CN201610392723 A CN 201610392723A CN 105827664 B CN105827664 B CN 105827664B
Authority
CN
China
Prior art keywords
page
information
login
verification code
short message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610392723.XA
Other languages
Chinese (zh)
Other versions
CN105827664A (en
Inventor
汪德嘉
张瑞钦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Payegis Technology Co Ltd
Original Assignee
Jiangsu Payegis Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Payegis Technology Co Ltd filed Critical Jiangsu Payegis Technology Co Ltd
Priority to CN201610392723.XA priority Critical patent/CN105827664B/en
Publication of CN105827664A publication Critical patent/CN105827664A/en
Application granted granted Critical
Publication of CN105827664B publication Critical patent/CN105827664B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of leak detection method and devices.Wherein method includes: to obtain multiple application pages for mobile application installation kit;Identifying processing is carried out to multiple application pages, obtains enrollment page and login page;Pre-set user information and the first verification code information are input to enrollment page, to be registered;If succeeding in registration, by pre-set user information input to login page, to be logged in;If logining successfully, application programming interface information and login sessions information after mobile applications log in are obtained, according to login sessions information, Hole Detection is carried out to application programming interface information.Based on the embodiment above, realize the automatic registering and logging of mobile applications, solve the problems, such as that the application programming interface information that can not obtain logging state or acquisition application programming interface information are incomplete, to improve the integrality of mobile applications Hole Detection, the safety of mobile applications is improved.

Description

Leak detection method and device
Technical field
The present invention relates to mobile internet technical fields, and in particular to a kind of leak detection method and device.
Background technique
With the development of mobile intelligent terminal, the safety problem on mobile platform also becomes increasingly conspicuous.Existing for mobile application Security risk directly threatens the information security of mobile intelligent terminal user, in addition to the safety of mobile application client, also wraps Include the safety for the server-side that mobile application client is connected.The security risk serious person of mobile solution service end can directly lead Leaking data is caused, economic loss is caused.To avoid mobile solution service end, there are security risks, are detected by Vulnerability-scanning technology Mobile solution service end application programming interface (API) security breaches.
At present there are mainly two types of mobile solution service end API leak detection methods:
One is static analysis is carried out to mobile application client, extraction server-side API information is submitted to Hole Detection and is drawn Scanning loophole is held up, this method mainly carries out static analysis to mobile application client, extracts and services by semantic analyzer Application programming interface information, including the address URL and corresponding parameter are held, Hole Detection engine scanning loophole is submitted to, however Partial movement application service end API need scanning engine support using account log in after just can normally access, even if otherwise from Client has extracted accurate API information, and scanning engine can not also detect the loophole of this part API.
Another kind is by automated testing method, and dynamic operation mobile application obtains server-side API information and submits to leakage Hole detecting and alarm scans loophole, and this method mainly uses automated test frame, and dynamic operation mobile application passes through network Agency obtains server-side API information, submits to Hole Detection engine scanning loophole.Wherein automated testing method is by obtaining page Face element prime information, recognition button simulate clicking trigger network event and obtain server-side API information, but cannot achieve registration and step on The automatic realization of record behavior, part registering functional also need mobile phone to verify.Therefore the Dynamic Extraction of automated test frame is used The method of API information can not get the server-side API information accessed after login, also can not just detect the safety of part API Property.
Summary of the invention
In view of the above problems, leak detection method and device of the invention are proposed, is moved in the prior art to solve Vulnerability of application program detects incomplete problem.
According to an aspect of the invention, there is provided a kind of leak detection method, this method comprises:
For mobile application installation kit, multiple application pages are obtained;
Identifying processing is carried out to multiple application pages, obtains enrollment page and login page;
Pre-set user information and the first verification code information are input to enrollment page, to be registered;
If succeeding in registration, by pre-set user information input to login page, to be logged in;
If logining successfully, application programming interface information and login sessions letter after mobile applications log in are obtained Breath carries out Hole Detection to application programming interface information according to login sessions information.
According to another aspect of the present invention, a kind of Hole Detection device is provided, which includes:
Application program crawler engine, for obtaining multiple application pages for mobile application installation kit;
Page processing module obtains enrollment page and login page for carrying out identifying processing to multiple application pages;
Input module, for pre-set user information and the first verification code information to be input to enrollment page, to be registered; If succeeding in registration, by pre-set user information input to login page, to be logged in;
Application program crawler engine is further used for: after logining successfully, obtaining after mobile applications log in and applies journey Sequence programming interface information and login sessions information;
Hole Detection module, for carrying out Hole Detection to the application programming interface according to login sessions information.
Leak detection method and device according to the present invention obtain multiple application pages for mobile application installation kit, right Multiple application pages carry out identifying processing, obtain enrollment page and login page, and pre-set user information and the first identifying code are believed Breath is input to enrollment page, to be registered, if succeeding in registration, by pre-set user information input to login page, to carry out It logs in, if logining successfully, obtains application programming interface information and login sessions information after mobile applications log in, root According to login sessions information, Hole Detection is carried out to application programming interface information.Based on the embodiment above, movement is realized The automatic registering and logging of application program solves the application programming interface information that can not obtain logging state or obtains and answers It is improved with the incomplete problem of Program Interfaces information to improve the integrality of mobile applications Hole Detection The safety of mobile applications.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, It can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can be more It becomes apparent, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows the flow chart of the embodiment one of leak detection method provided by the invention;
Fig. 2 shows the flow charts of the embodiment two of leak detection method provided by the invention;
Fig. 3 shows the functional block diagram of the embodiment one of Hole Detection device provided by the invention;
Fig. 4 shows the functional block diagram of the embodiment two of Hole Detection device provided by the invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
Fig. 1 shows the flow chart of the embodiment one of leak detection method provided by the invention.As shown in Figure 1, this implementation The leak detection method of example, can specifically include following steps:
Step S100 obtains multiple application pages for mobile application installation kit.
Mobile application installation kit in the present embodiment can be desired be installed to that user downloads from application shop and move eventually The application installation package at end can also be to be downloaded in mobile terminal using the browser on mobile terminal device and think to be mounted answer It is generally speaking that user wants to judge whether there is the application installation package of loophole before the mounting with installation kit.
