Technical Analysis of broadband network operator website hijacking

Technical Analysis of broadband network operator website hijacking
Recently, the home broadband network service illegally hijacked webpage traffic, modified the response of normal webpage requests, and then accessed the normal website through iframe in this illegal response. both large websites and small websites are involved, such as amazon and qq. in addition, because of the browser cache, you may not be able to see the modified Invalid Response by using the browser to view the source code. You can also use the network packet capture tool or telnet to send HTTP requests. the response to webpage requests illegally tampered with and hijacked by network operators is:

HTTP/1.1 200 OKConnection: closeDate: Tue, 31 Aug 2012 06:20:14 GMTServer: Apache/1.2.6Content-Length: 583Content-Type: text/html
 
The advertisement style is to play a flash advertisement about 300 × 240 in the lower right corner of the browser, selling such a product. whois query of the advertisement website Domain Name:
Domain Name ..................... istreamsche.comName Server ..................... dns21.hichina.comdns22.hichina.comRegistrant ID ................... hc355041511-cnRegistrant Name ................. Wu PengRegistrant Organization ......... Bei Jing Ji Ao Zhong He Ke Ji You Xian Gong SiRegistrant Address .............. Bei Jing Shi Chao Yang QuRegistrant City ................. bei jing shiRegistrant Province/State ....... bei jingRegistrant Postal Code .......... 100027Registrant Country Code ......... CNRegistrant Email ................ wupeng@geomedia.com.cn
 
Expiration time ................. 09:29:06 let's look at this geomedia.com.cn (Beijing Olympic crowd and) website. It is indeed an online marketing website. after contacting customer service of broadband connect Beijing, the bottom-layer Customer Service Personnel said that they did not add advertisements, and the customer service may be honest. after several negotiations, they sent technical staff to visit the site, and their technical staff's office network was also added with Web advertisements. therefore, this decision is either made by the top management of broadband access. The bottom-layer personnel do not understand the inside story, or they are the advertisement of the last layer of telecommunication and Netcom used by broadband access to illegally hijack website traffic. at present, Chinese network operators hijack websites and illegally add advertisements to earn money all over the country. in search engine queries, the earliest appearance should start from 2006. the best result is that the operator adds your account to the White List and no advertisement is published. however, only a small number of people inside the operator may know about this illegal activity. There is no place to look for them for their theories. how can we solve it ourselves? Currently, the best solution is to prevent the browser from sending User-Agent. Most websites do not rely on the User-Agent. Empty User-Agent is also considered as a common browser. firefox Plugin: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcherChrome Plugin: plugin? Now: Learn and make progress together with friends! Author of this article: besides, I have any idea about this article, but I am desperately exploring the communication route and will be able to get through now!