Abstract: In Web site, URL parameter rewriting brings an important influence for Web security test. Aiming at this problem, this paper presents a URL parameter rewriting framework. Test URLs are formed based on the original URL and are submitted to the Web server. By a random URL sampling verification policy based on three differential analysis methods, any fake path in the original URL is detected, rewriting rule is retrieved and URLs with parameter rewriting is detected. URL parameter rewriting detection crawler realized by C# language is validated the effectiveness of this framework.

Key words: URL parameter rewriting, differential analysis, Web security test

摘要： Web站点中URL参数重写会对Web安全测试的准确性造成较大影响。针对该问题，设计URL参数重写检测框架，构造多个测试URL并提交请求，通过基于3种差异分析方法的随机URL取样验证策略，识别出URL中的伪路径，从而提取重写规则、并实现URL参数重写检测。应用C#语言实现的URL参数重写检测爬虫验证了该框架的有效性。

关键词: URL参数重写, 差异分析, Web安全测试

CLC Number: 

• TP311.52