Each mobile application installation kit includes many application pages and interfaces, is by wechat of application installation package Example, may include: enrollment page, login page, the address list page, Chat page, circle of friends page etc., part of interface Safety can mobile applications login before just can detected, and the safety of part of interface can only movement answer It can just detected after being logged in program, current embodiment require that can just detect safety after logging in mobile applications Interface carry out Hole Detection multiple application pages are obtained from mobile application installation kit in this step.
Step S101 carries out identifying processing to multiple application pages, obtains enrollment page and login page.
Multiple application pages are obtained in the step s 100, need to carry out identifying processing to these pages, primarily to Enrollment page and login page are identified from multiple application pages, to carry out the automatic registering and logging of mobile applications.
Pre-set user information and the first verification code information are input to enrollment page, to be registered by step S102.
Wherein, pre-set user information includes: pre-set user name character string and preset password character string, is used for mobile application journey The registering and logging of sequence;First verification code information is used for the registration of mobile applications.
In the present embodiment, user information is preset, is moved using pre-set user information and the first verification code information Dynamic application program registration, i.e., be input to enrollment page for pre-set user information and the first verification code information, carry out using registration.
Step S103, if succeeding in registration, by pre-set user information input to login page, to be logged in.
After succeeding in registration, the default use inputted when registering mobile applications in step S102 in enrollment page is utilized Family information registration mobile applications specifically by pre-set user information input to login page, are logged in.
Step S104 obtains application programming interface information after mobile applications log in and steps on if logining successfully Session information is recorded, according to login sessions information, Hole Detection is carried out to application programming interface information.
After using pre-set user information registration to login page, application programming after mobile applications log in is obtained Interface message (API information) and login sessions information, wherein login sessions information shows that mobile applications have logged in, API letter Breath is information accessed under mobile application logging state, according to login sessions information to application programming interface information into Row Hole Detection can specifically match accessed API information with pre-stored vulnerability information, if API believes Breath matches unanimously with pre-stored vulnerability information, then illustrating api interface, there are loopholes, prompts user's mobile applications simultaneously It is dangerous, allow user to be decided whether that mobile applications are installed according to prompt.
The leak detection method provided according to that above embodiment of the present invention obtains multiple answer for mobile application installation kit With the page, identifying processing is carried out to multiple application pages, enrollment page and login page are obtained, by pre-set user information and first Verification code information is input to enrollment page, to be registered, if succeeding in registration, by pre-set user information input to log in page Face, if logining successfully, obtains application programming interface information after mobile applications log in and logs in meeting to be logged in Information is talked about, according to login sessions information, Hole Detection is carried out to application programming interface information.Based on the embodiment above, The automatic registering and logging for realizing mobile application, solve the application programming interface information that can not obtain logging state or The incomplete problem of application programming interface information is obtained, so that the integrality of mobile applications Hole Detection is improved, Improve the safety of mobile applications.
Fig. 2 shows the flow charts of the embodiment two of leak detection method provided by the invention.As shown in Fig. 2, this implementation The leak detection method of example, can specifically include following steps:
Step S200 imports mobile application installation kit and completes automatic installation and operation, executes automatic imitation and click, obtain more A application page.
Specifically, each mobile application installation kit includes many application pages, is micro- with mobile application installation kit For letter, it may include: enrollment page, login page, the address list page, Chat page, circle of friends page etc., to using journey Sequence crawler engine imports mobile application installation kit and completes automatic installation and operation, executes automatic imitation by application program crawler engine It clicks, obtains multiple application pages.
Step S201 carries out Text region processing and/or image recognition processing to multiple application pages, obtains registration page Text box attribute information in face, login page and enrollment page and login page, record enrollment page and login page Mapping relations.
After getting multiple application pages using step S200, identifying processing is carried out to above-mentioned multiple application pages, it is main If carrying out Text region processing and/or image recognition processing, identification filters out the enrollment page in multiple application pages and steps on Record the corresponding attribute information of text box in the page and the page, wherein text box attribute information is one of following information: Username and password;Or user name, password and picture and text identifying code;Or user name, password and short message verification code, and record note The mapping relations in album of paintings or calligraphy face and login page carry out primarily to can navigate to login page quickly after the registration is finished It logs in.
In text box attribute information are as follows: when user name, password and short message verification code, need mobile terminal short-message verification, have Body can step with the following method:
Step S202, triggering send short message verification code event, send to mobile terminal and obtain short message verification code request.
In the present embodiment, text box attribute information is being identified are as follows: in the case where user name, password and short message verification code, Illustrate that registration is related to mobile terminal short-message verification, need to obtain short message verification code, short message verification code can be sent by triggering Event sends to mobile terminal by way of to mobile terminal transmission short message and obtains short message verification code request, whole to movement End send obtain short message verification code request after, will in etc. short message verification code state to be received.
