-
-
[求助]TCP被插包,HTTP请求时被插入302
-
发表于: 2014-5-9 18:57
-
HTTP请求:
返回了302
接着又返回200:
软件收到302后就没了,虚拟机中只能抓到302了,200的包没了
由虚拟机中的winInet API发送请求,
在主机中使用MS Network Monitor抓包
修改了百度URL中的tn值
昨天抓到的值为:50034140_2_dns
今天抓到的值为:97416376_hao_pg
主机系统为:Win7 x64
系统查了几次都没发现什么异常情况,LSP是干净的
请问大侠们这种情况是被怎么插包的
系统不干净很疼
- Http: Request, GET /s, Query:tn=cnopera&ie=utf-8&bs=strstr&f=8&rsv_bp=1&wd=%E6%97%B6%E9%97%B4&rsv_sug3=4&rsv_sug=0&rsv_sug4=400&rsv_sug1=3&inputT=1796
Command: GET
- URI: /s?tn=cnopera&ie=utf-8&bs=strstr&f=8&rsv_bp=1&wd=%E6%97%B6%E9%97%B4&rsv_sug3=4&rsv_sug=0&rsv_sug4=400&rsv_sug1=3&inputT=1796
Location: /s
+ Parameters: 0x1
ProtocolVersion: HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
UserAgent: Opera/9.80 (Windows NT 5.1; WOW64; Edition IBIS) Presto/2.12.388 Version/12.12
Host: www.baidu.com
Connection: Keep-Alive
Cache-Control: no-cache
HeaderEnd: CRLF
返回了302
- Http: Response, HTTP/1.0, Status: Moved temporarily, URL: /s
ProtocolVersion: HTTP/1.0
StatusCode: 302, Moved temporarily
Reason: Found
Cache-Control: no-cache
Connection: close
Set-Cookie: [qh360]=1;Domain=.baidu.com;Path=/;Max-Age=60
Location: http://www.baidu.com/s?wd=%E6%97%B6%E9%97%B4&ie=utf-8&tn=97416376_hao_pg
HeaderEnd: CRLF
接着又返回200:
- HTTP: Response, HTTP/1.1, Status: Ok, URL:
ProtocolVersion: HTTP/1.1
StatusCode: 200, Ok
Reason: OK
Date: Fri, 09 May 2014 09:48:38 GMT
+ ContentType: text/html;charset=utf-8
TransferEncoding: chunked
Connection: Keep-Alive
Vary: Accept-Encoding
Set-Cookie: BAIDUID=6B358621F8C9B13AE93C9B9BB9EABEC6:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BDRCVFR[1YH7NbrCiJt]=mk3SLVN4HKm; path=/; domain=.baidu.com
Set-Cookie: BD_CK_SAM=1;path=/
Set-Cookie: BDSVRTM=15; path=/
Set-Cookie: H_PS_PSSID=1424; path=/; domain=.baidu.com
P3P: CP=" OTI DSP COR IVA OUR IND COM "
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Cache-Control: private
COOK: 1
XPoweredBy: HPHP
Server: BWS/1.1
BDPAGETYPE: 3
BDQID: 0xc26ead3d000025b4
BDUSERID: 0
ContentEncoding: gzip
HeaderEnd: CRLF
软件收到302后就没了,虚拟机中只能抓到302了,200的包没了
由虚拟机中的winInet API发送请求,
在主机中使用MS Network Monitor抓包
修改了百度URL中的tn值
昨天抓到的值为:50034140_2_dns
今天抓到的值为:97416376_hao_pg
主机系统为:Win7 x64
系统查了几次都没发现什么异常情况,LSP是干净的
请问大侠们这种情况是被怎么插包的
系统不干净很疼
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
|
|
|
自己家里的网络
|
|
|
|
|
|
|
|
|
|
|
|
不可能是百度啊,被篡改的tn值,是百度联盟的推广ID,赚广告费的恶意行为
收到302后,接着有两个数度长度为0的包,然后又收到200 |
|
|
|
