Ajax Detection Method for website hijacking

Ajax Detection Method for website hijacking

Https can completely solve the hijacking problem. However, generally, virtual hosts do not support https. Is http only supported by rogue hackers?

Since the lottery link only appears during the first visit, we can detect it in the browser through JS. If we find the implanted code, we will automatically refresh the webpage to solve the hijacking problem.

What we need to do now is get the implanted code. I found a circle and did not find the checking tool. To transfer a website to a customer's browser, three steps are required: [1] Server> [2] OPERATOR> [3] client browser.

Hijacking occurs in step 2 because the server is out of control. However, the browser in Part 3 can be controlled through JS. You can use Ajax to upload the final obtained code to analyze the code.

The running effect is as follows:

<? Php // create different directories Based on the access domain NAME $ log_path = $ _ SERVER ['server _ name']; if (! Is_dir ($ log_path) {mkdir ($ log_path);} // records $ log_path Based on the visitor's IP address. = '/'. $ _ SERVER ['remote _ ADDR ']; if (! Is_dir ($ log_path) {mkdir ($ log_path);} // group by day $ log_path. = '/'. date ('Y-m-d', time (); if (! Is_dir ($ log_path) {mkdir ($ log_path);} // generate the file name based on time $ log_file = $ log_path. '/'. date ('his ', time ()). '_'. rand (). '.html '; // Save the log $ html = ''; $ html. = 'url :/'. post ('url '). '
The call is simple, for example, saving the above php code /log/page_tracert.phpAnd then add the following code to the entire site page to obtain all access records. After the embedded code is obtained based on the access records, the detection script can be developed.
$(function(){ $.post('/log/page_tracert.php',{ url : location.href, head : $('head').html(), body : $('body').html(), },function(){});});
Note: after obtaining the data, you must delete the test code as soon as possible. Because it will generate a large number of logs, resulting in double traffic consumption of virtual hosts.
Summary
The above is a small Editor to introduce you to the Ajax detection method for implementing website hijacking. I hope it will help you. If you have any questions, please leave a message and I will reply to you in a timely manner. Thank you very much for your support for the help House website!