zoukankan      html  css  js  c++  java
  • PHP使用curl伪造IP地址和header信息

    curl虽然功能强大,但是只能伪造$_SERVER["HTTP_X_FORWARDED_FOR"],对于大多数IP地址检测程序来说,$_SERVER["REMOTE_ADDR"]很难被伪造:

    首先是client.php的代码

     

    $headers['CLIENT-IP'] = '202.103.229.40';  
    $headers['X-FORWARDED-FOR'] = '202.103.229.40'; 
     
    $headerArr = array();  
    foreach( $headers as $n => $v ) {  
        $headerArr[] = $n .':' . $v;   
    }
     
    ob_start();
    $ch = curl_init();
    curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php");
    curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr );  //构造IP
    curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ ");   //构造来路
    curl_setopt( $ch, CURLOPT_HEADER, 1);
     
    curl_exec($ch);
    curl_close ($ch);
    $out = ob_get_contents();
    ob_clean();
     
    echo $out;

     

    然后是server.php

    function GetIP(){
        if(!emptyempty($_SERVER["HTTP_CLIENT_IP"]))
            $cip = $_SERVER["HTTP_CLIENT_IP"];
        else if(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"]))
            $cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
        else if(!emptyempty($_SERVER["REMOTE_ADDR"]))
            $cip = $_SERVER["REMOTE_ADDR"];
        else
        $cip = "无法获取!";
        return $cip;
    }
    echo "
    访问IP: ".GetIP()."
    ";
    echo "
    访问来路: ".$_SERVER["HTTP_REFERER"];

     

  • 相关阅读:
    bootstrap2文档的学习
    在mininet上基于ovs,ovx,pox搭建三点虚拟网络
    借鉴一些关于js框架的东西
    setTimeout js
    Ubuntu 上配置静态的ip
    html5 canvas
    获取当前页面的长宽
    ovs的卸载
    tensorflow实现Word2vec
    梯度下降做做优化(batch gd、sgd、adagrad )
  • 原文地址:https://www.cnblogs.com/phper-xf/p/4819376.html
Copyright © 2011-2022 走看看