What does traffic hijacking mean?

 Traffic hijacking is the use of various malicious software to modify the browser, lock the homepage, or pop up new windows, forcing users to visit certain websites, thus resulting in the loss of user traffic. Traffic hijacking can be avoided by using trusted SSL certificates, the SSL protocol provides authentication of the server, so DNS hijacking will be detected and terminated when connecting to the wrong server, which ultimately leads to the inability to realize the DNS hostage attack; and the data encryption and integrity check provided by the SSL protocol also solves the problem of sniffing and modifying the data content of the key information.

The core of SSL protocol is based on the theory of public key cryptography to achieve server identity authentication, data privacy protection data integrity checks, and other functions. SSL protocol in the HTTP request before the start of the increase in the handshake phase, in the SSL handshake phase, the client browser will authenticate the identity of the server, which is achieved through the "certificate This is achieved through the "certificate", the certificate issued by the certificate authority (CA) for a domain name, can be interpreted as a website identity documents, the client needs to authenticate this document, you need to determine whether the certificate belongs to the target site and to confirm whether the certificate itself is valid. Finally, during the handshake phase, the two communicating parties also negotiate a session key for encryption and decryption.

After the SSL handshake, the server and the client use the negotiated session key to encrypt/decrypt the interacting data, which, in the case of the HTTP protocol, means that the HTTP request and response are encrypted before being sent over the network.

As a result, because the SSL protocol provides authentication of the server, DNS hijacking that results in a connection to the wrong server will be detected and the connection will be terminated, which ultimately prevents the realization of the DNS hijacking attack.