CN114816784A - Data acquisition method, data acquisition device, electronic equipment, storage medium and program product - Google Patents
Data acquisition method, data acquisition device, electronic equipment, storage medium and program product Download PDFInfo
- Publication number
- CN114816784A CN114816784A CN202110129757.0A CN202110129757A CN114816784A CN 114816784 A CN114816784 A CN 114816784A CN 202110129757 A CN202110129757 A CN 202110129757A CN 114816784 A CN114816784 A CN 114816784A
- Authority
- CN
- China
- Prior art keywords
- data
- target application
- transmission channel
- data transmission
- data request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 230000004044 response Effects 0.000 claims abstract description 87
- 230000005540 biological transmission Effects 0.000 claims abstract description 86
- 238000001514 detection method Methods 0.000 claims abstract description 5
- 238000004590 computer program Methods 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 5
- 238000011835 investigation Methods 0.000 abstract description 21
- 238000007405 data analysis Methods 0.000 abstract description 12
- 238000013481 data capture Methods 0.000 abstract description 9
- 238000004364 calculation method Methods 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 12
- 239000012776 electronic material Substances 0.000 description 12
- 230000008569 process Effects 0.000 description 12
- 238000004891 communication Methods 0.000 description 7
- 230000006399 behavior Effects 0.000 description 6
- 239000003795 chemical substances by application Substances 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000003111 delayed effect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 230000002035 prolonged effect Effects 0.000 description 3
- 238000013480 data collection Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/546—Message passing systems or structures, e.g. queues
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/547—Messaging middleware
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/548—Queue
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the disclosure discloses a data acquisition method, a data acquisition device, an electronic device, a storage medium and a program product, wherein the data acquisition method comprises the following steps: in response to the detection that the target application sends a data request, acquiring the data request through a local data transmission channel by using a VPN service instance, and adding the data request into a message queue corresponding to the local data transmission channel; storing and analyzing the data request, and acquiring a destination address and first preset data of the data request; and establishing a remote data transmission channel between the message queue and the destination address, and sending the data request corresponding to the target application in the message queue to the destination address through the remote data transmission channel. The technical scheme can realize directional data capture of designated application, timely acquire required data, has simple operation flow and low calculation cost and time cost, and can effectively shorten the data analysis flow and ensure the investigation working timeliness.
Description
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a data acquisition method, an apparatus, an electronic device, a storage medium, and a program product.
Background
With the development of internet technology, a lot of data is transmitted through an internet platform or an internet application, including some data which can be used as an electronic material evidence. If the relevant electronic material evidence data are manually acquired when the investigation work is needed, the data acquisition time is delayed, the data analysis process is prolonged, and the investigation work timeliness is influenced. To solve this problem, the prior art generally adopts the following two schemes: the method comprises the following steps that 1, a mobile phone agent is configured, and the flow of a mobile phone is captured by computer packet capturing software, although the scheme can achieve data capture, the mobile phone and the computer are required to be under the same wifi, a network agent is also required to be configured, and directional data capture of specified application cannot be achieved; 2, the data packet transmitted in the network is completely intercepted and analyzed by using a tcpdump packet capturing command, the scheme needs higher calculation cost and longer time, and the mobile phone needs to be refreshed, so that the operation flow is complex.
Disclosure of Invention
The embodiment of the disclosure provides a data acquisition method, a data acquisition device, an electronic device, a storage medium and a program product.
In a first aspect, an embodiment of the present disclosure provides a data acquisition method.
Specifically, the data acquisition method includes:
in response to the detection that the target application sends a data request, acquiring the data request through a local data transmission channel by using a VPN service instance, and adding the data request into a message queue corresponding to the local data transmission channel, wherein target application identification information and the corresponding data request are stored in the message queue;
storing and analyzing the data request, and acquiring a destination address and first preset data of the data request;
and establishing a remote data transmission channel between the message queue and the destination address, and sending the data request corresponding to the target application in the message queue to the destination address through the remote data transmission channel.
With reference to the first aspect, in a first implementation manner of the first aspect, the present disclosure further includes:
the VPN service instance is created based on available VPN interfaces.
With reference to the first aspect and the first implementation manner of the first aspect, in a second implementation manner of the first aspect, an embodiment of the present disclosure further includes:
and determining a storage file corresponding to the target application identification information.
