search
Homephp教程php手册PHP使用CURL伪造来源IP与网址

PHP使用CURL伪造来源IP与网址

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 06, 2016 pm 08:12 PM
curlphpforgeryusesourceURL

test1.php ?phpob_start();$ch = curl_init();curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php");curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2')); //伪造IPcurl_setopt($ch, CURLOPT_REFE

test1.php

<?php ob_start();
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php");
	curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2'));  //伪造IP
	curl_setopt($ch, CURLOPT_REFERER, "http://www.oicto.com/ ");   //伪造来源网址
	curl_setopt($ch, CURLOPT_HEADER, 1);
	curl_exec($ch);
	curl_close($ch); 
	$out = ob_get_contents();
	ob_clean();
	echo $out;
?>

test2.php

<?php function getClientIp() {
		if (!empty($_SERVER["HTTP_CLIENT_IP"]))
			$ip = $_SERVER["HTTP_CLIENT_IP"];
		else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
			$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
		else if (!empty($_SERVER["REMOTE_ADDR"]))
			$ip = $_SERVER["REMOTE_ADDR"];
		else
			$ip = "err";
		return $ip;
	}
	echo "IP: " . getClientIp() . "  HTTP_CLIENT_IP-: " . $_SERVER["HTTP_CLIENT_IP"] . "    HTTP_X_FORWARDED_FOR-: " . $_SERVER["HTTP_X_FORWARDED_FOR"] . "    REMOTE_ADDR-: " . $_SERVER["REMOTE_ADDR"] . "   ";
	echo "referer: " . $_SERVER["HTTP_REFERER"];
?>

执行结果:

HTTP/1.1 200 OK
Server: DWS/01.03Z33
Date: Mon, 09 Jun 2014 09:27:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
IP: 2.2.2.2  HTTP_CLIENT_IP-: 2.2.2.2    HTTP_X_FORWARDED_FOR-: 1.1.1.1    REMOTE_ADDR-: 127.0.0.1   referer: http://www.oicto.com/

但是暂时还无法伪造骗过:

$_SERVER["REMOTE_ADDR"]。

所以建议大家记录IP时使用$_SERVER["REMOTE_ADDR"]。

原文地址:PHP使用CURL伪造来源IP与网址, 感谢原作者分享。

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Show More

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
Assassin's Creed Shadows: Seashell Riddle Solution
2 weeks agoByDDD
R.E.P.O. How to Fix Audio if You Can't Hear Anyone
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Chat Commands and How to Use Them
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
Show More

Hot Tools

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

Safe Exam Browser

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

Show More

Hot Topics

Where is the login entrance for gmail email?
7545
15
CakePHP Tutorial
1381
52
What is the format of the account name of steam
83
11
win11 activation key permanent
55
19
nyt connections hints and answers
21
87
Show More