CN115865473A

Movatterモバイル変換

Info

Publication number: CN115865473A
Application number: CN202211509197.2A
Authority: CN
Inventors: 谢焱; 龚子倬
Original assignee: DBAPPSecurity Co Ltd
Current assignee: DBAPPSecurity Co Ltd
Priority date: 2022-11-29
Filing date: 2022-11-29
Publication date: 2023-03-28

Abstract

Description

Translated fromChinese

反向代理钓鱼攻击防御方法、装置、设备及介质Reverse proxy phishing attack defense method, device, equipment and medium

技术领域technical field

本发明涉及计算机技术领域，特别涉及反向代理钓鱼攻击防御方法、装置、设备及介质。The invention relates to the field of computer technology, in particular to a reverse proxy phishing attack defense method, device, equipment and medium.

背景技术Background technique

当前，互联网与人民的生活已经密不可分，网络攻击和犯罪成熟且多样多，其中鱼叉式网络钓鱼攻击非常个性化。网络犯罪分子研究他们的目标，并经常冒充一个值得信赖的同事、网站或企业。鱼叉式网络钓鱼电子邮件通常试图窃取敏感信息，如登录凭据或财务信息。例如，有时骗子冒充企业、学校或其他组织的员工，索取财务或个人信息。再比如，某公司员工群体被攻击，内容就是最常见的IT(Internet Technology)提醒你账号异常要登录OA(office automation)修改，然后模仿OA首页弄一个钓鱼页面收集密码，入职安全意识培训前钓鱼的刨去不看邮件的，中招率很高。对于传统对目标网站进行模仿的钓鱼，很多企业会通过设置白名单，联动恶意域名云查杀等手段进行防御。At present, the Internet is inseparable from people's lives, and cyber attacks and crimes are mature and diverse, among which spear phishing attacks are very personalized. Cybercriminals research their targets and often impersonate a trusted colleague, website or business. Spear-phishing emails often attempt to steal sensitive information, such as login credentials or financial information. For example, scammers sometimes pose as employees of a business, school, or other organization to solicit financial or personal information. For another example, when a group of employees of a company is attacked, the content is the most common IT (Internet Technology) reminder to log in to OA (office automation) to modify the account, and then imitate the OA homepage to create a phishing page to collect passwords, and phishing before the security awareness training for employees. Those who do not read emails have a high rate of being recruited. For the traditional phishing that imitates the target website, many companies will defend by setting up whitelists and linking malicious domain name cloud detection and killing.

传统的鱼叉被大家所认识后，层出不穷的手段也在更新，其中，反向代理钓鱼因为让攻击者更加真实地重放用户的请求过程，且能绕过多因素认证等原因，广受攻击者们的欢迎，并在公开可下载的程序网站(github)等提供了自动化反向代理的集成工具，包括广泛使用的Evilginx2、Modlishka和Muraena。此类集成的反向钓鱼平台，攻击者的钓鱼页面充当中间人，拦截认证过程，然后从被劫持的HTTP(Hyper Text Transfer Protocol，超文本传输协议)请求中提取包括密码和更重要的会话Cookies等敏感信息。在攻击者得到目标的会话Cookie后，他们将其注入自己的网络浏览器，在此过程中，用户实际上真实地进行了二次验证，这使得他们可以实现认证过程的跳过，进而进一步窃取、利用敏感信息。After the traditional harpoon is recognized by everyone, endless means are also being updated. Among them, reverse proxy phishing is widely attacked because it allows attackers to replay the user's request process more realistically and can bypass multi-factor authentication. It is welcomed by developers and provides integrated tools for automated reverse proxy on the publicly downloadable program website (github), including the widely used Evilginx2, Modlishka and Muraena. For such an integrated reverse phishing platform, the attacker's phishing page acts as a middleman, intercepts the authentication process, and then extracts passwords and more important session cookies from hijacked HTTP (Hyper Text Transfer Protocol) requests. Sensitive information. After the attackers get the target's session cookie, they inject it into their web browser. During the process, the user actually performs a second authentication, which allows them to skip the authentication process and further steal , Using sensitive information.

需要指出的是，中间人攻击的反向代理钓鱼，对于企业和用户来说，一切都是合理的通讯。中间人通过正常的手法对用户请求进行拦截、中继、转发给服务器。企业方即使通过域名的白名单添加，也无法满足实时性，因为企业的业务越大，无法从时效性的维度去甄别业务中的每一个域名是否有害。基于这种情况，企业会对员工进行安全意识的培训，从意识上加强员工的敏感度，让员工自行对请求的域名进行甄别是否存在危险，以对基于反向钓鱼的这种渗透模式进行防范，但是人工难免存在疏忽，不能及时有效对所述反向代理钓鱼攻击进行防御。It should be pointed out that the reverse proxy phishing of man-in-the-middle attacks is a reasonable communication for enterprises and users. The middleman intercepts, relays, and forwards user requests to the server through normal methods. Even if the enterprise side adds domain names through the whitelist, it cannot meet the real-time requirements, because the larger the business of the enterprise, it is impossible to identify whether each domain name in the business is harmful from the dimension of timeliness. Based on this situation, the enterprise will conduct security awareness training for employees, enhance the sensitivity of employees from the awareness, and let employees identify whether the requested domain name is dangerous, so as to prevent this penetration mode based on reverse phishing , but artificial negligence is unavoidable, and the reverse proxy phishing attack cannot be effectively defended in a timely manner.

综上所述，如何及时有效对所述反向代理钓鱼攻击进行防御是当前亟待解决的问题。To sum up, how to timely and effectively defend against the reverse proxy phishing attack is an urgent problem to be solved at present.

发明内容Contents of the invention

有鉴于此，本发明的目的在于提供反向代理钓鱼攻击防御方法、装置、设备及介质，能够及时有效对所述反向代理钓鱼攻击进行防御。其具体方案如下：In view of this, the purpose of the present invention is to provide a reverse proxy phishing attack defense method, device, equipment and medium, which can effectively defend against the reverse proxy phishing attack in a timely manner. The specific plan is as follows:

第一方面，本申请公开了一种反向代理钓鱼攻击防御方法，应用于浏览器端，包括：In the first aspect, this application discloses a reverse proxy phishing attack defense method, which is applied to the browser end, including:

向目标网站的服务器端发送第一请求，并获取所述服务器端基于目标请求返回的第一IP和混淆后校验代码；所述目标请求为所述第一请求或攻击端基于所述第一请求得到的第二请求；Send the first request to the server end of the target website, and obtain the first IP and the post-obfuscation verification code returned by the server end based on the target request; the target request is the first request or the attack end based on the first The request gets the second request;

自动对所述混淆后校验代码进行解混淆以得到预设校验代码；Automatically de-obfuscate the obfuscated verification code to obtain a preset verification code;

基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御。Extract the local second IP based on the preset verification code, and check whether the first IP is consistent with the second IP, if not, determine that the first IP is the IP of the attacking end, and The reverse proxy phishing attack is defended.

可选的，所述预设校验代码为JavaScript代码。Optionally, the preset verification code is JavaScript code.

可选的，所述混淆后校验代码为所述服务器端利用预设混淆方法对所述预设校验代码进行混淆得到的代码。Optionally, the post-obfuscation check code is a code obtained by obfuscating the preset check code by the server using a preset obfuscation method.

可选的，通过服务器端定期更改所述预设混淆方法。Optionally, the preset obfuscation method is periodically changed through the server.

可选的，所述获取所述服务器端基于目标请求返回的第一IP和混淆后校验代码，包括：Optionally, the obtaining the first IP returned by the server based on the target request and the verification code after obfuscation includes:

获取所述服务器端基于目标请求返回的数据包，渲染所述数据包得到所述第一IP和所述混淆后校验代码。Obtaining the data packet returned by the server based on the target request, rendering the data packet to obtain the first IP and the post-obfuscation check code.

可选的，所述基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御，包括：Optionally, extracting the local second IP based on the preset verification code, and checking whether the first IP is consistent with the second IP, if not, then determining that the first IP is the The IP of the attacking end, and defend against the reverse proxy phishing attack, including:

基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并显示表示所述浏览器端受到反向代理钓鱼攻击的告警信息，然后跳转至所述目标网站对应的网站网页。Extract the local second IP based on the preset verification code, and check whether the first IP is consistent with the second IP, if not, determine that the first IP is the IP of the attacking end, and display A warning message indicating that the browser end is subjected to a reverse proxy phishing attack, and then redirected to a web page corresponding to the target website.

第二方面，本申请公开了一种反向代理钓鱼攻击防御方法，应用于服务器端，包括：In the second aspect, the present application discloses a reverse proxy phishing attack defense method, which is applied to the server side, including:

获取目标请求；所述目标请求为浏览器端发送的第一请求或攻击端基于所述第一请求得到的第二请求；Obtaining a target request; the target request is the first request sent by the browser or the second request obtained by the attacking end based on the first request;

基于所述目标请求确定第一IP，并返回所述第一IP和混淆后校验代码，以便所述浏览器端在获取所述第一IP和所述混淆后校验代码后，自动对所述混淆后校验代码进行解混淆以得到预设校验代码，然后基于所述预设校验代码提取所述浏览器端的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御。Determine the first IP based on the target request, and return the first IP and the post-obfuscation verification code, so that after the browser obtains the first IP and the post-obfuscation verification code, it automatically The post-obfuscation check code is de-obfuscated to obtain a preset check code, and then the second IP of the browser is extracted based on the preset check code, and it is checked whether the first IP and the second IP are If they are inconsistent, then determine that the first IP is the IP of the attacking end, and defend against the reverse proxy phishing attack.

第三方面，本申请公开了一种反向代理钓鱼攻击防御装置，应用于浏览器端，包括：In the third aspect, the present application discloses a reverse proxy phishing attack defense device, which is applied to the browser end, including:

请求发送模块，用于向目标网站的服务器端发送第一请求；A request sending module, configured to send a first request to the server side of the target website;

获取模块，用于获取所述服务器端基于目标请求返回的第一IP和混淆后校验代码；所述目标请求为所述第一请求或攻击端基于所述第一请求得到的第二请求；An acquisition module, configured to acquire the first IP and the obfuscated verification code returned by the server based on the target request; the target request is the first request or the second request obtained by the attacking end based on the first request;

解混淆模块，用于自动对所述混淆后校验代码进行解混淆以得到预设校验代码；A de-obfuscation module, configured to automatically de-obfuscate the obfuscated verification code to obtain a preset verification code;

校验模块，用于基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御。A verification module, configured to extract a local second IP based on the preset verification code, and check whether the first IP is consistent with the second IP, and if not, determine that the first IP is the The IP of the attacking end, and defend against the reverse proxy phishing attack.

第四方面，本申请公开了一种电子设备，包括处理器和存储器；其中，所述处理器执行所述存储器中保存的计算机程序时实现前述公开的反向代理钓鱼攻击防御方法。In a fourth aspect, the present application discloses an electronic device, including a processor and a memory; wherein, when the processor executes the computer program stored in the memory, the above disclosed reverse proxy phishing attack defense method is implemented.

第五方面，本申请公开了一种计算机可读存储介质，用于存储计算机程序；其中，所述计算机程序被处理器执行时实现前述公开的反向代理钓鱼攻击防御方法。In a fifth aspect, the present application discloses a computer-readable storage medium for storing a computer program; wherein, when the computer program is executed by a processor, the above disclosed reverse proxy phishing attack defense method is implemented.

可见，本申请向目标网站的服务器端发送第一请求，并获取所述服务器端基于目标请求返回的第一IP和混淆后校验代码；所述目标请求为所述第一请求或攻击端基于所述第一请求得到的第二请求；自动对所述混淆后校验代码进行解混淆以得到预设校验代码；基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御。由此可见，本申请通过预设校验代码进行IP比对，判断出浏览器端是否受到反向代理钓鱼攻击，与人为甄别相比提高了判断正确率，并能够及时有效进行反向代理钓鱼攻击的防御工作；另外，传输的是混淆后校验代码，因此保证了代码的安全性，不会被攻击端更改。It can be seen that this application sends a first request to the server of the target website, and obtains the first IP and the post-obfuscation verification code returned by the server based on the target request; the target request is the first request or the attack terminal based on The second request obtained from the first request; automatically de-obfuscate the post-obfuscation verification code to obtain a preset verification code; extract the local second IP based on the preset verification code, and verify the Whether the first IP is consistent with the second IP, if not, then determine that the first IP is the IP of the attacking end, and defend against the reverse proxy phishing attack. It can be seen that this application performs IP comparison through the preset verification code to determine whether the browser is attacked by reverse proxy phishing, which improves the accuracy of judgment compared with manual screening, and can carry out reverse proxy phishing in a timely and effective manner The defense work of the attack; in addition, the transmission is the verification code after obfuscation, so the security of the code is guaranteed and will not be changed by the attacking end.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本发明的实施例，对于本领域普通技术人员来讲，在不付出创造性劳动的前提下，还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1为本申请提供的一种反向代理钓鱼攻击防御方法流程图；Fig. 1 is a flow chart of a reverse proxy phishing attack defense method provided by the application;

图2为本申请提供的一种具体的反向代理钓鱼攻击防御方法流程图；Fig. 2 is a kind of specific flow chart of reverse proxy phishing attack defense method provided by the present application;

图3为本申请提供的一种反向代理钓鱼攻击方法的架构图；Fig. 3 is the architectural diagram of a kind of reverse proxy phishing attack method provided by the present application;

图4为本申请提供的一种反向代理钓鱼攻击方法的浏览器端校验示意图；Fig. 4 is a schematic diagram of browser-side verification of a reverse proxy phishing attack method provided by the present application;

图5为本申请提供的一种反向代理钓鱼攻击防御成功时序图；Fig. 5 is a sequence diagram of successful defense against a reverse proxy phishing attack provided by the present application;

图6为本申请提供的一种反向代理钓鱼攻击防御装置结构示意图；FIG. 6 is a schematic structural diagram of a reverse proxy phishing attack defense device provided by the present application;

图7为本申请提供的一种电子设备结构图。FIG. 7 is a structural diagram of an electronic device provided by the present application.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅仅是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

当前，中间人攻击的反向代理钓鱼，对于企业和用户来说，一切都是合理的通讯。中间人通过正常的手法对用户请求进行拦截、中继、转发给服务器。企业方即使通过域名的白名单添加，也无法满足实时性，因为企业的业务越大，无法从时效性的维度去甄别业务中的每一个域名是否有害。基于这种情况，企业会对员工进行安全意识的培训，从意识上加强员工的敏感度，让员工自行对请求的域名进行甄别是否存在危险，以对基于反向钓鱼的这种渗透模式进行防范，但是人工难免存在疏忽，不能及时有效对所述反向代理钓鱼攻击进行防御。Currently, reverse proxy phishing for man-in-the-middle attacks is a reasonable communication for enterprises and users. The middleman intercepts, relays, and forwards user requests to the server through normal methods. Even if the enterprise side adds domain names through the whitelist, it cannot meet the real-time requirements, because the larger the business of the enterprise, it is impossible to identify whether each domain name in the business is harmful from the dimension of timeliness. Based on this situation, the enterprise will conduct security awareness training for employees, enhance the sensitivity of employees from the awareness, and let employees identify whether the requested domain name is dangerous, so as to prevent this penetration mode based on reverse phishing , but artificial negligence is unavoidable, and the reverse proxy phishing attack cannot be effectively defended in a timely manner.

为了克服上述问题，本申请提供了一种反向代理钓鱼攻击防御方案，能够及时有效对所述反向代理钓鱼攻击进行防御。In order to overcome the above problems, the present application provides a reverse proxy phishing attack defense solution, which can effectively defend against the reverse proxy phishing attack in a timely manner.

参见图1所示，本申请实施例公开了一种反向代理钓鱼攻击防御方法，应用于浏览器端，该方法包括：Referring to Fig. 1, the embodiment of the present application discloses a reverse proxy phishing attack defense method, which is applied to the browser end, and the method includes:

步骤S11：向目标网站的服务器端发送第一请求，并获取所述服务器端基于目标请求返回的第一IP和混淆后校验代码；所述目标请求为所述第一请求或攻击端基于所述第一请求得到的第二请求。Step S11: Send a first request to the server of the target website, and obtain the first IP and the post-obfuscation verification code returned by the server based on the target request; the target request is the first request or the attack end based on the The second request obtained from the first request.

本申请实施例中，当所述浏览器端没有受到反向代理钓鱼攻击时，所述目标请求为第一请求；当所述浏览器端受到反向代理钓鱼攻击时，所述目标请求为攻击端基于所述第一请求得到的第二请求。需要指出的是，所述目标请求为第一请求时，所述第一IP(Internet Protocol)为所述浏览器端的IP；所述目标请求为第二请求时，所述第一IP为所述攻击端的IP。In the embodiment of the present application, when the browser end is not attacked by reverse proxy phishing, the target request is the first request; when the browser end is attacked by reverse proxy phishing, the target request is attack The end obtains a second request based on the first request. It should be pointed out that when the target request is the first request, the first IP (Internet Protocol) is the IP of the browser end; when the target request is the second request, the first IP is the IP of the browser. Attacker's IP.

本申请实施例中，所述获取所述服务器端基于目标请求返回的第一IP和混淆后校验代码，包括：获取所述服务器端基于目标请求返回的数据包，渲染所述数据包得到所述第一IP和所述混淆后校验代码。In the embodiment of the present application, the acquiring the first IP and the post-obfuscation verification code returned by the server based on the target request includes: acquiring the data packet returned by the server based on the target request, and rendering the data packet to obtain the The first IP and the post-obfuscation verification code.

本申请实施例中，所述混淆后校验代码为所述服务器端利用预设混淆方法对所述预设校验代码进行混淆得到的代码。所述预设校验代码为JavaScript代码。由于代码被混淆，因此不易被破解。In this embodiment of the present application, the obfuscated verification code is a code obtained by obfuscating the preset verification code by the server using a preset obfuscation method. The preset verification code is JavaScript code. Since the code is obfuscated, it cannot be easily cracked.

本申请实施例中，通过服务器端定期更改所述预设混淆方法。需要指出的是，由于预设混淆方法被定期更改，因此攻击者无法定向进行模仿并清除预设校验代码。In the embodiment of the present application, the preset obfuscation method is regularly changed through the server. It should be pointed out that since the preset obfuscation method is changed regularly, the attacker cannot target to imitate and clear the preset verification code.

步骤S12：自动对所述混淆后校验代码进行解混淆以得到预设校验代码。Step S12: Automatically de-obfuscate the obfuscated verification code to obtain a preset verification code.

本申请实施例中，浏览器自带解混淆功能。In this embodiment of the application, the browser has its own de-obfuscation function.

步骤S13：基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御。Step S13: Extract the local second IP based on the preset verification code, and check whether the first IP is consistent with the second IP, and if not, determine that the first IP is the IP of the attacking end , and defend against the reverse proxy phishing attack.

本申请实施例中，所述基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御，包括：基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并显示表示所述浏览器端受到反向代理钓鱼攻击的告警信息，然后跳转至所述目标网站对应的网站网页。需要指出的是，所述第二IP为浏览器端IP。In the embodiment of the present application, the second local IP is extracted based on the preset verification code, and it is checked whether the first IP is consistent with the second IP, and if not, it is determined that the first IP is The IP of the attacking end, and the defense against the reverse proxy phishing attack, including: extracting the local second IP based on the preset verification code, and checking whether the first IP is consistent with the second IP , if inconsistent, then determine that the first IP is the IP of the attacking end, and display a warning message indicating that the browser end is subjected to a reverse proxy phishing attack, and then jump to the web page corresponding to the target website. It should be pointed out that the second IP is the IP of the browser.

本申请实施例中，检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，此时，所述浏览器端受到反向代理钓鱼攻击；若一致，则所述第一IP为所述浏览器端的IP，此时，所述浏览器端没有受到反向代理钓鱼攻击。需要指出的是，本申请通过浏览器端进行IP的对比，以判断出浏览器端是否受到反向钓鱼攻击，不用人为判断甄别，可有效提高判断正确率，有效进行反向钓鱼攻击的防御。In the embodiment of the present application, check whether the first IP is consistent with the second IP, if not, then determine that the first IP is the IP of the attacking end, and at this time, the browser end is subject to reverse proxy Phishing attack; if consistent, the first IP is the IP of the browser end, and at this time, the browser end has not been attacked by reverse proxy phishing. It should be pointed out that this application compares the IPs on the browser side to determine whether the browser side is subjected to reverse phishing attacks, without human judgment and screening, which can effectively improve the judgment accuracy and effectively defend against reverse phishing attacks.

本申请实施例中，使用了前端的JavaScript技术，把甄别风险从用户转移至浏览器端，可以在终端减少用户被反向钓鱼的风险，。In the embodiment of this application, the front-end JavaScript technology is used to transfer the identification risk from the user to the browser, which can reduce the risk of reverse phishing for the user at the terminal.

本申请实施例中，使用前端的JavaScript技术，基于浏览器进行运作，可以减少被反向代理钓鱼公司、单位安装在出口流量的流量校验设备的成本。In the embodiment of the present application, the front-end JavaScript technology is used to operate based on the browser, which can reduce the cost of the traffic verification equipment installed on the egress traffic by reverse proxy phishing companies and units.

参见图2所示，本申请实施例公开了一种反向代理钓鱼攻击防御方法，应用于服务器端，该方法包括：Referring to Fig. 2, the embodiment of the present application discloses a reverse proxy phishing attack defense method, which is applied to the server side, and the method includes:

步骤S21：获取目标请求；所述目标请求为浏览器端发送的第一请求或攻击端基于所述第一请求得到的第二请求。Step S21: Obtain a target request; the target request is the first request sent by the browser or the second request obtained by the attacking end based on the first request.

本申请实施例中，当所述浏览器端没有受到反向代理钓鱼攻击时，所述目标请求为第一请求；当所述浏览器端受到反向代理钓鱼攻击时，所述目标请求为攻击端基于所述第一请求得到的第二请求。需要指出的是，所述目标请求为第一请求时，所述第一IP为所述浏览器端的IP；所述目标请求为第二请求时，所述第一IP为所述攻击端的IP。In the embodiment of the present application, when the browser end is not attacked by reverse proxy phishing, the target request is the first request; when the browser end is attacked by reverse proxy phishing, the target request is attack The end obtains a second request based on the first request. It should be pointed out that, when the target request is the first request, the first IP is the IP of the browser; when the target request is the second request, the first IP is the IP of the attacking end.

步骤S22：基于所述目标请求确定第一IP，并返回所述第一IP和混淆后校验代码，以便所述浏览器端在获取所述第一IP和所述混淆后校验代码后，自动对所述混淆后校验代码进行解混淆以得到预设校验代码，然后基于所述预设校验代码提取所述浏览器端的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御。Step S22: Determine the first IP based on the target request, and return the first IP and the post-obfuscation verification code, so that after the browser obtains the first IP and the post-obfuscation verification code, automatically de-obfuscate the post-obfuscation verification code to obtain a preset verification code, then extract the second IP of the browser end based on the preset verification code, and verify that the first IP and the second IP Whether the two IPs are consistent, if not, then determine that the first IP is the IP of the attacking end, and defend against the reverse proxy phishing attack.

本申请实施例中，所述检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御，包括：检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并显示表示所述浏览器端受到反向代理钓鱼攻击的告警信息，然后跳转至所述目标网站对应的网站网页。需要指出的是，所述第二IP为浏览器端IP。In the embodiment of the present application, the checking of whether the first IP is consistent with the second IP, if not, then determine that the first IP is the IP of the attacking end, and perform a phishing attack on the reverse proxy Defense, including: checking whether the first IP is consistent with the second IP, if not, then determining that the first IP is the IP of the attacking end, and displaying that the browser end is subjected to a reverse proxy phishing attack warning information, and then jump to the website webpage corresponding to the target website. It should be pointed out that the second IP is the IP of the browser.

本申请实施例中，所述对所述反向代理钓鱼攻击进行防御，包括：显示表示所述浏览器端受到反向代理钓鱼攻击的告警信息，然后跳转至所述目标网站对应的网站网页。In the embodiment of the present application, the defense against the reverse proxy phishing attack includes: displaying a warning message indicating that the browser is subjected to a reverse proxy phishing attack, and then jumping to the web page corresponding to the target website .

本申请实施例中，所述浏览器端获取所述服务器端基于目标请求返回的数据包之后，渲染所述数据包得到所述第一IP和所述混淆后校验代码。所述混淆后校验代码为所述服务器端利用预设混淆方法对所述预设校验代码进行混淆得到的代码。所述预设校验代码为JavaScript代码。需要指出的是，由于代码被混淆，因此不易被破解。In this embodiment of the present application, after the browser acquires the data packet returned by the server based on the target request, it renders the data packet to obtain the first IP and the post-obfuscation verification code. The obfuscated verification code is a code obtained by obfuscating the preset verification code by the server using a preset obfuscation method. The preset verification code is JavaScript code. It should be pointed out that since the code is obfuscated, it cannot be easily cracked.

本申请实施例中，服务器端需要定期更改所述预设混淆方法。需要指出的是，由于预设混淆方法被定期更改，因此攻击者无法定向进行模仿并清除预设校验代码。In the embodiment of this application, the server needs to change the preset obfuscation method periodically. It should be pointed out that since the preset obfuscation method is changed regularly, the attacker cannot target to imitate and clear the preset verification code.

可见，本申请获取目标请求；所述目标请求为浏览器端发送的第一请求或攻击端基于所述第一请求得到的第二请求。基于所述目标请求确定第一IP，并返回所述第一IP和混淆后校验代码，以便所述浏览器端在获取所述第一IP和所述混淆后校验代码后，自动对所述混淆后校验代码进行解混淆以得到预设校验代码，然后基于所述预设校验代码提取所述浏览器端的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御。由此可见，本申请通过预设校验代码进行IP比对，判断出浏览器端是否受到反向代理钓鱼攻击，与人为甄别相比提高了判断正确率，并能够及时有效进行反向代理钓鱼攻击的防御工作；另外，传输的是混淆后校验代码，因此保证了代码的安全性，不会被攻击端更改。It can be seen that this application obtains the target request; the target request is the first request sent by the browser or the second request obtained by the attacking side based on the first request. Determine the first IP based on the target request, and return the first IP and the post-obfuscation verification code, so that after the browser obtains the first IP and the post-obfuscation verification code, it automatically The post-obfuscation check code is de-obfuscated to obtain a preset check code, and then the second IP of the browser is extracted based on the preset check code, and it is checked whether the first IP and the second IP are If they are inconsistent, then determine that the first IP is the IP of the attacking end, and defend against the reverse proxy phishing attack. It can be seen that this application performs IP comparison through the preset verification code to determine whether the browser is attacked by reverse proxy phishing, which improves the accuracy of judgment compared with manual screening, and can carry out reverse proxy phishing in a timely and effective manner The defense work of the attack; in addition, the transmission is the verification code after obfuscation, so the security of the code is guaranteed and will not be changed by the attacking end.

参见图3所示，为反向代理钓鱼攻击方法的架构图，假设存在攻击端，浏览器端发送第一请求，攻击端获取第一请求以得到并发送第二请求(中继请求)至服务器端，服务器端获取攻击端的第一IP，并结合混淆后校验代码构成数据包，并将所述保发送至攻击端，攻击端将数据包返回给浏览器端，浏览器端渲染数据包得到第一IP和混淆后校验代码，所述浏览器端利用第一IP和混淆后校验代码进行校验操作。Referring to Fig. 3, it is an architecture diagram of the reverse proxy phishing attack method, assuming that there is an attack end, the browser end sends the first request, and the attack end obtains the first request to obtain and send the second request (relay request) to the server end, the server side obtains the first IP of the attacking end, and combines the obfuscated verification code to form a data packet, and sends the protection to the attacking end, the attacking end returns the data packet to the browser end, and the browser end renders the data packet to obtain The first IP and the post-obfuscation verification code, the browser uses the first IP and the post-obfuscation verification code to perform the verification operation.

参见图4所示，为反向代理钓鱼攻击方法的浏览器端校验示意图，在存在攻击端的情况下，图中简单写明了预设校验代码和混淆后校验代码的形式，图中服务器返回混淆后校验代码和第一IP到浏览器，浏览器渲染返回页面后后得到混淆后校验代码和第一IP(攻击端IP，为1.1.1.1)，并根据混淆后校验代码解混淆后得到的预设校验代码获取浏览器端的第二IP(2.2.2.2)，判断1.1.1.1与2.2.2.2不同，则弹出素数浏览器端受到反向代理钓鱼攻击的警告，然后跳转至服务器端对应的正常的目标网页的页面。See Figure 4, which is a schematic diagram of the browser-side verification of the reverse proxy phishing attack method. In the case of an attack end, the figure simply states the form of the pre-set verification code and the obfuscated verification code. The server returns the obfuscated verification code and the first IP to the browser. After the browser renders the returned page, it gets the obfuscated verification code and the first IP (the IP of the attack end, which is 1.1.1.1), and according to the obfuscated verification code The default verification code obtained after de-obfuscation obtains the second IP (2.2.2.2) of the browser, and if it is judged that 1.1.1.1 is different from 2.2.2.2, a warning will pop up that the prime number browser is under reverse proxy phishing attack, and then jump to Go to the server-side equivalent of a normal landing page page.

参见图5所示，为反向代理钓鱼攻击防御成功时序图，图中具体过程如下所述：See Figure 5, which is a sequence diagram of successful reverse proxy phishing attack defense. The specific process in the figure is as follows:

1、用户收到攻击端(中间人攻击)发送的恶意链接，告知用户由于公司受到攻击，需要重新登录修改个人密码；1. The user receives a malicious link sent by the attacking end (man-in-the-middle attack), informing the user that the company has been attacked and needs to log in again to change the personal password;

2、用户通过浏览器端，打开恶意链接访问恶意网站；2. The user opens a malicious link through the browser to access a malicious website;

3、攻击端通过中继接收到用户通过浏览器端发送的第一请求，并基于所述第一请求得到第二请求转发给目标网站(真实网站)；所述第二请求与第一请求的发送者的IP不同；另外攻击端更改或不更改所述第一请求的具体内容，若不更改具体内容，可认为是重放用户的第一请求；3. The attack end receives the first request sent by the user through the browser through the relay, and based on the first request, obtains the second request and forwards it to the target website (real website); the second request and the first request The IP of the sender is different; in addition, the attack end changes or does not change the specific content of the first request. If the specific content is not changed, it can be considered as replaying the user's first request;

4、目标网站获取了攻击端的IP(1.1.1.1)，加上验证客户端IP的逻辑(混淆后校验代码)构成数据包一起返回；代码为JavaScript代码；4. The target website obtains the IP of the attacking end (1.1.1.1), plus the logic of verifying the client IP (check code after obfuscation) to form a data packet and return together; the code is JavaScript code;

5、攻击端接收真实网站返回的数据包；由于JavaScript代码被混淆，且由于服务器端存在混淆池，定期对混淆逻辑进行修改，中间人无法定位代码进行篡改；5. The attack end receives the data packet returned by the real website; because the JavaScript code is obfuscated, and because there is an obfuscation pool on the server side, the obfuscation logic is regularly modified, and the intermediary cannot locate the code for tampering;

6、服务器返回的数据包通过中间人返回到浏览器端，浏览器端对返回包进行渲染，运行JavaScript代码，首先在客户本地提取到客户的真实IP(2.2.2.2)，然后进入IP校验的校验逻辑，发现攻击者IP和客户端IP无法匹配成功，浏览器弹出警告“正在遭受钓鱼攻击！”，跳转至office365真实页面，具体校验逻辑如图4所示。6. The data packet returned by the server is returned to the browser through an intermediary, and the browser renders the returned packet and runs the JavaScript code. First, the client's real IP (2.2.2.2) is extracted locally, and then enters the IP verification After verifying the logic, it is found that the attacker's IP and the client's IP cannot match successfully, and the browser pops up a warning "Under phishing attack!" and jumps to the real page of office365. The specific verification logic is shown in Figure 4.

综上所述，本申请防御反向代理钓鱼，当用户访问目标网站时，攻击者在中间中继，转发用户请求，服务器会提取中间人的请求IP，并加上服务端混淆过的JavaScript代码跟随返回包一同返回，返回包在用户的浏览器进行渲染时，则会提取用户的真实IP并与中间的IP进行比对，当匹配失败，便会返回给用户正在遭受钓鱼攻击的提示，而该JavaScript代码的函数由于被服务器端混淆过，且混淆方法定期改变，使得攻击者无法定向进行模仿并清除。To sum up, this application defends against reverse proxy phishing. When a user visits the target website, the attacker relays in the middle and forwards the user's request. The server will extract the request IP of the middleman, and add the JavaScript code obfuscated by the server to follow. The return package is returned together. When the return package is rendered in the user's browser, the user's real IP will be extracted and compared with the intermediate IP. Because the functions of the JavaScript code are obfuscated by the server, and the obfuscation method is changed regularly, it is impossible for the attacker to imitate and clear.

参见图6所示，本申请实施例公开了一种反向代理钓鱼攻击防御装置，应用于浏览器端，包括：Referring to Figure 6, the embodiment of the present application discloses a reverse proxy phishing attack defense device, which is applied to the browser end, including:

请求发送模块11，用于向目标网站的服务器端发送第一请求；Request sending module 11, for sending the first request to the server end of target website;

获取模块12，用于获取所述服务器端基于目标请求返回的第一IP和混淆后校验代码；所述目标请求为所述第一请求或攻击端基于所述第一请求得到的第二请求；Obtaining module 12, is used for obtaining the first IP that described server side returns based on target request and the check code after obfuscation; Described target request is described first request or the second request that attack end obtains based on described first request ;

解混淆模块13，用于自动对所述混淆后校验代码进行解混淆以得到预设校验代码；A de-obfuscation module 13, configured to automatically de-obfuscate the obfuscated verification code to obtain a preset verification code;

校验模块14，用于基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御。The verification module 14 is used to extract the local second IP based on the preset verification code, and check whether the first IP is consistent with the second IP, and if not, determine that the first IP is the IP of the above-mentioned attacking end, and defend against the reverse proxy phishing attack.

其中，关于上述各个模块更加具体的工作过程可以参考前述实施例中公开的相应内容，在此不再进行赘述。For the more specific working process of each of the above modules, reference may be made to the corresponding content disclosed in the foregoing embodiments, which will not be repeated here.

在一种具体实施例中，所述预设校验代码为JavaScript代码。In a specific embodiment, the preset verification code is JavaScript code.

在一种具体实施例中，所述混淆后校验代码为所述服务器端利用预设混淆方法对所述预设校验代码进行混淆得到的代码。In a specific embodiment, the post-obfuscation check code is a code obtained by obfuscating the preset check code by the server using a preset obfuscation method.

在一种具体实施例中，通过服务器端定期更改所述预设混淆方法。In a specific embodiment, the preset obfuscation method is periodically changed through the server.

在一种具体实施例中，所述获取模块12，包括：In a specific embodiment, the acquisition module 12 includes:

获取单元，用于获取所述服务器端基于目标请求返回的数据包，渲染所述数据包得到所述第一IP和所述混淆后校验代码。The obtaining unit is configured to obtain the data packet returned by the server based on the target request, and render the data packet to obtain the first IP and the post-obfuscation verification code.

在一种具体实施例中，所述校验模块14，包括：In a specific embodiment, the verification module 14 includes:

校验单元，用于基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并显示表示所述浏览器端受到反向代理钓鱼攻击的告警信息，然后跳转至所述目标网站对应的网站网页。A verification unit, configured to extract a local second IP based on the preset verification code, and verify whether the first IP is consistent with the second IP, and if not, determine that the first IP is the The IP of the attacking end is displayed, and a warning message indicating that the browser end is subjected to a reverse proxy phishing attack is displayed, and then jumps to the corresponding web page of the target website.

进一步的，本申请实施例还提供了一种电子设备，图7是根据一示例性实施例示出的电子设备20结构图，图中的内容不能认为是对本申请的使用范围的任何限制。Further, the embodiment of the present application also provides an electronic device. FIG. 7 is a structural diagram of anelectronic device 20 according to an exemplary embodiment, and the content in the figure should not be regarded as any limitation on the application scope of the present application.

图7为本申请实施例提供的一种电子设备20的结构示意图。该电子设备20，具体可以包括：至少一个处理器21、至少一个存储器22、电源23、输入输出接口24、通信接口25和通信总线26。其中，所述存储器22用于存储计算机程序，所述计算机程序由所述处理器21加载并执行，以实现前述任意实施例公开的反向代理钓鱼攻击防御方法的相关步骤。FIG. 7 is a schematic structural diagram of anelectronic device 20 provided by an embodiment of the present application. Theelectronic device 20 may specifically include: at least one processor 21 , at least one memory 22 , a power supply 23 , an input/output interface 24 , a communication interface 25 and a communication bus 26 . Wherein, the memory 22 is used to store a computer program, and the computer program is loaded and executed by the processor 21, so as to realize the relevant steps of the reverse proxy phishing attack defense method disclosed in any of the foregoing embodiments.

本实施例中，电源23用于为电子设备20上的各硬件设备提供工作电压；通信接口25能够为电子设备20创建与外界设备之间的数据传输通道，其所遵循的通信协议是能够适用于本申请技术方案的任意通信协议，在此不对其进行具体限定；输入输出接口24，用于获取外界输入数据或向外界输出数据，其具体的接口类型可以根据具体应用需要进行选取，在此不进行具体限定。In this embodiment, the power supply 23 is used to provide operating voltage for each hardware device on theelectronic device 20; the communication interface 25 can create a data transmission channel between theelectronic device 20 and external devices, and the communication protocol it follows is applicable Any communication protocol in the technical solution of the present application is not specifically limited here; the input and output interface 24 is used to obtain external input data or output data to the external world, and its specific interface type can be selected according to specific application needs, here Not specifically limited.

另外，存储器22作为资源存储的载体，可以是只读存储器、随机存储器、磁盘或者光盘等，存储器22作为可以包括作为运行内存的随机存取存储器和用于外部内存的存储用途的非易失性存储器，其上的存储资源包括操作系统221、计算机程序222等，存储方式可以是短暂存储或者永久存储。In addition, the memory 22 is used as a resource storage carrier, which can be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., and the memory 22 can include a random access memory as a running memory and a non-volatile memory used for storage of an external memory. The memory, on which the storage resources include the operating system 221, the computer program 222, etc., can be stored temporarily or permanently.

其中，操作系统221用于管理与控制源主机上电子设备20上的各硬件设备以及计算机程序222，操作系统221可以是Windows、Unix、Linux等。计算机程222除了包括能够用于完成前述任一实施例公开的由电子设备20执行的反向代理钓鱼攻击防御方法的计算机程序之外，还可以进一步包括能够用于完成其他特定工作的计算机程序。Wherein, the operating system 221 is used to manage and control various hardware devices and computer programs 222 on theelectronic device 20 on the source host, and the operating system 221 may be Windows, Unix, Linux, etc. In addition to the computer program that can be used to complete the reverse proxy phishing attack defense method performed by theelectronic device 20 disclosed in any of the foregoing embodiments, the computer program 222 can further include a computer program that can be used to complete other specific tasks.

本实施例中，所述输入输出接口24具体可以包括但不限于USB接口、硬盘读取接口、串行接口、语音输入接口、指纹输入接口等。In this embodiment, the input and output interface 24 may specifically include but not limited to a USB interface, a hard disk reading interface, a serial interface, a voice input interface, a fingerprint input interface, and the like.

进一步的，本申请实施例还公开了一种计算机可读存储介质，用于存储计算机程序；其中，所述计算机程序被处理器执行时实现前述公开的反向代理钓鱼攻击防御方法。Furthermore, the embodiment of the present application also discloses a computer-readable storage medium for storing a computer program; wherein, when the computer program is executed by a processor, the above disclosed reverse proxy phishing attack defense method is implemented.

关于该方法的具体步骤可以参考前述实施例中公开的相应内容，在此不再进行赘述。Regarding the specific steps of the method, reference may be made to the corresponding content disclosed in the foregoing embodiments, and details are not repeated here.

