zoukankan      html  css  js  c++  java
  • PHP使用curl伪造IP地址和header信息

    curl虽然功能强大,但是只能伪造$_SERVER["HTTP_X_FORWARDED_FOR"],对于大多数IP地址检测程序来说,$_SERVER["REMOTE_ADDR"]很难被伪造:

    首先是client.php的代码

     

    $headers['CLIENT-IP'] = '202.103.229.40';  
    $headers['X-FORWARDED-FOR'] = '202.103.229.40'; 
     
    $headerArr = array();  
    foreach( $headers as $n => $v ) {  
        $headerArr[] = $n .':' . $v;   
    }
     
    ob_start();
    $ch = curl_init();
    curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php");
    curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr );  //构造IP
    curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ ");   //构造来路
    curl_setopt( $ch, CURLOPT_HEADER, 1);
     
    curl_exec($ch);
    curl_close ($ch);
    $out = ob_get_contents();
    ob_clean();
     
    echo $out;

     

    然后是server.php

    function GetIP(){
        if(!emptyempty($_SERVER["HTTP_CLIENT_IP"]))
            $cip = $_SERVER["HTTP_CLIENT_IP"];
        else if(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"]))
            $cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
        else if(!emptyempty($_SERVER["REMOTE_ADDR"]))
            $cip = $_SERVER["REMOTE_ADDR"];
        else
        $cip = "无法获取!";
        return $cip;
    }
    echo "
    访问IP: ".GetIP()."
    ";
    echo "
    访问来路: ".$_SERVER["HTTP_REFERER"];

     

  • 相关阅读:
    攀岩
    插入排序
    runtime error
    vector
    旅行家
    九键字母组合
    [蓝桥杯][基础训练]Sine之舞
    代码计算程序运行的时间
    max_element
    distance
  • 原文地址:https://www.cnblogs.com/phper-xf/p/4819376.html
Copyright © 2011-2022 走看看