京东劫持，事情比我想象的大，并不是地方运营商所为

wenguonideshou

看来楼主还是很认真的    赞一个

Evan

广东电信可以复现，要加浏览器UA。

1. > curl -v http://182.131.4.1 -H "host:www.jd.com" -H "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
   
2. *   Trying 182.131.4.1...
   
3. * TCP_NODELAY set
   
4. * Connected to 182.131.4.1 (182.131.4.1) port 80 (#0)
   
5. > GET / HTTP/1.1
   
6. > Host:www.jd.com
   
7. > Accept: */*
   
8. > user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
   
9. >
   
10. < HTTP/1.1 200 OK
    
11. < Connection: close
    
12. < Content-Length: 171
    
13. < Content-Type: text/html;charset=UTF-8
    
14. < P3p: CP=" JD COM "
    
15. < Pragma: no-cache
    
16. < server: JDWS/2.0
    
17. <
    
18. <!DOCTYPE html><html><head><meta name="referrer"content="never"></head><body><script>window.location.hr防e屏f蔽="htt防ps屏:/蔽/u啊啊啊ni嗯嗯嗯on-click.j啊啊啊d.co嗯嗯嗯m/jdc?d=Wy6RM7";</script></body></html>* Closing connection 0

复制代码

amo

Aybway 发表于 2018-11-25 23:05
。。。京东劫持到京东节点吗没太看懂

有人劫持牟利。你不懂？

cdseoo

用腾讯北京的小鸡试了一下

1. # curl -v http://182.131.4.1 -H "host:www.jd.com" -H "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
   
2. * Rebuilt URL to: http://182.131.4.1/
   
3. *   Trying 182.131.4.1...
   
4. * TCP_NODELAY set
   
5. * Connected to 182.131.4.1 (182.131.4.1) port 80 (#0)
   
6. > GET / HTTP/1.1
   
7. > host:www.jd.com
   
8. > Accept: */*
   
9. > user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
   
10. >
    
11. < HTTP/1.1 200 OK
    
12. < Connection: close
    
13. < Content-Length: 171
    
14. < Content-Type: text/html;charset=UTF-8
    
15. < P3p: CP=" JD COM "
    
16. < Pragma: no-cache
    
17. < server: JDWS/2.0
    
18. <
    
19. * Curl_http_done: called premature == 0
    
20. * Closing connection 0
    
21. <!DOCTYPE html><html><head><meta name="referrer"content="never"></head><body><script>window.location.;</script></body></html>

复制代码

crazywings

[root]# curl -v http://182.131.4.1 -H "host:www.jd.com" -H "user-agent: Mozilla/5.0 (Windows NT 1
0.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
> GET / HTTP/1.1
> Accept: */*
> host:www.jd.com
> user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
>
< HTTP/1.1 200 OK
< Connection: close
< Content-Length: 171
< Content-Type: text/html;charset=UTF-8
< P3p: CP=" JD COM "
< Pragma: no-cache
< server: JDWS/2.0
<
<!DOCTYPE html><html><head><meta name="referrer"content="never"></head><body><script>window.location.;</script></body></html>
[root]# nslookup www.jd.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      www.jd.com
Address 1: 61.174.55.1 1.55.174.61.dial.wz.zj.dynamic.163data.com.cn
[root]# curl -v http://61.174.55.1 -H "host:www.jd.com" -H "user-agent: Mozilla/5.0 (Windows NT 1
0.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
> GET / HTTP/1.1
> Accept: */*
> host:www.jd.com
> user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
>
< HTTP/1.1 302 Moved Temporarily
< Server: JDWS/2.0
< Date: Mon, 26 Nov 2018 01:20:56 GMT
< Content-Type: text/html
< Content-Length: 157
< Connection: keep-alive
< Location: https://www.jd.com/
< Strict-Transport-Security: max-age=3600
<
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>JDWS/2.0</center>
</body>
</html>

幸好杭州电信没CDN到那个IP

whj2243528

刚才试了下，好像我公司网络不会。

奔跑的菜鸟

难道就我一个？想知道怎么劫持，学习~

doors

一到电商大节日，就是各种网络劫持，软件纷纷弹出广告

Geekman

可怕~ 利益相关

luwenrong

我几年前用联通的时候就被劫持了，起初以为是路由器固件的锅，也打客服投诉过