PHP用CURL伪造来源IP与来源URL地址程序代码
发布:smiling 来源: PHP粉丝网 添加日期:2015-04-11 16:23:58 浏览: 评论:0
在php中利用curl伪造来源IP是非常的方法的,下面来给大家介绍一个php 伪造来源IP的例子,但经过测试不能伪造$_SERVER["REMOTE_ADDR"]的来源.
test.php文件,代码如下:
- <?php
- ob_start();
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php");
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2')); //伪造IP
- curl_setopt($ch, CURLOPT_REFERER, "http://www.phpfensi.com/ "); //伪造来源网址
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_exec($ch);
- curl_close($ch);
- $out = ob_get_contents();
- ob_clean();
- echo $out;
- ?>
test2.php文件,代码如下:
- <?php
- function getClientIp() {
- if (!emptyempty($_SERVER["HTTP_CLIENT_IP"]))
- $ip = $_SERVER["HTTP_CLIENT_IP"];
- else if (!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"]))
- $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
- else if (!emptyempty($_SERVER["REMOTE_ADDR"]))
- $ip = $_SERVER["REMOTE_ADDR"];
- else
- $ip = "err";
- return $ip;
- }
- echo "<br />IP: " . getClientIp() . " HTTP_CLIENT_IP-: " . $_SERVER["HTTP_CLIENT_IP"] . " HTTP_X_FORWARDED_FOR-: " . $_SERVER["HTTP_X_FORWARDED_FOR"] . " REMOTE_ADDR-: " . $_SERVER["REMOTE_ADDR"] . " ";
- echo "<br />referer: " . $_SERVER["HTTP_REFERER"];
- ?>
- //执行结果:
- HTTP/1.1 200 OK
- Server: DWS/01.03Z33
- Date: Mon, 09 Jun 2014 09:27:09 GMT
- Content-Type: text/html
- Transfer-Encoding: chunked
- Connection: keep-alive
- Vary: Accept-Encoding
- <br />IP: 2.2.2.2 HTTP_CLIENT_IP-: 2.2.2.2 HTTP_X_FORWARDED_FOR-: 1.1.1.1
- REMOTE_ADDR-: 127.0.0.1 <br />referer: http://www.phpfensi.com/
但是暂时还无法伪造骗过:$_SERVER["REMOTE_ADDR"],所以建议大家记录IP时使用$_SERVER["REMOTE_ADDR"].
Tags: CURL伪造来源 PHP来源URL
推荐文章
热门文章
最新评论文章
- 写给考虑创业的年轻程序员(10)
- PHP新手上路(一)(7)
- 惹恼程序员的十件事(5)
- PHP邮件发送例子,已测试成功(5)
- 致初学者:PHP比ASP优秀的七个理由(4)
- PHP会被淘汰吗?(4)
- PHP新手上路(四)(4)
- 如何去学习PHP?(2)
- 简单入门级php分页代码(2)
- php中邮箱email 电话等格式的验证(2)