Understanding HTTP and DNS Hijacking and Practical Anti‑Hijacking Solutions for Mobile Apps

What Is HTTP Hijacking and DNS Hijacking?

HTTP hijacking intercepts the data channel between a user and the target service, inserting crafted network packets that cause the client to display unwanted advertisements or redirect to malicious sites. DNS hijacking intercepts domain resolution requests, returning fake IP addresses or no response, leading users to counterfeit websites.

Example 1

Ads appear in the Youku client page that were not added by Youku.

Example 2

Traditional web browsing often triggers pop‑up ads; similar intrusive pop‑ups now appear in mobile internet, sometimes delivering offensive content.

Example 3

A Car Home page was replaced with a different page after a hijacking incident.

Causes of Hijacking

① Advertising Injection

Malicious advertisers embed rogue ads into applications to promote their products.

② ISP Cache Abuse

Some small ISPs use aggressive caching to save bandwidth, creating a false “fast” network illusion that can be exploited for hijacking.

③ Malicious Attacks

Competitors may launch attacks that inject illegal ads, cache data, or otherwise compromise the app.

How Hijacking Occurs

Hijacking typically starts with a client request to a DNS server, which may be tampered with by network operators or profit‑driven entities, altering the IP address or injecting promotional data. Large carriers may also inject promotional content directly into app traffic.

Consequences

① Data Updates Fail

② Illegal Redirects Prevent Content Display

③ Pop‑up Ads Degrade User Experience

④ Embedded Illegal Content Harms App Reputation

Anti‑Hijacking Practices

① Data Legitimacy Verification

Validate data completeness and timeliness; generate a checksum for each payload and reject mismatched data.

② Data Timeliness Verification

Include timestamps in data and verify them on the client; use whitelist/blacklist matching for URLs and page content.

Solutions

① Domain Hijacking Mitigation

For DNS hijacking, replace traditional DNS with HttpDNS, which resolves domain names over HTTP, bypassing compromised DNS servers. For HTTP‑level tampering, employ reverse proxy mechanisms to correct altered requests.

【HttpDNS Principle】

Clients request IP addresses via an HttpDNS server instead of the standard DNS protocol, receiving verified IPs and optionally performing speed tests to select the fastest endpoint, thus mitigating DNS hijacking.

② ISP Cache Handling

Identify and bypass ISP‑level caching by adding cache‑busting parameters to request URLs.

③ Illegal Redirect Blocking

Apply client‑side whitelist/blacklist policies to prevent unauthorized redirects.

④ Illegal Content Insertion Prevention

Monitor and filter injected content using security rules.

Additional Methods

① Network Optimization

② Hijacking Log System

Collect hijacking incidents on the client, compress logs, and send them to a central server when network conditions allow, enabling analysis of hijack patterns.

Real‑Time Data Detection

The log chart shows hijack counts per interface over a day, comparing today (blue) with yesterday (orange). Sudden spikes often correlate with ISP‑driven promotional injections, which can be identified and mitigated.

Success Rate Comparison

The bar chart displays total hijack incidents (white) versus successfully mitigated cases after applying anti‑hijacking strategies (green). Continuous tuning of these strategies reduces the white area, aligning with overall page views and user behavior.

Source: CSDN