CN113452689B - Attack simulation method, system, storage medium and electronic equipment - Google Patents
Attack simulation method, system, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113452689B CN113452689B CN202110706017.9A CN202110706017A CN113452689B CN 113452689 B CN113452689 B CN 113452689B CN 202110706017 A CN202110706017 A CN 202110706017A CN 113452689 B CN113452689 B CN 113452689B
- Authority
- CN
- China
- Prior art keywords
- request
- attack simulation
- attack
- cdn server
- simulation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an attack simulation method, an attack simulation system, a storage medium and electronic equipment, which are applied to an attack simulation system.A first attack simulation request is constructed by attack simulation equipment and is sent to a CDN server, wherein the attack simulation request is a request for a first resource which is stored in a Web server and is not stored in the CDN server, and the attack simulation request conforms to the request format requirement of the CDN server and does not conform to the request format requirement of the Web server; the CDN server sends the attack simulation request to a Web server; the Web server returns an error response aiming at the simulated attack request to the CDN server; caching the error response as a response for the first resource in the local by the CDN server; when the CDN server receives a first resource acquisition request sent by the access simulation device, the CDN server returns an error response of the local cache to the access simulation device, so that the access simulation device cannot acquire the first resource.
Description
Technical Field
The present invention relates to the field of computer security, and in particular, to an attack simulation method, system, storage medium, and electronic device.
Background
In the high-speed development environment of the Internet, people have higher and higher requirements on the quality of service and the access speed of the Internet, but the load and the transmission distance of a Web server cannot bear huge user quantity, and the response speed cannot be well solved, so that the cache technology should be transported. The CDN server caches most of webpage objects (Web page objects), such as page files of html, htm, php and the like, and files of pictures, videos and the like of gif, tif, png, bmp and the like, and the files do not need to be retransmitted from an original website, so that a copy cached in the CDN server can be directly obtained, and the pressure of the Web server is relieved.
However, in recent years, there is a trend toward an attack on the CDN server, and the attack is in various ways. Therefore, how to actively defend against the attack on the CDN server becomes a problem to be urgently solved in the art, and currently, no corresponding solution exists for a while.
Disclosure of Invention
In view of the above, the present invention provides an attack simulation method, system, storage medium and electronic device that overcome or at least partially address the above-mentioned problems.
In a first aspect, an attack simulation method is applied to an attack simulation system, where the attack simulation system includes: the system comprises a Web server, a CDN server, attack simulation equipment and access simulation equipment;
the Web server is connected with the CDN server, and both the attack simulation device and the access simulation device are connected with the CDN server;
the attack simulation method comprises the following steps:
the attack simulation equipment constructs an attack simulation request and sends the attack simulation request to the CDN server, wherein the attack simulation request is a request for a first resource which is stored in the Web server and is not stored in the CDN server, and the attack simulation request conforms to the request format requirement of the CDN server and does not conform to the request format requirement of the Web server;
the CDN server sends the attack simulation request to the Web server to request the first resource;
the Web server returns an error response aiming at the simulated attack request to the CDN server, wherein the error response is an error reporting response which represents that the Web server cannot normally process the simulated attack request;
caching, by the CDN server, the error response locally as a response to the first resource;
when the CDN server receives a first resource acquisition request sent by the access simulation device, the CDN server returns the error response of the local cache to the access simulation device, so that the access simulation device cannot acquire the first resource.
With reference to the first aspect, in some optional embodiments, when the CDN server receives the first resource obtaining request sent by the access simulation device, the returning, by the CDN server, the error response cached locally to the access simulation device includes:
when the CDN server receives a first resource obtaining request sent by the access simulation equipment, the CDN server analyzes the first resource obtaining request and sends the error response of the local cache to the access simulation equipment as the first resource, wherein the first resource obtaining request meets the request format requirement of the CDN server.
