Https dns劫持

MITM: 中间人攻击

http://www.hack80.com/thread-19103-1-1.html

https://www.zhihu.com/question/22795329

 

Https攻击

Https协议  http://blog.csdn.net/hherima/article/details/52469674

1. 攻击者篡改ca, 为不授信ca, 如果接收方确认继续, 则攻击成立

2. 如果客户端app关闭ca认证环节, 攻击者可以随意篡改ca, 建立通信

 

措施

Certificate Pinning: 证书锁定

HPKP: Http Public Key Pinning 公钥固定

https://linux.cn/article-5282-1.html

https://www.yryz.net/post/http-public-key-pins.html

 

HSTS: HTTP Strict-Transport-Security

https://www.jianshu.com/p/caa80c7ad45c