CN114186274A - Method, device, electronic equipment and medium for protecting website data - Google Patents

Method, device, electronic equipment and medium for protecting website data Download PDF

Info

Publication number
CN114186274A
CN114186274A CN202111509758.4A CN202111509758A CN114186274A CN 114186274 A CN114186274 A CN 114186274A CN 202111509758 A CN202111509758 A CN 202111509758A CN 114186274 A CN114186274 A CN 114186274A
Authority
CN
China
Prior art keywords
website
domain name
blacklist
calling
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111509758.4A
Other languages
Chinese (zh)
Inventor
周捷
冯勇伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Anheng Information Security Technology Co Ltd
Original Assignee
Hangzhou Anheng Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Anheng Information Security Technology Co Ltd filed Critical Hangzhou Anheng Information Security Technology Co Ltd
Priority to CN202111509758.4A priority Critical patent/CN114186274A/en
Publication of CN114186274A publication Critical patent/CN114186274A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Virology (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a method, a device, electronic equipment and a medium for protecting website data, and mainly relates to the field of data protection. The method comprises the steps of firstly executing a preset code hijack target function to obtain a rewriting function, wherein the target function is used for calling a webrtc protocol for communication; then, when the rewriting function is called by the website, acquiring attribute information of the website through a preset code, wherein the attribute information comprises a domain name and an address of the website; judging whether the domain name of the website is in a blacklist or not; and if the current state is in the blacklist, blocking the website from calling the rewriting function. According to the method, whether the webrtc protocol is used or not can be accurately captured by dynamically calling the rewriting function, whether the website abuses the webrtc protocol or not is judged by whether the domain name of the website is in the blacklist or not, the website is blocked from calling the rewriting function when the domain name of the website is in the blacklist, the abuse of the webrtc protocol can be efficiently and accurately blocked, and the problem that the user privacy is stolen by abusing the webrtc protocol is effectively solved.