With reference to the first aspect, the first implementation manner of the first aspect, and the second implementation manner of the first aspect, in a third implementation manner of the first aspect, an embodiment of the present disclosure further includes:
and responding to a response message from the destination address received by the VPN service instance through the remote data transmission channel, storing and analyzing the response message, and acquiring destination application identification information and second preset data carried by the response message.
With reference to the first aspect, the first implementation manner of the first aspect, the second implementation manner of the first aspect, and the third implementation manner of the first aspect, in a fourth implementation manner of the first aspect, the embodiment of the present disclosure further includes:
and writing the response message into a storage file corresponding to the target application identification information through the local data transmission channel.
With reference to the first aspect, the first implementation manner of the first aspect, the second implementation manner of the first aspect, the third implementation manner of the first aspect, and the fourth implementation manner of the first aspect, in a fifth implementation manner of the first aspect, an embodiment of the present disclosure further includes:
and taking the response message out of the storage file, and sending the response message to the target application according to the identification information of the target application.
In a second aspect, an embodiment of the present disclosure provides a data acquisition apparatus.
Specifically, the data acquisition apparatus includes:
the system comprises an acquisition module, a data transmission module and a data transmission module, wherein the acquisition module is configured to respond to the detection that a target application sends a data request, acquire the data request through a local data transmission channel by using a VPN service instance, and add the data request into a message queue corresponding to the local data transmission channel, wherein target application identification information and the corresponding data request are stored in the message queue;
the analysis module is configured to store and analyze the data request, and acquire a destination address and first preset data of the data request;
the first sending module is configured to establish a remote data transmission channel with the destination address, and send the data request corresponding to the target application in the message queue to the destination address through the remote data transmission channel.
With reference to the second aspect, in a first implementation manner of the second aspect, the present disclosure further includes:
a creation module configured to create the VPN service instance based on available VPN interfaces.
With reference to the second aspect and the first implementation manner of the second aspect, in a second implementation manner of the second aspect, an embodiment of the present disclosure further includes:
a determination module configured to determine a storage file corresponding to the target application identification information.
With reference to the second aspect, the first implementation manner of the second aspect, and the second implementation manner of the second aspect, in a third implementation manner of the second aspect, the parsing module is further configured to:
and responding to a response message from the destination address received by the VPN service instance through the remote data transmission channel, storing and analyzing the response message, and acquiring destination application identification information and second preset data carried by the response message.
With reference to the second aspect, the first implementation manner of the second aspect, the second implementation manner of the second aspect, and the third implementation manner of the second aspect, in a fourth implementation manner of the second aspect, the embodiment of the present disclosure further includes:
and the writing module is configured to write the response message into a storage file corresponding to the target application identification information through the local data transmission channel.
With reference to the second aspect, the first implementation manner of the second aspect, the second implementation manner of the second aspect, the third implementation manner of the second aspect, and the fourth implementation manner of the second aspect, in a fifth implementation manner of the second aspect, the embodiment of the present disclosure further includes:
and the second sending module is configured to take the response message out of the storage file and send the response message to the target application according to the target application identification information.
In a third aspect, the disclosed embodiments provide an electronic device, including a memory and at least one processor, where the memory is configured to store one or more computer instructions, where the one or more computer instructions are executed by the at least one processor to implement the method steps of the above data acquisition method.
In a fourth aspect, the disclosed embodiments provide a computer-readable storage medium for storing computer instructions for a data acquisition apparatus, which includes computer instructions for performing the data acquisition method described above as a data acquisition apparatus.
In a fifth aspect, the disclosed embodiments provide a computer program product comprising a computer program/instructions, wherein the computer program/instructions, when executed by a processor, implement the method steps of the above-mentioned data acquisition method.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
according to the technical scheme, the target application is monitored, the data request is forwarded and the required data is intercepted by means of the VPN service instance and the establishment of the local data transmission channel and the remote data transmission channel. The technical scheme can realize directional data capture of designated application, timely collects required data, is simple in operation process, and needs lower calculation cost and time cost, so that the data analysis process can be effectively shortened, the investigation working timeliness is guaranteed, and the condition that the investigation working is smoothly developed due to the influence of data acquisition and collection is avoided.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
Other features, objects, and advantages of the present disclosure will become more apparent from the following detailed description of non-limiting embodiments when taken in conjunction with the accompanying drawings. In the drawings:
FIG. 1 shows a flow diagram of a data acquisition method according to an embodiment of the present disclosure;
FIG. 2 illustrates an overall flow diagram of a data acquisition method according to an embodiment of the present disclosure;
FIG. 3 shows a block diagram of a data acquisition device according to an embodiment of the present disclosure;
FIG. 4 shows a block diagram of an electronic device according to an embodiment of the present disclosure;
FIG. 5 is a schematic block diagram of a computer system suitable for use in implementing a data acquisition method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, exemplary embodiments of the present disclosure will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily implement them. Also, for the sake of clarity, parts not relevant to the description of the exemplary embodiments are omitted in the drawings.
In the present disclosure, it is to be understood that terms such as "including" or "having," etc., are intended to indicate the presence of the disclosed features, numbers, steps, behaviors, components, parts, or combinations thereof, and are not intended to preclude the possibility that one or more other features, numbers, steps, behaviors, components, parts, or combinations thereof may be present or added.
It should be further noted that the embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
According to the technical scheme provided by the embodiment of the disclosure, the target application is monitored, the data request is forwarded and the required data is intercepted by means of the VPN service instance and the establishment of the local data transmission channel and the remote data transmission channel. The technical scheme can realize directional data capture of designated application, timely collects required data, is simple in operation process, and needs lower calculation cost and time cost, so that the data analysis process can be effectively shortened, the investigation working timeliness is guaranteed, and the condition that the investigation working is smoothly developed due to the influence of data acquisition and collection is avoided.
Fig. 1 shows a flowchart of a data acquisition method according to an embodiment of the present disclosure, as shown in fig. 1, the data acquisition method includes the following steps S101-S103:
in step S101, in response to detecting that a target application sends a data request, obtaining the data request through a local data transmission channel by using a VPN service instance, and adding the data request into a message queue, where target application identification information and a corresponding data request are stored in the message queue;
in step S102, storing and analyzing the data request, and acquiring a destination address and first preset data of the data request;
in step S103, a remote data transmission channel between the message queue and the destination address is established, and the corresponding data request in the message queue is sent to the destination address through the remote data transmission channel.
As mentioned above, with the development of internet technology, a lot of data is transmitted through internet platforms or internet applications, including some data that can be used as electronic material evidence. If the relevant electronic material evidence data are manually acquired when the investigation work is needed, the data acquisition time is delayed, the data analysis process is prolonged, and the investigation work timeliness is influenced. To solve this problem, the prior art generally adopts the following two schemes: the method comprises the following steps that 1, a mobile phone agent is configured, and computer packet grabbing software is used for grabbing the flow of a mobile phone, although the scheme can achieve data grabbing, the mobile phone and the computer are required to be under the same wifi, a network agent is required to be configured, and directional data grabbing for specified application cannot be achieved; 2, the data packet transmitted in the network is completely intercepted and analyzed by using a tcpdump packet capturing command, the scheme needs higher calculation cost and longer time, and the mobile phone needs to be refreshed, so that the operation flow is complex.
In view of the above drawbacks, in this embodiment, a data acquisition method is proposed, which monitors a target application by means of VPN service instances and the establishment of local and remote data transmission channels, forwards a data request, and intercepts required data. The technical scheme can realize directional data capture of designated application, timely collects required data, is simple in operation process, and needs lower calculation cost and time cost, so that the data analysis process can be effectively shortened, the investigation working timeliness is guaranteed, and the condition that the investigation working is smoothly developed due to the influence of data acquisition and collection is avoided.
In an embodiment of the present disclosure, the data acquisition method may be applied to an electronic device, a computing device, or a server that acquires data.
In an embodiment of the present disclosure, the target application refers to an application that needs to be monitored to obtain a part of data sent or received by the target application, such as some applications that have bad historical behavior or historical operation data, are possibly related to some research work, and need to obtain or evidence their interaction data.
