PHP用CURL伪造来源IP与来源URL地址程序代码
在php中利用curl伪造来源IP是非常的方法的,下面来给大家介绍一个php 伪造来源IP的例子,但经过测试不能伪造$_SERVER["REMOTE_ADDR"]的来源。
test.php文件
<?php ob_start(); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php"); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2' )); //伪造IP curl_setopt($ch, CURLOPT_REFERER, "http://www.phprm.com/ "); //伪造来源网址 curl_setopt($ch, CURLOPT_HEADER, 1); curl_exec($ch); curl_close($ch); $out = ob_get_contents(); ob_clean(); echo $out; ?>
test2.php文件代码如下
<?php
function getClientIp() {
if (!empty($_SERVER["HTTP_CLIENT_IP"])) $ip = $_SERVER["HTTP_CLIENT_IP"];
else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (!empty($_SERVER["REMOTE_ADDR"])) $ip = $_SERVER["REMOTE_ADDR"];
else $ip = "err";
return $ip;
}
echo "<br />IP: " . getClientIp() . " HTTP_CLIENT_IP-: " . $_SERVER["HTTP_CLIENT_IP"] . " HTTP_X_FORWARDED_FOR-: " . $_SERVER["HTTP_X_FORWARDED_FOR"] . " REMOTE_ADDR-: " . $_SERVER["REMOTE_ADDR"] . " ";
echo "<br />referer: " . $_SERVER["HTTP_REFERER"];
?>执行结果:
HTTP/1.1 200 OK Server: DWS/01.03Z33 Date: Mon, 09 Jun 2014 09:27:09 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding <br />IP: 2.2.2.2 HTTP_CLIENT_IP-: 2.2.2.2 HTTP_X_FORWARDED_FOR-: 1.1.1.1
REMOTE_ADDR-: 127.0.0.1 <br />referer: http://www.phprm.com/
但是暂时还无法伪造骗过:
$_SERVER["REMOTE_ADDR"]。
所以建议大家记录IP时使用$_SERVER["REMOTE_ADDR"]。
本文地址:http://www.phprm.com/code/62971.html
转载随意,但请附上文章地址:-)