-
-
[求助]TCP被插包,HTTP请求时被插入302
-
发表于: 2014-5-9 18:57
-
HTTP请求:
返回了302
接着又返回200:
软件收到302后就没了,虚拟机中只能抓到302了,200的包没了
由虚拟机中的winInet API发送请求,
在主机中使用MS Network Monitor抓包
修改了百度URL中的tn值
昨天抓到的值为:50034140_2_dns
今天抓到的值为:97416376_hao_pg
主机系统为:Win7 x64
系统查了几次都没发现什么异常情况,LSP是干净的
请问大侠们这种情况是被怎么插包的
系统不干净很疼
- Http: Request, GET /s, Query:tn=cnopera&ie=utf-8&bs=strstr&f=8&rsv_bp=1&wd=%E6%97%B6%E9%97%B4&rsv_sug3=4&rsv_sug=0&rsv_sug4=400&rsv_sug1=3&inputT=1796
Command: GET
- URI: /s?tn=cnopera&ie=utf-8&bs=strstr&f=8&rsv_bp=1&wd=%E6%97%B6%E9%97%B4&rsv_sug3=4&rsv_sug=0&rsv_sug4=400&rsv_sug1=3&inputT=1796
Location: /s
+ Parameters: 0x1
ProtocolVersion: HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
UserAgent: Opera/9.80 (Windows NT 5.1; WOW64; Edition IBIS) Presto/2.12.388 Version/12.12
Host: 613K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3u0S2K9h3c8#2i4K6u0W2j5$3!0E0
Connection: Keep-Alive
Cache-Control: no-cache
HeaderEnd: CRLF
返回了302
- Http: Response, HTTP/1.0, Status: Moved temporarily, URL: /s
ProtocolVersion: HTTP/1.0
StatusCode: 302, Moved temporarily
Reason: Found
Cache-Control: no-cache
Connection: close
Set-Cookie: [qh360]=1;Domain=.baidu.com;Path=/;Max-Age=60
Location: 317K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3u0S2K9h3c8#2i4K6u0W2j5$3!0E0i4K6u0r3M7#2)9K6c8Y4N6V1i4K6y4p5i4K6t1#2c8e0k6Q4x3U0f1&6y4#2)9J5y4f1t1$3i4K6t1#2c8e0W2Q4x3U0f1&6y4#2)9J5y4f1t1@1i4K6t1$3K9h3g2Q4x3@1c8#2N6r3k6Q4x3X3b7^5i4K6t1$3N6r3&6Q4x3@1b7&6y4K6b7I4y4U0x3%4y4W2)9#2k6X3S2S2L8#2)9#2k6Y4m8Y4
HeaderEnd: CRLF
接着又返回200:
- HTTP: Response, HTTP/1.1, Status: Ok, URL:
ProtocolVersion: HTTP/1.1
StatusCode: 200, Ok
Reason: OK
Date: Fri, 09 May 2014 09:48:38 GMT
+ ContentType: text/html;charset=utf-8
TransferEncoding: chunked
Connection: Keep-Alive
Vary: Accept-Encoding
Set-Cookie: BAIDUID=6B358621F8C9B13AE93C9B9BB9EABEC6:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BDRCVFR[1YH7NbrCiJt]=mk3SLVN4HKm; path=/; domain=.baidu.com
Set-Cookie: BD_CK_SAM=1;path=/
Set-Cookie: BDSVRTM=15; path=/
Set-Cookie: H_PS_PSSID=1424; path=/; domain=.baidu.com
P3P: CP=" OTI DSP COR IVA OUR IND COM "
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Cache-Control: private
COOK: 1
XPoweredBy: HPHP
Server: BWS/1.1
BDPAGETYPE: 3
BDQID: 0xc26ead3d000025b4
BDUSERID: 0
ContentEncoding: gzip
HeaderEnd: CRLF
软件收到302后就没了,虚拟机中只能抓到302了,200的包没了
由虚拟机中的winInet API发送请求,
在主机中使用MS Network Monitor抓包
修改了百度URL中的tn值
昨天抓到的值为:50034140_2_dns
今天抓到的值为:97416376_hao_pg
主机系统为:Win7 x64
系统查了几次都没发现什么异常情况,LSP是干净的
请问大侠们这种情况是被怎么插包的
系统不干净很疼
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
自己家里的网络
|
|
|
|
|
|
|
|
|
|
|
|
不可能是百度啊,被篡改的tn值,是百度联盟的推广ID,赚广告费的恶意行为
收到302后,接着有两个数度长度为0的包,然后又收到200 |
|
|
|
