This article mainly introduces PHP curl forged IP address and header information code example. This article gives the server and client Implementation code, providing forgery function and server-side detection code, friends in need can refer to it
Although curl is powerful, it can only forge $_SERVER["HTTP_X_FORWARDED_FOR"]. For most IP address detection programs, $_SERVER["REMOTE_ADDR"] is difficult to forge:
First is the code of client.php
The code is as follows:
$headers['CLIENT-IP'] = '202.103.229.40';
$headers['X-FORWARDED-FOR'] = '202.103.229.40';
$headerArr = array();
foreach( $headers as $n => $v ) {
$headerArr[] = $n .':' . $v;
}
ob_start();
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php");
curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //Construct IP
curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ "); //Construction origin
curl_setopt( $ch, CURLOPT_HEADER, 1);
curl_exec($ch);
curl_close ($ch);
$out = ob_get_contents();
ob_clean();
echo $out;
Then server.php
The code is as follows:
Function GetIP(){
if(!emptyempty($_SERVER["HTTP_CLIENT_IP"]))
$cip = $_SERVER["HTTP_CLIENT_IP"];
else if(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if(!emptyempty($_SERVER["REMOTE_ADDR"]))
$cip = $_SERVER["REMOTE_ADDR"];
else
$cip = "Unable to obtain!";
return $cip;
}
echo "
Access IP: ".GetIP()."
";
echo "
Access source: ".$_SERVER["HTTP_REFERER"];