Home >php教程 >php手册 >php curl 伪造IP来源的实例代码

php curl 伪造IP来源的实例代码

WBOY
WBOYOriginal
2016-06-13 11:57:11930browse

curl发出请求的文件fake_ip.php:
代码

复制代码 代码如下:


$ch = curl_init();
$url = "http://localhost/target_ip.php";
$header = array(
'CLIENT-IP:58.68.44.61',
'X-FORWARDED-FOR:58.68.44.61',
);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
$page_content = curl_exec($ch);
curl_close($ch);
echo $page_content;
?>


请求的目标文件target_ip.php:

复制代码 代码如下:


echo getenv('HTTP_CLIENT_IP');
echo getenv('HTTP_X_FORWARDED_FOR');
echo getenv('REMOTE_ADDR');
?>


目标文件target_ip里面的IP打印顺序是目前很多开源系统的IP获取顺序
访问fake_ip.php,看到结果:
58.68.44.61
58.68.44.61
127.0.0.1
实例
CURL确实很强悍,可以伪造IP和来源。
1.php 请求 2.php 。

1.php代码:

复制代码 代码如下:


$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://localhost/2.php");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:8.8.8.8', 'CLIENT-IP:8.8.8.8')); //构造IP
curl_setopt($ch, CURLOPT_REFERER, "http://www.jb51.net/ "); //构造来路
curl_setopt($ch, CURLOPT_HEADER, 1);
$out = curl_exec($ch);
curl_close($ch);



2.php代码如下:

复制代码 代码如下:


function getClientIp() {
if (!empty($_SERVER["HTTP_CLIENT_IP"]))
$ip = $_SERVER["HTTP_CLIENT_IP"];
else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (!empty($_SERVER["REMOTE_ADDR"]))
$ip = $_SERVER["REMOTE_ADDR"];
else
$ip = "err";
return $ip;
}
echo "IP: " . getClientIp() . "";
echo "referer: " . $_SERVER["HTTP_REFERER"];


伪造成功,这是不是给“刷票”的朋友提供了很好的换IP的方案
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn