Learn how to get the client IP from brushing tickets, brushing client IP_PHP tutorial

Learn how to get the client IP from ticket swiping, ticket swiping client ip

My personal blog, source address: http://www.woniubi.cn/get_client_ip /

Two weeks ago, I helped a friend’s relative’s child to collect tickets. Who makes us programmers? During this process, I have also encountered problems such as reinstalling the system, removing dust, shopping on Taobao, stealing QQ, downloading movies, why a certain software cannot be used, etc. If you say no, they will say that your computer skills are very good. No problem can be solved.

Brushing tickets is divided into various restrictions, registered users, verification codes, and IP restrictions. This vote brushing website, not this voting website, has IP restrictions. If we want to break the limit, we need to understand how to obtain the user's IP.

1：getenv('HTTP_X_FORWARDED_FOR')
2：getenv('HTTP_CLIENT_IP')
3：getenv('REMOTE_ADDR')

HTTP_X_FORWARDED_FOR

This is obtained from the http header, and its format is A ip, B ip, C ip. There are two reasons why this happens

The user first uses A IP. Each time a layer of proxy is added, this header will add one more IP at the end, separated by commas, and finally reach the real web container. As long as the information is obtained from the header, it can be forged. Therefore, the A IP used in this case may not be the user's real IP. So in our case, we can only regard the IP connected to the load balancer as the user's real IP. At least this data is correct. But this IP may be the user's proxy IP, not the user's real IP. But this situation is at least better than the user's fake IP.

HTTP_CLIENT_IP

This is also obtained from the header. It was originally intended to record the user’s real IP, but it is rarely used.

REMOTE_ADDR

This is the IP to obtain the connection. Only small websites use this method, which directly exposes the data. The site is a single point without any load balancing. If the upper layer uses pxory, this data is the IP of the proxy.

What I did evil was to directly forge the x-forwarder-for data and then deceive them. However, within a few days, this vulnerability was discovered, and then I switched to using a proxy to swipe directly.

http://www.bkjia.com/PHPjc/1056842.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1056842.htmlTechArticleLearn how to obtain the client IP from ticket brushing, ticket brushing client IP My personal blog, source address: http:/ /www.woniubi.cn/get_client_ip/ Two weeks ago, I helped a friend’s relative’s child to collect tickets...