mcree 最近的时间轴更新 mcree 最近的时间轴更新 |
mcreeV2EX 第 201096 号会员,加入于 2016-11-13 16:27:54 +08:00 |
| 郑州,联通, https://list.jd.com 被重定向到 p.egou.com! 全球工单系统 • mcree • 2018-05-10 18:18:44 PM • 最后回复来自 soho176 | 20 |
| https://list.jd.com 被重定向到 p.egou.com! 京东 • mcree • 2018-05-09 21:13:30 PM • 最后回复来自 julyclyde | 5 |
mcree 最近回复了
2018-05-10 10:59:18 +08:00 回复了 mcree 创建的主题 › 全球工单系统 › 郑州,联通, https://list.jd.com 被重定向到 p.egou.com! |
今天没有这个情况了。可能他们改好了吧。
2018-05-10 10:57:47 +08:00 回复了 mcree 创建的主题 › 全球工单系统 › 郑州,联通, https://list.jd.com 被重定向到 p.egou.com! |
@julyclyde 就是 CDN 节点啊。感觉是 CDN 回源时的问题。
2018-05-09 15:34:39 +08:00 回复了 mcree 创建的主题 › 京东 › https://list.jd.com 被重定向到 p.egou.com! |
@julyclyde 我主要关心使用 https 仍被劫持,背后的问题。
2018-05-09 15:29:28 +08:00 回复了 mcree 创建的主题 › 京东 › https://list.jd.com 被重定向到 p.egou.com! |
2018-05-09 15:28:14 +08:00 回复了 mcree 创建的主题 › 全球工单系统 › 郑州,联通, https://list.jd.com 被重定向到 p.egou.com! |
正常的时候是这样的:
< HTTP/1.1 200 OK
< Server: JDWS/2.0
< Date: Wed, 09 May 2018 07:25:56 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 172706
< Connection: keep-alive
< Vary: Accept-Encoding
< ups: f102-251|a60-61
< head-status: M
< Expires: Wed, 09 May 2018 07:25:56 GMT
< Cache-Control: max-age=0
< Last-Modified: Wed, 09 May 2018 07:26:00 GMT
< Via: BJ-Y-NX-113(MISS), http/1.1 ZZ-UNI-1-JCS-155 ( [cMsSfW])
< Age: 0
<
{ [15978 bytes data]
<!DOCTYPE html>
.......
< HTTP/1.1 200 OK
< Server: JDWS/2.0
< Date: Wed, 09 May 2018 07:25:56 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 172706
< Connection: keep-alive
< Vary: Accept-Encoding
< ups: f102-251|a60-61
< head-status: M
< Expires: Wed, 09 May 2018 07:25:56 GMT
< Cache-Control: max-age=0
< Last-Modified: Wed, 09 May 2018 07:26:00 GMT
< Via: BJ-Y-NX-113(MISS), http/1.1 ZZ-UNI-1-JCS-155 ( [cMsSfW])
< Age: 0
<
{ [15978 bytes data]
<!DOCTYPE html>
.......
2018-05-09 15:24:18 +08:00 回复了 mcree 创建的主题 › 全球工单系统 › 郑州,联通, https://list.jd.com 被重定向到 p.egou.com! |
感觉京东的 https 不是 e2e 的,在中间被劫持了。用 curl 请求的话,会这样:
* Connected to list.jd.com (42.236.8.129) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 603 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: *.jd.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=CN,ST=beijing,L=beijing,O=BEIJING JINGDONG SHANGKE INFORMATION TECHNOLOGY CO.\, LTD.,CN=*.jd.com
* start date: Thu, 15 Mar 2018 04:02:02 GMT
* expire date: Tue, 28 Aug 2018 09:42:54 GMT
* issuer: C=BE,O=GlobalSign nv-sa,CN=GlobalSign Organization Validation CA - SHA256 - G2
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /list.html?cat=670,12800,12802 HTTP/1.1
> Host: list.jd.com
> authority: list.jd.com
> cache-control: max-age=0
> upgrade-insecure-requests: 1
> user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
> accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
> dnt: 1
> accept-language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6
> cookie: ipLoc-djd=1-72-4137-0; areaId=1; __jda=122270672.15258484760111185216130.1525848476.1525848476.1525848476.1; __jdc=122270672; __jdv=122270672|direct|-|none|-|1525848476012; 3AB9D23F7A4B3C9B=2CHSSK4AIRJBZHSHVXWZP2IVWEEUGJTGJZU5UIVFZL6X2IPOH2T5OPZDYIP2ZLORI2XMZOYSGEKEU72E6SAB6O54QM; listck=e19706debdda455e4793c3a3a86514ea; __jdu=15258484760111185216130; __jdb=122270672.9.15258484760111185216130|1.1525848476
> if-modified-since: Wed, 09 May 2018 06:50:00 GMT
>
< HTTP/1.1 302 Found
< Server: JDWS/2.0
< Date: Wed, 09 May 2018 07:21:41 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: http://p.egou.com/n?k=6JU4gZDFrI6HWlzl1NXH2mLErI6H2mLq6l2SWcLe6Ew7Wn4H6EDmrI6HYQLErnWF1nzm6N27rIW-&t=u=764050&url=http%3A%2F%2Flist.jd.com%2Flist.html%3Fcat%3D670%2C12800%2C12802%26_t_t_t%3D1
< Age: 0
< Via: http/1.1 ZZ-UNI-1-JCS-155 ( [cMsSf ])
<
{ [16000 bytes data]
: Wed, 09 May 2018 07:21:41 GMT
Cache-Control: max-age=0
Last-Modified: Wed, 09 May 2018 07:21:45 GMT
Via: BJ-Y-NX-113(MISS)
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<title> 游戏耳机 游戏设备 电脑、办公 [行情 价格 评价 图片] - 京东</title>
<link type="text/css" rel="stylesheet" href="//misc.360buyimg.com/??jdf/1.0.0/unit/ui-base/5.0.0/ui-base.css,jdf/1.0.0/unit/shortcut/5.0.0/shortcut.css,jdf/1.0.0/unit/global-header/5.0.0/global-header.css,jdf/1.0.0/unit/myjd/5.0.0/myjd.css,jdf/1.0.0/unit/nav/5.0.0/nav.css,jdf/1.0.0/unit/shoppingcart/5.0.0/shoppingcart.css,jdf/1.0.0/unit/global-footer/5.0.0/global-footer.css,jdf/1.0.0/unit/service/5.0.0/service.css">
命令是 curl -v 'https://list.jd.com/list.html?cat=670,12800,12802' -H 'authority: list.jd.com' -H 'cache-control: max-age=0' -H 'upgrade-insecure-requests: 1' -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36' -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'dnt: 1' -H 'accept-language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6' -H 'cookie: ipLoc-djd=1-72-4137-0; areaId=1; __jda=122270672.15258484760111185216130.1525848476.1525848476.1525848476.1; __jdc=122270672; __jdv=122270672|direct|-|none|-|1525848476012; 3AB9D23F7A4B3C9B=2CHSSK4AIRJBZHSHVXWZP2IVWEEUGJTGJZU5UIVFZL6X2IPOH2T5OPZDYIP2ZLORI2XMZOYSGEKEU72E6SAB6O54QM; listck=e19706debdda455e4793c3a3a86514ea; __jdu=15258484760111185216130; __jdb=122270672.9.15258484760111185216130|1.1525848476' -H 'if-modified-since: Wed, 09 May 2018 06:50:00 GMT'
大家在 hosts 里把 list.jd.com 设成 42.236.8.129 的话,应该也能重现。
* Connected to list.jd.com (42.236.8.129) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 603 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: *.jd.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=CN,ST=beijing,L=beijing,O=BEIJING JINGDONG SHANGKE INFORMATION TECHNOLOGY CO.\, LTD.,CN=*.jd.com
* start date: Thu, 15 Mar 2018 04:02:02 GMT
* expire date: Tue, 28 Aug 2018 09:42:54 GMT
* issuer: C=BE,O=GlobalSign nv-sa,CN=GlobalSign Organization Validation CA - SHA256 - G2
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /list.html?cat=670,12800,12802 HTTP/1.1
> Host: list.jd.com
> authority: list.jd.com
> cache-control: max-age=0
> upgrade-insecure-requests: 1
> user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
> accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
> dnt: 1
> accept-language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6
> cookie: ipLoc-djd=1-72-4137-0; areaId=1; __jda=122270672.15258484760111185216130.1525848476.1525848476.1525848476.1; __jdc=122270672; __jdv=122270672|direct|-|none|-|1525848476012; 3AB9D23F7A4B3C9B=2CHSSK4AIRJBZHSHVXWZP2IVWEEUGJTGJZU5UIVFZL6X2IPOH2T5OPZDYIP2ZLORI2XMZOYSGEKEU72E6SAB6O54QM; listck=e19706debdda455e4793c3a3a86514ea; __jdu=15258484760111185216130; __jdb=122270672.9.15258484760111185216130|1.1525848476
> if-modified-since: Wed, 09 May 2018 06:50:00 GMT
>
< HTTP/1.1 302 Found
< Server: JDWS/2.0
< Date: Wed, 09 May 2018 07:21:41 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: http://p.egou.com/n?k=6JU4gZDFrI6HWlzl1NXH2mLErI6H2mLq6l2SWcLe6Ew7Wn4H6EDmrI6HYQLErnWF1nzm6N27rIW-&t=u=764050&url=http%3A%2F%2Flist.jd.com%2Flist.html%3Fcat%3D670%2C12800%2C12802%26_t_t_t%3D1
< Age: 0
< Via: http/1.1 ZZ-UNI-1-JCS-155 ( [cMsSf ])
<
{ [16000 bytes data]
: Wed, 09 May 2018 07:21:41 GMT
Cache-Control: max-age=0
Last-Modified: Wed, 09 May 2018 07:21:45 GMT
Via: BJ-Y-NX-113(MISS)
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<title> 游戏耳机 游戏设备 电脑、办公 [行情 价格 评价 图片] - 京东</title>
<link type="text/css" rel="stylesheet" href="//misc.360buyimg.com/??jdf/1.0.0/unit/ui-base/5.0.0/ui-base.css,jdf/1.0.0/unit/shortcut/5.0.0/shortcut.css,jdf/1.0.0/unit/global-header/5.0.0/global-header.css,jdf/1.0.0/unit/myjd/5.0.0/myjd.css,jdf/1.0.0/unit/nav/5.0.0/nav.css,jdf/1.0.0/unit/shoppingcart/5.0.0/shoppingcart.css,jdf/1.0.0/unit/global-footer/5.0.0/global-footer.css,jdf/1.0.0/unit/service/5.0.0/service.css">
命令是 curl -v 'https://list.jd.com/list.html?cat=670,12800,12802' -H 'authority: list.jd.com' -H 'cache-control: max-age=0' -H 'upgrade-insecure-requests: 1' -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36' -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' -H 'dnt: 1' -H 'accept-language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6' -H 'cookie: ipLoc-djd=1-72-4137-0; areaId=1; __jda=122270672.15258484760111185216130.1525848476.1525848476.1525848476.1; __jdc=122270672; __jdv=122270672|direct|-|none|-|1525848476012; 3AB9D23F7A4B3C9B=2CHSSK4AIRJBZHSHVXWZP2IVWEEUGJTGJZU5UIVFZL6X2IPOH2T5OPZDYIP2ZLORI2XMZOYSGEKEU72E6SAB6O54QM; listck=e19706debdda455e4793c3a3a86514ea; __jdu=15258484760111185216130; __jdb=122270672.9.15258484760111185216130|1.1525848476' -H 'if-modified-since: Wed, 09 May 2018 06:50:00 GMT'
大家在 hosts 里把 list.jd.com 设成 42.236.8.129 的话,应该也能重现。
2017-01-11 22:05:47 +08:00 回复了 kuretru 创建的主题 › DNS › 大家都在用哪家的公共 DNS 服务器 |
自建 Unbound
2016-12-10 00:17:50 +08:00 回复了 yuyuyu 创建的主题 › Node.js › nodejs dns.lookup 很慢很慢 |
不一定是这个原因,不过上游 DNS 服务器可能有 rate-limit 。
2016-12-08 18:59:43 +08:00 回复了 t123yh 创建的主题 › 宽带症候群 › iperf 带宽测试的结果可靠吗? |
应该是拥塞控制的问题吧(假设您实际要用的是 TCP )。试试 hybla ?不行的话,虽然我不喜欢锐速什么的,但是类似这种情况锐速应该挺有效的。
2016-12-08 18:42:40 +08:00 回复了 amb 创建的主题 › 宽带症候群 › 用梯子的时候,用户的 cookie 是不是完全暴露给梯子铺了? |
@kohnv 你自己搞一个 CA 证书告诉她要装这个证书才能用,或者把 ss 客户端改一改偷偷装个证书(咦,支付宝安全控件好像就干了这事)。
Select Language