网站劫持是怎样实现的?
作者:互联网
怎么可以检测网站的安全情况?
iis7网站监控
网站是否被劫持、DNS是否被污染、网站打开速度测试的检查。
劫持的原理与实现,主要还是针对TCP下HTTP服务而言的,有粉儿问了二个问题,一个问题是基于TCP的HTTP服务可以防劫持吗,网上有许多关于HTTP防劫持的办法,有说检测服务地址的,有说分片传输请求的,有说检测ttl值异常的,有说禁止重定向的,结论是都没用,伪造报文里网络层地址原本就是用户的目标地址,否则还叫什么伪造呢,请求报文分片web端能识别劫持设备就能识别,况且你确定你分片的报文在网络设备层发送前不会合并吗,ttl异常检测完全不靠谱,不用重定向200OK照样让你乖乖跳转;另一个问题是UDP能实现旁路劫持控制吗,结论是可以,UDP不同于TCP无连接无状态,只要数据合法先到先得,早年运营商控制P2P数据传输对带宽的占用就使用过类似方法,直接看代码吧不复杂。
DNS劫持
UINT GtDnsForge(UCHAR* puszPacket, GTDNSHEADER_S* pstHead, GTDNSQUESTION_S* pstQues)
{
UCHAR* puszCur = puszPacket;
/* dns header */
memcpy(puszCur, &pstHead->m_usIdent, sizeof(USHORT));
puszCur += sizeof(USHORT);
*(USHORT*)puszCur = htons(0X8180);
/**(USHORT*)puszCur |= DNS_FLAG_QR;
*(USHORT*)puszCur |= DNS_FLAG_AA;
*(USHORT*)puszCur |= DNS_FLAG_RD;
*(USHORT*)puszCur |= DNS_FLAG_RA;*/
puszCur += sizeof(USHORT);
*(USHORT*)puszCur = pstHead->m_usQuCount;
puszCur += sizeof(USHORT);
*(USHORT*)puszCur = GT_DNS_AN;
puszCur += sizeof(USHORT);
*(USHORT*)puszCur = GT_DNS_NA;
puszCur += sizeof(USHORT);
*(USHORT*)puszCur = GT_DNS_AD;
puszCur += sizeof(USHORT);
/* dns question */
strcat((char*)puszCur, pstQues->m_szUrl);
puszCur += strlen(pstQues->m_szUrl) + 1;
*(USHORT*)puszCur = pstQues->m_usType;
puszCur += sizeof(USHORT);
*(USHORT*)puszCur = pstQues->m_usClass;
puszCur += sizeof(USHORT);
/* dns answer */
*(USHORT*)puszCur = GT_DNS_DOMAIN;
puszCur += sizeof(USHORT);
*(USHORT*)puszCur = GT_DNS_AN;
puszCur += sizeof(USHORT);
*(USHORT*)puszCur = GT_DNS_AN;
puszCur += sizeof(USHORT);
*(UINT*)puszCur = GT_DNS_DEFAULT_TTL;
puszCur += sizeof(UINT);
*(USHORT*)puszCur = GT_DNS_AN_SIZE;
puszCur += sizeof(USHORT);
*(UINT*)puszCur = inet_addr(GT_DNS_HTML);
puszCur += sizeof(UINT) + 1;
return (UINT)(puszCur - puszPacket);
标签:劫持,GT,网站,USHORT,UINT,DNS,sizeof,怎样,puszCur 来源: https://www.cnblogs.com/goodcola/p/11505007.html