How DNS Hijacking Exploits HTTP Weaknesses and Why HTTPS Is Essential

Many users have experienced random ads appearing when visiting normal websites, often caused by DNS hijacking performed by some ISPs.

DNS hijacking works by compromising the DNS lookup process, returning a fake IP address that points to an attacker-controlled server, which can inject ads, scripts, or other malicious content into the page.

What Is DNS Hijacking

Attackers intercept DNS queries and provide false IP addresses, then act as a proxy to forward requests to the legitimate server, modifying the response before it reaches the user.

Methods include compromising DNS servers, altering hosts files, or ISP-level manipulation.

Security Flaws of HTTP

HTTP suffers from three major security shortcomings:

Plaintext transmission – data is sent unencrypted, allowing eavesdropping on unsecured Wi‑Fi or non‑HTTPS sites.

No identity verification – users cannot be sure the content originates from the intended server, enabling phishing via cloned sites.

No data integrity check – attackers can modify messages in transit without detection.

These flaws make users vulnerable to DNS hijacking and other attacks.

HTTPS

HTTPS addresses the three issues by introducing:

1. Content encryption – encrypted data is unreadable to eavesdroppers.

2. Certificates – a trusted Certificate Authority (CA) vouches for the server’s identity.

3. Integrity verification – cryptographic hashes ensure data has not been altered.

HTTPS Under the Hood

HTTPS is essentially HTTP over SSL/TLS, adding an encryption layer between HTTP and TCP.

SSL/TLS provides the encryption, certificate handling, and integrity checks.

Encryption Techniques

SSL uses a hybrid approach combining symmetric and asymmetric encryption.

Symmetric Encryption

Both parties share the same secret key for fast encryption and decryption, but the key must be transmitted securely.

Asymmetric Encryption

Two keys are used: a public key for encryption and a private key for decryption, enabling secure key exchange.

Hybrid Mechanism

1. The client encrypts a randomly generated symmetric key with the server’s public key. ... 2. The server decrypts it with its private key and both parties use the symmetric key for the session.

Certificates

Certificates, issued by a CA, bind a public key to a verified identity, preventing man‑in‑the‑middle attacks.

CA : Certificate Authority, the trusted entity that signs certificates. Digital Certificate : Contains the public key and identity information, signed by a CA.

The verification process involves the client checking the CA’s signature on the server’s certificate using the CA’s public key embedded in browsers.

Self‑Signed Certificates

Individuals can generate their own certificates, but browsers do not trust them by default.

Client Certificates

Similar to server certificates, client certificates authenticate the user to the server, often used in banking.

Example: A USB token containing a client certificate for online banking.

Complete HTTPS Handshake

Client and server negotiate supported encryption algorithms.

Server sends its public‑key certificate.

Client encrypts a pre‑master secret with the server’s public key and sends it.

Server decrypts the pre‑master secret with its private key.

Both derive a master secret, which becomes the symmetric session key.

Performance Impact

HTTPS introduces additional latency due to the SSL handshake (extra RTT) and CPU overhead for encryption/decryption.

Returning to DNS Hijacking

HTTPS mitigates DNS hijacking because an attacker without a valid certificate cannot impersonate the legitimate server; browsers will reject self‑signed or forged certificates, preventing the attacker from delivering altered content.

The server’s private key must remain secret; its compromise nullifies HTTPS security.