Step S203 is received and is monitored the short-message verification that module response obtains short message verification code request and returns in mobile terminal Code.
There is a monitoring module in the present embodiment, in mobile terminal, module is monitored after listening to and receiving short message, from short message It identifies short message verification code, and responds and obtain short message verification code request return short message verification code, reception monitoring module returns short Believe identifying code.
Pre-set user name character string, preset password character string and short message verification code are input to enrollment page by step S204, To be registered.
Step S205, judgement registers whether success, if it is not, thening follow the steps S206;If so, thening follow the steps S207.
After receiving short message verification code, by pre-set user name character string, preset password character string and short message verification code It is input to enrollment page, the login of mobile applications can be carried out by carrying out mobile applications registration if succeeding in registration, If registration is unsuccessful, user is needed to manually complete registration.
Under normal circumstances, when mobile applications are registered, mailbox, phone number etc. is can use and carried out as user name Registration, password can be randomly provided, such as English alphabet sum number combinatorics on words, and those skilled in the art can be according to actual needs Pre-set user name character string and preset password character string are configured, do not illustrated here.
Step S206 returns to moving operation interface, so that user manually completes registration.
In the case where registration is failed, need to return moving operation interface to user, user, which can use, to be returned Moving operation interface carries out mobile applications registration manually and is automatically performed after the registration is finished by application program crawler engine Subsequent process steps.
Step S207 navigates to login page according to mapping relations, by pre-set user name character string, preset password character string It is input to login page with the second verification code information, to be logged in.
Specifically, it is registered if completing mobile applications using step S204, in the note according to recorded in step S201 The mapping relations in album of paintings or calligraphy face and login page, navigate to login page, use pre-set user name when registering in step S204 Character string and preset password character string log in mobile applications, specifically, by pre-set user name character string, preset password character String and the second verification code information are input to login page, to be logged in, wherein the second verification code information is used for mobile application journey The login of sequence.
It, can be merely with after navigating to login page according to mapping relations in a kind of optional embodiment of the present invention Pre-set user name character string, preset password character string are logged in, that is to say, that do not need using identifying code can login page, Specifically, pre-set user name character string, preset password character string are input to login page, to be logged in.
Step S208, judges whether login succeeds, if it is not, thening follow the steps S209;If so, thening follow the steps S210.
Step S209 returns to moving operation interface, so that user manually completes login.
In the case where logging in failed, need to return moving operation interface to user, user, which can use, to be returned Moving operation interface carries out mobile applications login manually, after completing to log in, is automatically performed by application program crawler engine Subsequent process steps.
Step S210 obtains application programming interface information and login sessions information after mobile applications log in, root According to the login sessions information, Hole Detection is carried out to application programming interface information.
After using pre-set user information registration to login page, obtains API information after application program logs in and log in meeting Information is talked about, wherein login sessions information shows that mobile applications have logged in, and API information is under mobile applications logging state Accessed information carries out Hole Detection to application programming interface information according to login sessions information, specifically, can be with Accessed API information is matched with pre-stored vulnerability information, if API information and pre-stored vulnerability information Matching is consistent, then illustrating api interface, there are loopholes, and prompt user's mobile applications are simultaneously dangerous, allow user according to prompt Decide whether that mobile applications are installed.
The leak detection method provided according to that above embodiment of the present invention, realize mobile applications it is automatic registration and It logs in, solve the application programming interface information that can not obtain logging state or obtains application programming interface information not Complete problem, to improve the integrality of mobile applications Hole Detection;For needing short-message verification that could register Mobile applications can send short message verification code event with automatic trigger, send to mobile terminal and obtain short message verification code request, It receives and monitors the short message verification code that module response obtains short message verification code request and returns in mobile terminal, registered, solved It cannot achieve the defect registered automatically in the prior art, for registration or register can not be automatically performed, return to movement Operation interface manually completes registration or login for user, compiles so as to obtain application program after mobile applications log in Journey interface message carries out Hole Detection to application programming interface information, so that more to the Hole Detections of mobile applications To be comprehensive, the safety that user uses mobile applications is further improved.
Fig. 3 shows the functional block diagram of the embodiment one of Hole Detection device provided by the invention.As shown in figure 3, this reality Hole Detection device in example is applied, can specifically include: application program crawler engine 300, page processing module 310, input module 320 and Hole Detection module 330.
Application program crawler engine 300, for obtaining multiple application pages for mobile application installation kit.
Page processing module 310 obtains enrollment page and log in page for carrying out identifying processing to multiple application pages Face.
Input module 320, for pre-set user information and the first verification code information to be input to enrollment page, to be infused Volume;If succeeding in registration, by pre-set user information input to login page, to be logged in.
