摘要
为解决对Chromium浏览器中内嵌的V8引擎的漏洞检测困难问题,突破传统日志输出模式的种种不足,对Chrome调试协议进行研究,并基于Chrome调试协议安插自定义追踪API,用于代替传统的日志输出,以解决日志输出方式存在的诸多局限性。在Chromium浏览器内安插特定的事件API,添加Hook函数,做到了实时性与准确性,使输出信息的质量大幅提升。实验结果表明,使用基于Chrome调试协议的V8引擎漏洞检测方法,可有效辅助定位V8引擎中的漏洞位点,提高效率。
In order to solve the problems of detecting vulnerabilities hidden inside V8 JavaScript engine,which is embedded in Chromium Web browser,and to overcome the shortage of traditional log method,the paper analyzes the Chrome debugging protocol,and proposes a new method based on the protocol.The paper modifies the implementation of Chrome debugging protocol inside target Chromium Web browser and uses them to overcome kinds of limitations existed in the traditional log method.The paper uses certain modified event APIs and inserts Hook functions to get information,therefore guarantees instantaneity and accuracy,and makes a great improvement in received information.The experiment result shows that the Chrome-debugging-protocol-based vulnerability detection method can effectively help locating vulnerability position inside V8 JavaScript engine,and improve the efficiency.
作者
秦梦远
傅忠传
QIN Mengyuan;FU Zhongchuan(School of Computer Science and Technology,Harbin Institute of Technology,Harbin 150001,China)
出处
《智能计算机与应用》
2020年第2期320-324,共5页
Intelligent Computer and Applications
关键词
Chrome调试协议
V8引擎
漏洞检测
Chrome debugging protocol
V8JavaScript engine
vulnerability detection