In an embodiment of the present disclosure, the VPN service instance refers to a Virtual Private Network (VPN) service instance established for implementing a certain data task, where the data task may be, for example, a task of acquiring preset data, a task of forwarding the preset data, a task of intercepting a preset network request, and the like.
In an embodiment of the present disclosure, the local data transmission channel refers to a channel that is established for a local data transmission requirement and can perform local data communication with the target application. The local data transmission channel is correspondingly provided with a message queue used for storing the data request sent by the target application and acquired by using the VPN service instance, and the message queue at least stores target application identification information and the data request corresponding to the target application so as to acquire the data request corresponding to the target application from the message queue when needed.
In an embodiment of the present disclosure, the destination address refers to an address of a destination that the target application sends a data request, such as Uniform Resource Locator (URL) information, an IP address, and the like of the destination. The destination refers to a destination of the data request sent by the target application, such as a remote destination electronic device, a remote destination computing device, a remote destination server, and so on.
In an embodiment of the present disclosure, the first preset data refers to data in the data request, which is preset and acquired for the requirement of subsequent data collection and analysis, and is possibly used as a subsequent electronic material evidence but does not relate to private data, such as non-sensitive data request content, a data request field, a data request parameter, an APK (Android application package) file, and the like in the data request.
In an embodiment of the present disclosure, the remote data transmission channel refers to a data transmission channel that is established for a remote data transmission requirement, can perform remote data communication with a destination address of the data request, and is used for forwarding the data request, and data transmission is implemented based on a real network device, such as a real network card.
In the above embodiment, in order to monitor a target application, obtain a part of data sent or received by the target application in time, forward a data request of the target application to a local through a local data transmission channel, and communicate with a remote destination server through a remote data transmission channel, so as to monitor a data sending and receiving behavior of the target application, specifically, if the data request sent by the target application is detected, the data request is obtained through the local data transmission channel by using a VPN service instance, and the target application identification information and the data request corresponding to the target application identification information are added to a message queue corresponding to the local data transmission channel; then, storing and analyzing the data request to obtain a destination address and first preset data of the data request; and establishing a remote data transmission channel between the message queue and the destination address, and sending the data request corresponding to the target application in the message queue to the destination address through the remote data transmission channel, so that the data sent by the target application is monitored and intercepted, the related data can be obtained in advance, the data analysis flow is effectively shortened, the timeliness of investigation work is guaranteed, and the condition that the investigation work is smoothly developed due to the influence of the acquisition and the collection of the data is avoided.
In an embodiment of the present disclosure, the method may further include the steps of:
the VPN service instance is created based on available VPN interfaces.
In order to implement monitoring, intercepting and forwarding of data sent or received by the target application, in this embodiment, a VPN service instance capable of intercepting a data request, acquiring related preset data in the data request and forwarding the data request is created by using an available VPN interface provided by a system.
In an embodiment of the present disclosure, the method may further include the steps of:
and determining a storage file corresponding to the target application identification information.
In order to accurately distinguish data from or to different target applications, in this embodiment, a corresponding storage file is further provided for each target application to store data requests issued by the target application and response data that may be received by subsequent target applications, which correspond to the target application.
In an embodiment of the present disclosure, the data stored in the storage file may be in a pcap datagram storage format.
In an embodiment of the present disclosure, the method may further include the steps of:
and responding to a response message from the destination address received through the remote data transmission channel, storing and analyzing the response message, and acquiring destination application identification information and second preset data carried by the response message.
In this embodiment, if a response message corresponding to the data request and sent to the target application from the destination address is received through the remote data transmission channel, the received response message is intercepted, stored, and analyzed to obtain destination application identification information and second preset data carried in the response message.
Similar to the first preset data, the second preset data refers to data in the response data that is preset and acquired for the requirement of subsequent data acquisition and analysis, and that is possible to be a subsequent electronic material evidence but does not relate to privacy data, such as non-sensitive response data content, response data fields, response data parameters, an APK (Android application package) file, and the like in the response data.
The first preset data and the second preset data are both possibly analyzed and stored subsequently, and are possibly used as electronic material evidence data of a certain investigation work.
In an embodiment of the present disclosure, the method may further include the steps of:
and writing the response message into a storage file corresponding to the target application identification information through the local data transmission channel.
