PHP使用CURL伪造来源IP与网址
test1.php<?php
ob_start();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2')); //伪造IP
curl_setopt($ch, CURLOPT_REFERER, "http://www.oicto.com/ "); //伪造来源网址
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_exec($ch);
curl_close($ch);
$out = ob_get_contents();
ob_clean();
echo $out;
?>
test2.php
<?php
function getClientIp() {
if (!empty($_SERVER["HTTP_CLIENT_IP"]))
$ip = $_SERVER["HTTP_CLIENT_IP"];
else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (!empty($_SERVER["REMOTE_ADDR"]))
$ip = $_SERVER["REMOTE_ADDR"];
else
$ip = "err";
return $ip;
}
echo "<br />IP: " . getClientIp() . " HTTP_CLIENT_IP-: " . $_SERVER["HTTP_CLIENT_IP"] . " HTTP_X_FORWARDED_FOR-: " . $_SERVER["HTTP_X_FORWARDED_FOR"] . " REMOTE_ADDR-: " . $_SERVER["REMOTE_ADDR"] . " ";
echo "<br />referer: " . $_SERVER["HTTP_REFERER"];
?>
执行结果:
HTTP/1.1 200 OK
Server: DWS/01.03Z33
Date: Mon, 09 Jun 2014 09:27:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
<br />IP: 2.2.2.2 HTTP_CLIENT_IP-: 2.2.2.2 HTTP_X_FORWARDED_FOR-: 1.1.1.1 REMOTE_ADDR-: 127.0.0.1 <br />referer: http://www.oicto.com/
但是暂时还无法伪造骗过:
$_SERVER["REMOTE_ADDR"]。
所以建议大家记录IP时使用$_SERVER["REMOTE_ADDR"]。
查看完整版本: PHP使用CURL伪造来源IP与网址
请求请求Tags: