This article mainly introduces how php uses curl to forge IP sources. it mainly involves using the CURLOPT_REFERER parameter of curl to implement this function, for more information about how php uses curl to forge IP sources, see the example below. It can be used to forge IP sources, forge domain names, and forge user information for your reference. The specific implementation method is as follows:
Define false user browser information HTTP_USER_AGENT
The code is as follows:
$ Binfo = array ('mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0 ;. net clr 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar) ', 'mozilla/5.0 (Windows NT 5.1; rv: 22.0) Gecko/20100101 Firefox/123456 ', 'mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0 ;. NET4.0C; Alexa Toolbar) ', 'mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)', $ _ SERVER ['http _ USER_AGENT ']);
// 123.125.68 .*
// 125.90.88 .*
Define the source segment of the forged IP address. here I am looking for the IP address of Baidu
The code is as follows:
$ Cip = '1970. 123. 68. '. mt_rand (125 );
$ Xip = '1970. 90. 88. '. mt_rand (125 );
$ Header = array (
'Client-IP: '. $ cip,
'X-FORWARDED-FOR: '. $ xip,
);
Use curl to start sending forged information to the server
The code is as follows:
Function getimgs ($ url, $ userinfo, $ header)
{
$ Ch = curl_init ();
$ Timeout = 5;
Curl_setopt ($ ch, CURLOPT_URL, "$ url ");
Curl_setopt ($ ch, CURLOPT_HTTPHEADER, $ header );
Curl_setopt ($ ch, CURLOPT_REFERER, "http://www.baidu.com /");
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1 );
Curl_setopt ($ ch, CURLOPT_USERAGENT, "$ userinfo ");
Curl_setopt ($ ch, CURLOPT_CONNECTTIMEOUT, $ timeout );
$ Contents = curl_exec ($ ch );
Curl_close ($ ch );
Return $ contents;
}
We can save the obtained data.
The code is as follows:
Function saveimgs ($ handle)
{
$ Fp = fopen('a.jpg ', "w ");
Fwrite ($ fp, $ handle );
Unset ($ fp );
Unset ($ handle );
}
Test counterfeit IP Instances
The code is as follows:
$ Url = 'http: // www.bitscn.com/images/logo.gif ';
$ U = $ binfo [mt_rand (0, 3)];
Saveimgs (getimgs ($ url, $ u, $ header ));
In this case, you have saved a.jpg file in your current directory. can I check whether the server log is our custom user information?
192.168.1.108--[22/Jul/2013: 10: 29: 37 + 0800] "GET/test. php HTTP/1.1 "200 1244"-"" Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0 ;. net clr 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar )"
192.168.1.108--[22/Jul/2013: 10: 29: 37 + 0800] "GET/HTTP/1.1" 200 40538 "http://www.baidu.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0 ;. NET4.0C; Alexa Toolbar )"
192.168.1.108--[22/Jul/2013: 10: 29: 37 + 0800] "GET/test. php HTTP/1.1 "200 1244"-"" Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0 ;. net clr 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar )"
192.168.1.108--[22/Jul/2013: 10: 29: 37 + 0800] "GET/HTTP/1.1" 200 40538 "http://www.baidu.com/" "Mozilla/5.0 (Windows NT 5.1; rv: 22.0) Gecko/20100101 Firefox/22.0"
I can see it. it is completely correct, but I didn't test the IP address. when I use php to obtain the IP address, it will show that I forged the IP address.
I hope this article will help you with PHP programming.