Phpcurl is too powerful. It not only imitates user logon, but also imitates user IP addresses. To forge IP sources, this instance is for reference only. Php curl is too powerful. It not only imitates user logon, but also imitates user IP addresses. To forge IP sources, this instance is for reference only.
Script ec (2); script
Curl sends the request file fake_ip.php:
Code
The Code is as follows: |
|
$ Ch = curl_init (); $ Url = "http: // localhost/target_ip.php "; $ Header = array ( 'Client-IP: 58.68.44.61 ', 'X-FORWARDED-FOR: 58.68.44.61 ', ); Curl_setopt ($ ch, CURLOPT_URL, $ url ); Curl_setopt ($ ch, CURLOPT_HTTPHEADER, $ header ); Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, true ); $ Page_content = curl_exec ($ ch ); Curl_close ($ ch ); Echo $ page_content; ?> Target file target_ip.php of the request:
Code Echo getenv ('HTTP _ CLIENT_IP '); Echo getenv ('HTTP _ X_FORWARDED_FOR '); Echo getenv ('remote _ ADDR '); ?> |
The IP address printing sequence in the target file target_ip is the IP address Acquisition sequence of many open-source systems.
Access fake_ip.php and see the result:
58.68.44.61
58.68.44.61
127.0.0.1
Instance
CURL is really powerful and can forge IP addresses and sources.
1. php requests 2.php.
The Code is as follows: |
|
1. php code: $ Ch = curl_init (); Curl_setopt ($ ch, CURLOPT_URL, "http: // localhost/2.php "); Curl_setopt ($ ch, CURLOPT_HTTPHEADER, array ('x-FORWARDED-FOR: 8.8.8.8 ', 'client-IP: 8.8.8.8'); // construct an IP address Curl_setopt ($ ch, CURLOPT_REFERER, "http://www.111cn.net/"); // construct a path Curl_setopt ($ ch, CURLOPT_HEADER, 1 ); $ Out = curl_exec ($ ch ); Curl_close ($ ch ); 2. the php code is as follows: Function getClientIp (){ If (! Empty ($ _ SERVER ["HTTP_CLIENT_IP"]) $ Ip = $ _ SERVER ["HTTP_CLIENT_IP"]; Else if (! Empty ($ _ SERVER ["HTTP_X_FORWARDED_FOR"]) $ Ip = $ _ SERVER ["HTTP_X_FORWARDED_FOR"]; Else if (! Empty ($ _ SERVER ["REMOTE_ADDR"]) $ Ip = $ _ SERVER ["REMOTE_ADDR"]; Else $ Ip = "err "; Return $ ip; } Echo "IP:". getClientIp ().""; Echo "referer:". $ _ SERVER ["HTTP_REFERER"]; |
Forged successfully. Is this a good IP address change solution for the "Ticket scalping" friends !!