2025-09-14 21:52:36 +00:00
|
|
|
|
# APP特征整理测试-徐博涛
|
|
|
|
|
|
|
|
|
|
|
|
| ID | Creation Date | Assignee | Status |
|
|
|
|
|
|
|----|----------------|----------|--------|
|
|
|
|
|
|
| OSS-238 | 2022-06-17T12:19:41.000+0800 | 牛翔 | 完成 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
核实、整理目前咱们获得的APP特征,系统192.168.44.72,app ID8010-8091。如果系统里的APP和咱们最近提取新疆APP重复的,进行整合一下。ID8010-8091范围内的APP均需要核实特征配置情况并测试结果,填写测试记录表。
|
|
|
|
|
|
|
|
|
|
|
|
1、要求每一个环节都得做到严谨。
|
|
|
|
|
|
|
|
|
|
|
|
2、同一个Signature中,不允许跨协议类型使用Attributes作为Condition,TCP/IP/General Attributes除外。
|
|
|
|
|
|
|
|
|
|
|
|
3、参照数据包采集与特征提取
|
|
|
|
|
|
|
|
|
|
|
|
4、根据APPid循序填写整理测试记录表 [https://docs.geedge.net/pages/viewpage.action?pageId=71797774]**xubotao** commented on *2022-06-20T18:09:25.201+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
调研、下载测试app(Android版 8010-8050),有6个(设备无法使用此应用,无法下载),有3(应用商店没有搜索到)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-06-21T17:38:49.197+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
调研、下载测试app(Android版8051-8091),测试4个app(2个需要购买才能使用,2个下策略后,有阻断效果)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-06-22T20:00:24.604+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
测试app 52个
|
|
|
|
|
|
# 2个有阻断效果
|
|
|
|
|
|
# 其他app测试情况为没有自定义特征、app无法使用等原因,没有阻断效果或无法完成测试
|
|
|
|
|
|
# 1个特征配置异常,因属内置特征,暂未修改,已标注
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-06-23T19:59:02.654+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
测试app 26个
|
|
|
|
|
|
# 2个有阻断效果
|
|
|
|
|
|
# 其他app测试情况为没有自定义特征、app无法使用、应用商店和网站没有搜索到等原因,没有阻断效果或无法完成测试
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-06-24T20:59:28.338+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
新疆app无阻断效果的重新捕包测试,添加特征(驾考宝典、探探,有阻断效果了)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-06-29T10:17:04.409+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
新疆app无阻断效果的重新捕包测试,添加特征(58同城、腾讯会议,有阻断效果了)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-06-29T17:42:19.242+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
新疆app无阻断效果的重新捕包测试,添加特征(钉钉、全民K歌有阻断效果了)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-06-30T18:02:09.399+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
全民K歌复测后失效,无阻断效果,对Android版app重新捕包分析,提取payload,还是无阻断效果
|
|
|
|
|
|
|
|
|
|
|
|
微分身双开通过http.host和sni以及payload,具有阻断效果,但应用分身可以正常调用打开手机已安装的app,对微分身打开的app,配deny策略的app也具有阻断效果
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-07-04T17:55:59.801+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
全民K歌,无阻断效果,对android版app重新捕包分析,添加http.user_agent、http.uri、dns.qry.name,还是无阻断效果
|
|
|
|
|
|
|
|
|
|
|
|
单个导出新疆app Applications,修改名称和json文件里名称大小写,整理列表
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-07-08T10:54:22.919+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
近期整理NZ监控(针对机房新增和下架设备资产监控及告警规则调整),服务器扩容统计,NZ版本升级,未完成app测试,目前QQ、全民K歌主要功能无阻断效果
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**niuxiang** commented on *2022-07-11T09:58:39.584+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
本周集中处理新疆部分有效果和无效果的APP,需要提供特征json,每天更新进度
|
|
|
|
|
|
|
|
|
|
|
|
https://docs.geedge.net/pages/viewpage.action?pageId=71801232
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-07-11T18:03:47.190+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
1.Android版下载安装测试app(如流、爱聊、KC网络电话、花田交友、百合婚恋、QQ空间),捕包
|
|
|
|
|
|
2.Android花田测试结果(通过添加sni、host和payload特征,缘分电话亭可显示匹配中,其它有阻断效果)
|
|
|
|
|
|
3.Android百合婚恋(通过添加sni和host特征,有阻断效果)
|
|
|
|
|
|
4.Android爱聊(通过添加sni和host特征,有阻断效果)
|
|
|
|
|
|
5.Android qq空间(通过添加sni、host和payload特征,好友动态可刷出,但打开无法显示,小视频偶尔可刷出个别广告的,其它有阻断效果)
|
|
|
|
|
|
6.Android如流(只可发文字消息,传送文件、语音通话、视频通话无法使用)
|
|
|
|
|
|
7.Android KC网络电话(需要充值,才可使用)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**xubotao** commented on *2022-07-13T08:38:40.168+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
1.ios版下载安装测试app(如流、爱聊、花田交友、百合婚恋、QQ空间,没有搜索到KC网络电话)
|
|
|
|
|
|
|
|
|
|
|
|
2.通过重新捕包添加payload特征,Android和ios版花田交友,有阻断效果
|
|
|
|
|
|
|
|
|
|
|
|
3.Android和ios版百合婚恋,有阻断效果
|
|
|
|
|
|
|
|
|
|
|
|
4.爱聊(通过添加sni、host、payload、user_agent、http.uri、qry.name特征,可发送消息和打招呼,其它有阻断效果)
|
|
|
|
|
|
|
|
|
|
|
|
5.qq空间(通过添加sni、host和payload特征,好友动态可刷出,但打开无法显示,其它有阻断效果)
|
|
|
|
|
|
|
|
|
|
|
|
6.如流(只可发文字消息,传送文件、语音通话、视频通话无法使用,通过添加sni、host、payload、dns.qry.name、ssl.ja3还是能发文字消息和表情,无阻断效果)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
# Attachments
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
