Home  >  Article  >  Backend Development  >  PHP使用curl伪造IP地址和header信息

PHP使用curl伪造IP地址和header信息

WBOY
WBOYOriginal
2016-07-25 08:42:081155browse

curl虽然功能强大,但是只能伪造$_SERVER["HTTP_X_FORWARDED_FOR"],对于大多数IP地址检测程序来说,$_SERVER["REMOTE_ADDR"]很难被伪造:

首先是client.php的代码

01 $headers['CLIENT-IP'] = '202.103.229.40';
02 $headers['X-FORWARDED-FOR'] = '202.103.229.40';
03
04 $headerArr = array();
05 foreach( $headers as $n => $v ) {
06 $headerArr[] = $n .':' . $v;
07 }
08
09 ob_start();
10 $ch = curl_init();
11 curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php");
12 curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //构造IP
13 curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ "); //构造来路
14 curl_setopt( $ch, CURLOPT_HEADER, 1);
15
16 curl_exec($ch);
17 curl_close ($ch);
18 $out = ob_get_contents();
19 ob_clean();
20
21 echo $out;

然后是server.php

01 function GetIP(){
02 if(!emptyempty($_SERVER["HTTP_CLIENT_IP"]))
03 $cip = $_SERVER["HTTP_CLIENT_IP"];
04 else if(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"]))
05 $cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
06 else if(!emptyempty($_SERVER["REMOTE_ADDR"]))
07 $cip = $_SERVER["REMOTE_ADDR"];
08 else
09 $cip = "无法获取!";
10 return $cip;
11 }
12 echo "
访问IP: ".GetIP()."
";
13 echo "
访问来路: ".$_SERVER["HTTP_REFERER"];
curl, PHP, header


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn