jd.com https 被劫持是什么原因?

2018-03-07 13:22:16 +08:00
 l1fan

今天上京东时被劫持到 第一反应就是妈蛋被运营商劫持了=,= 返回上页看了眼 url O。O https 的,但我知道的是 https 不会被劫持。而且我印象里也没导入过什么乱七八糟的根证书。 这是什么原因呢? 我在手机上试了也会被劫持,chrome 里看到是 302 跳转

5017 次点击
所在节点    程序员
36 条回复
hand515
2018-03-07 13:28:21 +08:00
DNS 劫持??或者你装了什么奇怪的根证书?
scriptB0y
2018-03-07 13:31:13 +08:00
DNS 是明文的,在 HTTPS 之前就被劫持了。
kskdnda
2018-03-07 13:31:53 +08:00
如果 https 都能避免劫持,那么 vpn 还有存在的意义吗
Zzzzzzzzz
2018-03-07 13:34:22 +08:00
插件吧
echo365
2018-03-07 13:38:14 +08:00
浏览器插件。路由器插件。。。。。。
lscho
2018-03-07 13:39:38 +08:00
我的百度首页 https 也会劫持,怀疑是路由器的问题,feuxun 的。。。。
lscho
2018-03-07 13:39:53 +08:00
@lscho feixun
gamexg
2018-03-07 14:03:39 +08:00
https 证书是?
morethansean
2018-03-07 14:51:23 +08:00
curl -vvI https://item.jd.com/12006637.html --resolve item.jd.com:42.236.8.129

看看证书呢?
ooooo
2018-03-07 14:57:31 +08:00
换个不带插件的浏览器试试
手机端 wifi 试试
问题要说清楚,大家才好排查...................
dahounet
2018-03-07 15:13:11 +08:00
检查 https 证书先
crz
2018-03-07 15:16:29 +08:00
抓包看看?
breeswish
2018-03-07 15:26:56 +08:00
先把证书发出来
terence4444
2018-03-07 15:27:55 +08:00
LSP 可以劫持吗?
582033
2018-03-07 15:29:53 +08:00
之前发的, 楼主参考下? https://www.v2ex.com/t/412011
TestSmirk
2018-03-07 15:34:29 +08:00
这不是 302 了吗..
TestSmirk
2018-03-07 16:00:14 +08:00
302 到 http 连接了估计
l1fan
2018-03-07 16:33:04 +08:00
@morethansean
```
* Couldn't parse CURLOPT_RESOLVE entry 'item.jd.com:42.236.8.129'!
* Trying 42.236.8.129...
* TCP_NODELAY set
* Connected to item.jd.com (42.236.8.129) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=CN; ST=beijing; L=beijing; O=BEIJING JINGDONG SHANGKE INFORMATION TECHNOLOGY CO., LTD.; CN=*.jd.com
* start date: Jul 4 05:47:07 2017 GMT
* expire date: Aug 28 09:42:54 2018 GMT
* subjectAltName: host "item.jd.com" matched cert's "*.jd.com"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fe215806600)
> HEAD /12006637.html HTTP/2
> Host: item.jd.com
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
HTTP/2 200
< server: JDWS/2.0
server: JDWS/2.0
< date: Wed, 07 Mar 2018 08:29:00 GMT
date: Wed, 07 Mar 2018 08:29:00 GMT
< content-type: text/html; charset=gbk
content-type: text/html; charset=gbk
< content-length: 96167
content-length: 96167
< vary: Accept-Encoding
vary: Accept-Encoding
< ser: 109.29
ser: 109.29
< expires: Wed, 07 Mar 2018 08:29:01 GMT
expires: Wed, 07 Mar 2018 08:29:01 GMT
< cache-control: max-age=60
cache-control: max-age=60
< last-modified: Wed, 07 Mar 2018 08:28:05 GMT
last-modified: Wed, 07 Mar 2018 08:28:05 GMT
< hh: 1-1
hh: 1-1
< via: BJ-Y-NX-106(HIT), http/1.1 ZZ-UNI-1-JCS-155 ( [cSsSfD])
via: BJ-Y-NX-106(HIT), http/1.1 ZZ-UNI-1-JCS-155 ( [cSsSfD])
< age: 0
age: 0

<
* Connection #0 to host item.jd.com left intact
```
honeycomb
2018-03-07 16:33:11 +08:00
楼主考虑一下 @582033 提到的可能性,浏览器有供扩展使用的 WebRequest API,可供恶意扩展程序滥用
honeycomb
2018-03-07 16:36:31 +08:00
Chrome 官方有提供一个 The Chrome Apps Developer Tool,可以检查某个期间哪些扩展具体动用了哪些 API,可供排查。

https://chrome.google.com/webstore/detail/chrome-apps-extensions-de/ohmmkhmmmpcnpikjeljgnaoabkaalbgc

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/435729

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX