联通WAP免流量分析

wap.10010.com.             CNAME   wap.10010.lxsvc.cn.
wap.10010.lxsvc.cn.        A       123.125.96.11
m.client.10010.com 	123.125.96.10

访问wap.10010.com

直接连接的是3gwap网关 (10.0.0.172)

GET http://wap.10010.com/ HTTP/1.1
Accept: application/vnd.wap.xhtml+xml, application/xhtml+xml, text/html, image/png, image/jpeg, image/gif, */*;q=0.1
User-Agent: Mozilla/5.0 (Linux; U; Android 5.1.1; zh-cn; NX511J Build/LMY47V) AppleWebKit/534.30 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.3 Mobile Safari/534.30
Q-Refer: 000600
Accept-Language: zh-CN
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
Accept-Encoding: gzip
Proxy-Connection: keep-alive
Host: wap.10010.com

结果却返回
HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=UTF-8
Content-Length: 225
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>705</title>
<meta http-equiv="Cache-Control" content="no-cache"/>
</head>
<body>
<p>
连接服务器失败 
</p>
</body>
</html>




再次发送
POST http://10.0.0.172/ HTTP/1.1
X-Online-Host: 101.226.68.112:8080


访问iread
GET http://iread.wo.com.cn/ HTTP/1.1
Host: iread.wo.com.cn




GET http://10.0.0.172/client/20160422190833/woreader.apk?ProductID=CLIENT&ContentID=5&Time=201605241625402540&TransID=no&SPID=cpid&FA=91143604319&Mimetype=application/vnd.android.package-archive&FeeType=1&TimeStamp=20160524162540&Sec=Sec&DLType=0&clienttag=/woreader.apk HTTP/1.1
X-Online-Host: iread.wo.com.cn:8084
Cookie: chidInCookie=18000000; priorPay=1; statWapTheme=argentinaBlue; user_v_id=201605241624337275; JSESSIONID=BD7206B4635CDDB3E6A4500CC0B7A25D; route=c1b792968db8aca8cf33b676c1976879
Referer: http://iread.wo.com.cn/pages/getOslist.action
Q-UA: ADRQBX53_GA_TMS_1.1_newbee/531001&X5MTT_3/025307&ADR&6812014& NX511J &79234&9439&Android5.1.1 &V3
User-Agent: Mozilla/5.0 (Linux; U; Android 5.1.1; zh-cn; NX511J Build/LMY47V) AppleWebKit/534.30 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.3 Mobile Safari/534.30
Accept: application/vnd.wap.xhtml+xml,application/xml,text/vnd.wap.wml,text/html,application/xhtml+xml,image/jpeg;q=0.5,image/png;q=0.5,image/gif;q=0.5,image/*;q=0.6,video/*,audio/*,*/*;q=0.6
Accept-Encoding: identity
Range: bytes=0-
Host: 10.0.0.172
Connection: Keep-Alive

HTTP/1.1 206 Partial Content
Date: Tue, 24 May 2016 08:25:49 GMT
Content-Type: application/octet-stream
Content-Length: 8350792
Connection: keep-alive
Last-Modified: Fri, 22 Apr 2016 11:08:32 GMT
Expires: Fri, 03 Jun 2016 08:25:49 GMT
Cache-Control: max-age=864000
Content-Range: bytes 0-8350791/8350792


GET http://www.10010.com/hubei/ HTTP/1.1
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
Accept: application/vnd.wap.xhtml+xml, application/xhtml+xml, text/html, image/png, image/jpeg, image/gif, */*;q=0.1
User-Agent: Mozilla/5.0 (Linux; U; Android 5.1.1; zh-cn; NX511J Build/LMY47V) AppleWebKit/534.30 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.3 Mobile Safari/534.30
Q-Refer: 000600
Accept-Language: zh-CN
Accept-Encoding: gzip
Proxy-Connection: keep-alive
Host: www.10010.com
Cookie: SHOP_PROV_CITY=; gipgeo=71|710; mallcity=71|710