Description

Method, device, electronic equipment and medium for protecting website data
Technical Field
The present application relates to the field of data protection, and in particular, to a method, an apparatus, an electronic device, and a medium for protecting website data.
Background
With the development of hypertext markup language (html) technology, more and more protocols are introduced into html5 standard, and the content in the dialog box of the browser is richer and more powerful. In order to introduce a point-to-point audio-video communication function, a web instant messaging (webrtc) protocol is introduced into a browser. Two users using browsers can establish peer-to-peer communication with a third party server via the webrtc protocol. Due to point-to-point communication, a bottom-layer protocol of the webrtc is a user data packet protocol (UDP), each agent in the browser cannot cover the webrtc protocol, a network tag in browser debugging cannot capture related traffic, and meanwhile, part of newer defense strategies such as a content security strategy (CSP) can be bypassed by the webrtc protocol. The webrtc protocol brings many risks, is easy to cause data leakage, and has non-trivial threats to professional users.
At present, through devices such as a deep belief internet behavior management system and the like, webpage content accessed by a user is detected and keyword matching is carried out from a traffic layer, and when the fact that the webpage accessed by the user abuses a webrtc protocol to steal the privacy of the user is discovered, the access of the user is blocked. In the current method, static analysis is carried out on webpage contents accessed by a user, and the static analysis is easy to avoid, so that the phenomenon that the user privacy is stolen by abusing the webrtc protocol cannot be found easily.
Therefore, how to solve the problem of stealing user privacy by abusing the webrtc protocol is a problem to be solved urgently by the technical personnel in the field.
Disclosure of Invention
The application aims to provide a method, a device, electronic equipment and a medium for protecting website data, which can efficiently and accurately block abuse of a webrtc protocol and are used for solving the problem that the privacy of a user is stolen by abusing the webrtc protocol.
In order to solve the above technical problem, the present application provides a method for protecting website data, including:
executing a preset code hijack target function to obtain a rewriting function, wherein the target function is used for calling a webrtc protocol for communication;
when the rewriting function is called by the website, acquiring attribute information of the website through a preset code, wherein the attribute information comprises a domain name and an address of the website;
judging whether the domain name of the website is in a blacklist or not;
and if the current state is in the blacklist, blocking the website from calling the rewriting function.
Preferably, before determining whether the domain name of the website is in the blacklist, the method further includes:
judging whether the domain name of the website is in a white list or not;
if the white list is available, the website is allowed to call the rewriting function.
Preferably, if the domain name is neither in the black list nor in the white list, the method further includes:
calling an interface of threat intelligence, and judging whether attribute information of the website is the threat intelligence;
if the threat intelligence is present, the website is blocked from calling the rewriting function, and otherwise, the calling is allowed.
Preferably, the method further comprises the following steps:
and reporting the domain name in the blacklist and the domain name which is not in the blacklist or the white list to a management server, wherein the management server is used for carrying out data judgment and manual analysis on the domain name.
Preferably, the white list and the black list are lists issued by the management server.
Preferably, the method further comprises the following steps:
the management server communicates using the data exchange format Json.
Preferably, an alert is issued if the domain name of the website is on the blacklist.
In order to solve the above technical problem, the present application further provides a device for protecting website data, including:
the execution module is used for executing a preset code hijack target function to obtain a rewriting function, and the target function is used for calling a webrtc protocol for communication;
the acquisition module is used for acquiring attribute information of the website through a preset code when the rewriting function is called by the website, wherein the attribute information comprises a domain name and an address of the website;
the judging module is used for judging whether the domain name of the website is in a blacklist or not;
and the blocking module is used for blocking the website from calling the rewriting function when the domain name of the website is in the blacklist.
In order to solve the above technical problem, the present application further provides an electronic device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the method for protecting the website data when executing the computer program.
In order to solve the above technical problem, the present application further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of the method for protecting website data are implemented.
The application provides a method for protecting website data, which comprises the steps of executing a preset code hijack target function to obtain a rewriting function, wherein the target function is used for calling a webrtc protocol for communication; then, when the rewriting function is called by the website, acquiring attribute information of the website through a preset code, wherein the attribute information comprises a domain name and an address of the website; judging whether the domain name of the website is in a blacklist or not; and if the current state is in the blacklist, blocking the website from calling the rewriting function. According to the method, whether the webrtc protocol is used or not can be accurately captured by dynamically calling the rewriting function, whether the website abuses the webrtc protocol or not is judged by whether the domain name of the website is in the blacklist or not, the website is blocked from calling the rewriting function when the domain name of the website is in the blacklist, the website is blocked from calling the webrtc protocol, abuse of the webrtc protocol can be efficiently and accurately blocked, and the problem that the user privacy is stolen by abusing the webrtc protocol is effectively solved.
In addition, the device, the electronic equipment and the medium for protecting the website data provided by the application correspond to the method for protecting the website data, and the effects are as above.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is a flow chart of a method for protecting website data provided by the present application;
