CN115632817B - Method and device for preventing climbing of An Zhuo Duan - Google Patents
Method and device for preventing climbing of An Zhuo Duan Download PDFInfo
- Publication number
- CN115632817B CN115632817B CN202211156703.4A CN202211156703A CN115632817B CN 115632817 B CN115632817 B CN 115632817B CN 202211156703 A CN202211156703 A CN 202211156703A CN 115632817 B CN115632817 B CN 115632817B
- Authority
- CN
- China
- Prior art keywords
- data
- request
- climbing
- http
- wind control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to An Zhuoduan data reverse climbing field, in particular to an A Zhuo Duan reverse climbing method, firstly, in a data encryption mode, an asymmetric encryption algorithm RSA is selected, and reverse climbing wind control is carried out according to a default filling mode which is different from a standard jdk of An Zhuoduan; in data compression, for longer data packets, one-step compression is performed before encryption, and when an http(s) request is performed, an http2.0 frame is selected, and reverse climbing wind control is performed according to the difference of different http frames. Compared with the prior art, the invention can further enrich and perfect the traditional anti-climbing wind control dimension and has good popularization value.
Description
Technical Field
The invention relates to the field of An Zhuoduan data anti-climbing, and particularly provides an A Zhuo Duan anti-climbing method and device.
Background
In recent years, with the development of mobile systems, mobile phones have been integrated into aspects of our lives. Various mobile phones are endlessly applied, and people are more familiar with going to shops, ordering food by taking cars or watching live broadcast and the like through the mobile phones. At the same time, a lot of dark gray industry is also produced. They perform a large amount of data capturing, praying, comment brushing, malicious registration, commodity killing in seconds, etc. by cracking a protocol or group control cloud control.
On the one hand, the experience of normal users is deteriorated, and on the other hand, the load of a manufacturer server is also increased. Therefore, it is necessary to identify these malicious behaviors and crawler behaviors. After long iteration, the current software manufacturer basically has a set of own anti-climbing and wind control system. Most of the clients use signature algorithms, equipment fingerprints, slider verification codes and the like to increase the difficulty of reverse engineering.
While some reinforcement techniques, code obfuscation schemes also lengthen the period of the reverse analysis. The conventional wind control anti-climbing measures at present have limits on ip, which are used for preventing a large amount of high-frequency request behaviors, or limits on equipment id, equipment fingerprint, login account number, frequency, quantity, time and the like.
Disclosure of Invention
The invention provides a An Zhuoduan anti-climbing method with strong practicability aiming at the defects of the prior art.
The invention further aims to provide a An Zhuoduan anti-climbing device which is reasonable in design, safe and applicable.
The technical scheme adopted for solving the technical problems is as follows:
firstly, in a data encryption mode, an asymmetric encryption algorithm RSA is selected, and reverse climbing wind control is carried out according to a default filling mode which is An Zhuoduan different from a standard jdk;
in data compression, for longer data packets, one-step compression is performed before encryption, and when an http(s) request is performed, an http2.0 frame is selected, and reverse climbing wind control is performed according to the difference of different http frames.
Furthermore, the android client is realized through a cipher, getinstance, the android system uses a dalvik virtual machine, and when encryption is carried out by the cipher, getinstance method, the difference between the default filling mode of RSA under the android and the standard jdk is used for carrying out wind control identification.
Further, when the black gray produces a reverse encryption protocol, the same encryption is performed by the method of cipher. Getinstance and the request is sent, jdk based on SUN standard is used, and the default filling algorithm of RSA is PKCS1Padding;
after the server receives the data, when the data is analyzed, an error of Java, crypto, badPaddingException, decryption error occurs, and the other party cannot request success.
Furthermore, in the data compression mode, the compression algorithm selects a gzip algorithm in data transmission, and anti-climbing wind control is performed according to characteristics of gzip libraries under different platforms.
Further, the file of Gzip is characterized by beginning with 1f8b, and the server side decompresses the ignored fields of the data header to assist in distinguishing abnormal behavior requests.
Further, when an http(s) request is made, the server may identify, as an exception request, a packet sent by another packet sent by a different package through an http frame of An Zhuoduan.
Furthermore, the user-agent can be directly used as an air control point at the server, the signature is utilized to check the request header, the header does not transmit the accept when the http frame is sent, and the client is added with the header when calculating the signature;
the same signature is calculated by the crawler, and the default band of the frame used in the package is accepted: * The server also recognizes the abnormal signature for the request header.