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 36110
Server: nginx


POST http://m.client.10010.com/mobileService/query/getNetWorkDetailTip.htm?menuId=000200030004&mobile_c_from=query HTTP/1.1
Host: m.client.10010.com




GET http://112.96.28.17:8080/download/Apps/1/201603/09/%e6%89%8b%e6%9c%ba%e8%90%a5%e4%b8%9a%e5%8e%85_%e5%85%8d%e6%b5%81%e9%87%8f%e4%b8%8b%e8%bd%bd.apk?cid=14106039&s=8&qd=554&contentkey=100001001201401151451004257&phone=haoma&rnd=0xc78298b31dfbf181&tm=1464080797311&ext=&be667603c81c4950b880e289333b99f5 HTTP/1.1
Referer: http://17wo.cn/Content.action?cpd=100001001201401151451004257
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
Accept: application/vnd.wap.xhtml+xml, application/xhtml+xml, text/html, image/png, image/jpeg, image/gif, */*;q=0.1
User-Agent: Mozilla/5.0 (Linux; U; Android 5.1.1; zh-cn; NX511J Build/LMY47V) AppleWebKit/534.30 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.3 Mobile Safari/534.30
Accept-Language: zh-CN
Accept-Encoding: gzip
Proxy-Connection: keep-alive
Host: 112.96.28.17:8080

HTTP/1.1 200 OK
Date: Tue, 24 May 2016 08:46:42 GMT
Server: Apache
Last-Modified: Wed, 09 Mar 2016 09:51:01 GMT
ETag: "700000011610e-a6d7b6-52d9aa2b10de0"
Accept-Ranges: bytes
Content-Length: 10934198
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/vnd.android.package-archive

首页用了CDN的

www.10010.com CNAME www.10010.com.cdn.dnsv1.com
CNAME 279389.p23.tc.cdntip.com

211.91.160.141
211.91.160.142

这么多CDN,为啥不免?

wap.10010.com.		60	IN	CNAME	wap.10010.com.cdn.dnsv1.com.
wap.10010.com.cdn.dnsv1.com. 271 IN	CNAME	279390.p23.tc.cdntip.com.
279390.p23.tc.cdntip.com. 180	IN	A	110.53.180.142
279390.p23.tc.cdntip.com. 180	IN	A	36.248.26.142
279390.p23.tc.cdntip.com. 180	IN	A	124.161.253.17
279390.p23.tc.cdntip.com. 180	IN	A	42.236.125.12
279390.p23.tc.cdntip.com. 180	IN	A	221.204.60.12
279390.p23.tc.cdntip.com. 180	IN	A	36.248.26.141
279390.p23.tc.cdntip.com. 180	IN	A	110.53.180.141
279390.p23.tc.cdntip.com. 180	IN	A	221.204.28.30
279390.p23.tc.cdntip.com. 180	IN	A	113.207.48.145
279390.p23.tc.cdntip.com. 180	IN	A	113.207.48.142
279390.p23.tc.cdntip.com. 180	IN	A	124.161.253.18
279390.p23.tc.cdntip.com. 180	IN	A	221.204.60.11
279390.p23.tc.cdntip.com. 180	IN	A	42.236.126.141
279390.p23.tc.cdntip.com. 180	IN	A	221.204.28.51
279390.p23.tc.cdntip.com. 180	IN	A	14.204.74.142




mob.10010.com.		60	IN	CNAME	mob.10010.com.cdn.dnsv1.com.
mob.10010.com.cdn.dnsv1.com. 600 IN	CNAME	279786.p23.tc.cdntip.com.
279786.p23.tc.cdntip.com. 180	IN	A	124.161.253.17
279786.p23.tc.cdntip.com. 180	IN	A	113.207.48.142
279786.p23.tc.cdntip.com. 180	IN	A	36.248.26.142
279786.p23.tc.cdntip.com. 180	IN	A	221.204.28.51
279786.p23.tc.cdntip.com. 180	IN	A	113.207.48.145
279786.p23.tc.cdntip.com. 180	IN	A	110.53.180.141
279786.p23.tc.cdntip.com. 180	IN	A	36.248.26.141
279786.p23.tc.cdntip.com. 180	IN	A	221.204.60.11
279786.p23.tc.cdntip.com. 180	IN	A	124.161.253.18
279786.p23.tc.cdntip.com. 180	IN	A	42.236.125.12
279786.p23.tc.cdntip.com. 180	IN	A	221.204.28.30
279786.p23.tc.cdntip.com. 180	IN	A	42.236.126.141
279786.p23.tc.cdntip.com. 180	IN	A	221.204.60.12
279786.p23.tc.cdntip.com. 180	IN	A	14.204.74.142
279786.p23.tc.cdntip.com. 180	IN	A	110.53.180.142


img.client.10010.com.	60	IN	CNAME	img.client.10010.com.cdn.dnsv1.com.
img.client.10010.com.cdn.dnsv1.com. 600	IN CNAME 279782.p23.tc.cdntip.com.
279782.p23.tc.cdntip.com. 180	IN	A	110.53.180.141
279782.p23.tc.cdntip.com. 180	IN	A	110.53.180.142
279782.p23.tc.cdntip.com. 180	IN	A	221.204.60.12
279782.p23.tc.cdntip.com. 180	IN	A	221.204.60.11
279782.p23.tc.cdntip.com. 180	IN	A	42.236.126.141
279782.p23.tc.cdntip.com. 180	IN	A	221.204.28.51
279782.p23.tc.cdntip.com. 180	IN	A	42.236.125.12
279782.p23.tc.cdntip.com. 180	IN	A	113.207.48.142
279782.p23.tc.cdntip.com. 180	IN	A	36.248.26.141
279782.p23.tc.cdntip.com. 180	IN	A	14.204.74.142
279782.p23.tc.cdntip.com. 180	IN	A	113.207.48.145
279782.p23.tc.cdntip.com. 180	IN	A	124.161.253.17
279782.p23.tc.cdntip.com. 180	IN	A	124.161.253.18
279782.p23.tc.cdntip.com. 180	IN	A	36.248.26.142
279782.p23.tc.cdntip.com. 180	IN	A	221.204.28.30




mob.10010.com.		60	IN	CNAME	mob.10010.com.cdn.dnsv1.com.
mob.10010.com.cdn.dnsv1.com. 600 IN	CNAME	279786.p23.tc.cdntip.com.
279786.p23.tc.cdntip.com. 180	IN	A	125.211.204.142
279786.p23.tc.cdntip.com. 180	IN	A	221.204.60.12
279786.p23.tc.cdntip.com. 180	IN	A	220.195.19.22
279786.p23.tc.cdntip.com. 180	IN	A	111.202.85.12
279786.p23.tc.cdntip.com. 180	IN	A	220.195.19.20
279786.p23.tc.cdntip.com. 180	IN	A	110.53.180.141
279786.p23.tc.cdntip.com. 180	IN	A	221.204.28.30
279786.p23.tc.cdntip.com. 180	IN	A	220.195.19.18
279786.p23.tc.cdntip.com. 180	IN	A	221.204.60.11
279786.p23.tc.cdntip.com. 180	IN	A	221.204.28.51
279786.p23.tc.cdntip.com. 180	IN	A	121.31.22.151
279786.p23.tc.cdntip.com. 180	IN	A	110.53.180.142
279786.p23.tc.cdntip.com. 180	IN	A	61.240.150.33
279786.p23.tc.cdntip.com. 180	IN	A	220.195.19.21
279786.p23.tc.cdntip.com. 180	IN	A	43.242.181.13



联通WAP免流量分析》上有2条评论

  1. 儿子

    联通有个内容计费配置文件可以参考一下,里面归纳了配置在GGSN上的三七层数据包识别规则

    回复
    1. zhiwei 文章作者

      哪里找到你说的这个文件 以及 “中国联通移动互联网流量盗用风险排查与封堵方案汇报” 这个文件?

      回复

发表评论

电子邮件地址不会被公开。 必填项已用*标注