Micro-letter domain name interception detection - decryption mechanisms and principles

Mobile 2019-08-08 11:42:35 views: null

background

Due to more stringent restrictions micro-channel, the domain name is determined to be accidentally induced sharing. Therefore, the company decided to research a stable, fast, correct rate of detection of micro-letter domain name intercepted query interface.

Development team try Google search for some time, I found little to share out the source and principle. Later we explored a few days, and finally solve the problem.

Domain detecting micro-channel interfaces from:

https://wx.horocn.com/

principle

Use WiresharkEthereal to obtain micro-letter domain interception query interface.

There are several domain name status:

  • The domain can access normal (not micro-channel interception)
  • The domain was blocked micro letter
    • Non-micro-channel official website, to continue to access the phone will be converted into preview mode (in the background to add a number of public domain to the domain name business in general can solve this problem)
    • According to customer complaints and safety Tencent Security Center Web site detect the fraudulent Web page that contains malicious content, for the maintenance of green online environment, has stopped access
    • Share page contains inducing, attention and other behavior inducing content, is more than a complaint, for the maintenance of green online environment, has stopped access

Demo

PHP version

<?php
// 您的 API Token,在用户中心可查询到
$apiToken = "********************************";
// 需要检测的地址或域名
$reqUrl = "www.qq.com";
$url = sprintf("https://wx.horocn.com/api/v1/wxUrlCheck?api_token=%s&req_url=%s", $apiToken, $reqUrl);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
$responseBody = curl_exec($ch);
$responseArr = json_decode($responseBody, true);
if (json_last_error() != JSON_ERROR_NONE) {
    echo "JSON 解析接口结果出错\n";
    return;
}
if (isset($responseArr['code']) && $responseArr['code'] == 0) {
    // 接口正确返回
    // $responseArr['data']['status'] 的取值范围:ok、blocked
    // ok 表示正常、blocked 表示被封
    printf("测试地址(%s)的状态为:%s\n", $reqUrl, $responseArr['data']['status']);
} else {
    printf("接口异常:%s\n", var_export($responseArr, true));
}

Python version

# -*- coding: utf-8 -*-

import json, urllib
from urllib import urlencode

def main():
    # 您的 API Token,在用户中心可查询到
    apiToken = "*********************"

    url = "https://wx.horocn.com/api/v1/wxUrlCheck"
    params = {
        "req_url" : "www.qq.com", #需要检测的地址或域名
        "api_token" : apiToken,

    }
    params = urlencode(params)
    f = urllib.urlopen("%s?%s" % (url, params))

    content = f.read()
    res = json.loads(content)
    if res:
        code = res["code"]
        if code == 0:
            #成功请求
            print res["result"]
        else:
            print "%s: %s" % (res["code"],res["msg"])
    else:
        print "request api error"

if __name__ == '__main__':
    main()

Guess you like

Origin blog.51cto.com/14476850/2427444
Recommended
Ranking
Reason Codes enhanced accounting documents
The first test case appium
Force command and dispatch emergency communication plan
Interview - What is concurrent programming
21 classic Python interview questions [recommended collection]
[Dahua Data Structure-Introduction to Data Structure ①]
Spring @ConfigurationProperties
Why do we want to broadcast live on WeChat public account? What are the advantages?
How to bring up the toolbar under the desktop of Apple laptop
Dialog: Manually enter information
Daily
More
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)

Code World

© 2018 codetd.com