[go: up one dir, main page]

CN104767747A - Click-jacking security detection method and device - Google Patents

Click-jacking security detection method and device Download PDF

Info

Publication number
CN104767747A
CN104767747A CN201510143931.1A CN201510143931A CN104767747A CN 104767747 A CN104767747 A CN 104767747A CN 201510143931 A CN201510143931 A CN 201510143931A CN 104767747 A CN104767747 A CN 104767747A
Authority
CN
China
Prior art keywords
webpage
detected
click
url information
network address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510143931.1A
Other languages
Chinese (zh)
Inventor
姜楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Weibo Internet Technology China Co Ltd
Original Assignee
Weibo Internet Technology China Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weibo Internet Technology China Co Ltd filed Critical Weibo Internet Technology China Co Ltd
Priority to CN201510143931.1A priority Critical patent/CN104767747A/en
Publication of CN104767747A publication Critical patent/CN104767747A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention provides a click jacking safety detection method and device. The method comprises the steps that a button element and webpage URL information in a webpage to be detected are separated; the button element and a sensitive element in a sensitive element database are compared; if the sensitive element in the sensitive element database exists in the button element, the webpage URL information of the webpage to be detected is compared with a website white list in a website white list database; if the webpage URL information of the webpage to be detected is in the website white list, the click jacking safety detection is not executed; if the webpage URL information of the webpage to be detected is not in the website white list, the click jacking safety detection is executed. The click jacking safety detection method can achieve automatic safety detection for click jacking of SNS websites.

Description

点击劫持安全检测方法和装置Click-jacking security detection method and device

技术领域technical field

本发明涉及计算机网络安全技术领域,具体涉及应用于社会性网络站点SNS中的点击劫持安全检测方法和装置。The invention relates to the technical field of computer network security, in particular to a click hijacking security detection method and device applied to social network sites SNS.

背景技术Background technique

Clickjacking(点击劫持)是一种视觉欺骗的Web攻击方式,通过诱骗用户点击包含隐藏按钮的网页的某些部分来执行恶意程序,隐藏按钮是通过隐形的iframe(iframe是HTML标签,iframe元素会创建包含另外一个文档的内联框架(即行内框架))实现的,黑客则可以通过iframe将其他内容载入目标网站。如果是黑客精心设计Clickjacking攻击页面,那么无论用户进行正常鼠标点击还是无意间的鼠标点击动作,都可能会点击导致下载木马程序等恶意行为。Clickjacking (click hijacking) is a visually deceptive web attack method that executes malicious programs by tricking users into clicking certain parts of web pages that contain hidden buttons. An inline frame (i.e., an inline frame) that contains another document, and hackers can load other content into the target website through the iframe. If a hacker carefully designs the Clickjacking attack page, no matter whether the user clicks the mouse normally or unintentionally, the click may lead to malicious behaviors such as downloading a Trojan horse program.

在实现本发明过程中,发明人发现上述现有的点击劫持的防御技术的至少存在如下问题:In the process of realizing the present invention, the inventor has found that the above-mentioned existing defense technology for clickjacking has at least the following problems:

目前大型网站的页面众多,有的页面根据业务需求,是必须要被其他网站嵌套的。但是有的敏感页面是不允许被其他页面嵌套,这样给几乎无法进行自动化检测点击劫持漏洞,误报率很高,几乎不可用。At present, large websites have many pages, and some pages must be nested by other websites according to business needs. However, some sensitive pages are not allowed to be nested by other pages, so it is almost impossible to automatically detect clickjacking vulnerabilities, the false positive rate is high, and it is almost unusable.

尤其是对于SNS(SNS:专指在帮助人们建立社会性网络的互联网应用服务。也指社会现有已成熟普及的信息载体,如短信SMS服务。SNS的另一种常用解释:全称SocialNetwork Site,即“社交网站”或“社交网”)网站,交互性的特点会放大点击劫持攻击的效果,可能造成大规模蠕虫爆发,给用户造成极大的损失。Especially for SNS (SNS: specifically refers to Internet application services that help people build social networks. It also refers to information carriers that are already mature and popular in society, such as short message SMS services. Another common explanation of SNS: the full name SocialNetwork Site, That is, "social networking site" or "social network") website, the interactive feature will amplify the effect of clickjacking attack, which may cause large-scale worm outbreaks and cause great losses to users.

由于点击劫持漏洞的利用难度低,检测困难,所以曾经发生过很多大规模的攻击案例,造成很大的安全风险。Because the clickjacking vulnerability is difficult to exploit and difficult to detect, many large-scale attack cases have occurred, causing great security risks.

目前基于SNS类的网站的防护都是基于人工发现和自主配置的,但不能实现进行自动化的点击劫持安全检测。At present, the protection of SNS-based websites is based on manual discovery and self-configuration, but automatic clickjacking security detection cannot be realized.

发明内容Contents of the invention

本发明的目的是提供一种点击劫持安全检测方法和装置,以实现SNS类网站的点击劫持攻击的自动化安全检测。The purpose of the present invention is to provide a click-jacking security detection method and device, so as to realize automatic security detection of click-jacking attacks on SNS websites.

一方面,本发明实施例提供了一种点击劫持安全检测方法,所述方法包括:On the one hand, an embodiment of the present invention provides a clickjacking security detection method, the method comprising:

将待检测网页中的按钮元素和网页统一资源定位符URL信息进行分离;Separate the button element in the webpage to be detected from the URL information of the webpage uniform resource locator;

将所述按钮元素与敏感元素数据库中的敏感元素进行比对,如果所述按钮元素中存在敏感元素数据库中的敏感元素,则将待检测网页的网页URL信息与网址白名单数据库中的网址白名单进行比对;Comparing the button element with the sensitive elements in the sensitive element database, if there is a sensitive element in the sensitive element database in the button element, then compare the URL information of the webpage to be detected with the URL information in the URL whitelist database list for comparison;

如果所述待检测网页的网页URL信息在所述网址白名单中,则不执行点击劫持的安全检测;如果待检测网页的网页URL信息不在网址白名单中,则执行点击劫持的安全检测。If the web page URL information of the web page to be detected is in the web site whitelist, the security detection of click hijacking is not performed; if the web page URL information of the web page to be detected is not in the web site white list, then the security detection of click hijacking is performed.

另一方面,本发明实施例提供了一种点击劫持安全检测装置,其包括:On the other hand, an embodiment of the present invention provides a clickjacking safety detection device, which includes:

按钮元素分离模块,用于将待检测网页中的按钮元素和网页统一资源定位符URL信息进行分离;The button element separation module is used to separate the button element in the webpage to be detected from the URL information of the webpage uniform resource locator;

敏感元素存储模块,用于存储敏感元素;A sensitive element storage module, used to store sensitive elements;

网址白名单存储模块,用于存储网址白名单;The URL whitelist storage module is used to store the URL whitelist;

第一比对模块,用于将所述按钮元素与敏感元素存储模块中的敏感元素进行比对;The first comparison module is used to compare the button element with the sensitive element in the sensitive element storage module;

第二比对模块,用于如果所述按钮元素中存在敏感元素存储模块中的敏感元素,则将待检测网页的网页URL信息与网址白名单进行比对;The second comparison module is used to compare the webpage URL information of the webpage to be detected with the URL whitelist if there is a sensitive element in the sensitive element storage module in the button element;

点击劫持安全检测模块,用于如果所述待检测网页的网页URL信息在所述网址白名单中,则不执行点击劫持的安全检测;如果待检测网页的网页URL信息不在网址白名单中,则执行点击劫持的安全检测。Click hijacking safety detection module, be used for if the webpage URL information of described webpage to be detected is in described website white list, then do not carry out the safety detection of click hijacking; If the webpage URL information of webpage to be detected is not in website whitelist, then Perform security checks for clickjacking.

上述技术方案具有如下有益效果:由于采用了按钮元素分离、网址白名单等技术,使得点击劫持漏洞的自动化检测变得可控和可持续迭代,因而有大大提高了点击劫持漏洞的检测速度和检测准确度,检测成本低,检测效果好。The above technical solution has the following beneficial effects: due to the adoption of technologies such as button element separation and URL whitelisting, the automatic detection of clickjacking vulnerabilities becomes controllable and sustainable iterations, thus greatly improving the detection speed and detection of clickjacking vulnerabilities. Accuracy, low detection cost, good detection effect.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本发明的实施例的点击劫持安全检测方法的流程图;Fig. 1 is the flowchart of the clickjacking security detection method of the embodiment of the present invention;

图2为本发明的实施例的点击劫持安全检测装置的逻辑框图。FIG. 2 is a logic block diagram of a clickjacking safety detection device according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

本发明通过检测SNS网站(Social Networking Site,社会性网络站点,主要作用是为一群拥有相同兴趣与活动的人建立线上社区,比较知名的有FaceBook,Twitter,微博等)网页内敏感元素,确定是否需要进行点击劫持的安全检测,然后通过检测网页是否含有相应的安全HTTP响应来进行自动化的点击劫持自动化检测,提出了相应的方法和装置,解决了SNS类网站的点击劫持攻击的自动化安全检测问题。The present invention detects sensitive elements in the web pages of SNS websites (Social Networking Site, social network sites, whose main function is to establish online communities for a group of people with the same interests and activities, relatively well-known ones include FaceBook, Twitter, Weibo, etc.), Determine whether the security detection of click hijacking is needed, and then perform automatic click hijacking automatic detection by detecting whether the web page contains a corresponding safe HTTP response, and propose a corresponding method and device, which solves the automatic security of click hijacking attacks on SNS websites Detect problems.

本发明实施例提供了一种应用于SNS中的点击劫持安全检测的方法和装置,从而完成SNS类网站点击劫持的自动化安全检测。The embodiment of the present invention provides a method and device for safety detection of click hijacking applied in SNS, so as to complete automatic safety detection of click hijacking of SNS websites.

图1为本发明的实施例的点击劫持安全检测方法的流程图。如图1所示,该点击劫持安全检测方法包括:FIG. 1 is a flowchart of a clickjacking security detection method according to an embodiment of the present invention. As shown in Figure 1, the clickjacking security detection method includes:

步骤102:将待检测网页中的按钮元素和网页URL信息进行分离;Step 102: separating the button elements in the webpage to be detected from the URL information of the webpage;

步骤104:将按钮元素与敏感元素数据库中的敏感元素进行比对,如果该按钮元素中不存在敏感元素,则不执行点击劫持的安全检测,即判定该网页不存在点击劫持漏洞;如果所述按钮元素中存在敏感元素数据库中的敏感元素,则将待检测网页的网页URL信息与网址白名单数据库中的网址白名单进行比对;Step 104: compare the button element with the sensitive elements in the sensitive element database, if there is no sensitive element in the button element, then do not perform the security detection of click hijacking, that is, determine that there is no click hijacking vulnerability in the webpage; if the If there is a sensitive element in the sensitive element database in the button element, compare the URL information of the webpage to be detected with the URL whitelist in the URL whitelist database;

较佳地,该敏感元素包括能够造成点击劫持攻击的按钮元素代码。Preferably, the sensitive element includes button element codes capable of causing clickjacking attacks.

较佳地,该网址白名单中可包含业务需求中允许被其他网页嵌入的网址URL信息。Preferably, the URL whitelist may include URL information of URLs that are allowed to be embedded in other webpages according to business requirements.

步骤106:如果该待检测网页的网页URL信息在上述网址白名单中,则不执行点击劫持的安全检测;如果待检测网页的网页URL信息不在网址白名单中,则执行点击劫持的安全检测。Step 106: If the webpage URL information of the webpage to be detected is in the above-mentioned URL whitelist, then the security detection of clickjacking is not performed; if the webpage URL information of the webpage to be detected is not in the URL whitelist, then the security detection of clickjacking is performed.

可选地,在步骤102之前可以包括步骤101:获取待检测的网页,对待检测的网页进行动态解析。动态解析的目的是为了解析出javascript语言,得到的是含有html和javascript语言被运行后生成的DOM树,常规情况下,javascript生成的DOM树无法通过源代码发现,所以要进行动态解析。在后续相应步骤中可将动态解析后的网页中所有按钮元素和待检测的网页URL信息分离(提取)出来。Optionally, step 101 may be included before step 102: acquiring the webpage to be detected, and dynamically parsing the webpage to be detected. The purpose of dynamic parsing is to parse out the javascript language, and what is obtained is the DOM tree generated after the html and javascript languages are run. Under normal circumstances, the DOM tree generated by javascript cannot be found through the source code, so dynamic parsing is required. In subsequent corresponding steps, all the button elements in the dynamically parsed webpage and the URL information of the webpage to be detected can be separated (extracted).

较佳地,上述步骤106中执行点击劫持的安全检测的具体处理过程可以包括:向URL信息所在的服务器发送待检测网页的HTTP请求,检测返回的HTTP报头中是否含有X-FRAME-OPTIONS头,如果不含有X-FRAME-OPTIONS头,则判定该待检测的网页存在点击劫持漏洞,否则,判定该待检测的网页进行了点击劫持防御,该网页不存在点击劫持漏洞。Preferably, the specific processing procedure of performing the security detection of click hijacking in the above step 106 may include: sending an HTTP request of the webpage to be detected to the server where the URL information is located, detecting whether the returned HTTP header contains the X-FRAME-OPTIONS header, If it does not contain the X-FRAME-OPTIONS header, it is determined that the webpage to be detected has a clickjacking vulnerability; otherwise, it is determined that the webpage to be detected has been defended against clickjacking, and the webpage does not have a clickjacking vulnerability.

X-FRAME-OPTIONS是微软提出的一个http头,专门用来防御利用iframe嵌套的点击劫持攻击。X-FRAME-OPTIONS is an http header proposed by Microsoft, which is specially used to defend against clickjacking attacks using iframe nesting.

并且在IE8、Firefox3.6、Chrome4以上的版本均能很好的支持。And it can be well supported in versions above IE8, Firefox3.6, and Chrome4.

这个头有三个值:This header has three values:

DENY  //拒绝任何域加载DENY //deny any domain loading

SAMEORIGIN  //允许同源域下加载SAMEORIGIN //Allow loading under the same origin domain

ALLOW-FROM  //可以定义允许frame加载的页面地址ALLOW-FROM //You can define the page address that allows the frame to load

程序通过给HTTP响应包增加该响应头,浏览器在加载页面的时候会通过判断响应头来确定如何加载iframe的页面,这样达到了防御点击劫持攻击的效果。The program adds the response header to the HTTP response packet, and the browser will determine how to load the iframe page by judging the response header when loading the page, thus achieving the effect of defending against click hijacking attacks.

该应用于SNS中的点击劫持安全检测方法由于采用了按钮元素分离、网址白名单等技术,使得点击劫持漏洞的自动化检测变得可控和可持续迭代,因而有大大提高了点击劫持漏洞的检测速度和检测准确度,检测成本低,检测效果好的有益效果。The clickjacking security detection method applied to SNS adopts button element separation, URL whitelist and other technologies to make the automatic detection of clickjacking vulnerabilities controllable and sustainable iteration, thus greatly improving the detection of clickjacking vulnerabilities The invention has the advantages of speed and detection accuracy, low detection cost and good detection effect.

由于需要检测的网页有很多,网页上的按钮元素也有很多,但是很多按钮元素对应的请求都是一样的,落到后端的请求都是一致的。本发明的实施例将按钮元素所对应的请求作为上述第一比对模块中的按钮元素进行对比,这样在检测时不管有多少个按钮,只要对应到后端的请求符合敏感元素,即视为需要进行点击劫持的安全检测。这样实际的计算量小了很多,因而可以大大提高检测速度。Since there are many web pages that need to be detected, there are also many button elements on the web page, but the requests corresponding to many button elements are the same, and the requests that fall to the back end are all consistent. In the embodiment of the present invention, the request corresponding to the button element is compared with the button element in the above-mentioned first comparison module, so that no matter how many buttons there are during detection, as long as the request corresponding to the backend conforms to the sensitive element, it is deemed necessary Perform security detection of clickjacking. In this way, the actual calculation amount is much smaller, so the detection speed can be greatly improved.

点击劫持的自动化检测难点之一在于很多按钮根据功能需求,是可以被嵌入其他网页的。功能需求是千变万化的,这样的情况由于不可控导致了点击劫持漏洞的自动化检测误报率非常之高,甚至不可用。本发明的实施例由于采用了网址白名单,功能需求导致的不可控因素在白名单中进行控制,尤其是SNS类网站,此类需求单一且可控性高,所以大大提升了检测准确度。One of the difficulties in automatic detection of clickjacking is that many buttons can be embedded in other web pages according to functional requirements. Functional requirements are ever-changing. Due to uncontrollable situations like this, the false positive rate of automatic detection of clickjacking vulnerabilities is very high, or even unavailable. Because the embodiment of the present invention adopts the white list of websites, uncontrollable factors caused by functional requirements are controlled in the white list, especially for SNS websites, where such requirements are single and highly controllable, so the detection accuracy is greatly improved.

根据本发明的实施例提供的上述方法,本发明的实施例还提供了点击劫持安全检测装置。图2为本发明的实施例的应用于社会性网络站点SNS中的点击劫持安全检测装置的功能框图。如图2所示,该装置包括:According to the above method provided by the embodiment of the present invention, the embodiment of the present invention also provides a clickjacking security detection device. FIG. 2 is a functional block diagram of a clickjacking security detection device applied to a social network site SNS according to an embodiment of the present invention. As shown in Figure 2, the device includes:

按钮元素分离模块220,用于将待检测网页中的按钮元素和网页URL信息进行分离;The button element separation module 220 is used to separate the button element in the webpage to be detected from the webpage URL information;

敏感元素存储模块230,用于存储敏感元素;该敏感元素存储模块230中存储的敏感元素包括可能或能够造成点击劫持攻击的按钮元素代码;典型地,敏感元素信息可以是“关注”,“赞”,“发布”等。The sensitive element storage module 230 is used to store sensitive elements; the sensitive elements stored in the sensitive element storage module 230 include button element codes that may or can cause click hijacking attacks; typically, the sensitive element information can be "attention", "like" ", "publish", etc.

网址白名单存储模块240,用于存储网址白名单;该网址白名单存储模块240中存储的网址白名单中可包含业务需求中允许被其他网页嵌入的网址URL信息;The URL whitelist storage module 240 is used to store the URL whitelist; the URL whitelist stored in the URL whitelist storage module 240 may include URL information of URLs that are allowed to be embedded in other webpages in business requirements;

第一比对模块250,用于将上述按钮元素与敏感元素存储模块230中的敏感元素进行比对,如果该按钮元素中不存在敏感元素,则不执行点击劫持的安全检测;The first comparison module 250 is used to compare the above-mentioned button element with the sensitive element in the sensitive element storage module 230, if there is no sensitive element in the button element, then the safety detection of click hijacking is not performed;

第二比对模块260,用于如果上述按钮元素中存在敏感元素存储模块230中的敏感元素,则将待检测网页的网页URL信息与网址白名单进行比对;The second comparison module 260 is used to compare the webpage URL information of the webpage to be detected with the URL whitelist if there is a sensitive element in the sensitive element storage module 230 in the above-mentioned button element;

点击劫持安全检测模块270,用于如果该待检测网页的网页URL信息在网址白名单中,则不执行点击劫持的安全检测;如果待检测网页的网页URL信息不在网址白名单中,则执行点击劫持的安全检测。Click hijacking safety detection module 270, if the webpage URL information of this webpage to be detected is in the website white list, then do not execute the safety detection of click hijacking; If the webpage URL information of the webpage to be detected is not in the website whitelist, then perform click Security detection of hijacking.

进一步,该装置还包括:网页动态解析模块210,用于获取待检测网页,对待检测网页进行动态解析后发送给按钮元素分离模块220。Further, the device also includes: a web page dynamic analysis module 210, configured to acquire the web page to be detected, and send the web page to the button element separation module 220 after dynamic analysis.

较佳地,该点击劫持安全检测模块270,具体可用于发送待检测网页的HTTP请求;检测返回的/响应的HTTP报头中是否含有X-FRAME-OPTIONS头,如果不含有X-FRAME-OPTIONS头,则判定该待检测网页存在点击劫持漏洞,否则,该待检测网页不存在点击劫持漏洞。Preferably, the clickjacking security detection module 270 can specifically be used to send the HTTP request of the webpage to be detected; detect whether the returned/responsive HTTP header contains the X-FRAME-OPTIONS header, if it does not contain the X-FRAME-OPTIONS header , it is determined that the webpage to be detected has a clickjacking vulnerability, otherwise, the webpage to be detected does not have a clickjacking vulnerability.

该装置的工作过程可参阅前述方法实施例,在此不再赘述。For the working process of the device, reference may be made to the foregoing method embodiments, and details are not repeated here.

上述装置的优点在于:The advantage of above-mentioned device is:

该装置由于采用了按钮元素分离、网址白名单等技术,使得点击劫持漏洞的自动化检测变得可控和可持续迭代,因而有大大提高了点击劫持漏洞的检测速度和检测准确度,检测成本低,检测效果好的有益效果。Due to the adoption of technologies such as button element separation and URL whitelist, the device makes the automatic detection of clickjacking vulnerabilities controllable and sustainable iteration, thus greatly improving the detection speed and accuracy of clickjacking vulnerabilities, and the detection cost is low , the beneficial effect of good detection effect.

本领域技术人员还可以了解到本发明实施例列出的各种说明性逻辑块(illustrativelogical block),单元,和步骤可以通过电子硬件、电脑软件,或两者的结合进行实现。为清楚展示硬件和软件的可替换性(interchangeability),上述的各种说明性部件(illustrativecomponents),单元和步骤已经通用地描述了它们的功能。这样的功能是通过硬件还是软件来实现取决于特定的应用和整个系统的设计要求。本领域技术人员可以对于每种特定的应用,可以使用各种方法实现所述的功能,但这种实现不应被理解为超出本发明实施例保护的范围。Those skilled in the art can also understand that various illustrative logical blocks (illustrativelogical blocks), units, and steps listed in the embodiments of the present invention can be implemented by electronic hardware, computer software, or a combination of both. To clearly demonstrate the interchangeability of hardware and software, the various illustrative components, units and steps above have generally described their functions. Whether such functions are implemented by hardware or software depends on the specific application and overall system design requirements. Those skilled in the art may use various methods to implement the described functions for each specific application, but such implementation should not be understood as exceeding the protection scope of the embodiments of the present invention.

以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. Protection scope, within the spirit and principles of the present invention, any modification, equivalent replacement, improvement, etc., shall be included in the protection scope of the present invention.

Claims (10)

1. click and kidnap a safety detection method, it is characterized in that, described method comprises:
Button element in webpage to be detected is separated with webpage uniform resource position mark URL information;
Sensitive elements in described button element and sensitive elements database is compared, if there is the sensitive elements in sensitive elements database in described button element, then the network address white list in the webpage URL information of webpage to be detected and network address white list database is compared;
If the webpage URL information of described webpage to be detected is in described network address white list, then do not perform the safety detection clicked and kidnap; If the webpage URL information of webpage to be detected is not in network address white list, then perform the safety detection clicked and kidnap.
2. method according to claim 1, is characterized in that, described button element in webpage to be detected is separated with webpage URL information before, also comprise the steps:
Obtain webpage to be detected, dynamic analysis is carried out to described webpage to be detected.
3. method according to claim 1 and 2, is characterized in that, the described safety detection clicking abduction that performs comprises the steps:
Send the HTTP request of webpage to be detected;
Detect whether containing X-FRAME-OPTIONS head in the http header returned, if not containing X-FRAME-OPTIONS head, then judge that this webpage to be detected exists to click and kidnap leak, otherwise this webpage to be detected does not exist to click kidnaps leak.
4. method according to claim 1 and 2, is characterized in that, described sensitive elements comprises the button element code that can cause and click hijack attack.
5. method according to claim 1 and 2, is characterized in that, comprises in business demand the network address URL information allowing to be embedded by other webpages in described network address white list.
6. click and kidnap a safety detection device, it is characterized in that, comprising:
Button element separation module, for being separated the button element in webpage to be detected with webpage uniform resource position mark URL information;
Sensitive elements memory module, for storing sensitive elements;
Network address white list memory module, for storing network address white list;
First comparing module, for comparing the sensitive elements in described button element and sensitive elements memory module;
Second comparing module, if for there is the sensitive elements in sensitive elements memory module in described button element, then compared the webpage URL information of webpage to be detected and network address white list;
Click and kidnap safety detection module, if for the webpage URL information of described webpage to be detected in described network address white list, then do not perform the safety detection clicked and kidnap; If the webpage URL information of webpage to be detected is not in network address white list, then perform the safety detection clicked and kidnap.
7. device according to claim 6, is characterized in that, also comprises:
Webpage dynamic analysis module, for obtaining webpage to be detected, treats to detect after webpage carries out dynamic analysis sending to described button element separation module.
8. the device according to claim 6 or 7, is characterized in that, safety detection module is kidnapped in described click, specifically for sending the HTTP request of webpage to be detected; Detect whether containing X-FRAME-OPTIONS head in the http header returned, if not containing X-FRAME-OPTIONS head, then judge that this webpage to be detected exists to click and kidnap leak, otherwise this webpage to be detected does not exist to click kidnaps leak.
9. the device according to claim 6 or 7, is characterized in that, the sensitive elements stored in described sensitive elements memory module comprises the button element code that can cause and click hijack attack.
10. the device according to claim 6 or 7, is characterized in that, comprises in business demand the network address URL information allowing to be embedded by other webpages in described network address white list memory module in the network address white list stored.
CN201510143931.1A 2015-03-30 2015-03-30 Click-jacking security detection method and device Pending CN104767747A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510143931.1A CN104767747A (en) 2015-03-30 2015-03-30 Click-jacking security detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510143931.1A CN104767747A (en) 2015-03-30 2015-03-30 Click-jacking security detection method and device

Publications (1)

Publication Number Publication Date
CN104767747A true CN104767747A (en) 2015-07-08

Family

ID=53649354

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510143931.1A Pending CN104767747A (en) 2015-03-30 2015-03-30 Click-jacking security detection method and device

Country Status (1)

Country Link
CN (1) CN104767747A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330968A (en) * 2016-10-31 2017-01-11 杭州迪普科技有限公司 Access device identity authentication method and device
CN106548075A (en) * 2015-09-22 2017-03-29 阿里巴巴集团控股有限公司 leak detection method and device
CN107749835A (en) * 2017-09-11 2018-03-02 哈尔滨工程大学 A kind of penetration testing method of the click hijack attack based on prediction
CN107800720A (en) * 2017-11-29 2018-03-13 广州酷狗计算机科技有限公司 Kidnap report method, device, storage medium and equipment
WO2018072733A1 (en) * 2016-10-19 2018-04-26 中兴通讯股份有限公司 Webpage security check method and device
CN108156121A (en) * 2016-12-02 2018-06-12 阿里巴巴集团控股有限公司 The alarm method and device that the monitoring method and device of flow abduction, flow are kidnapped
CN109711166A (en) * 2018-12-17 2019-05-03 北京知道创宇信息技术有限公司 Leak detection method and device
CN110278207A (en) * 2019-06-21 2019-09-24 深圳前海微众银行股份有限公司 A clickjacking vulnerability detection method, device and computer equipment
CN110290129A (en) * 2019-06-20 2019-09-27 深圳前海微众银行股份有限公司 Method and device for web vulnerability detection
CN113158187A (en) * 2021-03-26 2021-07-23 杭州数梦工场科技有限公司 Method and device for detecting click hijacking and electronic equipment
CN113348655A (en) * 2019-04-11 2021-09-03 深圳市欢太科技有限公司 Anti-hijacking method and device for browser, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710646A (en) * 2012-06-06 2012-10-03 珠海市君天电子科技有限公司 Method and system for collecting phishing websites
US8813237B2 (en) * 2010-06-28 2014-08-19 International Business Machines Corporation Thwarting cross-site request forgery (CSRF) and clickjacking attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8813237B2 (en) * 2010-06-28 2014-08-19 International Business Machines Corporation Thwarting cross-site request forgery (CSRF) and clickjacking attacks
CN102710646A (en) * 2012-06-06 2012-10-03 珠海市君天电子科技有限公司 Method and system for collecting phishing websites

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王剑: "《点击劫持漏洞攻防技术研究》", 《信息网络安全》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548075B (en) * 2015-09-22 2020-03-27 阿里巴巴集团控股有限公司 Vulnerability detection method and device
CN106548075A (en) * 2015-09-22 2017-03-29 阿里巴巴集团控股有限公司 leak detection method and device
WO2018072733A1 (en) * 2016-10-19 2018-04-26 中兴通讯股份有限公司 Webpage security check method and device
CN107968769A (en) * 2016-10-19 2018-04-27 中兴通讯股份有限公司 Webpage security detection method and device
CN106330968A (en) * 2016-10-31 2017-01-11 杭州迪普科技有限公司 Access device identity authentication method and device
CN108156121A (en) * 2016-12-02 2018-06-12 阿里巴巴集团控股有限公司 The alarm method and device that the monitoring method and device of flow abduction, flow are kidnapped
CN107749835A (en) * 2017-09-11 2018-03-02 哈尔滨工程大学 A kind of penetration testing method of the click hijack attack based on prediction
CN107749835B (en) * 2017-09-11 2020-11-20 哈尔滨工程大学 A Penetration Testing Method Based on Predictive Clickjacking Attacks
CN107800720A (en) * 2017-11-29 2018-03-13 广州酷狗计算机科技有限公司 Kidnap report method, device, storage medium and equipment
CN109711166B (en) * 2018-12-17 2020-12-11 北京知道创宇信息技术股份有限公司 Vulnerability detection method and device
CN109711166A (en) * 2018-12-17 2019-05-03 北京知道创宇信息技术有限公司 Leak detection method and device
CN113348655A (en) * 2019-04-11 2021-09-03 深圳市欢太科技有限公司 Anti-hijacking method and device for browser, electronic equipment and storage medium
CN113348655B (en) * 2019-04-11 2023-01-06 深圳市欢太科技有限公司 Anti-hijacking method and device for browser, electronic equipment and storage medium
CN110290129A (en) * 2019-06-20 2019-09-27 深圳前海微众银行股份有限公司 Method and device for web vulnerability detection
CN110278207A (en) * 2019-06-21 2019-09-24 深圳前海微众银行股份有限公司 A clickjacking vulnerability detection method, device and computer equipment
WO2020253351A1 (en) * 2019-06-21 2020-12-24 深圳前海微众银行股份有限公司 Click hijacking vulnerability detection method, device and computer apparatus
CN113158187A (en) * 2021-03-26 2021-07-23 杭州数梦工场科技有限公司 Method and device for detecting click hijacking and electronic equipment

Similar Documents

Publication Publication Date Title
CN104767747A (en) Click-jacking security detection method and device
CN102419808B (en) Method, device and system for detecting safety of download link
US9426119B2 (en) External link processing
RU2610254C2 (en) System and method of determining modified web pages
JP6624771B2 (en) Client-based local malware detection method
US8474048B2 (en) Website content regulation
US9055097B1 (en) Social network scanning
US20120222117A1 (en) Method and system for preventing transmission of malicious contents
US9723027B2 (en) Firewall informed by web server security policy identifying authorized resources and hosts
CN105049440B (en) Detect the method and system of cross-site scripting attack injection
US20120090026A1 (en) Cross-site scripting prevention in dynamic content
EP2411913A1 (en) Method and system for identifying suspected phishing websites
CN104601540A (en) Cross-site scripting (XSS) attack defense method and Web server
CN107463844B (en) WEB Trojan horse detection method and system
EP3579523A1 (en) System and method for detection of malicious interactions in a computer network
CN102780684B (en) XSS defensive system
CN102780682B (en) Website behavior model modeling method based on HTML (Hyper Text Markup Language)
CN105812196A (en) WebShell detection method and electronic device
Canfora et al. A set of features to detect web security threats
US10250621B1 (en) Automatic extraction of indicators of compromise from multiple data sources accessible over a network
CN114357457B (en) Vulnerability detection method, device, electronic device and storage medium
Mun et al. Blackhole attack: user identity and password seize attack using honeypot
CN104978423A (en) Website type detection method and apparatus
CN105072109B (en) Prevent the method and system of cross-site scripting attack
Agbefu et al. Domain information based blacklisting method for the detection of malicious webpages

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20150708

RJ01 Rejection of invention patent application after publication