With reference to the first aspect, in some optional embodiments, the attack simulation request is an HTTP request;
the method further comprises the following steps:
the CDN server cannot verify the auxiliary header, and an HTTP method supported by the Web server is different from the HTTP method of the auxiliary header in the attack simulation request;
the attack simulation device constructs an attack simulation request and sends the attack simulation request to the CDN server, and the method specifically comprises the following steps:
the attack simulation device constructs an attack simulation request carrying the auxiliary header and sends the attack simulation request to the CDN server, wherein the auxiliary header guides the Web server to replace an HTTP method in the attack simulation request with an HTTP method supported by the Web server.
With reference to the first aspect, in some optional embodiments, the attack simulation request is an HTTP request;
the method further comprises the following steps:
the first length threshold of the HTTP request limited by the CDN server is larger than the second length threshold of the HTTP request limited by the Web server;
the attack simulation device constructs an attack simulation request and sends the attack simulation request to the CDN server, and the method specifically comprises the following steps:
the attack simulation device inserts at least one numerical value into an attack simulation request and sends the attack simulation request to the CDN server, wherein the length of the attack simulation request is not greater than the first length threshold, and the length of the attack simulation request is greater than the second length threshold.
With reference to the first aspect, in some optional embodiments, the attack simulation request is an HTTP request;
the method further comprises the following steps:
the CDN server allows the request for inserting the Unicode control characters to be received, and the Web server prevents the request for inserting the Unicode control characters from being received;
the method comprises the steps that the attack simulation equipment constructs an attack simulation request and sends the attack simulation request to the CDN server, and specifically comprises the following steps:
the attack simulation equipment inserts at least one Unicode control character into the attack simulation request, wherein the Unicode control character comprises: an enter symbol \ n and a line feed symbol \ r.
In a second aspect, an attack simulation system includes: the system comprises a Web server, a CDN server, attack simulation equipment and access simulation equipment;
the Web server is connected with the CDN server, and both the attack simulation device and the access simulation device are connected with the CDN server;
the CDN server includes: the device comprises a request forwarding unit, a response caching unit and a response sending unit;
the attack simulation device is configured to execute and construct an attack simulation request and send the attack simulation request to the CDN server, where the attack simulation request is a request for a first resource which is stored in the Web server and is not stored in the CDN server, and the attack simulation request conforms to a request format requirement of the CDN server and does not conform to a request format requirement of the Web server;
the request forwarding unit is configured to execute sending the attack simulation request to the Web server to request the first resource;
the Web server returns an error response aiming at the simulated attack request to the CDN server, wherein the error response is an error reporting response which represents that the Web server cannot normally process the simulated attack request;
the response caching unit is configured to perform caching of the error response locally as a response to the first resource;
the response sending unit is configured to execute that when the CDN server receives a first resource acquisition request sent by the access simulation device, the error response of the local cache is returned to the access simulation device, so that the access simulation device cannot acquire the first resource.
With reference to the second aspect, in some optional embodiments, the response sending unit is specifically configured to, when the CDN server receives a first resource obtaining request sent by the access simulation device, parse the first resource obtaining request, and send the locally cached error response as the first resource to the access simulation device, where the first resource obtaining request meets a request format requirement of the CDN server.
With reference to the second aspect, in some optional embodiments, the attack simulation device is specifically configured to perform: and constructing an attack simulation request carrying the auxiliary header and sending the attack simulation request to the CDN server, wherein the CDN server cannot verify the auxiliary header, an HTTP method supported by the Web server is different from the HTTP method of the auxiliary header in the attack simulation request, and the auxiliary header guides the Web server to replace the HTTP method in the attack simulation request with the HTTP method supported by the Web server.
In a third aspect, a storage medium has a program stored thereon, and the program realizes the attack simulation method according to any one of the above when executed by a processor.
In a fourth aspect, an electronic device includes at least one processor, and at least one memory, a bus, connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is configured to call program instructions in the memory to perform any of the attack simulation methods described above.
By means of the technical scheme, the attack simulation method, the system, the storage medium and the electronic device provided by the invention can construct an attack simulation request through the attack simulation device and send the attack simulation request to the CDN server, wherein the attack simulation request is a request for a first resource which is stored in the Web server and is not stored in the CDN server, and the attack simulation request conforms to the request format requirement of the CDN server and does not conform to the request format requirement of the Web server; the CDN server sends the attack simulation request to the Web server to request the first resource; the Web server returns an error response aiming at the simulated attack request to the CDN server, wherein the error response is an error reporting response which represents that the Web server cannot normally process the simulated attack request; caching, by the CDN server, the error response locally as a response to the first resource; when the access simulation device requests the first resource to the CDN service, the CDN server returns the error response of the local cache to the access simulation device, so that the access simulation device cannot obtain the first resource. Therefore, the method and the system can simulate the attack on the CDN server so as to make the resources on the CDN server unavailable. The simulation attack of the invention is closer to the actual attack, and the simulation attack effect is better. And then, a corresponding active defense mechanism can be set for the CDN server subsequently according to the process and the result of the simulated attack.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart illustrating an attack simulation method provided by the present invention;
FIG. 2 is a schematic flow chart of another attack simulation method provided by the present invention;
FIG. 3 is a schematic diagram illustrating an attack simulation system according to the present invention;
fig. 4 shows a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, the present invention provides an attack simulation method applied to an attack simulation system, where the attack simulation system includes: the system comprises a Web server, a CDN server, attack simulation equipment and access simulation equipment;
the Web server is connected with the CDN server, and both the attack simulation device and the access simulation device are connected with the CDN server;
the attack simulation method comprises the following steps:
s100, the attack simulation device constructs an attack simulation request and sends the attack simulation request to the CDN server, wherein the attack simulation request is a request for a first resource which is stored in the Web server and is not stored in the CDN server, and the attack simulation request conforms to the request format requirement of the CDN server and does not conform to the request format requirement of the Web server;
optionally, the connection between the Web server and the CDN server may be understood as: the Web server and the CDN server may perform communication access with each other, and the connection between the attack simulation device and the access simulation device and the CDN server may also be understood as: the attack simulation device may perform communication access with the CDN server, and the access simulation device may perform communication access with the CDN server, which is not limited in the present invention.
Optionally, the attack simulation device in the present invention may be a computer, or other devices that can construct an attack simulation request, for example, a device that constructs an HTTP request, and the present invention is not limited thereto.
Optionally, the present invention simulates an attack on the CDN server by using the caching capabilities of the CDN servers distributed in different geographic locations, and sends an incorrect HTTP request (a correct HTTP request for the CDN server, but an incorrect HTTP request for the Web server). Incorrect fields may be included in the request, but these incorrect fields are ignored by the CDN server, and the CDN server does not have the resources involved in the HTTP request. The CDN server forwards the HTTP request to the Web server, and the Web server responds to the wrong HTTP request and returns a page of the wrong response to the CDN server. These pages of error responses may be cached by an intermediate CDN server and returned to the attack simulation device. Subsequently, if the CDN server receives a request for the corresponding resource from another device, the CDN server that has cached the corresponding error response may send the error response to the other device, thereby truly simulating a process in which the CDN server is attacked by a malicious HTTP request, resulting in a normal request of the other device failing to obtain the corresponding correct resource.
The attack simulation request conforms to the request format requirement of the CDN server and does not conform to the request format requirement of the Web server, which can be understood as: the attack simulation request includes incorrect fields, but based on an operation mechanism of the CDN server, the CDN server ignores the fields, so that the attack simulation request is considered to be a normal request, but an error is caused when the Web server processes the attack simulation request, and the attack simulation request may be lower than a detection threshold of a Web application firewall and a distributed denial of service attack (DDoS) protection means, which is not limited by the present invention.
S200, the CDN server sends the attack simulation request to the Web server to request the first resource;
optionally, the CDN server may not specifically analyze the attack simulation request, so that an incorrect field in the attack simulation request is not found, and a general CDN server does not determine whether a certain request meets the format requirement of the Web server.
Optionally, the CDN server forwards the attack simulation request that is not compliant with the format requirement for the Web server to the Web server, but for the CDN server, the CDN server considers that the attack simulation request is a normal request for the first resource, and when the subsequent CDN receives a response returned by the Web request, the Web server is also used as the "first resource", and the response returned by the Web server may be an erroneous response for the first resource, instead of the true first resource, which is not limited by the present invention.
S300, the Web server returns an error response aiming at the simulated attack request to the CDN server, wherein the error response is an error reporting response for representing that the Web server cannot normally process the simulated attack request;
optionally, the error response to the simulated attack request may be understood as: the Web server analyzes the attack simulation request according to the self format, and the request contains the content except the normal service of the Web server, so that an error response is generated, and the Web server returns the error response aiming at the first resource.
Alternatively, the error response may be a response like an error response, for example, a response of "web page lost" displayed by browsing the web page at ordinary times, which is not limited by the present invention.
S400, caching the error response as a response aiming at the first resource in a local place by the CDN server;
s500, when the CDN server receives a first resource obtaining request sent by the access simulation equipment, the CDN server returns the error response of the local cache to the access simulation equipment, so that the access simulation equipment cannot obtain the first resource.
Optionally, when seen by the CDN server, the CDN server sends a correct request to the Web server, a response returned by the Web server may be used as a correct response for the first resource, and when the subsequent other device requests the first resource from the CDN server, the CDN server sends the cached corresponding response to the devices, which is not limited in this embodiment of the present invention.
Optionally, the present invention may simulate an attack on the CDN server, so that resources on the CDN server are unavailable. The simulation attack of the invention is closer to the actual attack condition, and the simulation attack effect is better. And then, a corresponding active defense mechanism can be set for the CDN server subsequently according to the process and the result of the simulated attack, so that the attack on the CDN server can be actively defended, and the method is not limited.
In some optional embodiments, in combination with the embodiment shown in fig. 1, the S500 includes:
when the CDN server receives a first resource obtaining request sent by the access simulation equipment, the CDN server analyzes the first resource obtaining request and sends the error response of the local cache to the access simulation equipment as the first resource, wherein the first resource obtaining request meets the request format requirement of the CDN server.
Optionally, the first resource obtaining request may be understood as: the present invention is not limited in this respect to the request for acquiring the first resource.
In some optional embodiments, in combination with the embodiment shown in fig. 1, the attack simulation request is an HTTP request;
the method further comprises the following steps:
the CDN server cannot verify the auxiliary header, and an HTTP method supported by the Web server is different from the HTTP method of the auxiliary header in the attack simulation request;
the S100 specifically comprises the following steps:
the attack simulation device constructs an attack simulation request carrying the auxiliary header and sends the attack simulation request to the CDN server, wherein the auxiliary header guides the Web server to replace an HTTP method in the attack simulation request with an HTTP method supported by the Web server.
Alternatively, other HTTP methods described herein may include: GET, POST, DELATE, PUT, and PATCH, as the present invention is not limited in this respect.
For example, as shown in fig. 2, in step (r): the attack simulation device uses the auxiliary header X-HTTP-Method-Override in the attack simulation request.
Step two: the CDN server does not process, analyzes the attack simulation request into a normal GET request, and directly forwards the request to the Web server.
Step three: the X-HTTP-Method-Override guides the Web server to cover the GET Method in the attack simulation request by using the POST Method, so that the attack simulation request is analyzed into the POST request, however, the Web server does not respond to the POST request of index. Html can be understood as the first resource, and the invention is not limited.
Step IV: the CDN server returns an error response to the attack simulation equipment.
Step five: error responses are transmitted between CDN servers, and certainly, error responses are not transmitted between CDN servers, which is not limited in the present invention.
Step (c): html sends a normal request for index to the CDN server.
Step (c): and the CDN server directly multiplexes the cached error response and directly returns the cached error response aiming at the GET request of index.
In some optional embodiments, in combination with the embodiment shown in fig. 1, the attack simulation request is an HTTP request;
the method further comprises the following steps:
the first length threshold of the HTTP request limited by the CDN server is larger than the second length threshold of the HTTP request limited by the Web server;
the S100 specifically comprises the following steps:
the attack simulation device inserts at least one numerical value into an attack simulation request and sends the attack simulation request to the CDN server, wherein the length of the attack simulation request is not greater than the first length threshold, and the length of the attack simulation request is greater than the second length threshold.
Optionally, the HTTP standard does not define any size limit for the request header, so that there is a difference between the size limits of the request headers of the Web server and the CDN server, and a simulated attack can be implemented using the difference, which is not limited by the present invention.
Optionally, a larger length of content may be inserted in the auxiliary header of the attack simulation request, such that the length of the attack simulation request is not greater than the first length threshold but greater than the second length threshold. Of course, a value may be inserted into other parts of the attack simulation request, which is not limited by the present invention.
Optionally, the length of the attack simulation request is not greater than the first threshold, so that the CDN server may forward the attack simulation request to the Web server; the length of the attack simulation request is greater than the second threshold, so that the Web server blocks the attack simulation request and returns an error response, which is not limited by the present invention.
In some optional embodiments, in combination with the embodiment shown in fig. 1, the attack simulation request is an HTTP request;
the method further comprises the following steps:
the CDN server allows the request of inserting the Unicode control character to be received, and the Web server prevents the request of inserting the Unicode control character from being received;
the S100 specifically includes:
the attack simulation equipment inserts at least one Unicode control character into the attack simulation request, wherein the Unicode control character comprises: the carriage return symbol \ n and the line feed symbol \ r.
Optionally, at least one Unicode control character may be inserted into the auxiliary header of the attack simulation request, so that when the Web server parses the attack simulation request, the Web server parses the attack simulation request that the Unicode control character is inserted into the attack simulation request; the Web server discards the attack simulation request containing the Unicode control character and returns a corresponding error response, which is not limited by the invention.
Optionally, the Web server discards the request containing the Unicode control character when receiving the request, which is a protection mechanism of the Web server, and the present invention is not limited thereto.
Optionally, the invention can also be used for attacking some illegal devices. For example, the CDN server may be a device for storing illegal data, and for the illegal devices, the method of the present invention may be used to attack the illegal devices, so that the data on the illegal devices cannot be used by the suspicious part, which is not limited by the present invention.
As shown in fig. 3, an attack simulation system includes: a Web server 100, a CDN server 200, an attack simulation device 300, and an access simulation device 400;
the Web server 100 is connected to the CDN server 200, and both the attack simulation device 300 and the access simulation device 400 are connected to the CDN server 200;
the CDN server 200 includes: the device comprises a request forwarding unit, a response caching unit and a response sending unit;
the attack simulation device 300 is configured to execute building of an attack simulation request, and send the attack simulation request to the CDN server 200, where the attack simulation request is a request for a first resource stored in the Web server 100 and not stored in the CDN server 200, and the attack simulation request meets a request format requirement of the CDN server 200 and does not meet a request format requirement of the Web server 100;
the request forwarding unit is configured to execute sending the attack simulation request to the Web server 100 to request the first resource;
the Web server 100 returns an error response for the simulated attack request to the CDN server 200, where the error response is an error reporting response that indicates that the Web server 100 cannot normally process the simulated attack request;
the response caching unit is configured to perform caching of the error response locally as a response to the first resource;
the response sending unit is configured to execute, when the CDN server 200 receives the first resource obtaining request sent by the access simulation device 400, returning the error response of the local cache to the access simulation device 400, so that the access simulation device 400 cannot obtain the first resource.
With reference to the embodiment shown in fig. 3, in some optional embodiments, the response sending unit is specifically configured to perform: when the CDN server 200 receives a first resource acquisition request sent by the access simulation device 400, parse the first resource acquisition request, and send the error response cached locally to the access simulation device 400 as the first resource, where the first resource acquisition request meets a request format requirement of the CDN server 200.
In some optional embodiments, in combination with the embodiment shown in fig. 3, the attack simulation device 300 is specifically configured to perform: an attack simulation request carrying the auxiliary header is constructed and sent to the CDN server 200, wherein the CDN server 200 cannot verify the auxiliary header, and the HTTP method supported by the Web server 100 is different from the HTTP method of the auxiliary header in the attack simulation request, and the auxiliary header guides the Web server 100 to replace the HTTP method in the attack simulation request with the HTTP method supported by the Web server 100.
Optionally, in combination with the embodiment shown in fig. 3, in some optional embodiments, the attack simulation device 300 is specifically configured to perform:
inserting at least one numerical value into the attack simulation request, and sending the attack simulation request to the CDN server 200, wherein the length of the attack simulation request is not greater than the first length threshold, and the length of the attack simulation request is greater than the second length threshold, wherein the first length threshold of the HTTP request restricted by the CDN server 200 is greater than the second length threshold of the HTTP request restricted by the Web server 100, and the attack simulation request is an HTTP request.
Optionally, in combination with the embodiment shown in fig. 3, in some optional embodiments, the attack simulation device 300 is specifically configured to perform:
inserting at least one Unicode control character into the attack simulation request, wherein the Unicode control character comprises: an enter symbol \ n and a linefeed symbol \ r, wherein the attack simulation request is an HTTP request, the CDN server 20 allows receiving a request for inserting a Unicode control character, and the Web server 100 prevents receiving a request for inserting a Unicode control character.
The present invention provides a storage medium having stored thereon a program which, when executed by a processor, implements the attack simulation method of any one of the above.
As shown in fig. 4, the present invention provides an electronic device 70, where the electronic device 70 includes at least one processor 701, at least one memory 702 connected to the processor 701, and a bus 703; the processor 701 and the memory 702 complete communication with each other through the bus 703; the processor 701 is configured to call the program instructions in the memory 702 to execute any one of the attack simulation methods described above.
In this application, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on differences from other embodiments. In particular, as for the system embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (8)
1. An attack simulation method applied to an attack simulation system, the attack simulation system comprising: the system comprises a Web server, a CDN server, attack simulation equipment and access simulation equipment;
the Web server is connected with the CDN server, and both the attack simulation device and the access simulation device are connected with the CDN server;
the attack simulation method comprises the following steps:
the attack simulation device constructs an attack simulation request and sends the attack simulation request to the CDN server, wherein the attack simulation request is a request for a first resource which is stored in the Web server and is not stored in the CDN server, and the attack simulation request conforms to the request format requirement of the CDN server and does not conform to the request format requirement of the Web server;
the CDN server sends the attack simulation request to the Web server to request the first resource;
the Web server returns an error response aiming at the attack simulation request to the CDN server, wherein the error response is an error reporting response which represents that the Web server cannot normally process the attack simulation request;
caching, by the CDN server, the error response locally as a response to the first resource;
when the CDN server receives a first resource obtaining request sent by the access simulation equipment, the CDN server analyzes the first resource obtaining request and sends the error response of the local cache as the first resource to the access simulation equipment, so that the access simulation equipment cannot obtain the first resource, wherein the first resource obtaining request meets the request format requirement of the CDN server.
2. The attack simulation method according to claim 1, wherein the attack simulation request is an HTTP request;
the method further comprises the following steps:
the CDN server cannot verify the auxiliary header, and an HTTP method supported by the Web server is different from the HTTP method of the auxiliary header in the attack simulation request;
the attack simulation device constructs an attack simulation request and sends the attack simulation request to the CDN server, and the method specifically comprises the following steps:
the attack simulation equipment constructs an attack simulation request carrying the auxiliary header and sends the attack simulation request to the CDN server, wherein the auxiliary header guides the Web server to replace an HTTP method in the attack simulation request with an HTTP method supported by the Web server.
3. The attack simulation method according to claim 1, wherein the attack simulation request is an HTTP request;
the method further comprises the following steps:
the first length threshold of the HTTP request limited by the CDN server is larger than the second length threshold of the HTTP request limited by the Web server;
the attack simulation device constructs an attack simulation request and sends the attack simulation request to the CDN server, and the method specifically comprises the following steps:
the attack simulation device inserts at least one numerical value into an attack simulation request and sends the attack simulation request to the CDN server, wherein the length of the attack simulation request is not greater than the first length threshold, and the length of the attack simulation request is greater than the second length threshold.
4. The attack simulation method according to claim 1, wherein the attack simulation request is an HTTP request;
the method further comprises the following steps:
the CDN server allows the request for inserting the Unicode control characters to be received, and the Web server prevents the request for inserting the Unicode control characters from being received;
the attack simulation device constructs an attack simulation request and sends the attack simulation request to the CDN server, and the method specifically comprises the following steps:
the attack simulation equipment inserts at least one Unicode control character into the attack simulation request, wherein the Unicode control character comprises: the carriage return symbol \ n and the line feed symbol \ r.
5. An attack simulation system, comprising: the system comprises a Web server, a CDN server, attack simulation equipment and access simulation equipment;
the Web server is connected with the CDN server, and both the attack simulation device and the access simulation device are connected with the CDN server;
the CDN server includes: the device comprises a request forwarding unit, a response caching unit and a response sending unit;
the attack simulation device is configured to execute and construct an attack simulation request and send the attack simulation request to the CDN server, where the attack simulation request is a request for a first resource which is stored in the Web server and is not stored in the CDN server, and the attack simulation request conforms to a request format requirement of the CDN server and does not conform to a request format requirement of the Web server;
the request forwarding unit is configured to execute sending the attack simulation request to the Web server to request the first resource;
the Web server returns an error response aiming at the attack simulation request to the CDN server, wherein the error response is an error reporting response which represents that the Web server cannot normally process the attack simulation request;
the response caching unit is configured to perform caching of the error response locally as a response to the first resource;
the response sending unit is configured to execute, when the CDN server receives a first resource acquisition request sent by the access simulation device, the CDN server analyzes the first resource acquisition request, and sends the error response of the local cache to the access simulation device as the first resource, so that the access simulation device cannot acquire the first resource, where the first resource acquisition request meets a request format requirement of the CDN server.
6. The system of claim 5, wherein the attack simulation device is specifically configured to perform: the method comprises the steps of constructing an attack simulation request carrying an auxiliary header and sending the attack simulation request to a CDN server, wherein the CDN server cannot verify the auxiliary header, an HTTP method supported by a Web server is different from the HTTP method of the auxiliary header in the attack simulation request, and the auxiliary header guides the Web server to replace the HTTP method in the attack simulation request with the HTTP method supported by the Web server.
7. A storage medium on which a program is stored, characterized in that the program realizes the attack simulation method according to any one of claims 1 to 4 when executed by a processor.
8. An electronic device comprising at least one processor, and at least one memory, bus connected to the processor; the processor and the memory complete mutual communication through the bus; the processor is configured to invoke program instructions in the memory to perform the attack simulation method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110706017.9A CN113452689B (en) | 2021-06-24 | 2021-06-24 | Attack simulation method, system, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110706017.9A CN113452689B (en) | 2021-06-24 | 2021-06-24 | Attack simulation method, system, storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113452689A CN113452689A (en) | 2021-09-28 |
| CN113452689B true CN113452689B (en) | 2022-09-27 |
Family
ID=77812588
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110706017.9A Active CN113452689B (en) | 2021-06-24 | 2021-06-24 | Attack simulation method, system, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113452689B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7010578B1 (en) * | 2000-09-21 | 2006-03-07 | Akamai Technologies, Inc. | Internet content delivery service with third party cache interface support |
| CN109474569A (en) * | 2017-12-29 | 2019-03-15 | 北京安天网络安全技术有限公司 | A kind of method and system of detection web caching deception |
| CN111385157A (en) * | 2018-12-27 | 2020-07-07 | 厦门白山耘科技有限公司 | Server abnormity detection method and device |
| CN111988280A (en) * | 2020-07-24 | 2020-11-24 | 网宿科技股份有限公司 | Server and request processing method |
-
2021
- 2021-06-24 CN CN202110706017.9A patent/CN113452689B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7010578B1 (en) * | 2000-09-21 | 2006-03-07 | Akamai Technologies, Inc. | Internet content delivery service with third party cache interface support |
| CN109474569A (en) * | 2017-12-29 | 2019-03-15 | 北京安天网络安全技术有限公司 | A kind of method and system of detection web caching deception |
| CN111385157A (en) * | 2018-12-27 | 2020-07-07 | 厦门白山耘科技有限公司 | Server abnormity detection method and device |
| CN111988280A (en) * | 2020-07-24 | 2020-11-24 | 网宿科技股份有限公司 | Server and request processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113452689A (en) | 2021-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8949990B1 (en) | Script-based XSS vulnerability detection | |
| US8448241B1 (en) | Browser extension for checking website susceptibility to cross site scripting | |
| US8533328B2 (en) | Method and system of determining vulnerability of web application | |
| US8856325B2 (en) | Network element failure detection | |
| CN104125209B (en) | Malice website prompt method and router | |
| Ismail et al. | A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability | |
| US8515918B2 (en) | Method, system and computer program product for comparing or measuring information content in at least one data stream | |
| US7690035B2 (en) | System and method for preventing fraud of certification information, and recording medium storing program for preventing fraud of certification information | |
| US20090119769A1 (en) | Cross-site scripting filter | |
| WO2018121331A1 (en) | Attack request determination method, apparatus and server | |
| CN101223562A (en) | Immunizing HTML browsers and extensions from known vulnerabilities | |
| CN113810381B (en) | Crawler detection method, web application cloud firewall device and storage medium | |
| CN102571846A (en) | Method and device for forwarding hyper text transport protocol (HTTP) request | |
| CN105635064B (en) | CSRF attack detection method and device | |
| CN105393247A (en) | Webpage optimization device and method | |
| CN111953638B (en) | Network attack behavior detection method and device and readable storage medium | |
| CN104753730A (en) | Vulnerability detection method and device | |
| CN112202717B (en) | HTTP request processing method and device, server and storage medium | |
| CN108632219A (en) | A kind of website vulnerability detection method, detection service device and system | |
| Samarasinghe et al. | On cloaking behaviors of malicious websites | |
| KR20180083897A (en) | Method and apparatus for obtaining IP address | |
| CN113452689B (en) | Attack simulation method, system, storage medium and electronic equipment | |
| CN112434292A (en) | Method and equipment for protecting Web cache against virus exposure | |
| CN108259416A (en) | Detect the method and relevant device of malicious web pages | |
| US8650214B1 (en) | Dynamic frame buster injection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room c403-1, building 7, Caizhi Tiandi Park, No. 255, Renmin Middle Road, Guanyinshan street, Chongchuan District, Nantong City, Jiangsu Province 226014 Applicant after: Dingniu information security technology (Jiangsu) Co.,Ltd. Applicant after: BEIJING DIGAPIS TECHNOLOGY CO.,LTD. Address before: 100081 501-6, building 2 (information building), West District, yard 12, Zhongguancun South Street, Haidian District, Beijing Applicant before: BEIJING DIGAPIS TECHNOLOGY CO.,LTD. Applicant before: Dingniu information security technology (Jiangsu) Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |