Home  >  Article  >  php教程  >  PHP使用CURL伪造来源IP与网址

PHP使用CURL伪造来源IP与网址

WBOY
WBOYOriginal
2016-06-06 20:12:321189browse

test1.php ?phpob_start();$ch = curl_init();curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php");curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2')); //伪造IPcurl_setopt($ch, CURLOPT_REFE

test1.php

<?php ob_start();
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php");
	curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2'));  //伪造IP
	curl_setopt($ch, CURLOPT_REFERER, "http://www.oicto.com/ ");   //伪造来源网址
	curl_setopt($ch, CURLOPT_HEADER, 1);
	curl_exec($ch);
	curl_close($ch); 
	$out = ob_get_contents();
	ob_clean();
	echo $out;
?>

test2.php

<?php function getClientIp() {
		if (!empty($_SERVER["HTTP_CLIENT_IP"]))
			$ip = $_SERVER["HTTP_CLIENT_IP"];
		else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
			$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
		else if (!empty($_SERVER["REMOTE_ADDR"]))
			$ip = $_SERVER["REMOTE_ADDR"];
		else
			$ip = "err";
		return $ip;
	}
	echo "IP: " . getClientIp() . "  HTTP_CLIENT_IP-: " . $_SERVER["HTTP_CLIENT_IP"] . "    HTTP_X_FORWARDED_FOR-: " . $_SERVER["HTTP_X_FORWARDED_FOR"] . "    REMOTE_ADDR-: " . $_SERVER["REMOTE_ADDR"] . "   ";
	echo "referer: " . $_SERVER["HTTP_REFERER"];
?>

执行结果:

HTTP/1.1 200 OK
Server: DWS/01.03Z33
Date: Mon, 09 Jun 2014 09:27:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
IP: 2.2.2.2  HTTP_CLIENT_IP-: 2.2.2.2    HTTP_X_FORWARDED_FOR-: 1.1.1.1    REMOTE_ADDR-: 127.0.0.1   referer: http://www.oicto.com/

但是暂时还无法伪造骗过:

$_SERVER["REMOTE_ADDR"]。

所以建议大家记录IP时使用$_SERVER["REMOTE_ADDR"]。

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn