利用php教程的http_referer函数来判断用户的来路,这是简单了,
实例
if (isset($_SERVER['HTTP_REFERER'])) {
print "The page you were on previously was {$_SERVER['HTTP_REFERER']}
";
} else {
print "You didn't click any links to get here
";
}
?>Click me!
下面我们让用户不知道我们的来路处理
实例
]$host = "www.123cha.com";
$referer = "http://".$host;
$fp = fsockopen ($host, 80, $errno, $errstr, 30);
if (!$fp){
echo "$errstr ($errno)
;n";
}else{
$request = "
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */"."*
Referer: http://$host
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: $host
Connection: Close"
."rnrn";
fputs ($fp, "$request");
while (!feof($fp))
{
$res[] = fgets($fp,1024);
}
$html = join("",$res);
fclose ($fp);
$fp = file_put_contents("123cha.html",$html);
echo "done";
}[/code]这不就行了?
不过很奇怪的是,
www.hao123.com
的页面抓下来是乱码(除了http头),这是为什么?难道是因为用了gzip之类压缩?[code]$host = "www.zhutiai.com";
$html = file_get_contents("http://".$host);
$fp = file_put_contents("hao123.html",$html);
echo "done";
?>;[/code]
但这样抓的就没问题.
再来分析开始抓的http头
[code]HTTP/1.1 200 OK Date: Wed, 31 Aug 2005 00:59:36 GMT Server: Apache/1.3.27 Cache-Control: max-age=1296000 Expires: Thu, 15 Sep 2005 00:59:36 GMT Last-Modified: Mon, 29 Aug 2005 13:56:00 GMT Accept-Ranges: bytes Connection: close Content-Type: text/html Content-Encoding: gzip Content-Length: 14567[/code]
果然有这句,Content-Encoding: gzip
原来压缩了的,长度14567字节了,
用第二种方法抓,原来没压缩的html是71143字节,原来file_get_contents还可以自动解压缩.
实例二
$host = '127.0.0.1';
$target = '/2.php';
$referer = 'http://www.bkjia.com'; //伪造HTTP_REFERER地址
$fp = fsockopen($host, 80, $errno, $errstr, 30);
if (!$fp){
echo "$errstr($errno)
n";
}
else{
$out = "
GET $target HTTP/1.1
Host: $host
Referer: $referer
Connection: Closernrn";
fwrite($fp, $out);
while (!feof($fp)){
echo fgets($fp, 1024);
}
fclose($fp);
}
?>
另一个2.php文件很简单,只是写上一行读取当前的HTTP_REFERER服务器值的代码即可,如下:
echo "
";
echo $_SERVER["HTTP_REFERER"];
?>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
Atom editor mac version download
The most popular open source editor
WebStorm Mac version
Useful JavaScript development tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
