PHP to crack the code of the Anti-Theft chain by forging HTTP headers

PHP tutorial to crack the code of the Anti-Theft chain by forging HTTP headers

Method One

$txt =$_get[' url '];
Echo referfile ($txt, ' http://www.jzread.com/');

function Referfile ($url, $refer = ') {
$opt =array (' http ' =>array (' header ' => ' Referer: $refer '));
$context =stream_context_create ($opt);
Header ("Location:". $url);
Return file_get_contents ($url, False, $context);
}

<?php
$host = "Pakey.net"; The domain name you want to visit
$target = "/test.asp tutorial"; The address of the page you want to visit
$referer = "http//jzread.com/"; Forge a Routing page
$fp = Fsockopen ($host, $errno, $errstr, 30);
if (! $fp) {
echo "$errstr ($errno) <br/>n";
}else{
$out = "
Get $target http/1.1
Host: $host
Referer: $referer
Connection:closernrn ";

Fwrite ($fp, $out);
while (!feof ($fp)) {
Echo fgets ($FP, 1024);
}
Fclose ($FP);
}
?>

Other methods

$url =str_replace ('/file.php/', ', ', $_server[' Request_uri ']); Here I am lazy, do not do security testing, you need to add to the
$downfile =str_replace ("", "%20", $url);//replace spaces, and so on, can be replaced by the actual situation
$downfile =str_replace ("http://", "", $downfile);//Remove http://
$urlarr =explode ("/", $downfile);//Break out domain name
$domain = $urlarr [0];//domain name
$getfile =str_replace ($urlarr [0], ', $downfile)//Get part of header
$content = @fsockopen ("$domain", $errno , $ERRSTR, 12)//Connect to the target host
if (! $content) {//link does not prompt for error
die ("Sorry, I can't connect to $domain.") ");
}
Fputs ($content, "Get $getfile http/1.0rn");
Fputs ($content, "host: $domainrn");
Fputs ($content, "Referer: $domainrn");//Forged part
Fputs ($content, "user-agent:mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) rnrn ");
while (!feof ($content)) {
$tp. =fgets ($content, 128);
if ($TP, strstr)) {//Here's to explain. The first line of the header is typically the state of the request file. Please refer to the HTTP 1.1 status code and its meaning hi.baidu.com/110911/blog/item/21f20d2475af812ed50742c5.html here is the normal file request status, just turn directly on it. Other shapeThe continued execution program of the state
header ("Location: $url");
Die ();
}
}
//302 steering, most anti-theft chain systems are judged Referfer first, then turn to the real address. Here's how to get the real address.
$arr =explode ("n", $TP);
$arr 1=explode ("Location:", $TP);//Decompose the true-time address after location
$arr 2=explode ("n", $arr 1[1));
Header (' content-type:application/force-download ');//force Download
Header ("Location:". $arr 2[0]);/Turn to Destination address
Die () ;