技术领域technical field
本发明涉及软件工程领域,具体而言,本发明涉及一种基于数据包的测试方法和一种基于数据包的测试装置。The invention relates to the field of software engineering, in particular, the invention relates to a testing method based on data packets and a testing device based on data packets.
背景技术Background technique
随着当今软件开发技术的发展与成熟,越来越多复杂的软件系统应用于人们生活的各个领域,由于通过对软件系统的性能进行测试,能够快速定位影响软件系统运行效率的问题所在,进而对软件系统进行有针对性地调整优化,故而软件系统的性能测试已经成为衡量软件产品质量的一个重要标准。With the development and maturity of today's software development technology, more and more complex software systems are used in various fields of people's lives. By testing the performance of the software system, the problems that affect the operating efficiency of the software system can be quickly located, and then The software system is adjusted and optimized in a targeted manner, so the performance test of the software system has become an important criterion for measuring the quality of software products.
在现有技术中,软件系统的性能测试一般通过测试工具或通过完全模拟软件系统的运行环境来实现的;然而,现有的两种软件系统的性能测试方式都在模拟多个用户的访问流量上存在一定的局限性,特别是针对安全设备类产品,这两种软件系统的性能测试方式均无法准确地模拟出针对安全设备产品的性能进行测试的多个用户的访问流量。In the prior art, the performance testing of the software system is generally realized by testing tools or by completely simulating the operating environment of the software system; however, the two existing performance testing methods of the software system are simulating the access traffic of multiple users There are certain limitations, especially for security equipment products, the performance testing methods of these two software systems cannot accurately simulate the access traffic of multiple users who test the performance of security equipment products.
发明内容Contents of the invention
为克服上述技术问题或者至少部分地解决上述技术问题,特提出以下技术方案:In order to overcome the above-mentioned technical problems or at least partially solve the above-mentioned technical problems, the following technical solutions are proposed:
本发明的实施例提出了一种基于数据包的测试方法,包括:The embodiment of the present invention proposes a kind of testing method based on data packet, comprises:
基于获取到的目标应用的访问相关信息,构造多个对应于目标应用的待加密测试数据包;Constructing a plurality of to-be-encrypted test data packets corresponding to the target application based on the obtained access-related information of the target application;
同时发送多个待加密测试数据包,以访问目标应用。Simultaneously send multiple test packets to be encrypted to access the target application.
优选地,基于获取到的目标应用的访问相关信息,包括:Preferably, based on the obtained access-related information of the target application, it includes:
对抓取到的目标应用的数据包进行解析,以获取目标应用的访问相关信息;Analyze the captured data packets of the target application to obtain access-related information of the target application;
其中,访问相关信息包括目标应用访问地址、目标应用的访问方式、目标应用的访问参数中的至少一项。Wherein, the access-related information includes at least one item of an access address of the target application, an access method of the target application, and an access parameter of the target application.
优选地,同时发送多个待加密测试数据包,以访问目标应用,包括:Preferably, multiple test data packets to be encrypted are sent at the same time to access the target application, including:
将多个待加密测试数据包同时发送至安全设备,以使得通过安全设备对多个待加密测试数据包进行加密处理后,并将加密测试数据包转发至目标应用。The multiple test data packets to be encrypted are sent to the security device at the same time, so that the multiple test data packets to be encrypted are encrypted by the security device, and the encrypted test data packets are forwarded to the target application.
优选地,该方法还包括:Preferably, the method also includes:
接收通过安全设备对加密测试数据包进行相应解密处理的后的解密测试数据包;receiving the decrypted test data packet after correspondingly decrypting the encrypted test data packet through the security device;
将待加密测试数据包的待加密数据和解密测试数据包的解密数据进行对比;Comparing the data to be encrypted of the test data packet to be encrypted with the decrypted data of the decryption test data packet;
根据对比结果确定安全设备的稳定性的测试结果。The test results to determine the stability of the security device based on the comparison results.
优选地,该方法还包括:Preferably, the method also includes:
接收到目标应用响应于多个待加密测试数据包的响应信息;receiving response information from the target application in response to a plurality of test data packets to be encrypted;
解析响应信息,并根据解析结果判断各个待加密测试数据包是否访问成功。Parsing the response information, and judging whether the access of each to-be-encrypted test data packet is successful according to the parsing result.
本发明的另一实施例提出了一种基于数据包的测试装置,包括:Another embodiment of the present invention proposes a test device based on data packets, comprising:
构造模块,用于基于获取到的目标应用的访问相关信息,构造多个对应于目标应用的待加密测试数据包;A construction module, configured to construct a plurality of to-be-encrypted test data packets corresponding to the target application based on the obtained access-related information of the target application;
发送模块,用于同时发送多个待加密测试数据包,以访问目标应用。The sending module is used to send multiple test data packets to be encrypted simultaneously to access the target application.
优选地,构造模块,用于对抓取到的目标应用的数据包进行解析,以获取目标应用的访问相关信息;Preferably, a construction module is configured to parse the captured data packets of the target application to obtain access-related information of the target application;
其中,访问相关信息包括目标应用访问地址、目标应用的访问方式、目标应用的访问参数中的至少一项。Wherein, the access-related information includes at least one item of an access address of the target application, an access method of the target application, and an access parameter of the target application.
优选地,发送模块,用于将多个待加密测试数据包同时发送至安全设备,以使得通过安全设备对多个待加密测试数据包进行加密处理后,并将加密测试数据包转发至目标应用。Preferably, the sending module is configured to simultaneously send a plurality of test data packets to be encrypted to the security device, so that after the security device encrypts the plurality of test data packets to be encrypted, the encrypted test data packets are forwarded to the target application .
优选地,该装置还包括:Preferably, the device also includes:
第一接收模块,用于接收通过安全设备对加密测试数据包进行相应解密处理后的解密测试数据包;The first receiving module is used to receive the decrypted test data packet after the encrypted test data packet is correspondingly decrypted by the security device;
对比模块,用于将待加密测试数据包的待加密数据和解密测试数据包的解密数据进行对比;A comparison module, for comparing the data to be encrypted of the test data packet to be encrypted with the decrypted data of the decryption test data packet;
测试模块,用于根据对比结果确定安全设备的稳定性的测试结果。The test module is used to determine the test result of the stability of the safety device according to the comparison result.
优选地,该装置还包括:Preferably, the device also includes:
第二接收模块,用于接收到目标应用响应于多个待加密测试数据包的响应信息;The second receiving module is configured to receive response information from the target application in response to a plurality of test data packets to be encrypted;
解析模块,用于解析响应信息,并根据解析结果判断各个待加密测试数据包是否访问成功。The parsing module is used for parsing the response information, and judging whether each to-be-encrypted test data packet is accessed successfully according to the parsing result.
本发明的技术方案中,构造多个待加密测试数据包,并发送多个待加密测试数据包,以访问目标应用,从而实现了模拟针对目标应用的多个用户的访问流量;并将该多个用户的访问流量作为在高并发条件下,软件系统性能测试的流量输入,特别是作为安全设备类产品稳定性的测试的流量输入,从而为安全设备类产品稳定性的高质量测试提供了可能,也即为安全设备类产品稳定性的测试效率和测试准确率提供了前提和保证。In the technical solution of the present invention, multiple test data packets to be encrypted are constructed, and multiple test data packets to be encrypted are sent to access the target application, thereby realizing the simulation of the access traffic of multiple users for the target application; and the multiple The access traffic of each user is used as the traffic input of the software system performance test under high concurrency conditions, especially as the traffic input of the stability test of security equipment products, thus providing the possibility for high-quality testing of the stability of security equipment products. , that is to say, it provides the premise and guarantee for the test efficiency and test accuracy of the stability of safety equipment products.
本发明附加的方面和优点将在下面的描述中部分给出,这些将从下面的描述中变得明显,或通过本发明的实践了解到。Additional aspects and advantages of the invention will be set forth in part in the description which follows, and will become apparent from the description, or may be learned by practice of the invention.
附图说明Description of drawings
本发明上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中:The above and/or additional aspects and advantages of the present invention will become apparent and easy to understand from the following description of the embodiments in conjunction with the accompanying drawings, wherein:
图1为本发明一个实施例的基于数据包的测试方法的流程示意图;Fig. 1 is the schematic flow chart of the testing method based on data packet of an embodiment of the present invention;
图2为本发明一个优选实施例的安全设备的稳定性的测试的流程示意图;Fig. 2 is a schematic flow chart of the stability test of the security device of a preferred embodiment of the present invention;
图3为本发明另一优选实施例的判断待加密测试数据包是否访问成功的流程示意图;Fig. 3 is a schematic flow diagram of judging whether the test data packet to be encrypted is successfully accessed according to another preferred embodiment of the present invention;
图4为本发明另一个实施例的基于数据包的测试装置的结构框架示意图;FIG. 4 is a schematic structural framework diagram of a data packet-based testing device according to another embodiment of the present invention;
图5为本发明的一个优选实施例的测试安全设备的稳定性的基于数据包的测试装置的结构框架示意图;FIG. 5 is a schematic structural framework diagram of a data packet-based testing device for testing the stability of a security device according to a preferred embodiment of the present invention;
图6为本发明的另一优选实施例的判断待加密测试数据包是否访问成功的基于数据包的测试装置的结构框架示意图。FIG. 6 is a schematic diagram of a structural framework of a data packet-based testing device for judging whether a to-be-encrypted test data packet is successfully accessed according to another preferred embodiment of the present invention.
具体实施方式detailed description
下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能解释为对本发明的限制。Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals designate the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.
本技术领域技术人员可以理解,除非特意声明,这里使用的单数形式“一”、“一个”、“所述”和“该”也可包括复数形式。应该进一步理解的是,本发明的说明书中使用的措辞“包括”是指存在所述特征、整数、步骤、操作、元件和/或组件,但是并不排除存在或添加一个或多个其他特征、整数、步骤、操作、元件、组件和/或它们的组。应该理解,当我们称元件被“连接”或“耦接”到另一元件时,它可以直接连接或耦接到其他元件,或者也可以存在中间元件。此外,这里使用的“连接”可以包括无线连接或“耦接”可以包括无线耦接。这里使用的措辞“和/或”包括一个或更多个相关联的列出项的全部或任一单元和全部组合。Those skilled in the art will understand that unless otherwise stated, the singular forms "a", "an", "said" and "the" used herein may also include plural forms. It should be further understood that the word "comprising" used in the description of the present invention refers to the presence of said features, integers, steps, operations, elements and/or components, but does not exclude the presence or addition of one or more other features, Integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Also, as used herein, "connected" may include wirelessly connected or "coupled" may include wirelessly coupled. The expression "and/or" used herein includes all or any elements and all combinations of one or more associated listed items.
本技术领域技术人员可以理解,除非另外定义,这里使用的所有术语(包括技术术语和科学术语),具有与本发明所属领域中的普通技术人员的一般理解相同的意义。还应该理解的是,诸如通用字典中定义的那些术语,应该被理解为具有与现有技术的上下文中的意义一致的意义,并且除非像这里一样被特定定义,否则不会用理想化或过于正式的含义来解释。Those skilled in the art can understand that, unless otherwise defined, all terms (including technical terms and scientific terms) used herein have the same meaning as commonly understood by those of ordinary skill in the art to which this invention belongs. It should also be understood that terms, such as those defined in commonly used dictionaries, should be understood to have meanings consistent with their meaning in the context of the prior art, and unless specifically defined as herein, are not intended to be idealized or overly Formal meaning to explain.
图1为本发明一个实施例的基于数据包的测试方法的流程示意图。FIG. 1 is a schematic flowchart of a testing method based on data packets according to an embodiment of the present invention.
需要说明的是,本实施例的执行主体是测试服务器。It should be noted that the execution subject of this embodiment is the test server.
