Home > Backend Development > PHP Tutorial > Learn how to obtain the client IP from ticket swiping, ticket swiping client ip_PHP tutorial

Learn how to obtain the client IP from ticket swiping, ticket swiping client ip_PHP tutorial

WBOY
Release: 2016-07-12 09:08:01
Original
1140 people have browsed it

Learn how to get the client IP from ticket swiping, ticket swiping client ip

In the past two weeks, I helped a friend’s relative’s child to swipe tickets. Who makes us programmers? During this process, I have also encountered problems such as reinstalling the system, removing dust, shopping on Taobao, stealing QQ, downloading movies, why a certain software cannot be used, etc. If you say no, they will say that your computer skills are very good. No problem can be solved.

Brushing tickets is divided into various restrictions, registered users, verification codes, and IP restrictions. This vote brushing website, not this voting website, has IP restrictions. If we want to break the limit, we need to understand how to obtain the user's IP.

getenv('HTTP_X_FORWARDED_FOR')
getenv('HTTP_CLIENT_IP')
getenv('REMOTE_ADDR')
Copy after login

HTTP_X_FORWARDED_FOR

This is obtained from the http header, and its format is A ip, B ip, C ip. There are two reasons why this happens

A website uses load balancing due to excessive traffic, so a load balancer is placed in front of the application so that users cannot access it directly.
Users use proxies to access.
The user first uses A IP. Each time a layer of proxy is added, this header will add one more IP at the end, separated by commas, and finally reach the real web container. As long as the information is obtained from the header, it can be forged. Therefore, the A IP used in this case may not be the user's real IP. So in our case, we can only regard the IP connected to the load balancer as the user's real IP. At least this data is correct. But this IP may be the user's proxy IP, not the user's real IP. But this situation is at least better than the user's fake IP.

HTTP_CLIENT_IP

This is also obtained from the header. It was originally intended to record the user’s real IP, but it is rarely used.

REMOTE_ADDR

This is the IP to obtain the connection. Only small websites use this method, which directly exposes the data. The site is a single point without any load balancing. If the upper layer uses pxory, this data is the IP of the proxy.

The evil thing I did was to directly forge the x-forwarder-for data and then deceive them. However, within a few days, this vulnerability was discovered, and then I switched to using a proxy to swipe directly.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1057475.htmlTechArticleLearn how to get the client IP from brushing tickets. I helped a relative of a friend two weeks ago by brushing the client IP. Children swipe tickets, who makes us programmers? I also encountered reinstalling the system...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template