FIG. 2 is a block diagram of an apparatus for protecting website data according to the present application;
fig. 3 is a block diagram of an electronic device provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
The core of the application is to provide a method for protecting website data, which can efficiently and accurately block abuse of a webrtc protocol and effectively solve the problem that the user privacy is stolen by abusing the webrtc protocol.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.
Fig. 1 is a flowchart of a method for protecting website data according to the present application. As shown in fig. 1, the method includes:
s1: and executing a preset code hijack target function to obtain a rewriting function, wherein the target function is used for calling a webrtc protocol for communication.
The html page is provided with a plurality of tags, wherein the tags capable of dynamically executing codes are script tags, the script tags can execute javascript codes in the page, the javascript codes can render a browser page for a user, and data are dynamically processed, acquired and updated. when the webrtc protocol is used, a target function is required to initialize a real-time communication (rtc) object, and then a method in the rtc object is further called to realize communication of a webrtc protocol link. In this embodiment, the preset code hijack target function is executed to rewrite the preset code hijack target function to obtain a rewrite function, and when a website initialization rtc object exists, whether the website calls the webrtc protocol or not can be captured by sensing whether the rewrite function is called or not. It should be noted that the objective function in this embodiment is a window. rtcpeerconnection function, but the specific implementation is not limited thereto, and the type of the objective function is not limited in this embodiment.
S2: when the rewriting function is called by the website, the attribute information of the website is obtained through the preset code, and the attribute information comprises the domain name and the address of the website.
In this embodiment, when the rewrite function is called by a website, the attribute information of the website currently executing the rewrite function can be acquired by the preset code, so that it is convenient to subsequently determine whether to allow the website to call the rewrite function according to the attribute information of the website. It should be noted that the attribute information includes a domain name and an address of the website, and whether the website is allowed to call the rewrite function is determined according to the domain name and the address of the website, in a specific implementation, the determination is not limited to be performed according to the domain name and the address of the website, and other information such as a program of the website may also be acquired to determine whether the website is allowed to call the rewrite function, which is not limited in this embodiment.
S3: and judging whether the domain name of the website is in a blacklist or not.
In this embodiment, the data in the blacklist is derived from data accumulation and threat intelligence, and the host in the threat intelligence is directly listed in the blacklist to prevent the host from establishing a communication tunnel with the browser.
S4: and if the current state is in the blacklist, blocking the website from calling the rewriting function.
In this embodiment, if the domain name of the website is in the blacklist, it indicates that the website is malicious to use the rewrite function to call the webrtc protocol, and therefore the website is blocked from calling the rewrite function.
The embodiment provides a method for protecting website data, which comprises the steps of executing a preset code hijack target function to obtain a rewrite function, wherein the target function is used for calling a webrtc protocol for communication; then, when the rewriting function is called by the website, acquiring attribute information of the website through a preset code, wherein the attribute information comprises a domain name and an address of the website; judging whether the domain name of the website is in a blacklist or not; and if the current state is in the blacklist, blocking the website from calling the rewriting function. According to the method, whether the webrtc protocol is used or not can be accurately captured by dynamically calling the rewrite function, whether the webrtc protocol is abused or not of the website is judged by whether the domain name of the website is in the blacklist or not, the website abused the webrtc protocol is indicated when the domain name of the website is in the blacklist, the website is blocked from calling the rewrite function, the website is further blocked from calling the webrtc protocol, abuse of the webrtc protocol can be effectively and accurately blocked, and the problem that the user privacy is stolen by abusing the webrtc protocol is effectively solved.
Before determining whether the domain name of the website is in the black list, it needs to first determine whether the domain name of the website is in the white list. The method comprises the following steps:
judging whether the domain name of the website is in a white list or not;
if the white list is available, the website is allowed to call the rewriting function.
In this embodiment, the data in the white list is derived from data accumulation, and if the domain name of the website is in the white list, it indicates that the website is not a malicious webrtc protocol, so that the website is allowed to call the rewrite function, and if the domain name of the website is not in the white list, it is continuously determined whether the domain name of the website is in the black list, so as to determine whether the website is allowed to call the rewrite function.
The embodiment supplements the condition that the website is allowed to call the rewrite function, judges whether the domain name of the website is in a white list, allows the website to call the rewrite function if the domain name of the website is in the white list, and does not need to judge whether the domain name is in a black list, thereby simplifying the operation steps.
In the above embodiment, whether to allow the rewrite function to be called is determined according to whether the domain name is in the black list or the white list, and if the domain name is not in the black list or the white list, the attribute information of the website needs to be further determined. The method comprises the following steps:
calling an interface of threat intelligence, and judging whether attribute information of the website is the threat intelligence;
if the threat intelligence is present, the website is blocked from calling the rewriting function, and otherwise, the calling is allowed.
