CN109889514A - A kind of certification scan method and web application scanning system - Google Patents
A kind of certification scan method and web application scanning system Download PDFInfo
- Publication number
- CN109889514A CN109889514A CN201910108870.3A CN201910108870A CN109889514A CN 109889514 A CN109889514 A CN 109889514A CN 201910108870 A CN201910108870 A CN 201910108870A CN 109889514 A CN109889514 A CN 109889514A
- Authority
- CN
- China
- Prior art keywords
- web application
- browser
- scanning
- port
- authen session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000011084 recovery Methods 0.000 claims description 8
- 230000009471 action Effects 0.000 claims description 6
- 239000003795 chemical substances by application Substances 0.000 description 46
- 235000014510 cooky Nutrition 0.000 description 5
- 230000003993 interaction Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 241000238366 Cephalopoda Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 239000000571 coke Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
Abstract
This application involves a kind of certification scan method and web application scanning systems, which comprises the server equipped with web application scanning system opens agency service;Browser plug-in sets the Agent IP of browser and port to the IP and proxy port of the server equipped with web application scanning system;A new window or Shipping Options Page are opened in a browser;The homepage or log in page of object web application system are loaded in the new window or Shipping Options Page;In the page that the new window or Shipping Options Page are loaded, navigates to log in page and carry out register;After success logs in, the authen session voucher is obtained by the browser plug-in automatically;The browser plug-in restores the Agent IP of the browser and port setting to original value;The web application scanning system is based on the authen session voucher and carries out certification scanning to the object web application system.The application can solve it is traditional based on the certification scan method of authen session voucher there are the problem of.
Description
Technical field
This application involves Internet technical field, in particular to a kind of certification scan method and web application scanning system.
Background technique
Web application has become most popular service on Internet, because of certain demands, it is often necessary to scan (or
Claim to crawl) it the page of web application system and is analyzed based on response, if web application vulnerability scanning system is exactly a typical case
Example.
Web application system would generally some function or information could access after authentication.Web application system
System would generally provide log in page, and user can submit credential information to authentication module by log in page, and authentication module verifying is submitted
The validity of credential information then creates authen session and return authentication session voucher (as authenticated if it is effective credential information
Session cookie) browser is given, hereafter user can access the function or information for needing could to access after authenticating.
To guarantee to carry out comprehensive scanning analysis (such as leak analysis) to web application system, that is, it is directed to and needs to authenticate
The function or information that could be accessed later also can be carried out scanning analysis, current web application scanning system (such as web application loophole
Scanning system or web application vulnerability analysis system) generally realize a kind of certification scanning side based on authen session voucher
Method.When the certification scan method based on username and password cannot be used to carry out certification scanning, the login of identifying code is such as had
List usually can be used this method and carry out certification scanning.As shown in Figure 1, this method includes: that user passes through browser
The log in page of access target web application system simultaneously carries out register, successfully log in after, obtain the authen session with
Card, then web application scanning system is based on the authen session voucher and carries out certification scanning to object web application system.
But there are some problems for above-mentioned traditional certification scan method, specifically:
1. although obtaining certification meeting above-mentioned traditional certification scan method is generally used by web application scanning system
It is very troublesome for talking about the operation of voucher, and user is needed to have certain professional knowledge.In particular it is required that user uses
Manual mode finds the authen session voucher in the information that certain tools or browser plug-in obtain, and then passes through craft
The authen session voucher is copied and is pasted in scanning configuration by mode;
2. as web security situation is more and more severeer, more and more Web apply the authen session bound by IP with
It demonstrate,proves to reinforce safety, the authen session voucher of so-called IP binding is the authen session voucher for generating Web application system and access
IP address associates.For this authen session voucher and IP binding web application system, user using browser across
When network is accessed and is scanned using web application scanning system, above-mentioned traditional certification scan method cannot be coped with.Specifically
Ground, as shown in Fig. 2, user is accessed using browser across a network and uses web application scanning system to object web application system
It is scanned, wherein the access IP of access request when user accesses the object web application system by browser is to use
The gateway of network where family, and access IP when web application scanning system accesses the object web application system is web application
The IP of scanning system oneself, it is clear that two access IP are different, in this case, if target web application system is realized
The binding of authen session voucher and IP address applies web then accessing effective authen session voucher for browser
Scanning system must be invalid authen session voucher, i.e., when web application scanning system is based on effectively authenticating meeting to browser
When words voucher carries out certification scanning to the object web application system, although the authen session voucher be it is effective,
Because the IP of authen session voucher binding is different from access IP, access request can be rejected.It can be seen that when user is by clear
When device across a network of looking at is accessed and is scanned using web application scanning system, if object web application system realizes certification
The binding of session voucher and IP address cannot pass through the log in page of user browser access target web application system and progress again
As soon as the mode of register obtains an effective authen session voucher, it is not available above-mentioned traditional certification scan method yet
Certification scanning is carried out to the object web application system;
3. in some cases, for some reason, network where user is unable to access target web application system.For
The object web application system that network where this user cannot access, but network where user can access web application scanning system
It unites and the web application scanning system can access the object web application system, above-mentioned traditional certification scan method is not
It can reply.It specifically, cannot be clear by user again because network where user is unable to access target web application system
Look at device access target web application system log in page and carry out register mode obtain an effective authen session with
Card, is not just available above-mentioned traditional certification scan method yet and carries out certification scanning to the object web application system.
Summary of the invention
The application's is designed to provide a kind of certification scan method, is able to solve traditional based on authen session voucher
Certification scan method there are the problem of, specifically, can be realized following technical effect:
1. the authen session voucher of object web application system can be obtained automatically, it is transparent to user to obtain operation, and not
Any professional knowledge is needed, user only needs the log in page of access target web application system as normal access and steps on
Record operation, facilitates in the extreme;
2. when user's across a network is accessed and when being scanned using web application scanning system, cope with authen session with
Card is bundled with the web application system of IP.Specifically, the object web application system still can be logged in by user browser
Mode obtain an effective authen session voucher, then the web application scanning system be based on the authen session voucher
Certification scanning is carried out to the object web application system;
3. the network where user can access web application scanning system and the web application scanning system can access mesh
When marking web application system, the case where user place network cannot access the object web application system is coped with.Specifically
Ground still can obtain an effective authen session in such a way that user browser logs in the object web application system
Voucher, then the web application scanning system recognizes the object web application system based on the authen session voucher
Card scanning.
To achieve the above object, the application provides a kind of certification scan method, the method be based on authen session voucher,
Browser plug-in and agent skill group are the improvement to traditional certification scan method based on authen session voucher, the method
Include:
Server equipped with web application scanning system opens agency service, so that the server can forward user clear
The flowing of access look between device and object web application system;
The Agent IP of browser and port are set the service that web application scanning system is housed by browser plug-in
The IP and proxy port of device, so that hereafter the flowing of access between user browser and object web application system is via described
Server forwarding equipped with web application scanning system;
A new window or Shipping Options Page are opened in a browser;
The homepage or log in page of object web application system are loaded in the new window or Shipping Options Page;
In the page that the new window or Shipping Options Page are loaded, navigates to log in page and carry out register;
After the register is completed and successfully logged in, the certification meeting is obtained by the browser plug-in automatically
Talk about voucher;
The browser plug-in restores the Agent IP of the browser and port setting to original value;
The web application scanning system is based on the authen session voucher and authenticates to the object web application system
Scanning.
Further, browser plug-in sets described equipped with web application scanning system for the Agent IP of browser and port
The IP and proxy port of the server of system include:
User triggers the browser plug-in by a clicking operation and automatically sets the Agent IP of browser and port
It is set to the IP and proxy port of the server equipped with web application scanning system.
Further, the Agent IP of browser and port setting recovery to original value are included: by the browser plug-in
User triggers the browser plug-in by a clicking operation and automatically sets the Agent IP of browser and port
Recovery is set to original value.
Further, after the register is completed and successfully logged in, institute is obtained by the browser plug-in automatically
Stating authen session voucher includes:
After the register is completed and successfully logged in, call browser interface automatic by the browser plug-in
The authen session voucher is obtained, such as authen session Cookie;
After obtaining the authen session voucher, the authen session voucher is arranged into scanning configuration automatically.
Further, the web application scanning system is based on the authen session voucher to the object web application system
System carries out certification scanning
The web application scanning system is obtained from scanning configuration and using the authen session voucher to the target
Web application system carries out certification scanning.
To achieve the above object, the application provides a kind of web application scanning system, and the system realizes above-mentioned certification
Scan method, comprising:
Agent unit, for forwarding the flowing of access between browser and object web application system;
Browser plug-in, Agent IP and port for changing browser are arranged and automatic acquisition object web application system
Authen session voucher;
Scanning element can carry out certification to object web application system based on an effective authen session voucher and sweep
It retouches;
Wherein, the scanning element, can based on effective authen session voucher to target web application system into
Row certification, which scans, includes:
The scanning element is obtained from scanning configuration and using authen session voucher to the object web application system
Carry out certification scanning.
Further, browser plug-in, Agent IP and port for changing browser are arranged and obtain automatically target
The authen session voucher of web application system includes:
For setting the Agent IP of browser and port to the IP of the server equipped with web application scanning system
And proxy port;
For obtaining the authen session voucher automatically after successfully logging in object web application system;
For restoring the Agent IP of browser and port setting to original value;
Wherein, for setting the server that web application scanning system is housed for the Agent IP of browser and port
IP and proxy port include:
For automatically the Agent IP of browser and port to be arranged when user triggers a certain click action by mouse
For the IP and proxy port of the server equipped with web application scanning system;
Wherein, for including: by the Agent IP of browser and port setting recovery to original value
For automatically the Agent IP of browser and port to be arranged when user triggers a certain click action by mouse
Restore to original value.
Further, browser plug-in, Agent IP and port for changing browser are arranged and obtain automatically target
The authen session voucher of web application system further include:
It is used to open a new window or Shipping Options Page.
Further, browser plug-in, Agent IP and port for changing browser are arranged and obtain automatically target
The authen session voucher of web application system further include:
The homepage or log in page of object web application system are loaded in the new window or Shipping Options Page.
Further, for obtaining the authen session voucher packet automatically after successfully logging in object web application system
It includes:
For obtaining the authen session voucher, such as authen session automatically after successfully logging in object web application system
Cookie;
It is configured for automatically the authen session voucher to be arranged to scanning after obtaining the authen session voucher
In.
Therefore user by the browser carry out register and successfully log in object web application system it is whole
During a operation, since all flowing of access between browser and object web application system are answered via equipped with the web
It is forwarded with the server of scanning system, this makes:
1. realizing the object web application system of IP binding authentication session voucher when creating authen session, institute will be housed
The IP for stating the server of web application scanning system is tied to authen session voucher, which ensure that the web application scanning system
The IP that access IP when carrying out certification scanning based on the authen session voucher is bound with authen session voucher is consistent, i.e.,
To the effective authen session voucher of browser, by web application scanning system using come to the object web application system into
It is still legal when row certification scanning.Therefore, technical solution provided by the present application is accessed and is used in user's across a network
When web application scanning system is scanned, although browser and the web application scanning system have different IP address,
For access IP having the same for the object web application system, so browser access target still can be passed through
The log in page of web application system simultaneously carries out the mode of register to obtain an effective authen session voucher, is then based on
The authen session voucher carries out certification scanning to the object web application system;
2. if network where user can access web application scanning system and the web application scanning system can visit
Ask the object web application system, even if network where user is unable to access target web application system, but because user browses
Flowing of access between device and the object web application system is through the web application scanning system forwards, so still
One is obtained by way of the log in page of browser access target web application system can be passed through and carry out register effectively
Authen session voucher, be then based on the authen session voucher and certification scanning carried out to the object web application system.
Detailed description of the invention
Fig. 1 is the interaction signal that certification scanning is carried out using traditional certification scan method based on authen session voucher
Figure;
When Fig. 2 is that across a network accesses web application scanning system, swept using traditional certification based on authen session voucher
Retouch the interaction schematic diagram that the web application system that method is bundled with IP to authen session voucher carries out certification scanning;
Fig. 3 is certification scan method flow chart provided by the present application;
Fig. 4 is that certification scanning system provided by the present application is based on certification scan method provided by the present application to authen session
The web application system that voucher is bundled with IP carries out the interaction schematic diagram of certification scanning.
Specific embodiment
In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with the application
Attached drawing in embodiment is clearly and completely described the technical solution in the application embodiment, it is clear that described
Embodiment be only a part of embodiment of the application, rather than whole embodiment.Based on the implementation in the application
Mode, all other embodiment obtained by those of ordinary skill in the art without making creative efforts, all
The range of the application protection should belong to.
Referring to Fig. 3, the application provides a kind of certification scan method, the method is based on authen session voucher, browser
Plug-in unit and agent skill group are the improvement to traditional certification scan method based on authen session voucher, which comprises
S1: the server equipped with web application scanning system opens agency service, so that the server can forward use
Flowing of access between family browser and object web application system;
S2: the Agent IP of browser and port are set the clothes that web application scanning system is housed by browser plug-in
The IP and proxy port of business device, so that hereafter the flowing of access between user browser and target web application system is via institute
The server equipped with web application scanning system is stated to forward;
S3: a new window or Shipping Options Page are opened in a browser;
S4: the homepage or log in page of object web application system are loaded in the new window or Shipping Options Page;
S5: it in the page that the new window or Shipping Options Page are loaded, navigates to log in page and carries out register;
S6: after the register is completed and successfully logged in, the certification is obtained by the browser plug-in automatically
Session voucher;
S7: the browser plug-in restores the Agent IP of the browser and port setting to original value;
S8: the web application scanning system is based on the authen session voucher and carries out to the target web application system
Certification scanning.
In Fig. 3, the operation of other operations, such as S2 are not connected in dotted line frame with solid line, indicates the operation and dotted line
The operation order of other operations in frame is in no particular order.
Further, browser plug-in sets described equipped with web application scanning system for the Agent IP of browser and port
The IP and proxy port of the server of system include:
User triggers the browser plug-in by a clicking operation and automatically sets the Agent IP of browser and port
It is set to the IP and proxy port of the server equipped with web application scanning system.
Further, the Agent IP of browser and port setting recovery to original value are included: by the browser plug-in
User triggers the browser plug-in by a clicking operation and automatically sets the Agent IP of browser and port
Recovery is set to original value.
Further, after the register is completed and successfully logged in, institute is obtained by the browser plug-in automatically
Stating authen session voucher includes:
After the register is completed and successfully logged in, call browser interface automatic by the browser plug-in
The authen session voucher is obtained, such as authen session Cookie;
After obtaining the authen session voucher, the authen session voucher is arranged into scanning configuration automatically.
Further, the web application scanning system is based on the authen session voucher to the object web application system
System carries out certification scanning
The web application scanning system is obtained from scanning configuration and using the authen session voucher to the target
Web application system carries out certification scanning.
To achieve the above object, the application provides a kind of web application scanning system, and the system realizes above-mentioned certification
Scan method, comprising:
Agent unit, for forwarding the flowing of access between browser and object web application system;
Browser plug-in, Agent IP and port for changing browser are arranged and automatic acquisition object web application system
Authen session voucher;
Scanning element can carry out certification to object web application system based on an effective authen session voucher and sweep
It retouches;
Wherein, the scanning element, can based on effective authen session voucher to target web application system into
Row certification, which scans, includes:
The scanning element is obtained from scanning configuration and using authen session voucher to the object web application system
Carry out certification scanning.
Further, browser plug-in, Agent IP and port for changing browser are arranged and obtain automatically target
The authen session voucher of web application system includes:
For setting the Agent IP of browser and port to the IP of the server equipped with web application scanning system
And proxy port;
For obtaining the authen session voucher automatically after successfully logging in object web application system;
For restoring the Agent IP of browser and port setting to original value;
Wherein, for setting the server that web application scanning system is housed for the Agent IP of browser and port
IP and proxy port include:
For automatically the Agent IP of browser and port to be arranged when user triggers a certain click action by mouse
For the IP and proxy port of the server equipped with web application scanning system;
Wherein, for including: by the Agent IP of browser and port setting recovery to original value
For automatically the Agent IP of browser and port to be arranged when user triggers a certain click action by mouse
Restore to original value.
Further, browser plug-in, Agent IP and port for changing browser are arranged and obtain automatically target
The authen session voucher of web application system further include:
It is used to open a new window or Shipping Options Page.
Further, browser plug-in, Agent IP and port for changing browser are arranged and obtain automatically target
The authen session voucher of web application system further include:
The homepage or log in page of object web application system are loaded in the new window or Shipping Options Page.
Further, for obtaining the authen session voucher packet automatically after successfully logging in object web application system
It includes:
For obtaining the authen session voucher, such as authen session automatically after successfully logging in object web application system
Cookie;
It is configured for automatically the authen session voucher to be arranged to scanning after obtaining the authen session voucher
In.
In practical applications, referring to Fig. 4, based on authen session voucher, browser plug-in and acting on behalf of skill described in realizing
The Web application scanning system of the certification scan method of art, comprising:
1. agent unit: can be a module of web application scanning system, be also possible to independent agency's clothes
Business.Well-known agency service (such as squid agency service) can be used as agent unit;
2. browser plug-in: being the key that realize technical solution provided by the present application.Specifically, it is visited by browser
When asking the web application scanning system and editing scanning configuration: when user triggers a certain clicking operation by mouse, this is clear
Device plug-in unit of looking at obtains the URL of object web application system from the scanning configuration automatically and one new window of opening or Shipping Options Page add
Carry the URL;Utilize a upper clicking operation or some new clicking operations (as described in clicking new window or Shipping Options Page
It is set to obtain the clicking operation of focus) it triggers the browser plug-in and automatically sets institute for the Agent IP of browser and port
State the IP of web application scanning system and the port of the agent unit;Then, the institute loaded in the new window or Shipping Options Page
It states in URL pages, user can navigate to log in page and carry out register, successfully log in user as common access
After the object web application system, when user by mouse trigger a certain new clicking operation (click as described in new window or
The close button of Shipping Options Page) when, which automatically obtains the authen session voucher into scanning configuration;
To ensure that the flowing of access between only user browser and the object web application system is forwarded via the agent unit,
It does not influence the flowing of access between user browser and other web application systems, loses coke in the new window or Shipping Options Page
When point and the when of being closed, triggers the browser plug-in and automatically restore the Agent IP of browser and port setting to original
Value trigger the browser plug-in automatically for browser and when the new window or Shipping Options Page obtain focus again
Agent IP and port are set as the IP of the web application scanning system and the port of the agent unit;
3. realizing a scanning engine, object web application system can be scanned based on scanning configuration, if
An effective authen session voucher is contained in scanning configuration, it can be based on the authen session voucher to object web application system
System carries out certification scanning.
Because during the whole operation for carrying out register in the login page in the new window or Shipping Options Page, visiting
Ask that flow is forwarded via agent unit, being equivalent to register is in server where the web application scanning system
Upper (rather than where user browser on machine) carries out, so:
1. even if object web application system realizes authen session voucher binding IP address, back to the certification of browser
The bound IP of session voucher is also the IP of server where the web application scanning system, therefore the authen session voucher works as quilt
The web application scanning system will not be answered using certification scanning is carried out to the object web application system by the target web
It is considered illegal with system.Therefore, even if object web application system realizes authen session voucher binding IP address, institute
Stating web application scanning system still can use through browser authen session voucher obtained to the object web application system
System carries out certification scanning;
2. even if network where user is unable to access target web application system, but if network where user can access
Web application scanning system and the web application scanning system can access the object web application system, for example, when user across
Network is accessed and may encounter such case when being scanned using web application scanning system, still is able to pass through use at this time
Family browser obtains an effective authen session voucher, and then the web application scanning system is based on the authen session voucher pair
The object web application system carries out certification scanning.
Therefore the certification scan method based on authen session voucher, browser plug-in and agent skill group, with
Traditional certification scan method based on authen session voucher is compared, and is had the advantage that
1. can obtain automatically and be arranged authen session voucher to scanning configuration in, it is very convenient, and it is described acquisition and
Setting operation is transparent to user, does not need professional knowledge;
2. being coped with when user is accessed by browser across a network and is scanned using web application scanning system
Authen session voucher is bundled with the Web application system of IP, that is, still is able to obtain an effectively certification meeting by user browser
Voucher is talked about, then the web application scanning system recognizes the object web application system based on the authen session voucher
Card scanning;
3. the network where user can access web application scanning system and the web application scanning system can access mesh
When marking web application system, the case where user place network cannot access the object web application system is coped with, i.e., still
An effective authen session voucher can be obtained by user browser, then the web application scanning system is based on the certification
Session voucher carries out certification scanning to the object web application system.
Those skilled in the art are supplied to the purpose described to the description of presently filed embodiment above.Its not purport
It is being exhaustion or is being not intended to and limits the invention to single disclosed embodiment.As described above, the application's is various
Substitution and variation will be apparent for above-mentioned technology one of ordinary skill in the art.Therefore, although specifically begging for
Some alternative embodiments are discussed, but other embodiment will be apparent or those skilled in the art are opposite
It is easy to obtain.The application is intended to include all substitutions of the invention discussed herein, modification and variation, Yi Jiluo
Other embodiment in the spirit and scope of above-mentioned application.
Claims (10)
1. a kind of certification scan method, which is characterized in that the method is based on authen session voucher, browser plug-in and acts on behalf of skill
Art, comprising:
Server equipped with web application scanning system opens agency service;
Browser plug-in sets the Agent IP of browser and port to the IP of the server equipped with web application scanning system
And proxy port;
A new window or Shipping Options Page are opened in a browser;
The homepage or log in page of object web application system are loaded in the new window or Shipping Options Page;
In the page that the new window or Shipping Options Page are loaded, navigates to log in page and carry out register;
After the register is completed and is successfully logged in, by the browser plug-in obtain automatically the authen session with
Card;
The browser plug-in restores the Agent IP of the browser and port setting to original value;
The web application scanning system is based on the authen session voucher and carries out certification scanning to the object web application system.
2. the method according to claim 1, wherein the Agent IP of browser and port are arranged browser plug-in
Include: for the IP and proxy port of the server equipped with web application scanning system
User triggers the browser plug-in by a clicking operation and automatically sets the Agent IP of browser and port to
The IP and proxy port of the server equipped with web application scanning system.
3. the method according to claim 1, wherein the browser plug-in is by the Agent IP of browser and port
Recovery to original value, which is arranged, includes:
User by a clicking operation trigger the browser plug-in automatically the Agent IP of browser and port are arranged it is extensive
Again to original value.
4. the method according to claim 1, wherein passing through after the register is completed and successfully logged in
The browser plug-in obtains the authen session voucher automatically
After the register is completed and successfully logged in, browser interface is called to obtain institute automatically by the browser plug-in
State authen session voucher;
After obtaining the authen session voucher, the authen session voucher is arranged into scanning configuration automatically.
5. the method according to claim 1, wherein the web application scanning system is based on the authen session
Voucher carries out certification scanning to the object web application system
The web application scanning system is obtained from scanning configuration and is answered using the authen session voucher the target web
Certification scanning is carried out with system.
6. a kind of web application scanning system, which is characterized in that the system comprises:
Agent unit, for forwarding the flowing of access between browser and object web application system;
Browser plug-in, Agent IP and port for changing browser are arranged and obtain automatically recognizing for object web application system
Demonstrate,prove session voucher;
Scanning element can carry out certification scanning to object web application system based on an effective authen session voucher;
Wherein, the scanning element can authenticate object web application system based on an effective authen session voucher
Scanning includes:
The scanning element is obtained from scanning configuration and is recognized using authen session voucher the object web application system
Card scanning.
7. system according to claim 6, which is characterized in that browser plug-in, for change browser Agent IP and
Port setting and the automatic authen session voucher for obtaining object web application system include:
For setting the Agent IP of browser and port to the IP and agency of the server equipped with web application scanning system
Port;
For obtaining the authen session voucher automatically after successfully logging in object web application system;
For restoring the Agent IP of browser and port setting to original value;
Wherein, for setting the Agent IP of browser and port to the IP of the server equipped with web application scanning system
Include: with proxy port
For automatically setting institute for the Agent IP of browser and port when user triggers a certain click action by mouse
State the IP and proxy port of the server equipped with web application scanning system;
Wherein, for including: by the Agent IP of browser and port setting recovery to original value
For automatically the Agent IP of browser and port setting to be restored when user triggers a certain click action by mouse
To original value.
8. system according to claim 6, which is characterized in that browser plug-in, for change browser Agent IP and
Port setting and the automatic authen session voucher for obtaining object web application system further include:
It is used to open a new window or Shipping Options Page.
9. the system according to claim 6 or 8, which is characterized in that browser plug-in, for changing the Agent IP of browser
With port setting and the automatic authen session voucher for obtaining object web application system further include:
The homepage or log in page of object web application system are loaded in the new window or Shipping Options Page.
10. system according to claim 7, which is characterized in that for automatic after successfully logging in object web application system
Obtaining the authen session voucher includes:
For automatically obtaining the authen session voucher after successfully logging in object web application system;
For automatically the authen session voucher to be arranged into scanning configuration after obtaining the authen session voucher.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910108870.3A CN109889514A (en) | 2019-02-03 | 2019-02-03 | A kind of certification scan method and web application scanning system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910108870.3A CN109889514A (en) | 2019-02-03 | 2019-02-03 | A kind of certification scan method and web application scanning system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109889514A true CN109889514A (en) | 2019-06-14 |
Family
ID=66927773
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910108870.3A Pending CN109889514A (en) | 2019-02-03 | 2019-02-03 | A kind of certification scan method and web application scanning system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109889514A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110928573A (en) * | 2019-11-18 | 2020-03-27 | 中国民航信息网络股份有限公司 | Client departure device and WEB application interconnection method and system |
| CN110995717A (en) * | 2019-12-06 | 2020-04-10 | 杭州海康威视数字技术股份有限公司 | Message processing method and device, electronic equipment and vulnerability scanning system |
| CN112822175A (en) * | 2020-12-31 | 2021-05-18 | 联想(北京)有限公司 | Information access method and device and electronic equipment |
| CN113190828A (en) * | 2021-05-25 | 2021-07-30 | 网宿科技股份有限公司 | Request proxy method, client device and proxy service device |
| CN113391851A (en) * | 2021-06-03 | 2021-09-14 | 网宿科技股份有限公司 | Proxy control method, client device and proxy service device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110282997A1 (en) * | 2010-04-01 | 2011-11-17 | Matthew Browning Prince | Custom responses for resource unavailable errors |
| CN103391278A (en) * | 2012-05-11 | 2013-11-13 | 杨雪 | Method and system for terminals to connect server |
| CN103618662A (en) * | 2013-11-22 | 2014-03-05 | 奇智软件(北京)有限公司 | Method and device for realizing instant communication |
| CN104468485A (en) * | 2013-09-23 | 2015-03-25 | 西门子公司 | Webpage scanning method, device and system |
| CN104734908A (en) * | 2006-03-02 | 2015-06-24 | 诺基亚公司 | Mode supporting target network access through wireless access networks |
| CN105493439A (en) * | 2013-09-25 | 2016-04-13 | 迈克菲股份有限公司 | Proxy authentication for single sign-on |
| CN106998335A (en) * | 2017-06-13 | 2017-08-01 | 深信服科技股份有限公司 | A kind of leak detection method, gateway device, browser and system |
-
2019
- 2019-02-03 CN CN201910108870.3A patent/CN109889514A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104734908A (en) * | 2006-03-02 | 2015-06-24 | 诺基亚公司 | Mode supporting target network access through wireless access networks |
| US20110282997A1 (en) * | 2010-04-01 | 2011-11-17 | Matthew Browning Prince | Custom responses for resource unavailable errors |
| CN103391278A (en) * | 2012-05-11 | 2013-11-13 | 杨雪 | Method and system for terminals to connect server |
| CN104468485A (en) * | 2013-09-23 | 2015-03-25 | 西门子公司 | Webpage scanning method, device and system |
| CN105493439A (en) * | 2013-09-25 | 2016-04-13 | 迈克菲股份有限公司 | Proxy authentication for single sign-on |
| CN103618662A (en) * | 2013-11-22 | 2014-03-05 | 奇智软件(北京)有限公司 | Method and device for realizing instant communication |
| CN106998335A (en) * | 2017-06-13 | 2017-08-01 | 深信服科技股份有限公司 | A kind of leak detection method, gateway device, browser and system |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110928573A (en) * | 2019-11-18 | 2020-03-27 | 中国民航信息网络股份有限公司 | Client departure device and WEB application interconnection method and system |
| CN110995717A (en) * | 2019-12-06 | 2020-04-10 | 杭州海康威视数字技术股份有限公司 | Message processing method and device, electronic equipment and vulnerability scanning system |
| CN110995717B (en) * | 2019-12-06 | 2022-11-01 | 杭州海康威视数字技术股份有限公司 | Message processing method and device, electronic equipment and vulnerability scanning system |
| CN112822175A (en) * | 2020-12-31 | 2021-05-18 | 联想(北京)有限公司 | Information access method and device and electronic equipment |
| CN113190828A (en) * | 2021-05-25 | 2021-07-30 | 网宿科技股份有限公司 | Request proxy method, client device and proxy service device |
| CN113391851A (en) * | 2021-06-03 | 2021-09-14 | 网宿科技股份有限公司 | Proxy control method, client device and proxy service device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109889514A (en) | A kind of certification scan method and web application scanning system | |
| Fett et al. | The web sso standard openid connect: In-depth formal security analysis and security guidelines | |
| Fett et al. | An expressive model for the web infrastructure: Definition and application to the browser id sso system | |
| Fett et al. | An extensive formal security analysis of the openid financial-grade api | |
| Fett et al. | Spresso: A secure, privacy-respecting single sign-on system for the web | |
| Andrews et al. | How to break web software: Functional and security testing of web applications and web services | |
| CN104378376B (en) | SOA-based single sign-on method, authentication server and browser | |
| US8051465B1 (en) | Mitigating forgery of electronic submissions | |
| US20170026363A1 (en) | Visualization of Trust in an Address Bar | |
| US8869258B2 (en) | Facilitating token request troubleshooting | |
| US20140189808A1 (en) | Multi-factor authentication and comprehensive login system for client-server networks | |
| JP2005538434A (en) | Method and system for user-based authentication in a federated environment | |
| US8015598B2 (en) | Two-factor anti-phishing authentication systems and methods | |
| Fett et al. | Analyzing the BrowserID SSO system with primary identity providers using an expressive model of the web | |
| Burns et al. | Security power tools | |
| Jøsang | Identity management and trusted interaction in Internet and mobile computing | |
| Jammalamadaka et al. | Delegate: A proxy based architecture for secure website access from an untrusted machine | |
| CN114079569B (en) | Open authorization method and device, equipment and storage medium | |
| Wang et al. | A framework for formal analysis of privacy on SSO protocols | |
| Lakshmiraghavan | Pro Asp. Net Web API Security: Securing ASP. NET Web API | |
| CN112804224B (en) | Authentication and authorization method and device based on micro-service, medium and electronic equipment | |
| Hosseyni et al. | Formal security analysis of the OpenID FAPI 2.0: Accompanying a standardization process | |
| Dubrawsky | How to cheat at securing your network | |
| Thompson et al. | The software vulnerability guide | |
| RU2740308C1 (en) | Method for identifying online user and device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190614 |