PHP使用CURL伪造来源IP与网址
- WBOYOriginal
- 2016-06-06 20:12:321152browse
test1.php ?phpob_start();$ch = curl_init();curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php");curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2')); //伪造IPcurl_setopt($ch, CURLOPT_REFE
test1.php
<?php ob_start();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2')); //伪造IP
curl_setopt($ch, CURLOPT_REFERER, "http://www.oicto.com/ "); //伪造来源网址
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_exec($ch);
curl_close($ch);
$out = ob_get_contents();
ob_clean();
echo $out;
?>
test2.php
<?php function getClientIp() {
if (!empty($_SERVER["HTTP_CLIENT_IP"]))
$ip = $_SERVER["HTTP_CLIENT_IP"];
else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (!empty($_SERVER["REMOTE_ADDR"]))
$ip = $_SERVER["REMOTE_ADDR"];
else
$ip = "err";
return $ip;
}
echo "IP: " . getClientIp() . " HTTP_CLIENT_IP-: " . $_SERVER["HTTP_CLIENT_IP"] . " HTTP_X_FORWARDED_FOR-: " . $_SERVER["HTTP_X_FORWARDED_FOR"] . " REMOTE_ADDR-: " . $_SERVER["REMOTE_ADDR"] . " ";
echo "referer: " . $_SERVER["HTTP_REFERER"];
?>
执行结果:
HTTP/1.1 200 OK Server: DWS/01.03Z33 Date: Mon, 09 Jun 2014 09:27:09 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding IP: 2.2.2.2 HTTP_CLIENT_IP-: 2.2.2.2 HTTP_X_FORWARDED_FOR-: 1.1.1.1 REMOTE_ADDR-: 127.0.0.1 referer: http://www.oicto.com/
但是暂时还无法伪造骗过:
$_SERVER["REMOTE_ADDR"]。
所以建议大家记录IP时使用$_SERVER["REMOTE_ADDR"]。
原文地址:PHP使用CURL伪造来源IP与网址, 感谢原作者分享。
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:php绘制一条直线的方法Next article:php绘制圆形的方法