阅读说明：本技术 一种客户端防劫持方法、客户端、服务器及系统 (Client anti-hijacking method, client, server and system ) 是由 谢康佳 于 2021-07-29 设计创作，主要内容包括：本发明实施例提供一种客户端防劫持方法、客户端、服务器及系统,所述方法包括存储一个独有标识,所述独有标识用于检验响应数据是否真实有效；向服务端发起连接请求；接收所述服务端针对所述连接请求下发的响应数据,并判断所述响应数据内是否包含所述独有标识；若所述响应数据内包含所述独有标识,则对所述响应数据进行处理。通过判断客户端与服务端约定而成的独有标识即可以简单方便的检测出客户端获取到的数据是否真实有效,不需要服务端提供域名对应I P的映射关系,减少客户端与服务端的交互,减轻服务器的压力。(The embodiment of the invention provides a client anti-hijack method, a client, a server and a system, wherein the method comprises the steps of storing a unique identifier, wherein the unique identifier is used for checking whether response data is real and effective; initiating a connection request to a server; receiving response data issued by the server aiming at the connection request, and judging whether the response data contains the unique identifier or not; and if the response data contains the unique identification, processing the response data. Whether the data acquired by the client is real and effective can be simply and conveniently detected by judging the unique identifier agreed by the client and the server, the mapping relation of I P corresponding to the domain name is not required to be provided by the server, the interaction between the client and the server is reduced, and the pressure of the server is relieved.)

1. A client anti-hijack method is applied to a client and comprises the following steps:

storing a unique identifier for verifying whether the response data is authentic and valid;

initiating a connection request to a server;

receiving response data issued by the server aiming at the connection request, and judging whether the response data contains the unique identifier or not;

and if the response data contains the unique identification, processing the response data.

2. The client anti-hijacking method as recited in claim 1, further comprising:

and under the preset receiving condition, if the response data is not received, switching the mode of initiating the connection request into the standby domain name of the server, and initiating the connection request to the server again.

3. The client anti-hijacking method as recited in claim 1, further comprising:

if the received response data does not contain the unique identifier, switching the mode of initiating the connection request to the standby domain name of the server, and initiating the connection request to the server again.

4. The client hijacking prevention method of claim 2 or 3, wherein the switching the mode of initiating the connection request to the standby domain name of the server and re-initiating the connection request to the server comprises:

polling and using the standby domain name in the standby domain name list of the server to initiate a connection request to the server again.

5. The client anti-hijacking method of claim 4, further comprising:

and when the standby domain name in the standby domain name list is polled, and response data sent by the server aiming at the connection request is not received or the received response data does not contain the unique identifier, switching the IP address of the local terminal, and re-initiating the connection request to the server.

6. A client anti-hijack method is applied to a server and comprises the following steps:

acquiring a unique identifier, wherein the unique identifier is used for verifying whether the response data is real and valid;

receiving a connection request initiated by a client;

and after the unique identifier is added to the response data corresponding to the connection request, sending the response data to the client.

7. A client, comprising:

the first storage module is used for storing a unique identifier, and the unique identifier is used for verifying whether the response data is real and valid;

the request module is used for initiating a connection request to the server;

a first receiving module, configured to receive response data issued by the server for the connection request, and determine whether the response data includes the unique identifier;

and the first processing module is used for processing the response data when the response data contains the unique identifier.

8. The client of claim 7, further comprising a switching unit:

when the response data is not received, switching to use the standby domain name of the server and initiating a connection request to the server again;

or, when the received response data does not include the unique identifier, switching to use the standby domain name of the server, and re-initiating a connection request to the server.

9. A server, comprising:

the second storage module is used for acquiring a unique identifier, and the unique identifier is used for checking whether the response data is real and valid;

the second receiving module is used for receiving a connection request initiated by the client;

and the second processing module is used for sending the response data to the client after the unique identifier is added to the response data corresponding to the connection request.

10. A client anti-hijacking system, comprising a client according to any one of claims 7 to 8, and a server according to claim 9.

Technical Field

The embodiment of the invention relates to the field of information technology, in particular to a client anti-hijacking method, a client, a server and a system.

