伪造IP访问来源

本文最后更新于2014年10月23日,已超过 1 年没有更新,如果文章内容失效,还请反馈给我,谢谢!

内容很简单,先记下来,方便查阅:

  • 伪造IPPHP代码
<?php
    $ch = curl_init();
    $url = "http://localhost/target_ip.php";
    $header = array(
        'CLIENT-IP:58.68.44.61',
        'X-FORWARDED-FOR:58.68.44.61',
    );
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $page_content = curl_exec($ch);
    curl_close($ch);
    echo $page_content;
?>
  • 本地判断来访IPPHP代码
<?php
    echo getenv('HTTP_CLIENT_IP')."n";
    echo getenv('HTTP_X_FORWARDED_FOR')."n";
    echo getenv('REMOTE_ADDR')."n";
?>
  • 伪造IP访问网站
<?php
for ($i = 0; $i < 5; $i++) {
    task();
}
function task() {
    $url = "http://www.xxx.com/?fromuid=272539";
    $ip = "100.100.".rand(1, 255).".".rand(1, 255);
    $headers = array("X-FORWARDED-FOR:$ip");

    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_USERAGENT,  "Mozilla/4.0");
    $src = curl_exec($curl);
    curl_close($curl);
}
?>

 

参考链接:

声明: 除非注明,ixyzero.com文章均为原创,转载请以链接形式标明本文地址,谢谢!
https://ixyzero.com/blog/archives/1527.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注