Application program crawler engine 300 is further used for: after logining successfully, obtaining after mobile applications log in and applies Program Interfaces information and login sessions information.
Hole Detection module 330, for being leaked to the application programming interface information according to login sessions information Hole detection.
The Hole Detection device provided according to that above embodiment of the present invention obtains multiple answer for mobile application installation kit With the page, identifying processing is carried out to multiple application pages, enrollment page and login page are obtained, by pre-set user information and first Verification code information is input to enrollment page, to be registered, if succeeding in registration, by pre-set user information input to log in page Face, if logining successfully, obtains application programming interface information after mobile applications log in and logs in meeting to be logged in Information is talked about, according to the login sessions information, Hole Detection is carried out to application programming interface information.Based on above-mentioned embodiment party Case realizes the automatic registering and logging of mobile applications, and the application programming of logging state can not be obtained by, which solving, connects Message breath obtains the incomplete problem of application programming interface information, to improve mobile applications Hole Detection Integrality improves the safety of mobile applications.
Fig. 4 shows the functional block diagram of the embodiment two of Hole Detection device provided by the invention.As shown in figure 4, this reality Hole Detection device in example is applied, can specifically include: application program crawler engine 400, page processing module 410, input module 420 and Hole Detection module 430.
Application program crawler engine 400, for obtaining multiple application pages for mobile application installation kit.
Page processing module 410 obtains enrollment page and log in page for carrying out identifying processing to multiple application pages Face.
Input module 420, for pre-set user information and the first verification code information to be input to enrollment page, to be infused Volume;If succeeding in registration, by pre-set user information input to login page, to be logged in.
Application program crawler engine 400 is further used for: after logining successfully, obtaining after mobile applications log in and applies Program Interfaces information and login sessions information.
Hole Detection module 430, for carrying out loophole inspection to application programming interface information according to login sessions information It surveys.
Optionally, page processing module 410 is further used for: to multiple application pages carry out Text region processing and/or Image recognition processing obtains enrollment page, the text box attribute information in login page and enrollment page and login page, note Record the mapping relations of enrollment page and login page.
Optionally, input module 420 is further used for: navigating to login page according to mapping relations, pre-set user is believed Breath and the second verification code information are input to login page, to be logged in.
Optionally, pre-set user information includes: pre-set user name character string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text are tested Demonstrate,prove code;Or user name, password and short message verification code.
Optionally, if text box attribute information is user name, password and short message verification code, input module 420 is further used In: triggering sends short message verification code event, sends to the mobile terminal and obtains short message verification code request, receives in mobile terminal The short message verification code that module responds the acquisition short message verification code request and returns is monitored, by pre-set user name character string, is preset Password string and short message verification code are input to the enrollment page, to be registered.
Optionally, if unregistered success or being not logged in success, device further include: interactive module 440, for returning to mobile behaviour Make interface, so that user manually completes registration or login.
Optionally, application program crawler engine 400 is further used for: receive mobile application installation kit complete automatic installation and Operation executes automatic imitation and clicks, obtains multiple application pages.
The Hole Detection device provided according to that above embodiment of the present invention realizes registering and step on automatically for mobile application Record, solves the application programming interface information that can not obtain logging state or acquisition application programming interface information is endless Whole problem, to improve the integrality of mobile applications Hole Detection;For needing what short-message verification could register to answer With, it can be with automatic trigger transmission short message verification code event, to mobile terminal transmission acquisition short message verification code request, reception movement is whole The short message verification code that module response obtains short message verification code request and returns is monitored in end, is registered, solves the prior art In cannot achieve the defect registered automatically, for registration or register can not be automatically performed, return to moving operation interface, can Registration or login are manually completed for user, so as to obtain application programming interface information after mobile applications log in, Hole Detection is carried out to application programming interface information, so that more fully to the Hole Detections of mobile applications, into one Step improves the safety that user uses mobile applications.
So far, although those skilled in the art will appreciate that present invention has been shown and described in detail herein multiple shows Example property embodiment still without departing from the spirit and scope of the present invention, still can be directly true according to disclosure of invention Determine or derive many other variations or modifications consistent with the principles of the invention.Therefore, the scope of the present invention is it should be understood that and recognize It is set to and covers all such other variations or modifications.
It will be appreciated by those skilled in the art that embodiments of the present invention can be implemented as a kind of system, device, equipment, Method or computer program product.In addition, the present invention is also not directed to any particular programming language, it should be appreciated that can use each Kind programming language realizes the content that the present invention describes, and the description done above to language-specific is of the invention in order to disclose Preferred forms.
In addition, although describing the present invention in the accompanying drawings with particular order implements operation, this is not required that or secretly These operations must be executed in this particular order by showing, or is had to carry out operation shown in whole and be just able to achieve desired knot Fruit.It can be omitted certain steps, multiple steps merged into a step and are executed, or a step is divided into multiple steps and is held Row.