In order to implement corresponding forwarding of the response message, in this embodiment, after intercepting the response message and analyzing and obtaining second preset data in the response message, the response message may be written into a storage file corresponding to the target application identification information through the local data transmission channel, so that the response message may be sequentially forwarded to the corresponding target application according to the target application identification information and the receiving time of the response message in the receiving time sequence.
That is, in an embodiment of the present disclosure, the method may further include the steps of:
and taking the response message out of the storage file, and sending the response message to the target application according to the identification information of the target application.
In this embodiment, when the response message is forwarded to the corresponding target application, the response message may be sequentially extracted from the storage file according to the receiving time of the response message or the sequence of storing the response message into the storage file, and the response message may be forwarded to the corresponding target application according to the destination application identification information, so as to monitor the data received by the target application.
Fig. 2 is an overall flowchart of a data obtaining method according to an embodiment of the present disclosure, and as shown in fig. 2, a data request sent by a target application is stored in a corresponding storage file through a local data transmission channel by using a VPN service instance, and the data request is analyzed to obtain a destination address and first preset data of the data request; and then establishing a remote data transmission channel between the remote data transmission channel and the destination address, and sending the data request to the destination address through the remote data transmission channel and a real network unit. After receiving a response message from the destination address through the remote data transmission channel by using a VPN service instance, writing the response message into the storage file through the local data transmission channel, analyzing the response message, acquiring destination application identification information and second preset data carried by the response message, finally taking the response message out of the storage file, and forwarding the response message to the target application according to the destination application identification information.
The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods.
Fig. 3 shows a block diagram of a data acquisition apparatus according to an embodiment of the present disclosure, which may be implemented as part or all of an electronic device by software, hardware, or a combination of both. As shown in fig. 3, the data acquisition apparatus includes:
an obtaining module 301, configured to, in response to detecting that a target application sends a data request, obtain the data request through a local data transmission channel by using a VPN service instance, and add the data request into a message queue corresponding to the local data transmission channel, where target application identification information and a corresponding data request are stored in the message queue;
the analysis module 302 is configured to store and analyze the data request, and obtain a destination address and first preset data of the data request;
a first sending module 303, configured to establish a remote data transmission channel with the destination address, and send the data request corresponding to the target application in the message queue to the destination address through the remote data transmission channel.
As mentioned above, with the development of internet technology, a lot of data is transmitted through internet platforms or internet applications, including some data that can be used as electronic material evidence. If the relevant electronic material evidence data are manually acquired when the investigation work is needed, the data acquisition time is delayed, the data analysis process is prolonged, and the investigation work timeliness is influenced. To solve this problem, the prior art generally adopts the following two schemes: the method comprises the following steps that 1, a mobile phone agent is configured, and the flow of a mobile phone is captured by computer packet capturing software, although the scheme can achieve data capture, the mobile phone and the computer are required to be under the same wifi, a network agent is also required to be configured, and directional data capture of specified application cannot be achieved; 2, the data packet transmitted in the network is completely intercepted and analyzed by using a tcpdump packet capturing command, the scheme needs higher calculation cost and longer time, and the mobile phone needs to be refreshed, so that the operation flow is complex.
In view of the above drawbacks, in this embodiment, a data acquisition device is proposed, which monitors a target application by means of a VPN service instance and the establishment of a local data transmission channel and a remote data transmission channel, forwards a data request, and intercepts required data. The technical scheme can realize directional data capture of designated application, timely collects required data, is simple in operation process, and needs lower calculation cost and time cost, so that the data analysis process can be effectively shortened, the investigation working timeliness is guaranteed, and the condition that the investigation working is smoothly developed due to the influence of data acquisition and collection is avoided.
In an embodiment of the present disclosure, the data acquisition apparatus may be implemented as a locally installed electronic device, a computing device, or a server that acquires data.
In an embodiment of the present disclosure, the target application refers to an application that needs to be monitored to obtain a part of data sent or received by the target application, such as some applications that have bad historical behavior or historical operation data, are possibly related to some research work, and need to obtain or evidence their interaction data.
In an embodiment of the present disclosure, the VPN service instance refers to a Virtual Private Network (VPN) service instance established for implementing a certain data task, where the data task may be, for example, a task of acquiring preset data, a task of forwarding the preset data, a task of intercepting a preset network request, and the like.
