Comments (13)
屏蔽阿里HTTPSDNS网段后依然露地址,怀疑新增HTTPSDNS地址
IOS端使用Stream抓包时并不会露地址,一旦关闭Stream并重启客户端后地址露的干干净净
动态、评论都露,在此之前测试仅评论露地址
尝试在网关设备进行抓包,后续跟进
很奇怪的点,我的主页没露地址(???
from anti-ip-attribution.
from anti-ip-attribution.
POST /x/v2/reply/add HTTP/2
Host: api.bilibili.com
Cookie: _uuid=;
bili_ticket=
; bili_jct=; sid=
Content-Length: 991
Content-Type: application/x-www-form-urlencoded
X-Bili-Ticket:
App-Key: iphone
Session_id:
Env: prod
X-Bili-Trace-Id:
User-Agent: bili-universal/75600100 CFNetwork/1.0 Darwin/23.0.0 os/ios model/iPhone 13 mobi_app/iphone build/75600100 osVer/17.0.3 network/2 channel/AppStore
X-Bili-Aurora-Eid: U1wBT1MGUg==
Buvid: Y24BA523DB03521E430AA6B8AAB9769995A3
X-Bili-Mid: 28092263
Accept-Encoding: gzip, deflate
access_key=
评论的请求,隐藏了关键ID,应该不影响看
from anti-ip-attribution.
已更新,非常感谢。
from anti-ip-attribution.
已更新,非常感谢。
有一个问题,单reject了httpdns.bilivideo.com之后其实还是露,根据最新的抓包来看其实还有dns.google的httpsDNS
![屏幕截图 2023-11-28 005102](https://private-user-images.githubusercontent.com/79711420/285930088-fb4b4297-6a81-439c-a422-833a32bc9659.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk4MzM3MzMsIm5iZiI6MTcxOTgzMzQzMywicGF0aCI6Ii83OTcxMTQyMC8yODU5MzAwODgtZmI0YjQyOTctNmE4MS00MzljLWE0MjItODMzYTMyYmM5NjU5LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MDElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzAxVDExMzAzM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTgyNDBlNWViNjZlZmQ2YThlYWFhN2FmN2ZkMjRiYjNjNDNmYzc5NjliYWRmZDQ3NmNhYWUzMmE3MjM4YTE4MGYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.5qo6ziXR2JXCYF98wKJYGAjwkJ6YoHjy5edHaswvGWU)
在我抓包时就走了这几条请求去httpsDNS,但是一旦离开抓包环境,评论、动态地址直接完全泄露,排除了移动网络影响,目前还在跟进
from anti-ip-attribution.
已更新,非常感谢。
ed95522有一个问题,单reject了httpdns.bilivideo.com之后其实还是露,根据最新的抓包来看其实还有dns.google的httpsDNS
在我抓包时就走了这几条请求去httpsDNS,但是一旦离开抓包环境,评论、动态地址直接完全泄露,排除了移动网络影响,目前还在跟进
我的想法是正确的,肯定还有其他的httpsDNS存在,离开抓包环境(http代理)之后,直接从路由器接口抓取得到的包中目的地址是bilibili国内的CDN
![62c3295faea538d3b5b134f9dfa3e1f](https://private-user-images.githubusercontent.com/79711420/285948402-6db28f47-2cea-418f-b5a3-8e9d25e1db3b.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk4MzM3MzMsIm5iZiI6MTcxOTgzMzQzMywicGF0aCI6Ii83OTcxMTQyMC8yODU5NDg0MDItNmRiMjhmNDctMmNlYS00MThmLWI1YTMtOGU5ZDI1ZTFkYjNiLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MDElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzAxVDExMzAzM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWFkMTJiOGIyYmViNTE0YTMzY2I0ZmJlOGZjMjNhODVkODE5Y2YyYTA3MmM1ZDI1NjhmNzgzOTAwZmFmZTBjODImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.Bx2BcQDsnegeHQGHCwUDouCuGzMKiIz7_Qc7oUP6ye0)
![5c851a2f5bb5c7517d0616071d6c524](https://private-user-images.githubusercontent.com/79711420/285948425-5eca5a00-8f9e-4b27-b2c5-fedf5acd0365.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk4MzM3MzMsIm5iZiI6MTcxOTgzMzQzMywicGF0aCI6Ii83OTcxMTQyMC8yODU5NDg0MjUtNWVjYTVhMDAtOGY5ZS00YjI3LWIyYzUtZmVkZjVhY2QwMzY1LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MDElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzAxVDExMzAzM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTZjYTkwMjQ3MGI0MDY5NmFkMTI3NzkzNWYxNGVmMTg4MDM1NmRhZjQxODE5NTY3ODYzMmVkMDBhZmJkYTVjZWQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.hrtxDksGn-78Emxgfqp8K2j1AGwm0nEflSEIgu4dzPQ)
有没有大佬有IOS导出TLS证书的方案,我在路由器段抓包没法解密HTTPS:(
from anti-ip-attribution.
在重复抓包测试中发现,客户端与101.91.140.124通讯后才出现了国内的CDN地址,经过验证此ip的证书为*.bilivideo.com
![image](https://private-user-images.githubusercontent.com/79711420/285962109-5d3287c2-a8d7-4fe9-8e28-e1e73b2541e4.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk4MzM3MzMsIm5iZiI6MTcxOTgzMzQzMywicGF0aCI6Ii83OTcxMTQyMC8yODU5NjIxMDktNWQzMjg3YzItYThkNy00ZmU5LThlMjgtZTFlNzNiMjU0MWU0LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MDElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzAxVDExMzAzM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTY2YWY0OTJlNjY3MGVlNWRiM2Y5NTM5ZTQ0ZmU3ZWIyYzU2NGU4MWFkMTY5N2NlYjlmZDNjYmE0OGY5NGM3MTMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.Ub2wDsTiOoG6ccb6IibOBX3JPcGEnlrrDjUDzHP0MIc)
在未获得地址的情况下直连了httpdns.bilivideo.com,在重复在各个DNS服务器查询域名后验证了我的猜想
![image](https://private-user-images.githubusercontent.com/79711420/285962277-15414134-2f40-4549-ba91-5544a8cea864.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk4MzM3MzMsIm5iZiI6MTcxOTgzMzQzMywicGF0aCI6Ii83OTcxMTQyMC8yODU5NjIyNzctMTU0MTQxMzQtMmY0MC00NTQ5LWJhOTEtNTU0NGE4Y2VhODY0LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MDElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzAxVDExMzAzM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPThhMDM2ZTdlNmZjZTgyMDgwNjM1NzQ2NTUxMWE5MmVlMTBhYjIyNWNlMmIzMjlhZjdkY2VmMmE0YTEwNGVjMDYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.i6PfCJQbvL2xp-Ia_pRes9NHdWC60-OMT0IPYW0lo-4)
目前应当先禁止以下地址通讯,后续跟进测试结果
-122.9.13.79
-122.9.15.129
-101.91.140.124
-101.91.140.224
from anti-ip-attribution.
它的第一个httpdns查询包竟然出现在了DNS查询之前
什么原理?难道写入了hosts?这么多IP???
from anti-ip-attribution.
增加
- 122.9.13.79
- 122.9.15.129
- 101.91.140.224
- 101.91.140.124
- 117.144.238.29
- 117.185.228.108
- 122.9.7.134
- 116.63.10.135
- 114.116.215.110
- 116.63.10.31
- 112.65.200.117
- 112.64.218.119
这个是最后的屏蔽ip,屏蔽完成后即可不露地址
from anti-ip-attribution.
- DOMAIN-SUFFIX,bilibili.com
- IP-CIDR,122.9.13.79
- IP-CIDR,122.9.15.129
- IP-CIDR,101.91.140.224
- IP-CIDR,101.91.140.124
- IP-CIDR,117.144.238.29
- IP-CIDR,117.185.228.108
- IP-CIDR,122.9.7.134
- IP-CIDR,116.63.10.135
- IP-CIDR,114.116.215.110
- IP-CIDR,116.63.10.31
- IP-CIDR,112.65.200.117
- IP-CIDR,112.64.218.119
from anti-ip-attribution.
Android 端
bundle.putString(KEY_EXT_P2P_HTTPDNS_BILI_IP, "47.101.175.206;47.100.123.169;120.46.169.234;121.36.72.124;");
bundle.putString(KEY_EXT_P2P_BILIDNS_CMCC_IP, "116.63.10.135;122.9.7.134;117.185.228.108;117.144.238.29");
bundle.putString(KEY_EXT_P2P_BILIDNS_CT_IP, "122.9.13.79;122.9.15.129;101.91.140.224;101.91.140.124");
bundle.putString(KEY_EXT_P2P_BILIDNS_CU_IP, "114.116.215.110;116.63.10.31;112.64.218.119;112.65.200.117");
from anti-ip-attribution.
Android 端
bundle.putString(KEY_EXT_P2P_HTTPDNS_BILI_IP, "47.101.175.206;47.100.123.169;120.46.169.234;121.36.72.124;"); bundle.putString(KEY_EXT_P2P_BILIDNS_CMCC_IP, "116.63.10.135;122.9.7.134;117.185.228.108;117.144.238.29"); bundle.putString(KEY_EXT_P2P_BILIDNS_CT_IP, "122.9.13.79;122.9.15.129;101.91.140.224;101.91.140.124"); bundle.putString(KEY_EXT_P2P_BILIDNS_CU_IP, "114.116.215.110;116.63.10.31;112.64.218.119;112.65.200.117");
直接全禁止就好了:(
IOS是黑盒所以只能抓包测,估计也是跟安卓一样的
from anti-ip-attribution.
感谢贡献。
28aa5cd
from anti-ip-attribution.
Related Issues (20)
- 抖音规则 HOT 4
- 百度的不能用,删了吧。 HOT 4
- 如果clash上面有多家机场的多个订阅,parser该怎么写? HOT 5
- 豆瓣抓包 HOT 1
- 米游社&小黑盒 HOT 10
- 有大佬抓下QQ音乐ios端的ip域名吗?本人能力差,就找到了这个 DOMAIN,u6.y.qq.com 但是评论几次就又变回真实ip了。所以感觉不止这一个 HOT 1
- clash-provider中后接策略组似乎是无效的 HOT 1
- 请在clash等IP分流规则添加no-resolve防DNS泄漏 HOT 2
- Stash 配置支持 HOT 1
- nga有多个域名 HOT 1
- Does it support Shadowrocket? HOT 3
- 用了分流规则后,导致B站电脑网页端视频播放卡顿 HOT 20
- 使用规则后无法打开贴吧页面 HOT 2
- B站直播观看 解决分配海外CDN HOT 3
- 小红书失效 HOT 4
- 豆瓣抓包新增 HOT 1
- 小红书检测手段已变(待确定) HOT 6
- 闲鱼检测规则 HOT 2
- 酷安、起点App HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anti-ip-attribution.