In this embodiment, since the data in the blacklist is derived from threat intelligence, it is not enough to determine whether the domain name of the website is threat intelligence, and it is necessary to comprehensively determine whether the website is allowed to call the rewrite function according to the attribute information of the website.
The embodiment describes the condition that the domain name is not in the blacklist or the white list, when the domain name of the website is judged to be not in the blacklist or the white list, an interface of threat intelligence is called to obtain the threat intelligence, whether attribute information of the website is the threat intelligence is judged, when the attribute information of the website is the threat intelligence, the website is blocked from calling the rewrite function, otherwise, the website is allowed to call the rewrite function, so that whether the website with the domain name not in the blacklist or the white list is allowed to call the rewrite function is determined.
After the above embodiment completes the judgment of the domain name, the embodiment reports the domain name of the malicious calling website to the management server, and the management server performs unified management and processing. The method comprises the following steps:
and reporting the domain name in the blacklist and the domain name which is not in the blacklist or the white list to a management server, wherein the management server is used for carrying out data judgment and manual analysis on the domain name.
In this embodiment, since the domain name that is neither in the blacklist nor in the white list cannot be directly determined, when the domain name that is determined to be in the blacklist is reported, the domain name that is neither in the blacklist nor in the white list needs to be reported, so that the management server can perform determination analysis on the domain name. In addition, the management server receives the reported domain name, judges whether the website corresponding to the domain name is a malicious calling webrtc or not by carrying out data judgment and manual analysis on the domain name, and if the website corresponding to the domain name is judged to be the malicious calling webrtc, the management server adds the domain name into a blacklist to update data in the blacklist; and if the webrtc is judged not to be called maliciously, judging whether the website corresponding to the domain name can provide the service normally or not through conventional audio and video website acquisition, and if the website can provide the service normally, adding the domain name into a white list to update the data in the white list.
In this embodiment, the domain name in the blacklist and the domain name neither in the blacklist nor in the white list, which are obtained by the judgment, are reported to the management server, so that the management server can perform unified management and processing on the domain names, and after the management server receives the reported domain name, the blacklist and the white list are updated by performing data judgment and manual analysis on the reported domain name.
In the foregoing embodiment, it is mentioned that the black list and the white list are derived from data accumulation, and the management server needs to perform data determination and manual analysis on the reported domain name to update the black list and the white list. In this embodiment, the white list and the black list are lists issued by the management server.
In this embodiment, the white list and the black list used for judgment in the foregoing embodiment are limited to the list issued by the management server, so as to ensure that the white list and the black list used for judgment are the latest list updated by the management server, and thus, the accuracy of judging whether to allow the website to call the rewrite function according to whether the domain name of the website is in the white list or the black list is strongly ensured.
In the above embodiments, it is mentioned that, the receiving of the black list and the white list and the reporting of the domain name both need to communicate with the management server, and since the above embodiments do not describe the manner of communicating with the management server, this embodiment will supplement this description. The method comprises the following steps:
the management server communicates using the data exchange format Json.
Table 1 is a common data format classification table used in the present application, and table 2 is a definition table of data formats in a white list and a black list, in this embodiment, a lightweight data exchange format Json is used to communicate with a management server, as shown in table 1, in this embodiment, a domain name of a website is reported in a form of a character string, as shown in table 2, data in the white list and the black list is in an array form, and is specifically represented as a character string. Because the data formats in the white list and the black list are consistent with the data format of the management server communication and are both character strings, the domain name can be directly added into the corresponding list according to the analysis result after the management server carries out data judgment and manual analysis on the reported domain name.
TABLE 1 common data format classification table
Figure BDA0003404783090000071
Table 2 definition table of data format in white list and black list
Figure BDA0003404783090000072
The embodiment supplements and explains the communication mode with the management server, and the data transmission rate is effectively improved by using a lightweight data exchange format Json to communicate with the management server.
In the above embodiment, it is mentioned that whether the website is allowed to call the rewrite function is determined according to whether the domain name of the website is in the blacklist, and the embodiment issues an alarm after determining that the domain name of the website is in the blacklist.
In this embodiment, a supplementary description is given to a case where the domain name of the website is in the blacklist, and if the domain name of the website is in the blacklist, an alarm is issued to prompt the user that the webrtc protocol is maliciously invoked by the website.
In the foregoing embodiments, a method for protecting website data is described in detail, and the present application also provides embodiments corresponding to an apparatus for protecting website data. It should be noted that the present application describes the embodiments of the apparatus portion from two perspectives, one from the perspective of the function module and the other from the perspective of the hardware.
Fig. 2 is a structural diagram of an apparatus for protecting website data according to the present application. As shown in fig. 2, the apparatus includes:
