驱动级域名劫持



就是访问A.com转到b.com，当然如果改成访问A就丢包，那就变成拦截指定网站了。首先用抓包工具发现，访问某网站时，（如果本地没有该网站的DNS缓存）首先会发DNS查询包（UDP），然后会与该网站建立连接，然后，发http请求包。



观察包内容，需要把发出的包的目标改成我们的目标，然后把响应的包中我们改过的东西改回来，就是欺上瞒下。代码不多，重点是演示了如何获取TCP与UDP的接收到包的内容。仅适用于XP：



bin会将www.baidu.com劫持到ip138.com-Drive level domain hijacking is to visit A.com to b.com, of course, if A is dropping into access, it becomes blocked designated site. First discovered by capturing tool, visit a website, (if there is no local DNS cache of the site) will first send a DNS query packets (UDP), then establish a connection with the site, and then send http request packet. Observe the contents of the package, we need to change the target packet sent our goal, then put the package in response to the things we turn to come back, that is, superiors and subordinates. Code much focus is to demonstrate how to get the contents of TCP and UDP packets received. Only applies to XP: bin will www.baidu.com hijacked to ip138.com