[求助]一个劫持安卓和ios网址解密-Android安全-看雪-安全社区|安全招聘|kanxue.com

[求助]一个劫持安卓和ios网址解密

发表于: 2016-12-23 23:05 3712

[求助]一个劫持安卓和ios网址解密

CsTs

2016-12-23 23:05

3712

第一次发帖恩就这样！
手机下apk被劫持起初以为是114.114.114.114劫持的
换了谷歌中华电信都一样被劫持（貌似换了DNS没那么猖狂）
以下是抓包到的

GET 8f9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5K6z5g2)9J5k6e0p5J5z5g2)9J5k6e0t1J5z5q4)9J5k6e0t1@1x3g2)9K6b7e0j5$3y4K6S2Q4x3V1k6S2i4K6u0W2M7r3S2H3i4K6y4r3K9h3c8Q4x3@1c8T1j5U0l9I4i4K6t1$3N6i4u0D9i4K6y4p5h3X3#2D9M7#2A6e0y4i4y4S2h3p5j5I4h3e0t1@1N6g2V1J5z5i4c8x3x3#2k6%4j5V1M7&6K9q4A6o6z5s2W2y4c8p5g2&6e0o6u0V1N6X3c8j5k6o6q4x3x3V1&6$3j5W2x3#2N6q4W2j5d9Y4u0K9h3q4g2#2j5W2S2z5P5W2V1J5c8Y4g2j5P5V1#2#2e0h3V1@1y4q4R3J5P5s2m8U0h3q4k6B7j5X3V1#2K9X3t1J5x3s2g2k6h3p5u0J5f1o6y4c8z5f1#2f1f1e0c8y4K9V1f1I4e0h3A6g2N6@1#2%4i4K6y4p5i4K6y4p5 HTTP/1.1
Host: 139.129.228.241:6678
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8,UC/145
User-Agent: Mozilla/5.0 (Linux; U; Android 5.0.2; zh-CN; HTC D820u Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/40.0.2214.89 UCBrowser/11.2.5.884 Mobile Safari/537.36
Referer: 0fcK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3I4A6M7i4g2U0L8W2)9J5k6h3y4G2L8g2)9J5c8X3!0K6i4K6u0r3j5h3&6V1M7X3!0A6k6q4)9J5c8Y4u0B7i4K6u0r3y4K6f1@1x3o6S2Q4x3X3g2%4L8h3H3`.
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,en-US;q=0.8
X-UCBrowser-UA: dv(HTC D820u);pr(UCBrowser/11.2.5.884);ov(Android 5.0.2);ss(360*592);pi(720*1184);bt(UM);pm(1);bv(0);nm(0);im(0);sr(0);nt(2);

这个会跳转到以下这几个劫持下载地址
abcK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2X3K9X3j5%4y4e0l9$3i4K6u0W2N6$3!0%4P5s2c8Q4x3X3g2U0L8$3#2Q4x3V1k6D9K9h3&6C8i4K6u0r3x3U0j5H3y4U0M7K6i4K6u0r3
5beK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0t1J5x3W2)9J5k6e0p5^5y4W2)9J5k6e0j5H3i4K6u0W2z5o6W2Q4x3@1p5I4x3e0R3^5i4K6u0r3x3o6l9^5i4K6u0r3N6$3q4F1k6r3!0#2K9X3W2S2i4K6u0V1j5h3W2K6K9s2f1I4i4K6g2X3j5h3c8Q4x3X3g2S2M7r3D9`.
85eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2K6L8$3k6@1k6r3I4Q4x3X3f1K6y4U0m8Q4x3X3g2U0L8W2)9J5c8X3#2G2j5X3W2D9k6i4y4S2k6X3g2Q4x3V1k6K6K9r3!0#2K9X3V1K6y4U0m8Q4x3V1j5K6y4U0m8K6j5h3k6W2i4K6u0r3y4U0l9H3x3U0V1^5z5q4)9J5c8U0x3$3x3p5#2G2j5X3W2D9k6g2y4S2k6X3g2Q4x3X3g2S2M7r3E0Q4x3@1k6U0j5$3I4@1x3g2)9K6c8r3&6U0j5h3y4Z5k6e0t1`.
418K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0t1J5x3W2)9J5k6e0p5^5y4W2)9J5k6e0j5H3i4K6u0W2z5o6W2Q4x3@1p5I4x3e0R3^5i4K6u0r3x3o6l9^5i4K6u0r3M7%4y4V1P5Y4Z5@1y4U0m8Q4x3X3g2S2M7r3D9`.
2cfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6K6P5q4)9J5k6e0V1&6j5Y4S2B7i4K6u0W2j5$3!0E0i4K6y4m8z5e0c8Q4x3V1k6S2x3U0b7$3x3o6l9I4i4K6u0r3i4K6y4r3j5e0p5I4x3l9`.`.

222.186.60.89这个ip AVg报告过了
三月份的时候就感染了190万设备
我的是广电网络前几天DNSChanger复活升级了特别怀疑是路由器被感染了但是我一个是极路由2一个是水星都存在劫持就怀疑是调制解调器被感染了
广电网络的调制解调器都开了23端口的

跟360的童鞋研究了会没研究出啥
这个php不会解密 get post都会转向下载地址 153K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5K6z5g2)9J5k6e0p5J5z5g2)9J5k6e0t1J5z5q4)9J5k6e0t1@1x3g2)9K6b7e0j5$3y4K6S2Q4x3V1k6S2i4K6u0W2M7r3S2H3
各位大神帮我分析下是哪里出问题了
这个是网络层出的问题怎么找证据
我想报警的

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・0

免费・0

支持