Understanding HTTP and DNS Hijacking: Causes, Impacts, and Countermeasures

HTTP hijacking intercepts the data channel between a user and the target service, monitors specific information, and injects crafted network packets when certain conditions are met, causing the client to display unwanted ads or redirect to malicious pages. DNS hijacking, also known as domain hijacking, intercepts DNS queries within a controlled network, returning false IP addresses or no response, leading users to fake or unreachable sites.

Examples illustrate how unauthorized ads appear in the Youku client, pop‑up ads proliferate on mobile web pages, and a car‑related site is replaced with a different page after hijacking.

Causes include ad injection by rogue advertisers, ISP or small‑carrier traffic‑saving caches that fabricate fast‑lane connections, and malicious attacks from competitors that embed illegal ads, cache data, or perform other harmful manipulations.

Mechanism involves sending DNS requests that are intercepted and altered, exploiting vulnerabilities in ISP infrastructure or exploiting promotional traffic from major carriers to inject or redirect traffic, often prompting users to recharge data.

Consequences are inability to update app data, illegal redirects that prevent proper page rendering, intrusive pop‑up ads, and embedded illegal content that damages the app’s reputation.

Anti‑hijack practices focus on data legitimacy verification (checking completeness and timeliness) and data timeliness validation (using checksum strings and black‑/white‑list matching for pages and URLs).

Solutions : For DNS hijacking, employ HttpDNS to replace traditional DNS resolution with HTTP‑based queries, obtaining authentic IP addresses directly from trusted DNS servers. Explain HttpDNS principle: the client requests the target server via HTTP, receives a list of real IPs, performs speed tests, and selects the fastest, mitigating DNS tampering. Address ISP cache issues by adjusting URL parameters and cache strategies. Prevent illegal redirects through client‑side black‑/white‑list policies. Block illegal content insertion.

Additional methods include network optimization, hijack logging systems that collect hijack events on the client and compress them for efficient transmission, real‑time data detection dashboards showing hijack counts over time, and success‑rate comparison charts that measure the effectiveness of anti‑hijack measures.

Disclaimer : The content is sourced from public internet channels, presented neutrally for reference and discussion only; copyright belongs to original authors or institutions.