步骤S101:基于获取到的目标应用的访问相关信息,构造多个对应于目标应用的待加密测试数据包;步骤S102:同时发送多个待加密测试数据包,以访问目标应用。Step S101: Construct multiple test data packets to be encrypted corresponding to the target application based on the obtained access-related information of the target application; Step S102: Send multiple test data packets to be encrypted simultaneously to access the target application.
本发明的技术方案中,构造多个待加密测试数据包,并发送多个待加密测试数据包,以访问目标应用,从而实现了模拟针对目标应用的多个用户的访问流量;并将该多个用户的访问流量作为在高并发条件下,软件系统性能测试的流量输入,特别是作为安全设备类产品稳定性的测试的流量输入,从而为安全设备类产品稳定性的高质量测试提供了可能,也即为安全设备类产品稳定性的测试效率和测试准确率提供了前提和保证。In the technical solution of the present invention, multiple test data packets to be encrypted are constructed, and multiple test data packets to be encrypted are sent to access the target application, thereby realizing the simulation of the access traffic of multiple users for the target application; and the multiple The access traffic of each user is used as the traffic input of the software system performance test under high concurrency conditions, especially as the traffic input of the stability test of security equipment products, thus providing the possibility for high-quality testing of the stability of security equipment products. , that is to say, it provides the premise and guarantee for the test efficiency and test accuracy of the stability of safety equipment products.
以下针对各个步骤的具体实现做进一步的说明:The following is a further description of the specific implementation of each step:
步骤S101:基于获取到的目标应用的访问相关信息,构造多个对应于目标应用的待加密测试数据包。Step S101: Based on the acquired access-related information of the target application, construct a plurality of to-be-encrypted test data packets corresponding to the target application.
具体地,测试服务器对抓取到的目标应用的数据包进行解析,以获取目标应用的访问相关信息;基于访问的相关信息,构造待加密测试数据包的数据包头和包含待加密数据的数据包体。Specifically, the test server parses the captured data packets of the target application to obtain access-related information of the target application; based on the access-related information, the data packet header of the test data packet to be encrypted and the data packet containing the data to be encrypted are constructed body.
抓取目标应用的数据包的方式包括:通过抓取工具对用户实际访问目标应用的业务场景的数据流进行抓取,以获取到针对目标应用的该业务场景的数据包。The method of capturing the data packets of the target application includes: capturing the data flow of the business scenario in which the user actually accesses the target application by using a capture tool, so as to obtain the data packets for the business scenario of the target application.
其中,访问相关信息包括目标应用访问地址、目标应用的访问方式、目标应用的访问参数中的至少一项;目标应用的访问方式包括但不限于:请求访问的协议、请求端口、请求形式;目标应用的访问参数包括但不限于:浏览器类型参数。Among them, the access-related information includes at least one of the target application access address, the access method of the target application, and the access parameters of the target application; The access parameters of the application include but are not limited to: browser type parameters.
解析目标应用的数据包的方式包括但不限于:通过解析工具或通过查看,分析目标应用的数据包的数据包头和数据包体,对目标应用的数据包进行解析。The manner of analyzing the data packet of the target application includes but is not limited to: analyzing the data packet header and the data packet body of the data packet of the target application through an analysis tool or by viewing, and analyzing the data packet of the target application.
步骤S102:同时发送多个待加密测试数据包,以访问目标应用。Step S102: Simultaneously send multiple to-be-encrypted test data packets to access the target application.
具体地,测试服务器将多个待加密测试数据包同时发送至安全设备,以使得通过安全设备对多个待加密测试数据包进行加密处理后,并将加密测试数据包转发至目标应用。Specifically, the test server sends multiple test data packets to be encrypted to the security device at the same time, so that the security device encrypts the multiple test data packets to be encrypted, and forwards the encrypted test data packets to the target application.
安全设备根据其数据库中记录的每个字段的类型信息,例如:客户名称、邮箱地址、电话、客户简介,及所对应的加密算法,对待加密测试数据包中所需保护的字段的类型信息所对应的待加密数据进行加密处理,并生成相应加密算法的加密数据。当加密数据生成后,安全设备会将包含加密数据的加密测试数据包发送至目标应用服务器。According to the type information of each field recorded in its database, such as: customer name, email address, phone number, customer profile, and the corresponding encryption algorithm, the security device determines the type information of the fields to be protected in the encrypted test data packet. The corresponding data to be encrypted is encrypted, and the encrypted data corresponding to the encryption algorithm is generated. After the encrypted data is generated, the security device will send the encrypted test data packet containing the encrypted data to the target application server.
其中,加密算法包括但不限于:标记化token算法。Wherein, the encryption algorithm includes but is not limited to: tokenized token algorithm.
具体地,字段的类型信息的获取方式包括:通过查看目标应用的字段的类型信息,确定被保护的字段的类型信息,即需要加密的字段的类型信息,并抓取该被保护的字段的类型信息,将该被保护的字段的类型信息存储到安全设备的数据库相应的列表中,作为该列表的字段。Specifically, the way to obtain the field type information includes: by checking the field type information of the target application, determining the type information of the protected field, that is, the type information of the field that needs to be encrypted, and capturing the type of the protected field information, and store the type information of the protected field in a corresponding list in the database of the security device as a field of the list.
此处需要指明的是,在对安全设备的加解密的业务场景进行稳定性测试时,测试服务器通过遍历安全设备的数据库中记录的所有字段的类型信息,并将待加密测试数据包的数据包体中的待加密数据设置为包含一个字段的类型信息对应的数值,从而实现了覆盖安全设备的所有需要测试的字段的类型信息,更加全面地对安全设备稳定性的进行测试,减少安全设备的漏测问题的发生。What needs to be pointed out here is that when performing a stability test on the encryption and decryption business scenario of the security device, the test server traverses the type information of all fields recorded in the database of the security device, and sends the data packet of the test data packet to be encrypted The data to be encrypted in the body is set to the value corresponding to the type information of a field, so as to cover the type information of all fields that need to be tested in the security device, test the stability of the security device more comprehensively, and reduce the security device. Occurrence of missed detection problems.
具体地,如图2所示,该方法还包括:步骤S201:接收通过安全设备对加密测试数据包进行相应解密处理的后的解密测试数据包;步骤S202:将待加密测试数据包的待加密数据和解密测试数据包的解密数据进行对比;步骤S203:根据对比结果确定安全设备的稳定性的测试结果。Specifically, as shown in FIG. 2 , the method further includes: step S201: receiving the decrypted test data packet after the encrypted test data packet has been correspondingly decrypted by the security device; step S202: encrypting the to-be-encrypted test data packet The data is compared with the decrypted data of the decrypted test data packet; Step S203: Determine the test result of the stability of the security device according to the comparison result.
安全设备接收目标应用服务器响应于包含加密数据的加密测试数据包的反馈信息,并根据安全设备的数据库中记录的字段的类型信息的加密算法,将包含加密数据的加密测试数据包的反馈信息进行相应的解密,得到相应的解密数据并将该解密数据返回至测试服务器,测试服务器对解密数据进行记录并存储。The security device receives the feedback information of the target application server in response to the encrypted test data packet containing the encrypted data, and according to the encryption algorithm of the field type information recorded in the database of the security device, the feedback information of the encrypted test data packet containing the encrypted data is processed. Corresponding decryption, corresponding decrypted data is obtained and the decrypted data is returned to the test server, and the test server records and stores the decrypted data.
测试服务器将待加密测试数据包的待加密数据和接收到的解密测试数据包的解密数据进行对比,根据对比结果,确定所有待加密数据是否成功加解密,测试服务器会对其中没有成功加解密的待加密数据重新进行加解密的测试。若所有待加密数据均成功加解密,则说明安全设备稳定性的测试成功。The test server compares the data to be encrypted in the test data packet to be encrypted with the decrypted data in the received decrypted test data packet, and determines whether all the data to be encrypted has been successfully encrypted and decrypted according to the comparison results. The data to be encrypted is re-encrypted and decrypted. If all the data to be encrypted are successfully encrypted and decrypted, it means that the stability test of the security device is successful.
测试服务器对安全设备在高并发情况下的加解密的业务场景进行测试,大大提高了安全设备的测试质量。The test server tests the encryption and decryption business scenarios of security devices under high concurrency conditions, which greatly improves the test quality of security devices.
具体地,如图3所示,该方法还包括:步骤S301:接收到目标应用响应于多个待加密测试数据包的响应信息;步骤S302:解析响应信息,并根据解析结果判断各个待加密测试数据包是否访问成功。Specifically, as shown in FIG. 3 , the method further includes: step S301: receiving response information from the target application in response to multiple test data packets to be encrypted; step S302: parsing the response information, and judging each test data packet to be encrypted Whether the packet access is successful.
其中,响应信息包括但不限于:cookie数据、页面数据。Wherein, the response information includes but not limited to: cookie data, page data.
解析响应信息的方式包括但不限于:通过解析工具或通过查看,分析响应信息的内容。Ways to analyze the response information include but are not limited to: analyzing the content of the response information through analysis tools or viewing.
判断各个待加密测试数据包是否访问成功的方式为:将各个响应信息的各自的解析结果与待加密测试数据包进行匹配,若所有响应信息与所有待加密测试数据包匹配成功,则说明各个待加密测试数据包访问成功;若所有响应信息与所有待加密测试数据包匹配不成功,则说明多个待加密测试数据包访问存在异常,即待加密测试数据包的构造存在异常。The way to judge whether the access of each test data packet to be encrypted is successful is: match the respective analysis results of each response information with the test data packet to be encrypted, if all the response information matches successfully with all the test data packets to be encrypted, it means that each The encrypted test data package is successfully accessed; if all the response information fails to match all the to-be-encrypted test data packages, it indicates that there is an abnormality in the access of multiple to-be-encrypted test data packages, that is, the structure of the to-be-encrypted test data package is abnormal.
例如,测试服务器接收到目标应用服务器响应于多个待加密测试数据包的页面数据;解析页面数据并获取到value数值,并将value数值与待加密测试数据包进行匹配,确定每个待加密测试数据包都包括相应的页面数据,则说明各个待加密测试数据包访问成功;若至少其中一个待加密测试数据包与value数值不匹配,则说明多个待加密测试数据包访问存在异常,待加密测试数据包的构造存在异常。For example, the test server receives the page data of the target application server in response to multiple test data packets to be encrypted; parses the page data and obtains the value value, and matches the value value with the test data packets to be encrypted to determine the number of each test data packet to be encrypted. If the data packets include the corresponding page data, it means that the access of each test data packet to be encrypted is successful; if at least one of the test data packets to be encrypted does not match the value value, it means that there is an abnormality in the access of multiple test data packets to be encrypted. There is an anomaly in the construction of the test packet.
此处需要指明的是,构造待加密测试数据包也可作为混合流量中的目标流量,通过预定比例对非目标流量和目标流量进行混合,使得安全设备接收到一定压力值的混合流量,通过分析接收到的、在安全设备对混合流量处理时的安全设备的性能数据,如,中央处理器cpu利用率,从而更加准确地确定安全设备的性能的可靠度;同时,通过修改控制参数,来控制安全设备接收到的混合流量的压力值,能更加精确地确定出安全设备的可靠度的临界值,从而实现对安全设备的性能测试的评估。What needs to be pointed out here is that the construction of the test data packet to be encrypted can also be used as the target traffic in the mixed traffic, and the non-target traffic and the target traffic are mixed through a predetermined ratio, so that the security device receives the mixed traffic with a certain pressure value, and through analysis Received performance data of the security device when the security device is processing mixed traffic, such as the CPU utilization rate of the central processing unit, so as to more accurately determine the reliability of the performance of the security device; at the same time, by modifying the control parameters, to control The pressure value of the mixed flow received by the safety device can more accurately determine the critical value of the reliability of the safety device, thereby realizing the evaluation of the performance test of the safety device.
其中,通过修改测试服务器的自动化测试脚本中的控制参数,来确定发送待加密测试数据包产生流量的持续时间和总占用空间;控制参数包括但不限于:控制产生流量的持续时间的参数、控制产生流量的占用空间的参数。Among them, by modifying the control parameters in the automated test script of the test server, the duration and total occupied space of the traffic generated by sending the test data packet to be encrypted are determined; the control parameters include but are not limited to: parameters for controlling the duration of the generated traffic, control Parameters of the occupied space that generate traffic.
