强大的PHP伪造IP头、Cookies、Reference

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<?
$fp = fsockopen ("openyy.subsir.com", 80, $errno, $errstr, 30);
if (!$fp) {
        echo "$errstr ($errno)\n";
} else {
        $msg="GET /getip.php HTTP/1.0\r\n";
        $msg.="Host:openyy.subsir.com \r\n";
        $msg.="Referer: http://openyy.subsir.com/getip.php \r\n";
        $msg.="Client-IP: 202.101.201.11\r\n";
        $msg.="X-Forwarded-For: 202.101.201.11\r\n"; //主要是这里来构造IP
        $msg.="Connection: Close\r\n\r\n";
        fputs ($fp, $msg);
        while (!feof($fp)) {
                echo fgets ($fp,1024);
        }
        fclose ($fp);
}
?>



HTTP-REFERER这个变量已经越来越不可靠了,完全就是可以伪造出来的东东。 
以下是伪造方法:
PHP(前提是装了curl): 
PHP代码 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://www.dc9.cn/xxx.asp");
curl_setopt ($ch, CURLOPT_REFERER, "http://www.dc9.cn/");
curl_exec ($ch);
curl_close ($ch);
PHP(不装curl用sock)
PHP代码
$server = 'www.dc9.cn';
$host = 'www.dc9.cn';
$target = '/xxx.asp';
$referer = 'http://www.dc9.cn/'; // Referer
$port = 80;
$fp = fsockopen($server, $port, $errno, $errstr, 30);
if (!$fp) {
        echo "$errstr ($errno)\n";
} else {
        $out = "GET $target HTTP/1.1\r\n";
        $out .= "Host: $host\r\n";
        $out .= "Cookie: ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEG\r\n";
        $out .= "Referer: $referer\r\n";
        $out .= "Connection: Close\r\n\r\n";
        fwrite($fp, $out);
        while (!feof($fp)) {
                echo fgets($fp, 128);
        }
        fclose($fp);
}

IP也可以伪造

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$fp = fsockopen ("192.168.0.128", 80, $errno, $errstr, 30);
if (!$fp) {
        echo "$errstr ($errno)\n";
} else {
        $msg="GET /003.php HTTP/1.0\r\n";
        $msg.="Host: 192.168.0.128\r\n";
        $msg.="Referer: http://www.baidu.com\r\n";
 
        $msg.="Client-IP: 1.1.1.1\r\n";
        $msg.="X-Forwarded-For: 1.1.1.1\r\n"; //主要是这里来构造IP
        $msg.="Connection: Close\r\n\r\n";
        fputs ($fp, $msg);
        while (!feof($fp)) {
                echo fgets ($fp,1024);
        }
        fclose ($fp);
}

其实这个可以用$_SERVER['REMOTE_ADDR']来得到正确IP,但是人们为了得到代理访问IP,而采用的得到IP的方法往往不是$_SERVER['REMOTE_ADDR'],这就为我们提供了机会。

注意以上在现实中用处不是很大,因为这好像对第三方统计没有用,而现在都是用的第三方统计。

 

//server端获取IP通用方法 

?
1
2
3
4
5
6
7
8
9
10
11
12
function GetIP() {
 if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'),'unknown')){
      $ip = getenv('HTTP_CLIENT_IP');
 }elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')){
      $ip = getenv('HTTP_X_FORWARDED_FOR');
 }elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')){
      $ip = getenv('REMOTE_ADDR');
 }elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')){
      $ip = $_SERVER['REMOTE_ADDR'];
 }
 return preg_match("/[\d\.]{7,15}/",$ip,$matches)?$matches[0]:'unknown';
}
posted @   subsir  阅读(1551)  评论(0编辑  收藏  举报
努力加载评论中...
点击右上角即可分享
微信分享提示