Method and specific implementation method of the invention are described in detail above, and give corresponding implementation Example.Certainly, in addition to the implementation, the present invention can also have other embodiment, all to use equivalent substitution or equivalent transformation shape At technical solution, all fall within invention which is intended to be protected.
The invention discloses: A1, a kind of leak detection method, which is characterized in that the described method includes:
For mobile application installation kit, multiple application pages are obtained;
Identifying processing is carried out to the multiple application page, obtains enrollment page and login page;
Pre-set user information and the first verification code information are input to the enrollment page, to be registered;
If succeeding in registration, by the pre-set user information input to the login page, to be logged in;
If logining successfully, application programming interface information and login sessions letter after mobile applications log in are obtained Breath carries out Hole Detection to application programming interface information according to the login sessions information.
A2, method according to a1, which is characterized in that it is described that identifying processing is carried out to multiple application pages, it is infused Album of paintings or calligraphy face and login page further comprise:
Text region processing and/or image recognition processing are carried out to the multiple application page, enrollment page is obtained, logs in Text box attribute information in the page and enrollment page and login page, records the mapping of the enrollment page and login page Relationship.
A3, the method according to A2, which is characterized in that it is described by pre-set user information input to the login page, Further include: to be logged in
Login page is navigated to according to the mapping relations, the pre-set user information and the second verification code information are inputted To the login page, to be logged in.
A4, the method according to A2 or A3, which is characterized in that the pre-set user information includes: pre-set user name Symbol string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text are tested Demonstrate,prove code;Or user name, password and short message verification code.
A5, method according to a4, which is characterized in that if text box attribute information is that user name, password and short message are tested Code is demonstrate,proved, it is described that pre-set user information and the first verification code information are input to the enrollment page, to carry out registering further packet It includes:
Triggering sends short message verification code event, sends to the mobile terminal and obtains short message verification code request;
It receives and monitors the short message verification code that module responds the acquisition short message verification code request and returns in mobile terminal;
Pre-set user name character string, preset password character string and short message verification code are input to the enrollment page, with into Row registration.
A6, according to the described in any item methods of A1-A3, which is characterized in that it is described if unregistered success or being not logged in success Method further include:
Moving operation interface is returned to, so that user manually completes registration or login.
A7, according to the described in any item methods of A1-A3, which is characterized in that it is described for mobile application installation kit, obtain more A application page further comprises:
It imports mobile application installation kit and completes automatic installation and operation, execute automatic imitation and click, obtain multiple applications pages Face.
The invention also discloses B8, a kind of Hole Detection device, which is characterized in that described device includes:
Application program crawler engine, for obtaining multiple application pages for mobile application installation kit;
Page processing module obtains enrollment page and log in page for carrying out identifying processing to the multiple application page Face;
Input module, for pre-set user information and the first verification code information to be input to the enrollment page, to carry out Registration;If succeeding in registration, by the pre-set user information input to the login page, to be logged in;
Application program crawler engine is further used for: after logining successfully, obtaining after mobile applications log in and applies journey Sequence programming interface information and login sessions information;
Hole Detection module, for carrying out loophole to the application programming interface information according to login sessions information Detection.
B9, the device according to B8, which is characterized in that the page processing module is further used for:
Text region processing and/or image recognition processing are carried out to the multiple application page, enrollment page is obtained, logs in Text box attribute information in the page and enrollment page and login page, records the mapping of the enrollment page and login page Relationship.
B10, the device according to B9, which is characterized in that the input module is further used for:
Login page is navigated to according to the mapping relations, the pre-set user information and the second verification code information are inputted To the login page, to be logged in.
B11, the device according to B9 or B10, which is characterized in that the pre-set user information includes: pre-set user name Character string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text are tested Demonstrate,prove code;Or user name, password and short message verification code.
B12, the device according to B11, which is characterized in that if text box attribute information is user name, password and short message Identifying code, the input module are further used for: triggering sends short message verification code event, and it is short to send acquisition to the mobile terminal Believe identifying code request, receives and monitor the short-message verification that module responds the acquisition short message verification code request and returns in mobile terminal Code, is input to the enrollment page for pre-set user name character string, preset password character string and short message verification code, to be infused Volume.
B13, according to the described in any item devices of B8-B10, which is characterized in that if unregistered success or being not logged in success, institute State device further include:
Interactive module, for returning to moving operation interface, so that user manually completes registration or login.
B14, according to the described in any item devices of B8-B10, which is characterized in that the application program crawler engine is further For:
It receives mobile application installation kit and completes automatic installation and operation, execute automatic imitation and click, obtain multiple applications pages Face.

