PHP spoofed IP address source implementation program

Http-referer This variable has become increasingly unreliable, is completely can be forged out of the Dongdong.

1.php request 2.php.
1.php Code:

The code is as follows	Copy Code
$ch = Curl_init (); curl_setopt ($ch, Curlopt_url, "http://localhost/2.php"); curl_setopt ($ch, Curlopt_httpheader, Array (' x-forwarded-for:8.8.8.8 ', ' client-ip:8.8.8.8 ')); Constructing IP curl_setopt ($ch, Curlopt_referer, "http://www.google.com/"); Structural antecedents curl_setopt ($ch, Curlopt_header, 1); $out = curl_exec ($ch); Curl_close ($ch);

The 2.php code is as follows:

code is as follows

copy code

function Getclientip () {     if (!empty ($_server[) http_client _ip "])         $ip = $_server[" Http_client_ip "];     Else if (!empty ($_server["http_x_forwarded_for"]))         $ip = $_server["http_x _forwarded_for "];     Else if (!empty ($_server["REMOTE_ADDR"))         $ip = $_server["REMOTE_ADDR"];     Else         $ip = "err";     return $ip; } Echo "IP:". Getclientip (). ""; echo "Referer:". $_server["Http_referer"];

Forgery success, this is not to "brush the ticket" friends to provide a good exchange of IP program!!

And look at the relatively complex approach
The following is a forgery method:

The code is as follows	Copy Code
PHP (provided the curl is installed): PHP code $ch = Curl_init (); curl_setopt ($ch, Curlopt_url, "http://www.111cn.net"); curl_setopt ($ch, Curlopt_referer, "http://www.111cn.net/"); Curl_exec ($ch); Curl_close ($ch); PHP (not installed curl with sock)

PHP code

The code is as follows

Copy Code

$server = ' 127.0.0.1 '; $host = ' 127.0.0.1 '; $target = '/xxx.asp '; $referer = ' HTTP://127.0.0.1/'; Referer $port = 80; $fp = Fsockopen ($server, $port, $errno, $errstr, 30); if (! $fp) { echo "$errstr ($errno) <br/>n"; } Else { $out = "Get $target http/1.1rn"; $out. = "Host: $hostrn"; $out. = "COOKIE:ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEGRN"; $out. = "Referer: $refererrn"; $out. = "Connection:closernrn"; Fwrite ($fp, $out); while (!feof ($FP)) { Echo fgets ($FP, 128); } Fclose ($FP); }

IP can also be forged

The code is as follows

Copy Code

$fp = Fsockopen ("192.168.0.128", $errno, $errstr, 30); if (! $fp) { echo "$errstr ($errno) <br>n"; } else { $msg = "get/003.php http/1.0rn"; $msg. = "Host:192.168.0.128rn"; $msg. = "REFERER:HTTP://WWW.BAIDU.COMRN"; $msg. = "Client-ip:1.1.1.1rn"; $msg. = "X-forwarded-for:1.1.1.1rn"; This is mainly to construct IP $msg. = "Connection:closernrn"; Fputs ($fp, $msg); while (!feof ($fp)) { Echo fgets ($FP, 1024); } Fclose ($FP); }

Remember that when using Fsockopen, the command must be rnrn at last, or it will time out.

In fact, this can be used $_server[' remote_addr ' to get the correct IP, but people in order to get proxy access to IP, and the use of IP is often not $_server[' remote_addr '], which provides us with the opportunity.

Here is another article about curl fake IP address of the students interested in the book can refer to

Http://www.111cn.net/phper/php-cy/39779.htm