CN108400985A - A method of realizing that HTTPS request precisely detects abduction - Google Patents
A method of realizing that HTTPS request precisely detects abduction Download PDFInfo
- Publication number
- CN108400985A CN108400985A CN201810164462.5A CN201810164462A CN108400985A CN 108400985 A CN108400985 A CN 108400985A CN 201810164462 A CN201810164462 A CN 201810164462A CN 108400985 A CN108400985 A CN 108400985A
- Authority
- CN
- China
- Prior art keywords
- detecting module
- server
- abduction
- client
- https request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 230000006854 communication Effects 0.000 claims abstract description 23
- 238000004891 communication Methods 0.000 claims abstract description 20
- 230000008569 process Effects 0.000 claims abstract description 10
- 230000004044 response Effects 0.000 claims abstract description 9
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of method realized HTTPS request and precisely detect abduction, including:It is embedded in detecting module to client;It is carved at the beginning of the HTTPS request is sent, the detecting module obtains the HTTPS request, and is parsed to the HTTPS request, obtains the destination slogan;Detecting module judge whether occur connection kidnap, shake hands abduction and read-write kidnap.Advantage is:In the present invention, when client sends HTTPS request to server-side, pass through the communications reconnaissance process of detecting module and server-side, the communication process of simulant-client and server-side, to precisely detect the specific generation point kidnapped, and quick response client, and then solve the problems, such as that HTTPS request is slow without responding and responding, effective policy control is carried out convenient for technical staff to ensure that the data of HTTPS request can return to client in time, improves viscosity and the experience of user.
Description
Technical field
The invention belongs to network communication technology fields, and in particular to a kind of side for realizing HTTPS request and precisely detecting abduction
Method.
Background technology
HTTPS (Secure Hypertext Transfer Protocol, Secure Hypertext Transfer Protocol) is a peace
Full communication channel is developed based on HTTP, for exchanging information between clients and servers.Its socket layer safe to use
(SSL) information exchange is carried out, it is the safe version of HTTP in simple terms.HTTPS is to be developed by Netscape and to be built in its clear
It lookes in device, for carrying out compression and decompression operations to data, and returns to the result sent back on network.
Client is based on HTTPS agreements and carries out communication interaction with server-side, can effectively ensure that the safety of data transmission, prevents
Only data are tampered.However, in actual use, when client is communicated based on HTTPS agreements with server-side, being usually present
Abduction problem of the HTTPS request data without response and low-response, to reduce the usage experience of client.
Invention content
In view of the defects existing in the prior art, the present invention provides a kind of method realized HTTPS request and precisely detect abduction,
It can effectively solve the above problems.
The technical solution adopted by the present invention is as follows:
The present invention provides a kind of method realized HTTPS request and precisely detect abduction, includes the following steps:
Step 1, it is embedded in detecting module to client;
Step 2, client is based on HTTPS agreements and sends HTTPS request to server-side, wherein the HTTPS request carries
Purposeful port numbers;
It is carved at the beginning of the HTTPS request is sent, the detecting module obtains the HTTPS request, and to institute
It states HTTPS request to be parsed, obtains the destination slogan;
Step 3, the detecting module pre-sets the overtime total duration value T1 of connection, connection kidnaps time-out duration value T2 and shakes hands
Kidnap overtime duration value T3;Wherein, it connects overtime total duration value T1 and is more than the overtime duration value T2 of connection abduction;When connection time-out is total
Long value T1 is more than the overtime duration value T3 of abduction of shaking hands;
The detecting module creates the new local port not conflicted in the client, and then, the detecting module opens
Start timing with the 1st timer;
Meanwhile the detecting module establishes the local port to destination using asynchronous thread based on three-way handshake agreement
Communication connection channel between the corresponding destination interface of slogan;Wherein, during communicating to connect the foundation in channel, detecting module
Syn packets are sent to the corresponding server of destination interface by local port, and enter SYN_SEND states, and waiting for server is true
Recognize, at this point, detecting module, which enables the 2nd timer, starts timing, judges whether that overtime duration is kidnapped in the connection in 2 timer
The SYN+ACK packets that server return is received in the time of value T2 show that connection does not occur kidnaps, and executes step if received
4;If do not received, show that connection, which occurs, kidnaps, the detecting module has occurred what connection was kidnapped to the client
Notification message;
Step 4, the detecting module success establishes communication connection channel with server;Then, the detecting module is based on
SSL handshake process carries out authentication with the server;In authentication procedures, detecting module is by local port by institute
The algorithm list of support and a random number for being used as generating key are sent to server, and then, detecting module enables the 3rd timing
Device starts timing, judges whether that receiving server in the time of the overtime duration value T2 of connection abduction in 3 timer returns
The certification certificate returned shows abduction of not shaking hands if received, and executes step 5;If do not received, show to hold
Hand is kidnapped, and the detecting module sends the notification message for abduction of having shaken hands to the client;
Step 5, after the detecting module and Server SSL are shaken hands successfully, the detecting module judges whether in the 1st meter
When device timing the overtime total duration value T1 of connection time in receive the request response that the server returns, if received,
HTTPS request is normal;If do not received, the detecting module has occurred the notice that read-write is kidnapped to the client and has disappeared
Breath.
Preferably, it is 5 seconds that overtime duration value T2 is kidnapped in connection;The overtime duration value T3 of abduction of shaking hands is 5 seconds.
A kind of method for realizing that HTTPS request precisely detects abduction provided by the invention has the following advantages:
In the present invention, when client sends HTTPS request to server-side, detectd by the communication of detecting module and server-side
The communication process of survey process, simulant-client and server-side, to the specific generation point that precisely detecting is kidnapped, and quick response is objective
Family end, and then solve the problems, such as that HTTPS request is slow without responding and responding, convenient for technical staff carry out effective policy control with
Ensure that the data of HTTPS request can return to client in time, improves viscosity and the experience of user.
Description of the drawings
Fig. 1 is a kind of flow diagram realized HTTPS request and precisely detect the method for abduction provided by the invention.
Fig. 2 is the decision flow chart that connection provided by the invention is kidnapped;
Fig. 3 is the decision flow chart of abduction provided by the invention of shaking hands.
Specific implementation mode
In order to make the technical problems, technical solutions and beneficial effects solved by the present invention be more clearly understood, below in conjunction with
Accompanying drawings and embodiments, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein only to
It explains the present invention, is not intended to limit the present invention.
The present invention provides a kind of method realized HTTPS request and precisely detect abduction, may be implemented to accurately distinguish HTTPS and ask
The function that the connection asked is kidnapped, shake hands abduction and read-write are kidnapped, and quick response client, and then HTTPS request is solved without sound
Should with responded slow problem, carry out effective policy control convenient for technical staff with ensure HTTPS request data can and
When return to client, improve viscosity and the experience of user.
With reference to figure 1, the present invention provides a kind of method realized HTTPS request and precisely detect abduction, includes the following steps:
Step 1, it is embedded in detecting module to client;
Step 2, client is based on HTTPS agreements and sends HTTPS request to server-side, wherein the HTTPS request carries
Purposeful port numbers;
It is carved at the beginning of the HTTPS request is sent, the detecting module obtains the HTTPS request, and to institute
It states HTTPS request to be parsed, obtains the destination slogan;
Step 3, the detecting module pre-sets the overtime total duration value T1 of connection, connection kidnaps time-out duration value T2 and shakes hands
Kidnap overtime duration value T3;Wherein, it connects overtime total duration value T1 and is more than the overtime duration value T2 of connection abduction;When connection time-out is total
Long value T1 is more than the overtime duration value T3 of abduction of shaking hands;For example, it is 5 seconds that overtime duration value T2 is kidnapped in connection;When abduction time-out of shaking hands
Long value T3 is 5 seconds.
The detecting module creates the new local port not conflicted in the client, and then, the detecting module opens
Start timing with the 1st timer;
Meanwhile the detecting module establishes the local port to destination using asynchronous thread based on three-way handshake agreement
Communication connection channel between the corresponding destination interface of slogan;That is, if client is based on HTTPS agreements to server-side
It sends the communication connection channel used when HTTPS request and is known as the 1st communication connection channel;And detecting module and destination interface are established
Communication connection channel be known as the 2nd communication connection channel, then:2nd communication connection channel can be understood as the 1st communication connection channel
Analog simulation interface channel, pass through the 2nd communication connection channel state detecting, you can reflection the 1st communication connection channel shape
State.
Wherein, during communicating to connect the foundation in channel, detecting module sends syn packets to destination by local port
The corresponding server of mouth, and enter SYN_SEND states, waiting for server confirms, is opened at this point, detecting module enables the 2nd timer
Beginning timing judges whether the SYN that server return is received in the time of the overtime duration value T2 of connection abduction in 2 timer
+ ACK is wrapped, if received, shows that connection does not occur kidnaps, and executes step 4;If do not received, show that connection, which occurs, kidnaps,
The notification message that connection is kidnapped has occurred to the client for the detecting module;
Specifically, with reference to figure 2, the normal processes that three-way handshake establishes a connection are:
It shakes hands for the first time:When establishing connection, client sends syn packets (syn=j) and arrives server, and enters SYN_SEND
State, waiting for server confirm;
SYN:Synchronizing sequence numbers (Synchronize Sequence Numbers).
Second handshake:Server receives syn packets, confirms the syn (ack=j+1) of client, while also sending a SYN
It wraps (syn=k), i.e. SYN+ACK packets, server enters SYN_RECV states at this time;
Third time is shaken hands:Client receives the SYN+ACK packets of server, is sent to server and confirms packet ACK (ack=k+
1), this packet is sent, and client and server enters ESTABLISHED states, completes three-way handshake.
Three-way handshake is completed, client starts to transmit data with server.
Connection is kidnapped:During second handshake, server-side does not send out a SYN in setting time length
Packet causes before shaking hands for the third time client not receive the SYN+ACK packets of server in setting time, claims to connect abduction.
Step 4, the detecting module success establishes communication connection channel with server;Then, the detecting module is based on
SSL handshake process carries out authentication with the server;In authentication procedures, detecting module is by local port by institute
The algorithm list of support and a random number for being used as generating key are sent to server, and then, detecting module enables the 3rd timing
Device starts timing, judges whether that receiving server in the time of the overtime duration value T2 of connection abduction in 3 timer returns
The certification certificate returned shows abduction of not shaking hands if received, and executes step 5;If do not received, show to hold
Hand is kidnapped, and the detecting module sends the notification message for abduction of having shaken hands to the client;
With reference to figure 3, SSL handshake process is:
1. the algorithm list supported and one are sent to server by client for generating the random number of key;
2. server selects a kind of Encryption Algorithm from algorithm list, and includes server Public key by it and portion
Certificate is sent to client;The certificate further comprises server identification for authentication purposes, and server additionally provides one simultaneously
As the random number for generating key;
3. client is verified (related verification certificate, can sign with reference number) to the certificate of server, and is extracted
The Public key of server;Then, then a random cipher string for being referred to as pre_master_secret is generated, and uses service
The Public key of device is encrypted it and (refers to asymmetric enciphering/deciphering), and encrypted information is sent to server;
4. client and server is only according to the random number of pre_master_secret and client and server
It is vertical to calculate encryption and MAC keys.
5. the MAC value of all handshake informations is sent to server by client;
6. the MAC value of all handshake informations is sent to client by server.
It completes SSL to shake hands, client starts to transmit data with server.
It shakes hands abduction:In SSL handshake process 2, server does not send Encryption Algorithm and certificate in setting time
To client, client before process 3 is caused to be not affected by the certificate of server, title is shaken hands abduction.
Step 5, after the detecting module and Server SSL are shaken hands successfully, the detecting module judges whether in the 1st meter
When device timing the overtime total duration value T1 of connection time in receive the request response that the server returns, if received,
HTTPS request is normal;If do not received, the detecting module has occurred the notice that read-write is kidnapped to the client and has disappeared
Breath.
In conclusion a kind of method for realizing that HTTPS request precisely detects abduction provided by the invention has the following advantages:
In the present invention, when client sends HTTPS request to server-side, detectd by the communication of detecting module and server-side
The communication process of survey process, simulant-client and server-side, to the specific generation point that precisely detecting is kidnapped, and quick response is objective
Family end, and then solve the problems, such as that HTTPS request is slow without responding and responding, convenient for technical staff carry out effective policy control with
Ensure that the data of HTTPS request can return to client in time, improves viscosity and the experience of user.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
Depending on protection scope of the present invention.
Claims (2)
1. a kind of method realized HTTPS request and precisely detect abduction, which is characterized in that include the following steps:
Step 1, it is embedded in detecting module to client;
Step 2, client is based on HTTPS agreements and sends HTTPS request to server-side, wherein the HTTPS request carries mesh
Port numbers;
It is carved at the beginning of the HTTPS request is sent, the detecting module obtains the HTTPS request, and to described
HTTPS request is parsed, and the destination slogan is obtained;
Step 3, the detecting module pre-sets the overtime total duration value T1 of connection, time-out duration value T2 and abduction of shaking hands are kidnapped in connection
Overtime duration value T3;Wherein, it connects overtime total duration value T1 and is more than the overtime duration value T2 of connection abduction;The overtime total duration value of connection
T1 is more than the overtime duration value T3 of abduction of shaking hands;
The detecting module creates the new local port not conflicted in the client, and then, the detecting module enables the 1st
Timer starts timing;
Meanwhile the detecting module establishes the local port to destination slogan using asynchronous thread based on three-way handshake agreement
Communication connection channel between corresponding destination interface;Wherein, during communicating to connect the foundation in channel, detecting module passes through
Local port sends syn packets to the corresponding server of destination interface, and enters SYN_SEND states, and waiting for server confirms, this
When, detecting module enables the 2nd timer and starts timing, judges whether that overtime duration value T2 is kidnapped in the connection in 2 timer
Time in receive the SYN+ACK packets of server return and show not occur connection if received and kidnap, execution step 4;Such as
Fruit does not receive, then shows that connection, which occurs, kidnaps, the notice that connection is kidnapped has occurred to the client for the detecting module
Message;
Step 4, the detecting module success establishes communication connection channel with server;Then, the detecting module is held based on SSL
Hand process carries out authentication with the server;In authentication procedures, detecting module will be supported by local port
Algorithm list and one be used as generate key random number be sent to server, then, detecting module enable the 3rd timer open
Beginning timing judges whether to receive server return in the time of the overtime duration value T2 of connection abduction in 3 timer
Certification certificate shows abduction of not shaking hands if received, and executes step 5;If do not received, show misfortune of shaking hands
It holds, the detecting module sends the notification message for abduction of having shaken hands to the client;
Step 5, after the detecting module and Server SSL are shaken hands successfully, the detecting module judges whether in the 1st timer
The request response that the server returns, if received, HTTPS are received in the time of the overtime total duration value T1 of connection of timing
Request is normal;If do not received, the notification message that read-write is kidnapped has occurred to the client for the detecting module.
2. a kind of method realized HTTPS request and precisely detect abduction according to claim 1, which is characterized in that connection
It is 5 seconds to kidnap overtime duration value T2;The overtime duration value T3 of abduction of shaking hands is 5 seconds.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810164462.5A CN108400985B (en) | 2018-02-27 | 2018-02-27 | Method for realizing precise detection hijacking of HTTPS (hypertext transfer protocol secure) request |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810164462.5A CN108400985B (en) | 2018-02-27 | 2018-02-27 | Method for realizing precise detection hijacking of HTTPS (hypertext transfer protocol secure) request |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108400985A true CN108400985A (en) | 2018-08-14 |
| CN108400985B CN108400985B (en) | 2020-09-22 |
Family
ID=63096711
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810164462.5A Active CN108400985B (en) | 2018-02-27 | 2018-02-27 | Method for realizing precise detection hijacking of HTTPS (hypertext transfer protocol secure) request |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108400985B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110555180A (en) * | 2019-09-11 | 2019-12-10 | 中南大学 | Web page object request method and HTTPS request response method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060221852A1 (en) * | 2005-04-01 | 2006-10-05 | International Business Machines Corporation | System and method utilizing a single agent on a non-origin node for measuring the roundtrip response time over a public or private network with HTTP/HTTPS network protocol |
| CN101523806A (en) * | 2006-08-03 | 2009-09-02 | 思杰系统有限公司 | A method and appliance for using a dynamic response time to determine responsiveness of network services |
| CN104506393A (en) * | 2015-01-06 | 2015-04-08 | 北京海量数据技术股份有限公司 | System monitoring method based on cloud platform |
| US9009480B1 (en) * | 2013-03-07 | 2015-04-14 | Facebook, Inc. | Techniques for handshake-free encrypted communication using public key bootstrapping |
| CN106656643A (en) * | 2015-10-29 | 2017-05-10 | 国家计算机网络与信息安全管理中心 | Measuring method of segmental calculation of network delay |
-
2018
- 2018-02-27 CN CN201810164462.5A patent/CN108400985B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060221852A1 (en) * | 2005-04-01 | 2006-10-05 | International Business Machines Corporation | System and method utilizing a single agent on a non-origin node for measuring the roundtrip response time over a public or private network with HTTP/HTTPS network protocol |
| CN101523806A (en) * | 2006-08-03 | 2009-09-02 | 思杰系统有限公司 | A method and appliance for using a dynamic response time to determine responsiveness of network services |
| US9009480B1 (en) * | 2013-03-07 | 2015-04-14 | Facebook, Inc. | Techniques for handshake-free encrypted communication using public key bootstrapping |
| CN104506393A (en) * | 2015-01-06 | 2015-04-08 | 北京海量数据技术股份有限公司 | System monitoring method based on cloud platform |
| CN106656643A (en) * | 2015-10-29 | 2017-05-10 | 国家计算机网络与信息安全管理中心 | Measuring method of segmental calculation of network delay |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110555180A (en) * | 2019-09-11 | 2019-12-10 | 中南大学 | Web page object request method and HTTPS request response method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108400985B (en) | 2020-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102082796B (en) | Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol) | |
| CN102017578B (en) | Network helper for authentication between a token and verifiers | |
| CN101340436B (en) | Method and apparatus implementing remote access control based on portable memory apparatus | |
| CN111953492B (en) | ERP (Enterprise resource planning) networking monitoring system based on quantum key encryption and application method thereof | |
| CN113612605A (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
| CN109347809A (en) | A kind of application virtualization safety communicating method towards under autonomous controllable environment | |
| CN101127604B (en) | Information secure transmission method and system | |
| CN107395312A (en) | A kind of secure network method for synchronizing time and device | |
| CN100393034C (en) | A Source Authentication Method Applied in Multicast Communication System | |
| CN108243181A (en) | A kind of car networking terminal, data ciphering method and car networking server | |
| CN101197664A (en) | Method, system and device for key management protocol negotiation | |
| CN108400867A (en) | A kind of authentication method based on public encryption system | |
| CN111756530B (en) | Quantum service mobile engine system, network architecture and related equipment | |
| CN109218825A (en) | A kind of video encryption system | |
| CN107508847A (en) | One kind connection method for building up, device and equipment | |
| CN109714360B (en) | Intelligent gateway and gateway communication processing method | |
| CN106169952B (en) | A kind of authentication method that internet Key Management Protocol is negotiated again and device | |
| CN106685983A (en) | A data restoration method and device based on SSL protocol | |
| CN109495503A (en) | A kind of SSL VPN authentication method, client, server and gateway | |
| CN109151508A (en) | A kind of video encryption method | |
| CN114666073A (en) | Hidden channel transmission method based on SSL protocol complete communication | |
| CN109962781B (en) | A digital certificate distribution device | |
| WO2007053255A1 (en) | Total exchange session security | |
| CN108040071B (en) | Dynamic switching method for VoIP audio and video encryption key | |
| CN108667761A (en) | A method of protecting single-sign-on using safe socket character layer conversation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |