Gethostbyname \ getaddrinfo DNS domain name IP address is not safe

Step 1:

Make the target domain name point to a fake server IP in the following format:

Fake server IP address website domain name

Write in %Systemroot%\System32\Drivers\Etc\hosts file:

127.0.0.1 blog.csdn.net

Step 2:

Run the following test code and you will find that the domain name has been pointed to a fake server IP address, what harm will it cause?As a result, the software is easily cracked, and the user data is stolen after the user accesses the fake server.

Test code:

 // ----Resolving domain name IP test starts----/*After the hosts file is written: 127.0.0.1 blog.csdn.com,The ip address obtained by gethostbyname \ getaddrinfo will be 127.0.0.1, which is why it is called insecure*///WSADATA wsaData;//WSAStartup(MAKEWORD(2, 2), &wsaData);struct addrinfo *result = nullptr, *curr = nullptr;struct addrinfo hints = { 0 };hints.ai_family = AF_UNSPEC;hints.ai_socktype = SOCK_STREAM;hints.ai_protocol = IPPROTO_TCP;int nRet = getaddrinfo("blog.csdn.net", "443", &hints, &result);if (0 != nRet){int nError = WSAGetLastError();CString szMSG;szMSG.Format(_T("getaddrinfo call failed, error code: %d.\r\n"), nError);Log(szMSG);return;}char chIP[16];for (curr = result; curr != nullptr; curr = curr->ai_next) {inet_ntop(AF_INET, &(((struct sockaddr_in *)(curr->ai_addr))->sin_addr), chIP, 16);Log(CString(chIP) + CString(_T("\r\n")));}freeaddrinfo(result);//WSACleanup();// ----End domain name IP test ----