the execution module 10 is configured to execute a preset code hijack target function to obtain a rewrite function, where the target function is used to call a webrtc protocol for communication;
the acquisition module 11 is configured to acquire attribute information of a website through a preset code when the rewrite function is called by the website, where the attribute information includes a domain name and an address of the website;
the judging module 12 is configured to judge whether the domain name of the website is in a blacklist;
and the blocking module 13 is configured to block the website from calling the rewrite function when the domain name of the website is in the blacklist.
Since the embodiments of the apparatus portion and the method portion correspond to each other, please refer to the description of the embodiments of the method portion for the embodiments of the apparatus portion, which is not repeated here.
Fig. 3 is a block diagram of an electronic device according to another embodiment of the present application, and as shown in fig. 3, the electronic device includes: a memory 20 for storing a computer program;
a processor 21 for implementing the steps of the method of protecting website data as mentioned in the above embodiments when executing the computer program.
The electronic device provided by the embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, or a desktop computer.
The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The Processor 21 may be implemented in hardware using at least one of a Digital Signal Processor (DSP), a Field-Programmable Gate Array (FPGA), and a Programmable Logic Array (PLA). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a Graphics Processing Unit (GPU) which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 21 may further include an Artificial Intelligence (AI) processor for processing computational operations related to machine learning.
The memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing the following computer program 201, wherein after being loaded and executed by the processor 21, the computer program can implement the relevant steps of the method for protecting website data disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may also include an operating system 202, data 203, and the like, and the storage manner may be a transient storage manner or a permanent storage manner. Operating system 202 may include, among others, Windows, Unix, Linux, and the like. Data 203 may include, but is not limited to, attribute information of a website, and the like.
In some embodiments, the electronic device may further include a display 22, an input/output interface 23, a communication interface 24, a power supply 25, and a communication bus 26.
Those skilled in the art will appreciate that the configuration shown in fig. 3 is not limiting of the electronic device and may include more or fewer components than those shown.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of protecting website data as set forth in the above-mentioned method embodiments.
It is to be understood that if the method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods described in the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The method, the apparatus, the electronic device, and the medium for protecting website data provided by the present application are described in detail above. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. A method for protecting data of a website, comprising:
executing a preset code hijack target function to obtain a rewriting function, wherein the target function is used for calling a webrtc protocol for communication;
when the rewriting function is called by a website, acquiring attribute information of the website through the preset code, wherein the attribute information comprises a domain name and an address of the website;
judging whether the domain name of the website is in a blacklist or not;
and if the current state is in the blacklist, blocking the website from calling the rewriting function.
2. The method of protecting website data as recited in claim 1, further comprising, prior to said determining whether the domain name of the website is on a blacklist:
judging whether the domain name of the website is in a white list or not;
and if the current website is in the white list, allowing the website to call the rewriting function.
3. The method of claim 2, wherein if the domain name is neither in the blacklist nor in the whitelist, further comprising:
calling an interface of threat intelligence to judge whether the attribute information of the website is the threat intelligence;
and if the threat intelligence is the threat intelligence, blocking the website from calling the rewriting function, and otherwise, allowing the website to call.
4. The method of protecting website data according to claim 3, further comprising:
and reporting the domain name in the blacklist and the domain name which is not in the blacklist or the white list to a management server, wherein the management server is used for carrying out data judgment and manual analysis on the domain name.
5. The method of claim 4, wherein the white list and the black list are lists issued by the management server.
6. The method of protecting website data according to claim 4, further comprising:
communicating with the management server using a data interchange format Json.
7. The method of claim 1, wherein an alert is issued if the domain name of the website is on the blacklist.
8. An apparatus for protecting data of a website, comprising:
the execution module is used for executing a preset code hijack target function to obtain a rewriting function, and the target function is used for calling a webrtc protocol for communication;
the acquisition module is used for acquiring the attribute information of the website through the preset code when the rewriting function is called by the website, wherein the attribute information comprises a domain name and an address of the website;
the judging module is used for judging whether the domain name of the website is in a blacklist or not;
and the blocking module is used for blocking the website from calling the rewriting function when the domain name of the website is in the blacklist.
9. An electronic device, comprising a memory for storing a computer program;
a processor for implementing the steps of the method of protecting website data according to any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of protecting website data according to any one of claims 1 to 7.
CN202111509758.4A 2021-12-10 2021-12-10 Method, device, electronic equipment and medium for protecting website data Pending CN114186274A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111509758.4A CN114186274A (en) 2021-12-10 2021-12-10 Method, device, electronic equipment and medium for protecting website data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111509758.4A CN114186274A (en) 2021-12-10 2021-12-10 Method, device, electronic equipment and medium for protecting website data

