php curl 太强大了,它不但可以模仿用户登录,还可以模仿用户IP地址哦,为伪造IP来源,本实例仅供参考哦
curl发出请求的文件fake_ip.php: [php]代码05 | 'CLIENT-IP:58.68.44.61' , |
06 | 'X-FORWARDED-FOR:58.68.44.61' , |
08 | curl_setopt( $ch , CURLOPT_URL, $url ); |
09 | curl_setopt( $ch , CURLOPT_HTTPHEADER, $header ); |
10 | curl_setopt( $ch , CURLOPT_RETURNTRANSFER,true); |
11 | $page_content = curl_exec( $ch ); |
请求的目标文件target_ip.php:[php]代码2 | echo getenv ( 'HTTP_CLIENT_IP' ); |
3 | echo getenv ( 'HTTP_X_FORWARDED_FOR' ); |
4 | echo getenv ( 'REMOTE_ADDR' ); |
目标文件target_ip里面的IP打印顺序是目前很多开源系统的IP获取顺序 访问fake_ip.php,看到结果: 58.68.44.61 58.68.44.61 127.0.0.1 实例 CURL确实很强悍,可以伪造IP和来源。 1.php 请求 2.php 。 [php]代码3 | curl_setopt( $ch , CURLOPT_HTTPHEADER, array ( 'X-FORWARDED-FOR:8.8.8.8' , 'CLIENT-IP:8.8.8.8' )); |
5 | curl_setopt( $ch , CURLOPT_HEADER, 1); |
[php]代码01 | function getClientIp() { |
02 | if (! empty ( $_SERVER [ "HTTP_CLIENT_IP" ])) |
03 | $ip = $_SERVER [ "HTTP_CLIENT_IP" ]; |
04 | else if (! empty ( $_SERVER [ "HTTP_X_FORWARDED_FOR" ])) |
05 | $ip = $_SERVER [ "HTTP_X_FORWARDED_FOR" ]; |
06 | else if (! empty ( $_SERVER [ "REMOTE_ADDR" ])) |
07 | $ip = $_SERVER [ "REMOTE_ADDR" ]; |
12 | echo "IP: " . getClientIp() . "" ; |
13 | echo "referer: " . $_SERVER [ "HTTP_REFERER" ]; |
伪造成功,这是不是给“刷票”的朋友提供了很好的换IP的方案
|