PHP利用CURL伪造IP
client.php1 <?php
2 header("Content-Type: text/html; charset=UTF-8");
3
4 $headers['CLIENT-IP'] = '202.103.229.40';
5 $headers['X-FORWARDED-FOR'] = '202.103.229.40';
6
7 $headerArr = array();
8 foreach($headers as $n => $v)
9 {
10 $headerArr[] = $n .':' . $v;
11 }
12
13 ob_start();
14 $ch = curl_init();
15 curl_setopt($ch,CURLOPT_URL,"http://localhost/server.php");
16 //构造IP
17 curl_setopt($ch,CURLOPT_HTTPHEADER,$headerArr);
18 //构造来路
19 curl_setopt($ch,CURLOPT_REFERER,"http://www.163.com/");
20 curl_setopt($ch,CURLOPT_HEADER,1);
21
22 curl_exec($ch);
23 curl_close($ch);
24 $out = ob_get_contents();
25 ob_clean();
26 echo $out;
server.php
1 <?php
2 header("Content-Type: text/html; charset=UTF-8");
3 function GetIP()
4 {
5 if(!empty($_SERVER["HTTP_CLIENT_IP"]))
6 {
7 $cip = $_SERVER["HTTP_CLIENT_IP"];
8 }
9 else if(!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
10 {
11 $cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
12 }
13 else if(!empty($_SERVER["REMOTE_ADDR"]))
14 {
15 $cip = $_SERVER["REMOTE_ADDR"];
16 }
17 else
18 {
19 $cip = "无法获取!";
20 }
21 return $cip;
22 }
23 echo "<br>访问IP: ".GetIP()."<br>";
24 echo "访问来路: ".$_SERVER["HTTP_REFERER"];
通过client.php访问http://localhost/client.php结果:
HTTP/1.1 200 OK Date: Tue, 28 Jul 2015 05:52:31 GMT Server: Apache/2.2.21 (Win32) PHP/5.3.10 X-Powered-By: PHP/5.3.10 Content-Length: 65 Content-Type: text/html; charset=UTF-8
访问IP: 202.103.229.40
访问来路: http://www.163.com/
通过server.php直接访问http://localhost/server.php结果:
访问IP: 127.0.0.1
( ! ) Notice: Undefined index: HTTP_REFERER in D:\wamp\www\server.php on line 24
Call Stack
# Time Memory Function Location
1 0.0008 367624 {main}( ) ..\server.php:0
访问来路:
页:
[1]