PHP页面跳转与跨站提交伪造Referer地址来源-php手册-php.cn

Home

php教程

php手册

PHP页面跳转与跨站提交伪造Referer地址来源

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 11:27 AM

phprefererandintroduceforgeryuseaddresssubmitarticlesourceJumppage

本文章来给大家介绍二种利用php来实现页面跳转与跨站提交伪造Referer地址来源具体实现，方法主要用到了fsockopen，curl两个函数，有需要了解的朋友可进入参考。

一、尝试过的URL跳转方法

代码如下

复制代码

echo '';

echo 'window.location.href="'.$url.'";īpt>';

echo '

以上三种方法均无法传递REFERER地址。

二、使用PHP Socket函数伪造REFER
下面是PHP伪造REFERER代码部分，经过测试可以实现REFERER地址传递，其中$url是输入地址。

代码如下

复制代码

$uinfo = parse_url($url);//解析URL地址，比如http://php100.com/archives/1.html

if($uinfo['path']) //

$data = $uinfo['path'];//这里得到/archives/1.html

else

$data = '/';//默认根

if(!$fsp = @fsockopen($uinfo['host'], (($uinfo['port']) ? $uinfo['port'] : "80"), $errno, $errstr, 12)){

echo "对不起对方网站暂时无法打开，请您稍后访问：".$uinfo['host']; exit;

}else{

fputs($fsp, "GET “.$data .” HTTP/1.0rn");//如果是跨站POST提交，可使用POST方法

fputs($fsp, "Host: ".$uinfo['host']."rn");

fputs($fsp, "Referer: php100.comrn");//伪造REFERER地址

fputs($fsp, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)rnrn");

$res='';

while(!feof($fsp)) {

$res.=fgets($fsp, 128);

if(strstr($res,"200 OK")) {

header("Location:$url"); exit;

}

//如果是301或302状态码可以继续处理

//返回地址大概形式：HTTP/1.1 301 Moved PermanentlynContent-Length: 164nContent-Type: text/htmlnLocation: http://php100.com/

$arr=explode("n",$res);

$arr=explode(": ",$arr[3]);//Location后面是真实重定向地址

header("location:".$arr[0]);//跳转目标地址

exit;

利用另一种方法 curl)伪造HTTP_REFERER

代码如下

复制代码

//PHP(前提是装了curl):
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://www.bkjia.com/");
curl_setopt ($ch, CURLOPT_REFERER, "http://www.bkjia.com/");
curl_exec ($ch);
curl_close ($ch);

//PHP(不装curl用sock)
$server = 'blog.qita.in';
$host      = 'blog.qita.in';
$target    = '/xxx.asp';
$referer = 'http://www.baidu.com/';      // Referer
$port      = 80;
$fp = fsockopen($server, $port, $errno, $errstr, 30);
if (!$fp)
{
     echo "$errstr ($errno)
n";
}
else
{
          $out = "GET $target HTTP/1.1rn";
          $out .= "Host: $hostrn";
          $out .= "Cookie: ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEGrn";
          $out .= "Referer: $refererrn";
          $out .= "Connection: Closernrn";
          fwrite($fp, $out);
          while (!feof($fp))
          {
                  echo fgets($fp, 128);
          }
          fclose($fp);
}

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn