How to use PHP to forge referer to break through the network disk and prohibit external connections-PHP Tutorial-php.cn

How to use PHP to forge referer to break through the network disk and prohibit external connections

不言

Release： 2023-04-01 16:38:01

Original

1959 people have browsed it

This article mainly introduces how to use PHP to forge referer to break through the network disk to prohibit external connections. It has certain reference value. Now I share it with everyone. Friends in need can refer to it

General domestic network In order to control traffic, external links to files in the network disk will be prohibited. Clicking on the link to the file in the network disk will generally lead to a special download page, and you must download the file from this page.

For example, the file I put in the nanodisk http://img.namipan.com/downfile/da333ee178bdad6531d1ec1540cf86277c116b6300887600/02.Paid In Full.mp3

This address cannot be downloaded directly or on the web page Play it in the player and click download to go to a download page. If you want to be able to directly download or play this file, you need to forge the referfer and deceive the server. The referfer is a link from the nanodisk.

The first method used is to use PHP’s built-in function stream_context_create.

The code is as follows:

function referfile($url, $refer=”) { 
$opt=array(&#39;http&#39;=>array(&#39;header&#39;=>”Referer: $refer”)); 
$context=stream_context_create( $opt); 
return file_get_contents($url,false, $context); 
}

Copy after login

But this code has a shortcoming. file_get_contents actually reads the files from the other party's server to its own server and then sends them to the browser. Not only does it increase the pressure on your own server, but the download response speed is also very slow. This is not a good solution.

Later I read the manual again, not only to reduce the pressure on my own server, but also to confuse the other party's server. Just modify the Referfer information in the header.

The revised code is as follows:

<?php 
$url="img.namipan.com/downfile/da333ee178bdad6531d1ec1540cf86277c116b6300887600/02.Paid%20In%20Full.mp3";//这里的url要过滤掉http:// 
$urlarr=explode("/",$url); 
$domain=$urlarr[0];//分解出域名 
$getfile=str_replace($urlarr[0],",$url); 
$content = @fsockopen("$domain", 80, $errno, $errstr, 12);//先连接上对方的服务器 
if (!$content){//无法链接就提示错误信息 
die("对不起，无法连接上 $domain 。"); 
} 
fputs($content, "GET $getfile HTTP/1.0\r\n"); 
fputs($content, "Host: $domain\r\n"); 
fputs($content, "Referer: $domain\r\n");//伪造referfer 
fputs($content, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\r\n"); 

while (!feof($content)) { 
$tp.=fgets($content, 128);将头部信息读取出来，里面将包含：Location:http://xxx/xxx.mp3，我们要的就是这个地址。 
} 
$arr=explode("\n",$tp); 
$arr1=explode("Location: ",$tp); 
$arr2=explode("\n",$arr1[1]);//分解出Location:后面的地址 
header(&#39;Content-Type:application/force-download&#39;); 
header("location:".$arr2[0]); 
fclose($content);

Copy after login

OK, the purpose is achieved.

This original address: http://img.namipan.com/downfile/3a7c64518d46d986283eab73175a8b119305a76480b89200/Equilibrium-Turis_Fratir-02-Wingthors_Hammer.mp3

After conversion:
http:// mms.music.krmcn.com/mms.music/namipan/img~~/3a7c64518d46d986283eab73175a8b119305a76480b89200/Equilibrium-Turis_Fratir-02-Wingthors_Hammer.mp3

Attached is another piece of implementation code:

The most original PHP code to crack network disk restrictions on external links. If you want to learn and research, you can continue to read. If you want to use the code directly and need to improve it, this code is for reference only.

Create a new file file.php. The following parameter is the target address of the referfer that needs to be forged. For example: file.php/http://www.xxx.xxx/xxx.mp3

<? 
$url=str_replace(&#39;/file.php/&#39;,&#39;&#39;,$_SERVER["REQUEST_URI"]);//得出需要转换的网址。这里我就偷懒，不做安全检测了，需要的自己加上去 
$downfile=str_replace(" ","%20",$url);//替换空格之类，可以根据实际情况进行替换 
$downfile=str_replace("http://","",$downfile);//去掉http:// 
$urlarr=explode("/",$downfile);//以"/"分解出域名 
$domain=$urlarr[0];//域名 
$getfile=str_replace($urlarr[0],&#39;&#39;,$downfile);//得出header中的GET部分 
$content = @fsockopen("$domain", 80, $errno, $errstr, 12);//连接目标主机 
if (!$content){//链接不上就提示错误 
die("对不起，无法连接上 $domain 。"); 
} 
fputs($content, "GET $getfile HTTP/1.0\r\n"); 
fputs($content, "Host: $domain\r\n"); 
fputs($content, "Referer: $domain\r\n");//伪造部分 
fputs($content, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n\r\n"); 

while (!feof($content)) { 
$tp.=fgets($content, 128); 
if (strstr($tp,"200 OK")){ //这里要说明一下。header的第一行一般是请求文件的状态。具体请参照HTTP 1.1状态代码及其含义hi.baidu.com/110911/blog/item/21f20d2475af812ed50742c5.html这里 是正常的文件请求状态，只需直接转向就可以。其他状态的继续执行程序 

header("Location:$url"); 
die(); 
} 
} 

//302 转向，大部分的防盗链系统都是先判断referfer，对了的话再转向真实的地址。下面就是获取真实的地址。 
$arr=explode("\n",$tp); 
$arr1=explode("Location: ",$tp);//分解出Location后面的真时地址 
$arr2=explode("\n",$arr1[1]); 
header(&#39;Content-Type:application/force-download&#39;);//强制下载 
header("location:".$arr2[0]);//转向目标地址 
die(); 
?>

Copy after login

115 network disk picture external link test (not done by me): Original address: http:// u.115.com/file/f3b7c9046
External link address: http://115.pp.ru/f3b7c9046/02.jpg

115 Network disk external link test 2 (not done by me ): http://gg.org.ru/115.php/Extraction Code/xxx

The above is the entire content of this article. I hope it will be helpful to everyone’s study. For more related content, please pay attention to PHP Chinese net!

Related recommendations:

Implementing the display of article classes in CMS through php

Analysis on str_replace replacement vulnerability in php

The above is the detailed content of How to use PHP to forge referer to break through the network disk and prohibit external connections. For more information, please follow other related articles on the PHP Chinese website!