Detailed explanation of method examples of forging source HTTP_REFERER in PHP, tutorial on forging http_referer_PHP

Detailed explanation of the method of forging the source HTTP_REFERER in PHP, forging http_referer

This article describes the method of forging the source HTTP_REFERER in PHP. Share it with everyone for your reference. The specific analysis is as follows:

Automatic forum posting machines, automatic upvoting machines, etc. are very popular on the Internet today, bringing a lot of spam information to many forum websites. Many websites simply use the value of HTTP_REFERER to filter machine posts, but web pages The HTTP_REFERER source information can be forged. Everything is a double-edged sword, and it has value as long as you are good at utilizing it.

A long time ago, downloading software such as Flashget, Thunder, etc. could forge source information, and the forged HTTP_REFERER of these software was mostly based on the underlying sock to construct false http header information to achieve the purpose. This article will discuss purely from a technical perspective the method of forging HTTP_REFERER in the PHP language, in order to let everyone understand the process and provide better defense.

Environment: Apache/2.2.8 PHP/5.2.5 Windows XP system, local test.
First, create two files, 1.php and 2.php, in the virtual root directory of the website.
Among them, the content of the 1.php file is as follows:

<&#63;php
$host = '127.0.0.1';
$target = '/2.php';
$referer = 'http://www.bkjia.com'; //伪造HTTP_REFERER地址
$fp = fsockopen($host, 80, $errno, $errstr, 30);
if (!$fp){
echo "$errstr($errno)<br />\n";
} 
else{
$out = "
GET $target HTTP/1.1
Host: $host
Referer: $referer
Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)){
echo fgets($fp, 1024);
}
fclose($fp);
}
&#63;>

The other 2.php file is very simple, just write a line of code to read the current HTTP_REFERER server value, as follows:

<&#63;php
echo "<hr />";
echo $_SERVER["HTTP_REFERER"];
&#63;>

Execute the 1.php file and open http://localhost/1.php. The page returns the following information:

HTTP/1.1 200 OK Date: Fri, 04 Apr 2008 16:07:54 GMT Server: Apache/2.2.8 (Win32) PHP/5.2.5 X-Powered-By: PHP/5.2.5 Content-Length: 27 Connection: close Content-Type: text/html; charset=gb2312

See the result? The forged source HTTP_REFERER information was successful. Therefore, if your website only judges HTTP_REFERER, it is not safe. Others can also construct such sources. A simple defense method is to add a verification code to the verification page; it can also be combined with the IP judgment method.

Supplement: The code for the forged source under ASP is as follows:

<%
dim http 
set http=server.createobject("MSXML2.XMLHTTP") '//MSXML2.serverXMLHTTP也可以
Http.open "GET",url,false 
Http.setRequestHeader "Referer","http://www.bkjia.com/" 
Http.send()
%>

If you are a thoughtful person, please do not use these methods maliciously. After all, if you do too many bad things, the effect will be too much; for example, if you post a lot of spam, it may bring you a lot of external links in the short term. However, such black hat methods will be discovered by search engines sooner or later, and these links that have been sent out are like water that has been thrown out and cannot be recovered. Such evidence of crime is beyond your control.

I hope this article will be helpful to everyone’s PHP programming design.

http://www.bkjia.com/PHPjc/1027496.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1027496.htmlTechArticleDetailed example of PHP's method of forging the source HTTP_REFERER, forging http_referer This article describes the method of PHP's method of forging the source HTTP_REFERER. Share it with everyone for your reference. The specific analysis is as follows:...