图4为本发明另一个实施例的基于数据包的测试装置的结构框架示意图。FIG. 4 is a schematic diagram of a structural framework of a data packet-based testing device according to another embodiment of the present invention.
构造模块401,基于获取到的目标应用的访问相关信息,构造多个对应于目标应用的待加密测试数据包;发送模块402,同时发送多个待加密测试数据包,以访问目标应用。The construction module 401 constructs a plurality of to-be-encrypted test data packets corresponding to the target application based on the obtained access-related information of the target application; the sending module 402 simultaneously sends a plurality of to-be-encrypted test data packets to access the target application.
以下针对各个模块的具体实现做进一步的说明:The following is a further description of the specific implementation of each module:
构造模块401,基于获取到的目标应用的访问相关信息,构造多个对应于目标应用的待加密测试数据包。The constructing module 401 constructs a plurality of to-be-encrypted test data packets corresponding to the target application based on the acquired access-related information of the target application.
具体地,测试服务器的构造模块401对抓取到的目标应用的数据包进行解析,以获取目标应用的访问相关信息;基于访问的相关信息,构造待加密测试数据包的数据包头和包含待加密数据的数据包体。Specifically, the construction module 401 of the test server parses the captured data packets of the target application to obtain access-related information of the target application; The packet body of the data.
抓取目标应用的数据包的方式包括:通过抓取工具对用户实际访问目标应用的业务场景的数据流进行抓取,以获取到针对目标应用的该业务场景的数据包。The method of capturing the data packets of the target application includes: capturing the data flow of the business scenario in which the user actually accesses the target application by using a capture tool, so as to obtain the data packets for the business scenario of the target application.
其中,访问相关信息包括目标应用访问地址、目标应用的访问方式、目标应用的访问参数中的至少一项;目标应用的访问方式包括但不限于:请问访问的协议、请求端口、请求形式;目标应用的访问参数包括但不限于:浏览器类型参数。Among them, the access-related information includes at least one of the target application access address, the access method of the target application, and the access parameters of the target application; The access parameters of the application include but are not limited to: browser type parameters.
解析目标应用的数据包的方式包括但不限于:通过解析工具或通过查看,分析目标应用的数据包的数据包头和数据包体,对目标应用的数据包进行解析。The manner of analyzing the data packet of the target application includes but is not limited to: analyzing the data packet header and the data packet body of the data packet of the target application through an analysis tool or by viewing, and analyzing the data packet of the target application.
发送模块402,同时发送多个待加密测试数据包,以访问目标应用。The sending module 402 simultaneously sends a plurality of to-be-encrypted test data packets to access the target application.
具体地,测试服务器的发送模块402,将多个待加密测试数据包同时发送至安全设备,以使得通过安全设备对多个待加密测试数据包进行加密处理后,并将加密测试数据包转发至目标应用。Specifically, the sending module 402 of the test server sends multiple test data packets to be encrypted to the security device at the same time, so that after the security device performs encryption processing on the multiple test data packets to be encrypted, the encrypted test data packets are forwarded to target application.
安全设备根据其数据库中记录的每个字段的类型信息,例如:客户名称、邮箱地址、电话、客户简介,及所对应的加密算法,对待加密测试数据包中所需保护的字段的类型信息所对应的待加密数据进行加密处理,并生成相应加密算法的加密数据。当加密数据生成后,安全设备会将包含加密数据的加密测试数据包发送至目标应用服务器。According to the type information of each field recorded in its database, such as: customer name, email address, phone number, customer profile, and the corresponding encryption algorithm, the security device determines the type information of the fields to be protected in the encrypted test data packet. The corresponding data to be encrypted is encrypted, and the encrypted data corresponding to the encryption algorithm is generated. After the encrypted data is generated, the security device will send the encrypted test data packet containing the encrypted data to the target application server.
其中,加密算法包括但不限于:标记化token算法。Wherein, the encryption algorithm includes but is not limited to: tokenized token algorithm.
具体地,字段的类型信息的获取方式包括:通过查看目标应用的字段的类型信息,确定被保护的字段的类型信息,即需要加密的字段的类型信息,并抓取该被保护的字段的类型信息,将该被保护的字段的类型信息存储到安全设备的数据库相应的列表中,作为该列表的字段。Specifically, the way to obtain the field type information includes: by checking the field type information of the target application, determining the type information of the protected field, that is, the type information of the field that needs to be encrypted, and capturing the type of the protected field information, and store the type information of the protected field in a corresponding list in the database of the security device as a field of the list.
此处需要指明的是,在对安全设备的加解密的业务场景进行稳定性测试时,测试服务器通过遍历安全设备的数据库中记录的所有字段的类型信息,并将待加密测试数据包的数据包体中的待加密数据设置为包含一个字段的类型信息对应的数值,从而实现了覆盖安全设备的所有需要测试的字段的类型信息,更加全面地对安全设备稳定性的进行测试,减少安全设备的漏测问题的发生。What needs to be pointed out here is that when performing a stability test on the encryption and decryption business scenario of the security device, the test server traverses the type information of all fields recorded in the database of the security device, and sends the data packet of the test data packet to be encrypted The data to be encrypted in the body is set to the value corresponding to the type information of a field, so as to cover the type information of all fields that need to be tested in the security device, test the stability of the security device more comprehensively, and reduce the security device. Occurrence of missed detection problems.
具体地,如图5所示,该装置还包括:第一接收模块501,接收通过安全设备对加密测试数据包进行相应解密处理的后的解密测试数据包;对比模块502,将待加密测试数据包的待加密数据和解密测试数据包的解密数据进行对比;测试模块503,根据对比结果确定安全设备的稳定性的测试结果。Specifically, as shown in FIG. 5 , the device also includes: a first receiving module 501, which receives the decrypted test data packet after the encrypted test data packet has been correspondingly decrypted by the security device; a comparison module 502, which converts the encrypted test data The data to be encrypted in the packet is compared with the decrypted data in the decrypted test data packet; the test module 503 determines the test result of the stability of the security device according to the comparison result.