An ampere Zhuo Duan reverse climbing device comprising: at least one memory and at least one processor;
the at least one memory for storing a machine readable program;
the at least one processor is configured to invoke the machine-readable program to perform an ampere Zhuo Duan anti-crawling method.
Compared with the prior art, the method and the device for the anti-climbing of the An Zhuo Duan have the following outstanding beneficial effects:
the invention provides a series of anti-climbing wind control systems designed according to different crawler environments and development environments through the system differentiation, and the traditional anti-climbing wind control dimension can be further enriched and perfected. Unlike traditional wind control points, the reverse climbing wind control points which are performed through the system diversity are likely to be more easily bypassed after being discovered, but are difficult to be perceived and discovered by the opposite party due to the strong concealment, and the dimensions can distinguish abnormal request behaviors at the first time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of an An Zhuo Duan anti-climbing method.
Detailed Description
In order to provide a better understanding of the aspects of the present invention, the present invention will be described in further detail with reference to specific embodiments. It will be apparent that the described embodiments are only some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
A preferred embodiment is given below:
as shown in fig. 1, in an ampere Zhuo Duan reverse climbing method in this embodiment, firstly, in a data encryption mode, we can select an asymmetric encryption algorithm RSA, and perform reverse climbing wind control according to a default filling mode different from a standard jdk at An Zhuoduan (this difference can also be used in detecting An Zhuoduan simulation execution framework unidbg based on java development). In android clients by the cipher. The android system uses a dalvik virtual machine, and when encryption is performed by a cipher. Getinstance ("RSA") method, a provider of bouncostle is used as a default, and a filling algorithm of nopoding is implemented. We can use the difference between the default fill-in of RSA under android and the standard jdk for wind control identification.
When the black gray product reverses the encryption protocol, and is similarly encrypted and requested to be sent in the manner of the cipher. Getinstance ("RSA"), jdk based on the SUN standard is used, where the default Padding algorithm of RSA is PKCS1Padding. After the server receives the data, due to the difference of filling algorithms, when the data is analyzed, the error of Java, crypto, badPaddingException, decryption error occurs, and the counterpart cannot request success naturally.
In the data compression method, especially for some longer data packets, we generally perform one-step compression before encryption. The compression algorithm can select a gzip algorithm which is common in data transmission, and the anti-climbing wind control can be performed according to the characteristics of gzip libraries under different platforms. Gzip's file features 1f8b at the beginning, and the developer also typically only determines whether the two or three bytes (1 f0b 08) in the header are all the next header information typically regarded as useless information. The header after being compressed and processed by GZIPOutputStream in android is as follows: 1F8B 08 00 00 00 00 00 00 00 00. It can be found that some fields are marked with a value of 0, and the bottom layer does not perform other operations except assigning the initial sign illusion number. In python, the header processed through the gzip library is: 1F8B 08 00 E0 68 FB 62 02 FF 4B. In addition to the beginning magic flag, the bottom layer of the library also assigns values to the modification_time, extra_flags and operating_system fields. The same zlib library of python also has corresponding features. The server can use this feature to detect the fields of the compressed header that would otherwise be ignored, and to assist us in identifying anomalous behavior requests.
When http(s) requests are made, we can choose the frame of http2.0 and make the anti-crawling wind control according to the subtle differences of different http frames. At the client, more and more vendors have used SSL tunneling to prevent reverse personnel from grabbing packets, because after android 7.0 the user credentials are separated from the path of the system credentials, and these apps only trust the system credentials, even some vendors are already using self-compiled SSL libraries and no longer use the system SSL libraries. On our server side, the same thought can be adopted, and only packets sent by the http framework used by our security Zhuo Duan can be identified as abnormal requests for packets sent by other different packages. First is a version of http, and the http protocol has evolved to the http2.0 protocol from the beginning to the time that four versions are now experienced. Many crawler frameworks default to http1.1 protocols and even do not support http2.0 protocols, but currently, the factories detecting http versions are few, and most of the factory http2.0 interfaces are compatible with http 1.1. In addition, each frame bottom package has corresponding features. A default request header is set in the python's requests library:
def default_headers():
:rtype:requests.structures.CaseInsensitiveDict
return CaseInsensitiveDict({
'User-Agent':default_user_agent(),
'Accept-Encoding':','.join(('gzip','deflate')),
'Accept':'*/*',
'Connection':'keep-alive',
likewise, a default request header is also encapsulated in httpx library:
@headers.setter
def headers(self,headers:HeaderTypes)->None:
client_headers=Headers(
b"Accept":b"*/*",
b"Accept-Encoding":ACCEPT_ENCODING.encode("ascii"),
b"Connection":b"keep-alive",
b"User-Agent":USER_AGENT.encode("ascii"),
client_headers.update(headers)
self._headers=client_headers
that is, there is a default request header in the requests library and httpx library, which is characterized in that the user-agent has a default value, and similarly, the bottom layer of the request library encapsulates and sends a default value even if the user does not transfer the fields such as accept.
The server can directly take the user-agents as wind control points, and the user-agents are the places where the manufacturers detect the head most at present, and only need to shield the user-agents. However, the behaviors such as crawlers can set user-agent by themselves instead of using self-contained server, and the server can further check the request header by using signature more hidden. When the method is specifically designed, only a few changes are needed on the http frame structure, the header does not transmit the accept when the client sends the package, and the header is added when the client calculates the signature. Thus, even if the crawler calculates the same signature, the default band of the framework used in the sending of the package is accept: * The request header of/, our server will still recognize the abnormal signature.
Based on the above method, an ampere Zhuo Duan anti-climbing device in this embodiment includes: at least one memory and at least one processor;
the at least one memory for storing a machine readable program;
the at least one processor is configured to invoke the machine-readable program to perform an ampere Zhuo Duan anti-crawling method.
The above-mentioned specific embodiments are merely specific examples of the present invention, and the scope of the present invention includes, but is not limited to, the above-mentioned specific embodiments, any suitable changes or substitutions made by one of ordinary skill in the art, which are consistent with an ampere Zhuo Duan anti-climbing method and apparatus claims of the present invention, shall fall within the scope of the present invention.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (2)
1. A security Zhuo Duan reverse climbing method is characterized in that firstly, in a data encryption mode, an asymmetric encryption algorithm RSA is selected, and reverse climbing wind control is carried out according to a default filling mode which is An Zhuoduan different from a standard jdk;
carrying out one-step data compression before data encryption, selecting an http2.0 frame when carrying out an http or https request, and carrying out anti-climbing wind control according to the difference of different http frames;
encrypting is achieved in the android client through a cipher. GetInstance, the android system uses a dalvik virtual machine, and when encrypting through a cipher. GetInstance method, wind control identification is carried out according to the difference between a default filling mode of RSA under the android and a standard jdk;
when the black ash is generated and is reversely output from an encryption protocol, the encryption is carried out by the same method of cipher. Getinstance and the request is sent, jdk based on SUN standard is used, and the default filling algorithm of RSA is PKCS1Padding;
after receiving the data reversely output by the black ash production, the server side can generate error of Java, crypto, badPaddingException, namely Decryption error when analyzing the data, and the other side can not request success;
in a data compression mode, a compression algorithm selects a gzip algorithm in data transmission, and anti-climbing wind control is performed according to characteristics of gzip libraries under different platforms;
the file characteristic of Gzip is 1f8b, the server detects the ignored field of the compressed data head, to assist in distinguishing abnormal behavior request;
when an http or https request is carried out, the server side marks packets sent by other different packages as abnormal requests through packets sent by an http frame of An Zhuoduan;
directly taking a user-agent as an air control point at a server, checking a request head by using a signature, wherein a header does not transmit an accept when the http frame is wrapped, and adding the header when the client calculates the signature;
even though the crawler has computed the same signature, the default band of the framework used in the sending of the package is accept: * The server also recognizes the abnormal signature for the request header.
2. An ampere Zhuo Duan reverse climbing device, comprising: at least one memory and at least one processor;
the at least one memory for storing a machine readable program;
the at least one processor configured to invoke the machine readable program to perform the method of claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211156703.4A CN115632817B (en) | 2022-09-22 | 2022-09-22 | Method and device for preventing climbing of An Zhuo Duan |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211156703.4A CN115632817B (en) | 2022-09-22 | 2022-09-22 | Method and device for preventing climbing of An Zhuo Duan |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115632817A CN115632817A (en) | 2023-01-20 |
| CN115632817B true CN115632817B (en) | 2023-09-05 |
Family
ID=84903646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211156703.4A Active CN115632817B (en) | 2022-09-22 | 2022-09-22 | Method and device for preventing climbing of An Zhuo Duan |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115632817B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106446068A (en) * | 2016-09-06 | 2017-02-22 | 北京邮电大学 | Directory database generation and query methods and apparatuses |
| WO2017190641A1 (en) * | 2016-05-03 | 2017-11-09 | 北京京东尚科信息技术有限公司 | Crawler interception method and device, server terminal and computer readable medium |
| WO2018120722A1 (en) * | 2016-12-30 | 2018-07-05 | 上海壹账通金融科技有限公司 | Asynchronous interface testing method, terminal, device, system, and storage medium |
| CN110636064A (en) * | 2019-09-23 | 2019-12-31 | 浪潮软件集团有限公司 | High-speed encrypted data synchronization method and system based on GZIP compression |
| CN111241541A (en) * | 2019-12-04 | 2020-06-05 | 珠海横琴电享科技有限公司 | System and method for preventing crawling insects according to request data |
| CN111817845A (en) * | 2019-04-11 | 2020-10-23 | 亿度慧达教育科技(北京)有限公司 | Anti-crawler method and computer storage medium |
| CN112134905A (en) * | 2020-11-20 | 2020-12-25 | 深圳市房多多网络科技有限公司 | Android system based signature method, device and equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7610400B2 (en) * | 2004-11-23 | 2009-10-27 | Juniper Networks, Inc. | Rule-based networking device |
| US7634572B2 (en) * | 2004-12-22 | 2009-12-15 | Slipstream Data Inc. | Browser-plugin based method for advanced HTTPS data processing |
| US11463242B2 (en) * | 2020-05-19 | 2022-10-04 | International Business Machines Corporation | Padding oracle elimination in RSA encryption |
-
2022
- 2022-09-22 CN CN202211156703.4A patent/CN115632817B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017190641A1 (en) * | 2016-05-03 | 2017-11-09 | 北京京东尚科信息技术有限公司 | Crawler interception method and device, server terminal and computer readable medium |
| CN106446068A (en) * | 2016-09-06 | 2017-02-22 | 北京邮电大学 | Directory database generation and query methods and apparatuses |
| WO2018120722A1 (en) * | 2016-12-30 | 2018-07-05 | 上海壹账通金融科技有限公司 | Asynchronous interface testing method, terminal, device, system, and storage medium |
| CN111817845A (en) * | 2019-04-11 | 2020-10-23 | 亿度慧达教育科技(北京)有限公司 | Anti-crawler method and computer storage medium |
| CN110636064A (en) * | 2019-09-23 | 2019-12-31 | 浪潮软件集团有限公司 | High-speed encrypted data synchronization method and system based on GZIP compression |
| CN111241541A (en) * | 2019-12-04 | 2020-06-05 | 珠海横琴电享科技有限公司 | System and method for preventing crawling insects according to request data |
| CN112134905A (en) * | 2020-11-20 | 2020-12-25 | 深圳市房多多网络科技有限公司 | Android system based signature method, device and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115632817A (en) | 2023-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106506440B (en) | Method for verifying data integrity | |
| CN107749848B (en) | Internet of things data processing method and device and Internet of things system | |
| CN107579991B (en) | Method for performing cloud protection authentication on client, server and client | |
| CN105530253B (en) | Wireless sensor network access authentication method under Restful framework based on CA certificate | |
| US10869198B2 (en) | Wireless system access control method and device | |
| EP3157195B1 (en) | Communication protocol testing method, and tested device and testing platform thereof | |
| US11303453B2 (en) | Method for securing communication without management of states | |
| CN109714360B (en) | Intelligent gateway and gateway communication processing method | |
| EP1523149A2 (en) | Encryption error monitoring system and method for packet transmission | |
| CN107360187A (en) | A kind of processing method of network abduction, apparatus and system | |
| Velasco et al. | Lightweight method of shuffling overlapped data-blocks for data integrity and security in WSNs | |
| US20010043616A1 (en) | Transcoding in data communications | |
| CN112699374A (en) | Integrity checking vulnerability security protection method and system | |
| CN114244530A (en) | Resource access method and device, electronic equipment and computer readable storage medium | |
| TWI820064B (en) | Securing digital data transmission in a communication network | |
| CN114978637A (en) | Message processing method and device | |
| CN115632817B (en) | Method and device for preventing climbing of An Zhuo Duan | |
| CN113726895A (en) | File transmission method and device and network KTV system | |
| CN116405734B (en) | Data transmission method and system for ensuring data security | |
| CN110417804B (en) | Bidirectional identity authentication encryption communication method and system suitable for single-chip microcomputer implementation | |
| CN112583807A (en) | Verification method, verification device, electronic equipment and storage medium | |
| US11463872B2 (en) | Singularisation of frames to be transmitted by a connected object and blocking of frames retransmitted over a low-power wireless communication network | |
| CN106789076B (en) | Interaction method and device for server and intelligent equipment | |
| CN116032548A (en) | Access authentication method and device of Internet of things, terminal equipment and gateway equipment | |
| CN114978769A (en) | Unidirectional lead-in device, method, medium, and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |