本文演示如何通过PHP和cURL伪造客户端IP地址和访问来源,并解释了$_SERVER['REMOTE_ADDR']为何无法伪造。
curl伪造ip和来路,还可以进行投票,但是,$_SERVER['REMOTE_ADDR']无法伪造。
客户端:
01 | <?php |
02 | $headers['CLIENT-IP'] = '202.103.229.40'; |
03 | $headers['X-FORWARDED-FOR'] = '202.103.229.40'; |
04 | |
05 | $headerArr = array(); |
06 | foreach( $headers as $n => $v ) { |
07 | $headerArr[] = $n .':' . $v; |
08 | } |
09 | |
10 | ob_start(); |
11 | $ch = curl_init(); |
12 | curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php"); |
13 | curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //构造IP |
14 | curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ "); //构造来路 |
15 | curl_setopt( $ch, CURLOPT_HEADER, 1); |
16 | |
17 | curl_exec($ch); |
18 | curl_close ($ch); |
19 | $out = ob_get_contents(); |
20 | ob_clean(); |
21 | |
22 | echo $out; |
23 | ?> |
01 | <?php |
02 | function GetIP(){ |
03 | if(!empty($_SERVER["HTTP_CLIENT_IP"])) |
04 | $cip = $_SERVER["HTTP_CLIENT_IP"]; |
05 | else if(!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) |
06 | $cip = $_SERVER["HTTP_X_FORWARDED_FOR"]; |
07 | else if(!empty($_SERVER["REMOTE_ADDR"])) |
08 | $cip = $_SERVER["REMOTE_ADDR"]; |
09 | else |
10 | $cip = "无法获取!"; |
11 | return $cip; |
12 | } |
13 | echo "<BR>访问IP: ".GetIP()."<br>"; |
14 | echo "<BR>访问来路: ".$_SERVER["HTTP_REFERER"]; |
15 | ?> |
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