Claims (14)

1. a kind of leak detection method, which is characterized in that the described method includes:
For mobile application installation kit, multiple application pages are obtained;
Identifying processing is carried out to the multiple application page, obtains enrollment page and login page;
Pre-set user information and the first verification code information are input to the enrollment page, to be registered;
If succeeding in registration, by the pre-set user information input to the login page, to be logged in;
If logining successfully, application programming interface information and login sessions information after mobile applications log in, root are obtained According to the login sessions information, Hole Detection is carried out to application programming interface information.
2. being obtained the method according to claim 1, wherein carrying out identifying processing to the multiple application page Enrollment page and login page further comprise:
Text region processing and/or image recognition processing are carried out to the multiple application page, obtain enrollment page, login page And the text box attribute information in enrollment page and login page, the mapping for recording the enrollment page and login page are closed System.
3. according to the method described in claim 2, it is characterized in that, described by pre-set user information input to the log in page Face further includes: to be logged in
Login page is navigated to according to the mapping relations, the pre-set user information and the second verification code information are input to institute Login page is stated, to be logged in.
4. according to the method in claim 2 or 3, which is characterized in that the pre-set user information includes: pre-set user name Symbol string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text verifying Code;Or user name, password and short message verification code.
5. according to the method described in claim 4, it is characterized in that, if text box attribute information is user name, password and short message Identifying code, it is described that pre-set user information and the first verification code information are input to the enrollment page, register further Include:
Triggering sends short message verification code event, sends to mobile terminal and obtains short message verification code request;
It receives and monitors the short message verification code that module responds the acquisition short message verification code request and returns in mobile terminal;
Pre-set user name character string, preset password character string and short message verification code are input to the enrollment page, to be infused Volume.
6. method according to claim 1-3, which is characterized in that if unregistered success or being not logged in success, institute State method further include:
Moving operation interface is returned to, so that user manually completes registration or login.
7. method according to claim 1-3, which is characterized in that it is described for mobile application installation kit, it obtains Multiple application pages further comprise:
It imports mobile application installation kit and completes automatic installation and operation, execute automatic imitation and click, obtain multiple application pages.
8. a kind of Hole Detection device, which is characterized in that described device includes:
Application program crawler engine, for obtaining multiple application pages for mobile application installation kit;
Page processing module obtains enrollment page and login page for carrying out identifying processing to the multiple application page;
Input module, for pre-set user information and the first verification code information to be input to the enrollment page, to be registered; If succeeding in registration, by the pre-set user information input to the login page, to be logged in;
Application program crawler engine is further used for: after logining successfully, obtaining application program after mobile applications log in and compiles Journey interface message and login sessions information;
Hole Detection module, for carrying out Hole Detection to the application programming interface information according to login sessions information.
9. device according to claim 8, which is characterized in that the page processing module is further used for:
Text region processing and/or image recognition processing are carried out to the multiple application page, obtain enrollment page, login page And the text box attribute information in enrollment page and login page, the mapping for recording the enrollment page and login page are closed System.
10. device according to claim 9, which is characterized in that the input module is further used for:
Login page is navigated to according to the mapping relations, the pre-set user information and the second verification code information are input to institute Login page is stated, to be logged in.
11. device according to claim 9 or 10, which is characterized in that the pre-set user information includes: pre-set user name Character string and preset password character string;
Text box attribute information is one of following information: username and password;Or user name, password and picture and text verifying Code;Or user name, password and short message verification code.
12. device according to claim 11, which is characterized in that if text box attribute information is user name, password and short Believe that identifying code, the input module are further used for: triggering sends short message verification code event, sends to mobile terminal and obtains short message Identifying code request receives and monitors the short-message verification that module responds the acquisition short message verification code request and returns in mobile terminal Code, is input to the enrollment page for pre-set user name character string, preset password character string and short message verification code, to be infused Volume.
13. according to the described in any item devices of claim 8-10, which is characterized in that if unregistered success or being not logged in success, Described device further include:
Interactive module, for returning to moving operation interface, so that user manually completes registration or login.
14. according to the described in any item devices of claim 8-10, which is characterized in that the application program crawler engine is further For:
It receives mobile application installation kit and completes automatic installation and operation, execute automatic imitation and click, obtain multiple application pages.
CN201610392723.XA 2016-06-06 2016-06-06 Leak detection method and device Active CN105827664B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610392723.XA CN105827664B (en) 2016-06-06 2016-06-06 Leak detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610392723.XA CN105827664B (en) 2016-06-06 2016-06-06 Leak detection method and device

Publications (2)

Publication Number Publication Date
CN105827664A CN105827664A (en) 2016-08-03
CN105827664B true CN105827664B (en) 2019-01-29

Family

ID=56532798

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610392723.XA Active CN105827664B (en) 2016-06-06 2016-06-06 Leak detection method and device

Country Status (1)

Country Link
CN (1) CN105827664B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106295353B (en) * 2016-08-08 2020-04-07 腾讯科技(深圳)有限公司 Engine vulnerability detection method and detection device
CN106453275A (en) * 2016-09-23 2017-02-22 成都知道创宇信息技术有限公司 Method for identifying character verification code in Web loophole scanner
CN106685938B (en) * 2016-12-16 2019-07-05 杭州迪普科技股份有限公司 A kind of method and apparatus generating protection configuration for login page
CN107682361B (en) * 2017-10-31 2020-04-14 平安科技(深圳)有限公司 Website vulnerability scanning method and device, computer equipment and storage medium
CN109688122B (en) * 2018-12-18 2021-04-30 西安四叶草信息技术有限公司 Data acquisition method and equipment
CN111723374B (en) * 2020-06-05 2024-06-11 绿盟科技集团股份有限公司 Vulnerability scanning method and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369272A (en) * 2007-08-17 2009-02-18 徐萍 Auto-filling system and method for auto-filling registration or login information
CN101272237B (en) * 2008-04-22 2010-10-06 北京飞天诚信科技有限公司 Method and system for automatically generating and filling login information
CN104468459B (en) * 2013-09-12 2018-10-02 深圳市腾讯计算机***有限公司 A kind of leak detection method and device
CN103714292B (en) * 2014-01-15 2016-10-05 四川师范大学 A kind of detection method of vulnerability exploit code
CN103984900B (en) * 2014-05-19 2017-03-01 南京赛宁信息技术有限公司 Android application leak detection method and system
CN104537309A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 Application program bug detection method, application program bug detection device and server

Also Published As

Publication number Publication date
CN105827664A (en) 2016-08-03

Similar Documents

Publication Publication Date Title
CN105827664B (en) Leak detection method and device
US10243904B1 (en) Determining authenticity of reported user action in cybersecurity risk assessment
CN110378749B (en) Client similarity evaluation method and device, terminal equipment and storage medium
CN104093141B (en) The login method of terminal applies, device, client and electronic equipment
CN109376078B (en) Mobile application testing method, terminal equipment and medium
CN110324311A (en) Method, apparatus, computer equipment and the storage medium of Hole Detection
CN108011863A (en) Identify the method and device of Brute Force
CN103634317A (en) Method and system of performing safety appraisal on malicious web site information on basis of cloud safety
CN105847288B (en) A kind of identifying code treating method and apparatus
CN103297394B (en) Website security detection method and device
CN105635178B (en) Ensure the block type Network Access Method and device of safety
JP2019519008A (en) Method, apparatus, server and computer readable storage medium for information leak inspection
CN109976995B (en) Method and apparatus for testing
CN107135195A (en) The detection method and device of abnormal user account
CN111241517A (en) Method and device for constructing biological characteristic verification question-answer library
CN106550031A (en) The method and device of data backup
CN104698919A (en) Method and device for inspecting intelligent terminal
CN103986731A (en) Method and device for detecting phishing web pages through picture matching
CN106209757A (en) Automatically detection and convenient login method, device and the system of filling entry field
CN108011868A (en) One kind slides verification method and mobile terminal
CN109656829A (en) Test method and device based on docker
CN108156165A (en) A kind of method and system for reporting detection by mistake
CN106250761B (en) Equipment, device and method for identifying web automation tool
CN105337739B (en) Safe login method, device, server and terminal
CA2984790C (en) System and method for performing screen capture-based sensitive information protection within a call center environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Room 3F301, C2 Building, Suzhou 2.5 Industrial Park, 88 Dongchang Road, Suzhou Industrial Park, Jiangsu Province

Applicant after: JIANGSU PAYEGIS TECHNOLOGY CO., LTD.

Address before: A street in Suzhou City, Jiangsu Province Industrial Park No. 388 innovation park off No. 6 Building 5 floor

Applicant before: JIANGSU PAYEGIS TECHNOLOGY CO., LTD.

GR01 Patent grant
GR01 Patent grant