这里所说的计算机可读存储介质包括随机存取存储器(Random Access Memory，RAM)、内存、只读存储器(Read-Only Memory，ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、磁碟或者光盘或技术领域内所公知的任意其他形式的存储介质。其中，所述计算机程序被处理器执行时实现前述反向代理钓鱼攻击防御方法。关于该方法的具体步骤可以参考前述实施例中公开的相应内容，在此不再进行赘述。The computer-readable storage medium mentioned here includes random access memory (Random Access Memory, RAM), internal memory, read-only memory (Read-Only Memory, ROM), electrically programmable ROM, electrically erasable programmable ROM, register , hard disk, magnetic disk or optical disk or any other form of storage medium known in the technical field. Wherein, when the computer program is executed by the processor, the aforementioned reverse proxy phishing attack defense method is realized. Regarding the specific steps of the method, reference may be made to the corresponding content disclosed in the foregoing embodiments, and details are not repeated here.

本说明书中各个实施例采用递进的方式描述，每个实施例重点说明的都是与其它实施例的不同之处，各个实施例之间相同或相似部分互相参见即可。对于实施例公开的装置而言，由于其与实施例公开的反向代理钓鱼攻击防御方法相对应，所以描述的比较简单，相关之处参见方法部分说明即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same or similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the reverse proxy phishing attack defense method disclosed in the embodiment, the description is relatively simple, and for relevant details, please refer to the description of the method part.

专业人员还可以进一步意识到，结合本文中所公开的实施例描述的各示例的单元及算法步骤，能够以电子硬件、计算机软件或者二者的结合来实现，为了清楚地说明硬件和软件的可互换性，在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行，取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能，但是这种实现不应认为超出本申请的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

结合本文中所公开的实施例描述算法的步骤可以直接用硬件、处理器执行的软件模块，或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the algorithms described in conjunction with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

最后，还需要说明的是，在本文中，诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来，而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且，术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含，从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素，而且还包括没有明确列出的其他要素，或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。Finally, it should also be noted that in this text, relational terms such as first and second etc. are only used to distinguish one entity or operation from another, and do not necessarily require or imply that these entities or operations, any such actual relationship or order exists. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.

以上对本发明所提供的一种反向代理钓鱼攻击防御方法、装置、设备及介质进行了详细介绍，本文中应用了具体个例对本发明的原理及实施方式进行了阐述，以上实施例的说明只是用于帮助理解本发明的方法及其核心思想；同时，对于本领域的一般技术人员，依据本发明的思想，在具体实施方式及应用范围上均会有改变之处，综上所述，本说明书内容不应理解为对本发明的限制。A kind of reverse proxy phishing attack defense method, device, equipment and medium provided by the present invention have been introduced in detail above. In this paper, specific examples have been used to illustrate the principle and implementation of the present invention. The description of the above embodiments is only It is used to help understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and scope of application. In summary, this The content of the description should not be construed as limiting the present invention.

Claims

Translated fromChinese

1.一种反向代理钓鱼攻击防御方法，其特征在于，应用于浏览器端，包括：1. A reverse proxy phishing attack defense method, characterized in that it is applied to the browser end, including:

2.根据权利要求1所述的反向代理钓鱼攻击防御方法，其特征在于，所述预设校验代码为JavaScript代码。2. The reverse proxy phishing attack defense method according to claim 1, wherein the preset verification code is JavaScript code.

3.根据权利要求1所述的反向代理钓鱼攻击防御方法，其特征在于，所述混淆后校验代码为所述服务器端利用预设混淆方法对所述预设校验代码进行混淆得到的代码。3. The reverse proxy phishing attack defense method according to claim 1, wherein the verification code after the obfuscation is obtained by using a preset obfuscation method for the server end to obfuscate the preset verification code code.

4.根据权利要求3所述的反向代理钓鱼攻击防御方法，其特征在于，通过服务器端定期更改所述预设混淆方法。4. The reverse proxy phishing attack defense method according to claim 3, characterized in that the preset obfuscation method is regularly changed by the server side.

5.根据权利要求1所述的反向代理钓鱼攻击防御方法，其特征在于，所述获取所述服务器端基于目标请求返回的第一IP和混淆后校验代码，包括：5. reverse proxy phishing attack defense method according to claim 1, is characterized in that, described acquisition described server end is based on the first IP that target request returns and check code after confusing, comprising:

6.根据权利要求1所述的反向代理钓鱼攻击防御方法，其特征在于，所述基于所述预设校验代码提取本地的第二IP，并检验所述第一IP与所述第二IP是否一致，若不一致，则确定所述第一IP为所述攻击端的IP，并对所述反向代理钓鱼攻击进行防御，包括：6. reverse proxy phishing attack defense method according to claim 1, is characterized in that, extracts the second local IP based on the preset verification code, and checks the first IP and the second IP. Whether the IP is consistent, if inconsistent, then determine that the first IP is the IP of the attacking end, and the reverse proxy phishing attack is defended, including:

7.一种反向代理钓鱼攻击防御方法，其特征在于，应用于服务器端，包括：7. A reverse proxy phishing attack defense method, characterized in that it is applied to the server side, including:

8.一种反向代理钓鱼攻击防御装置，其特征在于，应用于浏览器端，包括：8. A reverse proxy phishing attack defense device, characterized in that it is applied to the browser end, including:

9.一种电子设备，其特征在于，包括处理器和存储器；其中，所述处理器执行所述存储器中保存的计算机程序时实现如权利要求1至6任一项所述的反向代理钓鱼攻击防御方法。9. An electronic device, characterized in that it comprises a processor and a memory; wherein, when the processor executes the computer program stored in the memory, it realizes the reverse proxy fishing according to any one of claims 1 to 6 attack defense method.

10.一种计算机可读存储介质，其特征在于，用于存储计算机程序；其中，所述计算机程序被处理器执行时实现如权利要求1至6任一项所述的反向代理钓鱼攻击防御方法。10. A computer-readable storage medium, characterized in that it is used to store a computer program; wherein, when the computer program is executed by a processor, the reverse proxy phishing attack defense according to any one of claims 1 to 6 is realized method.