In an embodiment of the present disclosure, the local data transmission channel refers to a channel that is established for a local data transmission requirement and can perform local data communication with the target application. The local data transmission channel is correspondingly provided with a message queue used for storing the data request sent by the target application and acquired by using the VPN service instance, and the message queue at least stores target application identification information and the data request corresponding to the target application so as to acquire the data request corresponding to the target application from the message queue when needed.
In an embodiment of the present disclosure, the destination address refers to an address of a destination that the target application sends a data request, such as Uniform Resource Locator (URL) information, an IP address, and the like of the destination. The destination refers to a destination of the data request sent by the target application, such as a remote destination electronic device, a remote destination computing device, a remote destination server, and so on.
In an embodiment of the present disclosure, the first preset data refers to data in the data request, which is preset and acquired for the requirement of subsequent data collection and analysis, and is possibly used as a subsequent electronic material evidence but does not relate to private data, such as non-sensitive data request content, a data request field, a data request parameter, an APK (Android application package) file, and the like in the data request.
In an embodiment of the present disclosure, the remote data transmission channel refers to a data transmission channel that is established for a remote data transmission requirement, can perform remote data communication with a destination address of the data request, and is used for forwarding the data request, and data transmission is implemented based on a real network device, such as a real network card.
In the above embodiment, in order to monitor a target application, obtain a part of data sent or received by the target application in time, forward a data request of the target application to a local through a local data transmission channel, and communicate with a remote destination server through a remote data transmission channel, so as to monitor a data sending and receiving behavior of the target application, specifically, if the data request sent by the target application is detected, the data request is obtained through the local data transmission channel by using a VPN service instance, and the target application identification information and the data request corresponding to the target application identification information are added to a message queue corresponding to the local data transmission channel; then storing and analyzing the data request to obtain a destination address and first preset data of the data request; and establishing a remote data transmission channel between the message queue and the destination address, and sending the data request corresponding to the target application in the message queue to the destination address through the remote data transmission channel, so that the data sent by the target application is monitored and intercepted, the related data can be obtained in advance, the data analysis flow is effectively shortened, the timeliness of investigation work is guaranteed, and the condition that the investigation work is smoothly developed due to the influence of the acquisition and the collection of the data is avoided.
In an embodiment of the present disclosure, the apparatus may further include:
a creation module configured to create the VPN service instance based on available VPN interfaces.
In order to implement monitoring, intercepting and forwarding of data sent or received by the target application, in this embodiment, a VPN service instance capable of intercepting a data request, acquiring related preset data in the data request and forwarding the data request is created by using an available VPN interface provided by a system.
In an embodiment of the present disclosure, the apparatus may further include:
a determination module configured to determine a storage file corresponding to the target application identification information.
In order to accurately distinguish data from or to different target applications, in this embodiment, a corresponding storage file is further provided for each target application to store data requests issued by the target application and response data that may be received by subsequent target applications, which correspond to the target application.
In an embodiment of the present disclosure, the data stored in the storage file may be in a pcap datagram storage format.
In an embodiment of the present disclosure, the parsing module may be further configured to:
and responding to a response message from the destination address received by the VPN service instance through the remote data transmission channel, storing and analyzing the response message, and acquiring destination application identification information and second preset data carried by the response message.
In this embodiment, if a response message corresponding to the data request and sent to the target application from the destination address is received through the remote data transmission channel, the received response message is intercepted, stored, and analyzed to obtain destination application identification information and second preset data carried in the response message.
Similar to the first preset data, the second preset data refers to data in the response data that is preset and acquired for the requirement of subsequent data acquisition and analysis, and that is possible to be a subsequent electronic material evidence but does not relate to privacy data, such as non-sensitive response data content, response data fields, response data parameters, an APK (Android application package) file, and the like in the response data.
The first preset data and the second preset data are both possibly analyzed and stored subsequently, and are possibly used as electronic material evidence data of a certain investigation work.
In an embodiment of the present disclosure, the apparatus may further include:
and the writing module is configured to write the response message into a storage file corresponding to the target application identification information through the local data transmission channel.
In order to implement corresponding forwarding of the response message, in this embodiment, after intercepting the response message and analyzing and obtaining second preset data in the response message, the response message may be written into a storage file corresponding to the target application identification information through the local data transmission channel, so that the response message may be sequentially forwarded to the corresponding target application according to the target application identification information and the receiving time of the response message in the receiving time sequence.
That is, in an embodiment of the present disclosure, the apparatus may further include:
and the second sending module is configured to take the response message out of the storage file and send the response message to the target application according to the target application identification information.
In this embodiment, when the response message is forwarded to the corresponding target application, the response message may be sequentially extracted from the storage file according to the receiving time of the response message or the sequence of storing the response message into the storage file, and the response message may be forwarded to the corresponding target application according to the destination application identification information, so as to monitor the data received by the target application.
The present disclosure also discloses an electronic device, fig. 4 shows a block diagram of an electronic device according to an embodiment of the present disclosure, and as shown in fig. 4, the electronic device 400 includes a memory 401 and a processor 402; wherein,
the memory 401 is used to store one or more computer instructions that are executed by the processor 402 to implement the above-described method steps.
FIG. 5 is a schematic block diagram of a computer system suitable for use in implementing a data acquisition method according to an embodiment of the present disclosure.
As shown in fig. 5, the computer system 500 includes a processing unit 501 that can execute various processes in the above-described embodiments according to a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data necessary for the operation of the system 500 are also stored. The processing unit 501, the ROM502, and the RAM503 are connected to each other by a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
The following components are connected to the I/O interface 505: an input portion 506 including a keyboard, a mouse, and the like; an output portion 507 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The driver 510 is also connected to the I/O interface 505 as necessary. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as necessary, so that a computer program read out therefrom is mounted into the storage section 508 as necessary. The processing unit 501 may be implemented as a CPU, a GPU, a TPU, an FPGA, an NPU, or other processing units.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules described in the embodiments of the present disclosure may be implemented by software or hardware. The units or modules described may also be provided in a processor, and the names of the units or modules do not in some cases constitute a limitation of the units or modules themselves.
As another aspect, the present disclosure also provides a computer-readable storage medium, which may be the computer-readable storage medium included in the apparatus in the above-described embodiment; or it may be a separate computer readable storage medium not incorporated into the device. The computer readable storage medium stores one or more programs for use by one or more processors in performing the methods described in the present disclosure.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is possible without departing from the inventive concept. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.
Claims (15)
1. A method of data acquisition, comprising:
in response to the detection that the target application sends a data request, acquiring the data request through a local data transmission channel by using a VPN service instance, and adding the data request into a message queue corresponding to the local data transmission channel, wherein target application identification information and the corresponding data request are stored in the message queue;
storing and analyzing the data request, and acquiring a destination address and first preset data of the data request;
and establishing a remote data transmission channel between the message queue and the destination address, and sending the data request corresponding to the target application in the message queue to the destination address through the remote data transmission channel.
2. The method of claim 1, further comprising:
the VPN service instance is created based on available VPN interfaces.
3. The method of claim 1 or 2, further comprising:
and determining a storage file corresponding to the target application identification information.
4. The method of any of claims 1-3, further comprising:
and responding to a response message from the destination address received by the VPN service instance through the remote data transmission channel, storing and analyzing the response message, and acquiring destination application identification information and second preset data carried by the response message.
5. The method of claim 4, further comprising:
and writing the response message into a storage file corresponding to the target application identification information through the local data transmission channel.
6. The method of claim 5, further comprising:
and taking the response message out of the storage file, and sending the response message to the target application according to the identification information of the target application.
7. A data acquisition apparatus comprising:
the system comprises an acquisition module, a data transmission module and a data transmission module, wherein the acquisition module is configured to respond to the detection that a target application sends a data request, acquire the data request through a local data transmission channel by using a VPN service instance, and add the data request into a message queue corresponding to the local data transmission channel, wherein target application identification information and the corresponding data request are stored in the message queue;
the analysis module is configured to store and analyze the data request, and acquire a destination address and first preset data of the data request;
the first sending module is configured to establish a remote data transmission channel with the destination address, and send the data request corresponding to the target application in the message queue to the destination address through the remote data transmission channel.
8. The apparatus of claim 7, further comprising:
a creation module configured to create the VPN service instance based on available VPN interfaces.
9. The apparatus of claim 7 or 8, further comprising:
a determination module configured to determine a storage file corresponding to the target application identification information.
10. The apparatus of any of claims 7-9, the parsing module further configured to:
and responding to a response message from the destination address received by the VPN service instance through the remote data transmission channel, storing and analyzing the response message, and acquiring destination application identification information and second preset data carried by the response message.
11. The apparatus of claim 10, further comprising:
and the writing module is configured to write the response message into a storage file corresponding to the target application identification information through the local data transmission channel.
12. The apparatus of claim 11, further comprising:
and the second sending module is configured to take the response message out of the storage file and send the response message to the target application according to the target application identification information.
13. An electronic device comprising a memory and at least one processor; wherein the memory is to store one or more computer instructions, wherein the one or more computer instructions are to be executed by the at least one processor to implement the method steps of any one of claims 1-6.
14. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the method steps of any of claims 1-6.
15. A computer program product comprising computer programs/instructions, wherein the computer programs/instructions, when executed by a processor, implement the method steps of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110129757.0A CN114816784A (en) | 2021-01-29 | 2021-01-29 | Data acquisition method, data acquisition device, electronic equipment, storage medium and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110129757.0A CN114816784A (en) | 2021-01-29 | 2021-01-29 | Data acquisition method, data acquisition device, electronic equipment, storage medium and program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114816784A true CN114816784A (en) | 2022-07-29 |
Family
ID=82525834
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110129757.0A Pending CN114816784A (en) | 2021-01-29 | 2021-01-29 | Data acquisition method, data acquisition device, electronic equipment, storage medium and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114816784A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116192529A (en) * | 2023-03-10 | 2023-05-30 | 广东堡塔安全技术有限公司 | Third party server safety management system |
-
2021
- 2021-01-29 CN CN202110129757.0A patent/CN114816784A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116192529A (en) * | 2023-03-10 | 2023-05-30 | 广东堡塔安全技术有限公司 | Third party server safety management system |
| CN116192529B (en) * | 2023-03-10 | 2023-09-29 | 广东堡塔安全技术有限公司 | Third party server safety management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111694674B (en) | Message distribution processing method, device, equipment and storage medium | |
| CN109446309B (en) | Question feedback method and device | |
| CN111008135B (en) | APP test method, device, equipment and storage medium | |
| CN110069413B (en) | Test data communication, test method, device, equipment and storage medium | |
| US10084637B2 (en) | Automatic task tracking | |
| CN108777679B (en) | Method and device for generating traffic access relation of terminal and readable storage medium | |
| CN112333044B (en) | Shunting equipment performance test method, device and system, electronic equipment and medium | |
| US20210400114A1 (en) | Methods and apparatus for census and panel matching using http headers | |
| CN111447170A (en) | Data processing method and system, computer system and computer readable medium | |
| CN112311620A (en) | Method, apparatus, electronic device and readable medium for diagnosing network | |
| CN113900834A (en) | Data processing method, device, equipment and storage medium based on Internet of things technology | |
| CN112769876B (en) | Method, device, equipment and medium for acquiring equipment channel information | |
| CN114816784A (en) | Data acquisition method, data acquisition device, electronic equipment, storage medium and program product | |
| CN111611585A (en) | Terminal device monitoring method and device, electronic device and medium | |
| CN116662193A (en) | Page testing method and device | |
| CN114826886B (en) | Disaster recovery method and device for application software and electronic equipment | |
| CN108880920B (en) | Cloud service management method and device and electronic equipment | |
| CN112769627B (en) | Network environment simulation method, system and computer program product | |
| CN104978199B (en) | A kind of plug-in application method and apparatus for a variety of browsers | |
| CN116560918A (en) | Pressure testing method, device, equipment and medium | |
| CN111131369B (en) | APP use condition transmission method and device, electronic equipment and storage medium | |
| CN113778709A (en) | Interface calling method, device, server and storage medium | |
| CN111600944B (en) | Data processing method, device, equipment and storage medium | |
| CN116016646B (en) | Service access control method, device, equipment and medium | |
| CN113518245B (en) | Program thumbnail generation method and device and service equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |