This article mainly introduces the method of PHP spoofing source HTTP_REFERER, and analyzes in detail the skills and precautions of php spoofing source HTTP_REFERER in the form of examples. It is of practical value and can be used by friends who need it.
This article mainly introduces the method of PHP spoofing source HTTP_REFERER, and analyzes in detail the skills and precautions of php spoofing source HTTP_REFERER in the form of examples. It is of practical value and can be used by friends who need it.
This example describes how to forge the source HTTP_REFERER of PHP. Share it with you for your reference. The specific analysis is as follows:
Nowadays, automatic forum posting machines and automatic top pasting machines are very popular on the Internet, which bring a lot of junk information to many Forum websites, many websites simply use the HTTP_REFERER value to filter machine posts. However, the HTTP_REFERER information on the webpage can be forged. Everything is a dual-sided edge, so long as you are good at using it, it has its own value.
A long time ago, download software such as Flashget and thunder could all forge information, and the forgery of these software HTTP_REFERER is mostly based on the underlying sock to construct false http header information for the purpose. This article will discuss how to forge HTTP_REFERER in php from a technical perspective, in order to let everyone know the process and better defend against it.
Environment: Apache/2.2.8 + PHP/5.2.5 + Windows XP system, local test.
First, create two files: 1. php and 2. php under the virtual root directory of the website.
The content of the 1. php file is as follows:
<? Php $ host = '2017. 0.0.1 '; $ target ='/2. php '; $ referer = 'HTTP: // www.jb51.net'; // forge the HTTP_REFERER address $ fp = fsockopen ($ host, 80, $ errno, $ errstr, 30 ); if (! $ Fp) {echo "$ errstr ($ errno)
\ N ";} else {$ out =" GET $ target HTTP/1.1 Host: $ hostReferer: $ refererConnection: Close \ r \ n "; fwrite ($ fp, $ out); while (! Feof ($ fp) {echo fgets ($ fp, 1024) ;}fclose ($ fp) ;}?>
Another 2. php file is very simple. Just write a line of code to read the current HTTP_REFERER server value, as shown below:
<? Phpecho"
"; Echo $ _ SERVER [" HTTP_REFERER "];?>
Run the 1. php file and open it. The page returns the following information:
HTTP/1.1 200 OK Date: Fri, 04 Apr 2008 16:07:54 GMT Server: Apache/2.2.8 (Win32) PHP/5.2.5 X-Powered-By: PHP/5.2.5 Content-Length: 27 Connection: close Content-Type: text/html; charset = gb2312
The result is displayed. The source HTTP_REFERER information is successfully forged. Therefore, if your website only judges HTTP_REFERER, it is not safe. Others can construct such a source. A simple defense method is to add a verification code to the verification page; you can also use the IP address judgment method.
Supplement: the source code for forgery in ASP is as follows:
<% Dim http set http = server. createobject ("MSXML2.XMLHTTP") '// MSXML2.serverXMLHTTP can also be Http. open "GET", url, false Http. setRequestHeader "Referer", "http://www.jb51.net/" Http. send () %>
If you are a kind of person, please do not use these methods maliciously. After all, if you do a lot of bad things, the effect will be far from enough. For example, if you post a large number of junk posts, it may bring you a lot of external links in the short term, but such a black hat method will be discovered by search engines sooner or later, the links that have been sent out are as much as the water that has been poured out, so the evidence is not beyond your control.
I hope this article will help you with php programming.