How to achieve malicious content injection (such as advertising injection) by operators (such as a letter in China)?

during the interview at Tencent the day before yesterday, I was asked a question: how do operators inject malicious content into their pages, or how to achieve the injection of advertisements such as "Big Emperor" that appear in the lower right corner or both sides of some of our common pages? and how can we prevent this kind of advertising injection? Maybe this issue is a little complicated. I hope to analyze it from a technical level. I hope it doesn"t involve sensitive topics in China, you know. Thank you very much)

Jul.20,2021

js injection after https://www.baidu.com/s?ie=UT.
https encryption, the operator cannot decrypt the request, so it is naturally impossible to operate.


operators are generally hijacked by DNS. You know that domain name resolution protocol is to resolve domain name to IP address , while broadband operators can tamper with DNS resolution, resolve your requested domain name to a fake IP address, and the corresponding server forwards and hijacks the request accordingly. Due to the characteristics of http plaintext transmission, what is passed is basically clear, so it is easy to tamper with your html with a script.
the best way to solve this kind of problem is to build a http proxy server on https


, which points all domain name resolution to this proxy server. The proxy server inserts an advertising script into the middle when dealing with html
using https to prevent

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e447ee-44ad9.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e447ee-44ad9.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?