Background

With the development of information technology, more and more users acquire and download data through a network, and in the process of acquiring and downloading, the following problems exist:

problem 1: some local network operators jump to a controlled page, such as Jiangsu anti-fraud center, when a client sends a request to a server by using http, so that a user cannot normally acquire data;

problem 2: when a client requests data from a server, the client is often hijacked and jumped by a third party easily, then the third party processes the data and adds some contents related to the benefit of the third party, such as advertisements, phishing website links and the like, so that the user is interfered to browse an original webpage, and potential safety hazards are brought to the access of the user;

problem 3: the DNS domain name resolution of some users or regions fails or resolves to an incorrect IP address, so that the user cannot normally acquire data.

For the above problems, the client cannot determine whether the received data is real and valid or cannot normally acquire the data, and therefore a client anti-hijacking method that can simply and conveniently detect whether the data acquired by the client is real and valid is urgently needed.

Disclosure of Invention

The embodiment of the invention provides a client anti-hijacking method, a client, a server and a system, and solves the technical problem that the client cannot judge whether received data is real and effective or cannot normally acquire the data.

The embodiment of the invention provides a client hijacking prevention method, which is applied to a client and comprises the following steps:

a client anti-hijack method is applied to a client and comprises the following steps:

storing a unique identifier for verifying whether the response data is authentic and valid;

initiating a connection request to a server;

receiving response data issued by the server aiming at the connection request, and judging whether the response data contains the unique identifier or not;

and if the response data contains the unique identification, processing the response data.

Wherein, still include:

and under the preset receiving condition, if the response data is not received, switching the mode of initiating the connection request into the standby domain name of the server, and initiating the connection request to the server again.

Wherein, still include:

if the received response data does not contain the unique identifier, switching the mode of initiating the connection request to the standby domain name of the server, and initiating the connection request to the server again.

Wherein, the switching the mode of initiating the connection request into the standby domain name of the server and initiating the connection request to the server again includes:

polling and using the standby domain name in the standby domain name list of the server to initiate a connection request to the server again.

Further, the method also comprises the following steps:

and when the standby domain name in the standby domain name list is polled, and response data sent by the server aiming at the connection request is not received or the received response data does not contain the unique identifier, switching the IP address of the local terminal, and re-initiating the connection request to the server.

The embodiment of the invention also provides a client hijack prevention method, which is applied to the server and comprises the following steps:

acquiring a unique identifier, wherein the unique identifier is used for verifying whether the response data is real and valid;

receiving a connection request initiated by a client;

and after the unique identifier is added to the response data corresponding to the connection request, sending the response data to the client.

An embodiment of the present invention further provides a client, including:

the first storage module is used for storing a unique identifier, and the unique identifier is used for verifying whether the response data is real and valid;

the request module is used for initiating a connection request to the server;

a first receiving module, configured to receive response data issued by the server for the connection request, and determine whether the response data includes the unique identifier;

and the first processing module is used for processing the response data when the response data contains the unique identifier.

Wherein, still include the switching unit:

when the response data is not received, switching to use the standby domain name of the server and initiating a connection request to the server again;

or, when the received response data does not include the unique identifier, switching to use the standby domain name of the server, and re-initiating a connection request to the server.

The embodiment of the present invention further provides a server, which is characterized by comprising:

the second storage module is used for acquiring a unique identifier, and the unique identifier is used for checking whether the response data is real and valid;

the second receiving module is used for receiving a connection request initiated by the client;

and the second processing module is used for sending the response data to the client after the unique identifier is added to the response data corresponding to the connection request.

The embodiment of the invention also provides a client anti-hijack system which is characterized by comprising the client and the server.

Advantageous effects

The embodiment of the invention provides a client anti-hijack method, a client, a server and a system, wherein the method comprises the steps of storing a unique identifier, wherein the unique identifier is used for checking whether response data is real and effective; initiating a connection request to a server; receiving response data issued by the server aiming at the connection request, and judging whether the response data contains the unique identifier or not; and if the response data contains the unique identification, processing the response data. Whether the data acquired by the client is real and effective can be simply and conveniently detected by judging the unique identifier agreed by the client and the server, the mapping relation of the domain name corresponding to the IP is not required to be provided by the server, the interaction between the client and the server is reduced, and the pressure of the server is reduced.

Additional features and corresponding advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.

Drawings

Fig. 1 is a flowchart of a client anti-hijacking method according to an embodiment of the present invention;

fig. 2 is a flowchart of a client anti-hijacking method according to a second embodiment of the present invention;

fig. 3 is a schematic structural diagram of a client according to a third embodiment of the present invention;

fig. 4 is a schematic diagram of a server structure according to a fourth embodiment of the present invention;

fig. 5 is a schematic diagram of a client anti-hijacking system according to a fifth embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention are described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The first embodiment is as follows:

in order to solve the problem that the client cannot determine whether the received data is real and valid or cannot normally acquire the data, an embodiment of the present invention provides a client hijacking prevention method, which can be applied to the client, please refer to fig. 1, where the method includes:

step S101, storing a unique identifier, wherein the unique identifier is used for checking whether the response data is real and valid.

For the client, after initiating the connection request to the server, the client may not receive the response data issued by the server, and for the received response data, it may not be determined whether the response data is from the server that wants to access the connection, that is, whether the response data is true and valid. In order to solve the problems, in the scheme, the client and the server both store a contract and have the same unique identifier for checking whether the response data is real and effective. The unique identifier can be generated by the client and the server through negotiation and stored locally, or can be acquired by the client from the server. The unique identifier is only known by the client and the server requesting access connection, and cannot appear in the third-party server, so that in the subsequent steps, whether the response data received by the client is real and effective can be determined only by judging whether the response data sent by the server contains the unique identifier.

Step S102, a connection request is sent to a server.

The client side initiates a connection request to the server side, and the connection request has multiple modes. Specifically, the client initiates an http request to the server to establish connection, and in the subsequent steps, according to actual needs, the client can also switch to use the standby domain name of the server, poll the standby domain name to initiate a connection request to the server again until the client processes response data; if the client still does not process the response data after the standby domain names of the server are completely polled, the client also needs to switch the local IP address and initiate a connection request to the server again until the client processes the response data.

Step S103, receiving response data issued by the server for the connection request, and determining whether the response data includes the unique identifier.

The client receives response data issued by the server for the connection request, and simultaneously judges whether the response data contains the unique identifier, if so, the step S104 is executed.

Further, in step S102, after the client initiates the connection request to the server, if the DNS domain name resolution fails or the correct IP address cannot be resolved, the server cannot receive the connection request initiated by the client, and does not act, that is, the data is sent to the client. Therefore, under a preset receiving condition, if the client does not receive response data sent by the server within a preset time, the method for initiating the connection request is switched to the standby domain name of the server, and the connection request is initiated to the server again. Specifically, the client polls the standby domain name in the standby domain name list of the server and initiates a connection request to the server again. Further, when the standby domain name in the standby domain name list is polled completely and response data issued by the server for the connection request is not received yet, the IP address of the local terminal is switched, and the step S102 is returned to initiate the connection request to the server again.

And step S104, if the response data contains the unique identification, processing the response data.

If the client determines that the response data contains the unique identifier, the client indicates that the data sent by the real server is received, that is, the response data is real and effective, and the client processes the response data at this moment.

Further, in step S103, the client receives response data sent by the server for the connection request, but when it is determined that the response data does not include the unique identifier, the response data received by the client is not from the server that wants to access, and is not true and valid. At this time, the response data received by the client may be response data sent by the third-party server after being hijacked by the third party in the process of initiating the connection request to the server by the client. Therefore, when the client determines that the response data does not contain the unique identifier, the connection request initiating mode is switched to the standby domain name of the server, and the connection request is initiated to the server again. Further, after the polling of the standby domain name in the standby domain name list is completed, when the received response data still does not include the unique identifier, the local IP address is switched, and the step S102 is returned to initiate a connection request to the server again until the client processes the received response data.

The embodiment of the invention provides a client anti-hijack method, which is applied to a client and is used for storing a unique identifier, wherein the unique identifier is used for checking whether response data is real and effective; initiating a connection request to a server; receiving response data issued by the server aiming at the connection request, and judging whether the response data contains the unique identifier or not; and if the response data contains the unique identification, processing the response data. Whether the data acquired by the client is real and effective can be simply and conveniently detected by judging the unique identifier agreed by the client and the server, the mapping relation of the domain name corresponding to the IP is not required to be provided by the server, the interaction between the client and the server is reduced, and the pressure of the server is reduced.

Example two:

an embodiment of the present invention further provides a client hijacking prevention method, which can be applied to a server, please refer to fig. 2, and the method includes:

step S201, acquiring a unique identifier, where the unique identifier is used to check whether the response data is true or valid.

For the server, after the client initiates the connection request to the server, the connection request initiated by the client may not be received, but in the process of initiating the connection request to the server, the connection request may be hijacked by a third party, so that the connection request may not reach the server normally. After receiving a connection request initiated by a client, a server may issue response data to the client, and the client cannot determine whether the response data is from a server that really wants to access the connection, that is, whether the response data is true and valid. In order to solve the problems, in the scheme, the client and the server both store a contract and have the same unique identifier for checking whether the response data is real and effective. The unique identifier can be generated by the client and the server through negotiation and stored locally, or can be acquired by the client from the server. The unique identifier is only known by the client and the server requesting access connection, and cannot appear in the third-party server, so that in the subsequent steps, the client can determine whether the received response data is real and effective only by judging whether the response data sent by the server contains the unique identifier.

Step S202, receiving a connection request initiated by a client.

Step S203, after the unique identifier is added to the response data corresponding to the connection request, the response data is sent to the client.

And after the server node receives a connection request initiated by the client, responding the connection request to generate response data, adding the unique identifier in the response data corresponding to the connection request, and issuing the response data to the client for the client to check.

The embodiment of the invention provides a client anti-hijack method, which is applied to a server to obtain a unique identifier, wherein the unique identifier is used for checking whether response data is real and effective; receiving a connection request initiated by a client; and after the unique identifier is added to the response data corresponding to the connection request, sending the response data to the client. The unique identification which is agreed by the server and the client is added by the server, the client can simply and conveniently detect whether the obtained data is real and effective only by judging the unique identification, the mapping relation of the domain name corresponding to the IP is not required to be provided by the server, the interaction between the client and the server is reduced, and the pressure of the server is relieved.

Example three:

an embodiment of the present invention provides a client, which is described with reference to fig. 3, and includes a first storage module 301, a request module 302, a first receiving module 303, a first processing module 304, and a switching module 305.

A first storage module 301, configured to store a unique identifier, where the unique identifier is used to check whether the response data is authentic and valid;

a request module 302, configured to initiate a connection request to a server;

a first receiving module 303, configured to receive response data sent by the server for the connection request, and determine whether the response data includes the unique identifier;

a first processing module 304, configured to process the response data when the unique identifier is included in the response data.

Further, the switching module 305 is configured to, under a preset receiving condition, switch a manner of initiating a connection request to a standby domain name of the server if the response data is not received, and initiate a connection request to the server again; or, when the received response data does not include the unique identifier, switching a connection request initiating mode to a standby domain name of the server, and initiating a connection request to the server again.

After the request module 302 initiates a connection request to the server, if connection request response data sent from the server is not received within a preset time, the method enters a switching module 305, switches the connection request initiating mode to the standby domain name of the server, returns to the request module 302, and initiates a connection request to the server again.

The receiving module 303 receives connection request response data sent by the server, but when it is determined that the response data does not include the unique identifier, the receiving module enters the switching module 305, switches the connection request initiating mode to the standby domain name of the server, returns to the requesting module 302, and initiates a connection request to the server again.

After polling all the standby domain names in the standby domain name list of the server, if the first receiving module 303 still does not receive the response data issued by the server for the connection request or the first receiving module 304 determines that the response data still does not include the unique identifier, the switching module 305 switches the IP address of the local terminal, returns to the requesting module 302, and re-initiates the connection request to the server.

Example four:

the embodiment of the present invention provides a server, which is described with reference to fig. 4, and includes a second storage module 401, a second receiving module 402, and a second processing module 403.

The second storage module 401 is configured to obtain a unique identifier, where the unique identifier is used to check whether the response data is true or not;

a second receiving module 402, configured to receive a connection request initiated by a client;

a second processing module 403, configured to add the unique identifier to response data corresponding to the connection request, and send the response data to the client.

Specifically, the second processing module 403 responds to the connection request after receiving the connection request initiated by the client, and sends the response data to the client after adding the unique identifier to the response data corresponding to the connection request, so that the client can determine whether the received response data is real and valid according to the unique identifier.

Example five:

an embodiment of the present invention provides a client anti-hijacking system, which includes a client provided in the third embodiment and a server provided in the fourth embodiment, as described in reference to fig. 5, and is configured to implement at least one step of the client anti-hijacking methods in the first embodiment and the second embodiment.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.