安全设备接收目标应用服务器响应于包含加密数据的加密测试数据包的反馈信息,并根据安全设备的数据库中记录的字段的类型信息的加密算法,将包含加密数据的加密测试数据包的反馈信息进行相应的解密,得到相应的解密数据并将该解密数据返回至测试服务器的第一接收模块501,测试服务器的第一接收模块501对解密数据进行记录并存储。The security device receives the feedback information of the target application server in response to the encrypted test data packet containing the encrypted data, and according to the encryption algorithm of the field type information recorded in the database of the security device, the feedback information of the encrypted test data packet containing the encrypted data is processed. According to the corresponding decryption, the corresponding decrypted data is obtained and the decrypted data is returned to the first receiving module 501 of the test server, and the first receiving module 501 of the test server records and stores the decrypted data.
测试服务器的对比模块502将待加密测试数据包的待加密数据和接收到的解密测试数据包的解密数据进行对比,根据对比结果,测试模块503确定所有待加密数据是否成功加解密,测试服务器会对其中没有成功加解密的待加密数据重新进行加解密的测试。若所有待加密数据均成功加解密,则说明安全设备稳定性的测试成功。The comparison module 502 of the test server compares the data to be encrypted in the test data packet to be encrypted with the decrypted data in the received decrypted test data packet. According to the comparison result, the test module 503 determines whether all the data to be encrypted is successfully encrypted and decrypted, and the test server will Re-encrypt and decrypt the data to be encrypted that has not been successfully encrypted and decrypted. If all the data to be encrypted are successfully encrypted and decrypted, it means that the stability test of the security device is successful.
测试服务器对安全设备在高并发情况下的加解密的业务场景进行测试,大大提高了安全设备的测试质量。The test server tests the encryption and decryption business scenarios of security devices under high concurrency conditions, which greatly improves the test quality of security devices.
具体地,如图6所示,该装置还包括:第二接收模块601,接收到目标应用响应于多个待加密测试数据包的响应信息;解析模块602,解析响应信息,并根据解析结果判断各个待加密测试数据包是否访问成功。Specifically, as shown in FIG. 6, the device further includes: a second receiving module 601, which receives the response information of the target application in response to a plurality of test data packets to be encrypted; an analysis module 602, which analyzes the response information, and judges according to the analysis result Each test data packet to be encrypted is accessed successfully.
其中,响应信息包括但不限于:cookie数据、页面数据。Wherein, the response information includes but not limited to: cookie data, page data.
解析响应信息的方式包括但不限于:通过解析工具或通过查看,分析响应信息的内容。Ways to analyze the response information include but are not limited to: analyzing the content of the response information through analysis tools or viewing.
判断各个待加密测试数据包是否访问成功的方式为:将各个响应信息的各自的解析结果与待加密测试数据包进行匹配,若所有响应信息与所有待加密测试数据包匹配成功,则说明各个待加密测试数据包访问成功;若所有响应信息与所有待加密测试数据包匹配不成功,则说明多个待加密测试数据包访问存在异常,即待加密测试数据包的构造存在异常。The way to judge whether the access of each test data packet to be encrypted is successful is: match the respective analysis results of each response information with the test data packet to be encrypted, if all the response information matches successfully with all the test data packets to be encrypted, it means that each The encrypted test data package is successfully accessed; if all the response information fails to match all the to-be-encrypted test data packages, it indicates that there is an abnormality in the access of multiple to-be-encrypted test data packages, that is, the structure of the to-be-encrypted test data package is abnormal.
例如,测试服务器的第二接收模块601接收到目标应用服务器响应于多个待加密测试数据包的页面数据;解析模块602解析页面数据并获取到value数值,并将value数值与待加密测试数据包进行匹配,确定每个待加密测试数据包都包括相应的页面数据,则说明各个待加密测试数据包访问成功;若至少其中一个待加密测试数据包与value数值不匹配,则说明多个待加密测试数据包访问存在异常,待加密测试数据包的构造存在异常。For example, the second receiving module 601 of the test server receives the page data that the target application server responds to a plurality of test data packets to be encrypted; Matching is performed to determine that each test data packet to be encrypted includes the corresponding page data, which means that each test data packet to be encrypted has been successfully accessed; if at least one of the test data packets to be encrypted does not match the value value, it means that there are multiple data packets to be encrypted There is an exception in the access of the test data package, and there is an exception in the construction of the test data package to be encrypted.
此处需要指明的是,构造待加密测试数据包也可作为混合流量中的目标流量,通过预定比例对非目标流量和目标流量进行混合,使得安全设备接收到一定压力值的混合流量,通过分析接收到的、在安全设备对混合流量处理时的安全设备的性能数据,如,中央处理器cpu利用率,从而更加准确地确定安全设备的性能的可靠度;同时,通过修改控制参数,来控制安全设备接收到的混合流量的压力值,能更加精确地确定出安全设备的可靠度的临界值,从而实现对安全设备的性能测试的评估。What needs to be pointed out here is that the construction of the test data packet to be encrypted can also be used as the target traffic in the mixed traffic, and the non-target traffic and the target traffic are mixed through a predetermined ratio, so that the security device receives the mixed traffic with a certain pressure value, and through analysis Received performance data of the security device when the security device is processing mixed traffic, such as the CPU utilization rate of the central processing unit, so as to more accurately determine the reliability of the performance of the security device; at the same time, by modifying the control parameters, to control The pressure value of the mixed flow received by the safety device can more accurately determine the critical value of the reliability of the safety device, thereby realizing the evaluation of the performance test of the safety device.
其中,通过修改测试服务器的自动化测试脚本中的控制参数,来确定发送待加密测试数据包产生流量的持续时间和总占用空间;控制参数包括但不限于:控制产生流量的持续时间的参数、控制产生流量的占用空间的参数。Among them, by modifying the control parameters in the automated test script of the test server, the duration and total occupied space of the traffic generated by sending the test data packet to be encrypted are determined; the control parameters include but are not limited to: parameters for controlling the duration of the generated traffic, control Parameters of the occupied space that generate traffic.
本技术领域技术人员可以理解,本发明包括涉及用于执行本申请中所述操作中的一项或多项的设备。这些设备可以为所需的目的而专门设计和制造,或者也可以包括通用计算机中的已知设备。这些设备具有存储在其内的计算机程序,这些计算机程序选择性地激活或重构。这样的计算机程序可以被存储在设备(例如,计算机)可读介质中或者存储在适于存储电子指令并分别耦联到总线的任何类型的介质中,所述计算机可读介质包括但不限于任何类型的盘(包括软盘、硬盘、光盘、CD-ROM、和磁光盘)、ROM(Read-Only Memory,只读存储器)、RAM(Random Access Memory,随即存储器)、EPROM(Erasable ProgrammableRead-Only Memory,可擦写可编程只读存储器)、EEPROM(Electrically ErasableProgrammable Read-Only Memory,电可擦可编程只读存储器)、闪存、磁性卡片或光线卡片。也就是,可读介质包括由设备(例如,计算机)以能够读的形式存储或传输信息的任何介质。Those skilled in the art will appreciate that the present invention includes devices related to performing one or more of the operations described in this application. These devices may be specially designed and fabricated for the required purposes, or they may include known devices found in general purpose computers. These devices have computer programs stored therein that are selectively activated or reconfigured. Such a computer program can be stored in a device (e.g., computer) readable medium, including but not limited to any type of medium suitable for storing electronic instructions and respectively coupled to a bus. Types of disks (including floppy disks, hard disks, CDs, CD-ROMs, and magneto-optical disks), ROM (Read-Only Memory, read-only memory), RAM (Random Access Memory, random access memory), EPROM (Erasable Programmable Read-Only Memory, Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory, Electrically Erasable Programmable Read-Only Memory), flash memory, magnetic card or optical card. That is, a readable medium includes any medium that stores or transmits information in a form readable by a device (eg, a computer).
本技术领域技术人员可以理解,可以用计算机程序指令来实现这些结构图和/或框图和/或流图中的每个框以及这些结构图和/或框图和/或流图中的框的组合。本技术领域技术人员可以理解,可以将这些计算机程序指令提供给通用计算机、专业计算机或其他可编程数据处理方法的处理器来实现,从而通过计算机或其他可编程数据处理方法的处理器来执行本发明公开的结构图和/或框图和/或流图的框或多个框中指定的方案。Those skilled in the art will understand that computer program instructions can be used to implement each block in these structural diagrams and/or block diagrams and/or flow diagrams and combinations of blocks in these structural diagrams and/or block diagrams and/or flow diagrams . Those skilled in the art can understand that these computer program instructions can be provided to general-purpose computers, professional computers, or processors of other programmable data processing methods for implementation, so that the computer or processors of other programmable data processing methods can execute the present invention. A scheme specified in a block or blocks of a structure diagram and/or a block diagram and/or a flow diagram of the invention disclosure.
本技术领域技术人员可以理解,本发明中已经讨论过的各种操作、方法、流程中的步骤、措施、方案可以被交替、更改、组合或删除。进一步地,具有本发明中已经讨论过的各种操作、方法、流程中的其他步骤、措施、方案也可以被交替、更改、重排、分解、组合或删除。进一步地,现有技术中的具有与本发明中公开的各种操作、方法、流程中的步骤、措施、方案也可以被交替、更改、重排、分解、组合或删除。Those skilled in the art can understand that the various operations, methods, and steps, measures, and solutions in the processes discussed in the present invention can be replaced, changed, combined, or deleted. Further, other steps, measures, and schemes in the various operations, methods, and processes that have been discussed in the present invention may also be replaced, changed, rearranged, decomposed, combined, or deleted. Further, steps, measures, and schemes in the prior art that have operations, methods, and processes disclosed in the present invention can also be alternated, changed, rearranged, decomposed, combined, or deleted.
以上所述仅是本发明的部分实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above descriptions are only part of the embodiments of the present invention. It should be pointed out that those skilled in the art can make some improvements and modifications without departing from the principles of the present invention. It should be regarded as the protection scope of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610796837.0ACN106371993B (en) | 2016-08-31 | 2016-08-31 | Packet-based test method and test device |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610796837.0ACN106371993B (en) | 2016-08-31 | 2016-08-31 | Packet-based test method and test device |
| Publication Number | Publication Date |
|---|---|
| CN106371993Atrue CN106371993A (en) | 2017-02-01 |
| CN106371993B CN106371993B (en) | 2019-07-19 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610796837.0AActiveCN106371993B (en) | 2016-08-31 | 2016-08-31 | Packet-based test method and test device |
| Country | Link |
|---|---|
| CN (1) | CN106371993B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107276852A (en)* | 2017-06-27 | 2017-10-20 | 福建省天奕网络科技有限公司 | A kind of data safety detection method and terminal |
| CN107454391A (en)* | 2017-09-22 | 2017-12-08 | 上海帆声图像科技有限公司 | Television set HDCP encryption detection methods based on hardware verification |
| CN107609401A (en)* | 2017-08-03 | 2018-01-19 | 百度在线网络技术(北京)有限公司 | Automatic test approach and device |
| CN108347361A (en)* | 2018-03-06 | 2018-07-31 | 平安普惠企业管理有限公司 | Applied program testing method, device, computer equipment and storage medium |
| CN110380932A (en)* | 2019-07-17 | 2019-10-25 | 中国工商银行股份有限公司 | Test method and device and test macro for safety equipment |
| CN111858357A (en)* | 2020-07-23 | 2020-10-30 | 杭州安恒信息技术股份有限公司 | A performance test monitoring method, equipment and related equipment |
| CN116743627A (en)* | 2023-06-27 | 2023-09-12 | 中国建设银行股份有限公司 | Pressure testing methods, devices, equipment and storage media |
| CN118672929A (en)* | 2024-08-16 | 2024-09-20 | 深圳奥联信息安全技术有限公司 | Database encryption and decryption performance loss testing method and device |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030115368A1 (en)* | 2001-12-14 | 2003-06-19 | D-Link Corporation | Apparatus for multi-level loopback test in a community network system and method therefor |
| CN101360015A (en)* | 2008-09-02 | 2009-02-04 | 北京星网锐捷网络技术有限公司 | Method, system and apparatus for test network appliance |
| CN101388800A (en)* | 2007-09-12 | 2009-03-18 | 百度在线网络技术(北京)有限公司 | Method, device and system for pressed test to network performance of server |
| CN103580943A (en)* | 2012-08-03 | 2014-02-12 | 亿赞普(北京)科技有限公司 | Network software online testing method and system |
| CN105279073A (en)* | 2015-10-30 | 2016-01-27 | 北京奇艺世纪科技有限公司 | Method and device for testing online system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030115368A1 (en)* | 2001-12-14 | 2003-06-19 | D-Link Corporation | Apparatus for multi-level loopback test in a community network system and method therefor |
| CN101388800A (en)* | 2007-09-12 | 2009-03-18 | 百度在线网络技术(北京)有限公司 | Method, device and system for pressed test to network performance of server |
| CN101360015A (en)* | 2008-09-02 | 2009-02-04 | 北京星网锐捷网络技术有限公司 | Method, system and apparatus for test network appliance |
| CN103580943A (en)* | 2012-08-03 | 2014-02-12 | 亿赞普(北京)科技有限公司 | Network software online testing method and system |
| CN105279073A (en)* | 2015-10-30 | 2016-01-27 | 北京奇艺世纪科技有限公司 | Method and device for testing online system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107276852B (en)* | 2017-06-27 | 2020-02-21 | 福建省天奕网络科技有限公司 | Data security detection method and terminal |
| CN107276852A (en)* | 2017-06-27 | 2017-10-20 | 福建省天奕网络科技有限公司 | A kind of data safety detection method and terminal |
| CN107609401A (en)* | 2017-08-03 | 2018-01-19 | 百度在线网络技术(北京)有限公司 | Automatic test approach and device |
| CN107454391A (en)* | 2017-09-22 | 2017-12-08 | 上海帆声图像科技有限公司 | Television set HDCP encryption detection methods based on hardware verification |
| CN108347361B (en)* | 2018-03-06 | 2020-08-04 | 平安普惠企业管理有限公司 | Application program testing method and device, computer equipment and storage medium |
| CN108347361A (en)* | 2018-03-06 | 2018-07-31 | 平安普惠企业管理有限公司 | Applied program testing method, device, computer equipment and storage medium |
| CN110380932A (en)* | 2019-07-17 | 2019-10-25 | 中国工商银行股份有限公司 | Test method and device and test macro for safety equipment |
| CN110380932B (en)* | 2019-07-17 | 2021-11-12 | 中国工商银行股份有限公司 | Test method and device for safety equipment and test system |
| CN111858357A (en)* | 2020-07-23 | 2020-10-30 | 杭州安恒信息技术股份有限公司 | A performance test monitoring method, equipment and related equipment |
| CN111858357B (en)* | 2020-07-23 | 2024-02-02 | 杭州安恒信息技术股份有限公司 | Performance test monitoring method and equipment and related equipment thereof |
| CN116743627A (en)* | 2023-06-27 | 2023-09-12 | 中国建设银行股份有限公司 | Pressure testing methods, devices, equipment and storage media |
| CN118672929A (en)* | 2024-08-16 | 2024-09-20 | 深圳奥联信息安全技术有限公司 | Database encryption and decryption performance loss testing method and device |
| CN118672929B (en)* | 2024-08-16 | 2024-11-08 | 深圳奥联信息安全技术有限公司 | Database encryption and decryption performance loss testing method and device |
| Publication number | Publication date |
|---|---|
| CN106371993B (en) | 2019-07-19 |
| Publication | Publication Date | Title |
|---|---|---|
| CN106371993B (en) | Packet-based test method and test device | |
| CN112019332B (en) | Encryption and decryption method based on micro-service, API gateway system and equipment | |
| CN108885666B (en) | System and method for detecting and preventing counterfeiting | |
| US20220210202A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| US10574686B2 (en) | Security verification by message interception and modification | |
| JP6527590B2 (en) | System and method for detecting covert channel network intrusion based on offline network traffic | |
| CN113574838A (en) | System and method for filtering Internet traffic by client fingerprinting | |
| CN108347361B (en) | Application program testing method and device, computer equipment and storage medium | |
| CN113542253A (en) | Network flow detection method, device, equipment and medium | |
| US20230362187A1 (en) | Event and rule-based dynamic security test system | |
| CN106130830A (en) | The method of testing of safety equipment stability and test device | |
| CN105574424A (en) | Big data encryption and decryption processing method and system | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN110995717B (en) | Message processing method and device, electronic equipment and vulnerability scanning system | |
| CN104035874B (en) | A kind of software program detection method, apparatus and system | |
| Alhazbi et al. | Llms have rhythm: Fingerprinting large language models using inter-token times and network traffic analysis | |
| CN114640519A (en) | Method and device for detecting encrypted traffic, and readable storage medium | |
| CN116094764B (en) | Power grid data storage method, device and equipment of power monitoring system | |
| CN108763934B (en) | Data processing method and device, storage medium and server | |
| Wang et al. | WireWatch: Measuring the security of proprietary network encryption in the global Android ecosystem | |
| KR20160123416A (en) | Information security device, terminal, network having information security system and terminal | |
| CN106549924A (en) | A kind of communication security protection methods, devices and systems | |
| CN115935310A (en) | Detection method, device, equipment and storage medium of weak password in login page | |
| CN108880785A (en) | A kind of detection C++ void table is by the method, apparatus, terminal and readable medium of hook | |
| CN113965366A (en) | Defense method, system and computer equipment for reverse proxy phishing attack |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right | Effective date of registration:20220707 Address after:Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before:100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before:Qizhi software (Beijing) Co.,Ltd. |