Publications (1)

Publication Number Publication Date
CN114186274A true CN114186274A (en) 2022-03-15

Family

ID=80604454

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111509758.4A Pending CN114186274A (en) 2021-12-10 2021-12-10 Method, device, electronic equipment and medium for protecting website data

Country Status (1)

Country Link
CN (1) CN114186274A (en)

Similar Documents

Publication Publication Date Title
EP3100200B1 (en) Web service sandbox system
US10484424B2 (en) Method and system for security protection of account information
US9747441B2 (en) Preventing phishing attacks
CN111737692B (en) Application program risk detection method and device, equipment and storage medium
JP2014510353A (en) Risk detection processing method and apparatus for website address
CN111711617A (en) Method and device for detecting web crawler, electronic equipment and storage medium
CN111163095B (en) Network attack analysis method, network attack analysis device, computing device, and medium
CN111008348A (en) Anti-crawler method, terminal, server and computer readable storage medium
CN111163094B (en) Network attack detection method, network attack detection device, electronic device, and medium
CN112653670A (en) Service logic vulnerability detection method, device, storage medium and terminal
CN107180194B (en) Method and device for vulnerability detection based on visual analysis system
CN114528517A (en) View processing method and device, electronic equipment and computer readable medium
CN114157568B (en) Browser secure access method, device, equipment and storage medium
CN106789973B (en) Page security detection method and terminal equipment
CN115809056B (en) Component multiplexing implementation method and device, terminal equipment and readable storage medium
CN114186274A (en) Method, device, electronic equipment and medium for protecting website data
CN106933666B (en) Method for calling information input program and electronic equipment
CN114329149A (en) Detection method and device for automatically capturing page information, electronic equipment and readable storage medium
CN111262842B (en) Webpage tamper-proofing method and device, electronic equipment and storage medium
CN112351008B (en) Network attack analysis method and device, readable storage medium and computer equipment
US11381596B1 (en) Analyzing and mitigating website privacy issues by automatically classifying cookies
CN113326462A (en) H5 page watermarking method, server, computer equipment and storage medium
CN114978691B (en) Camouflage method, device and medium for honeypot
CN114553524B (en) Traffic data processing method and device, electronic equipment and gateway
CN115834183A (en) Flow detection method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination