php uses curl to implement the method of forging IP sources, curl
The example in this article describes how PHP uses curl to implement forged IP sources. It can forge IP sources, forge domain names, and forge user information, and share them with everyone for your reference. The specific implementation method is as follows:
Define fake user browser information HTTP_USER_AGENT
Copy code The code is as follows:
$binfo =array('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; . NET CLR 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar)','Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0','Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; Alexa Toolbar)','Mozilla/4.0(compatible; MSIE 6.0; Windows NT 5.1; SV1)',$_SERVER['HTTP_USER_AGENT']);
//123.125.68.*
//125.90.88.*
Define the fake IP source segment. Here I am looking for Baidu’s IP address
Copy code The code is as follows:
$cip = '123.125.68.'.mt_rand(0,254);
$xip = '125.90.88.'.mt_rand(0,254);
$header = array(
'CLIENT-IP:'.$cip,
'X-FORWARDED-FOR:'.$xip,
);
Use curl to start sending fake information to the server
Copy code The code is as follows:
function getimgs( $url,$userinfo,$header)
{
$ch = curl_init();
$timeout = 5;
curl_setopt ($ch, CURLOPT_URL, "$url");
curl_setopt ($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt ($ch, CURLOPT_REFERER, "http://www.baidu.com/");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "$userinfo");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$contents = curl_exec($ch);
curl_close($ch);
return $contents;
}
We will save the data after getting it
Copy code The code is as follows:
function saveimgs( $handle )
{
$fp = fopen('a.jpg',"w");
fwrite($fp,$handle);
unset($fp);
unset($handle);
}
Test fake IP instance
Copy code The code is as follows:
$url ='http://www.bkjia.com/images/logo.gif';
$u = $binfo[mt_rand(0,3)];
saveimgs(getimgs($url,$u,$header));
In this way, a file a.jpg is successfully saved in your current directory. I can now check whether the server log is our customized user information
192.168.1.108 - - [22/Jul/2013:10:29:37 +0800] "GET /test.php HTTP/1.1" 200 1244 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar)"
192.168.1.108 - - [22/Jul/2013:10:29:37 +0800] "GET / HTTP/1.1" 200 40538 "http://www.baidu.com/" "Mozilla/4.0 (compatible; MSIE 8.0 ; Windows NT 5.1; Trident/4.0; .NET4.0C; Alexa Toolbar)"
192.168.1.108 - - [22/Jul/2013:10:29:37 +0800] "GET /test.php HTTP/1.1" 200 1244 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident /4.0; .NET CLR 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar)"
192.168.1.108 - - [22/Jul/2013:10:29:37 +0800] "GET / HTTP/1.1" 200 40538 "http://www.baidu.com/" "Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0"
You see, it’s absolutely correct. It’s just that I didn’t test the IP address. When I use php to obtain the IP address, it will show that I forged the IP address.
I hope this article will be helpful to everyone’s PHP programming design.
http://www.bkjia.com/PHPjc/915433.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/915433.htmlTechArticlephp uses curl to implement the method of forging IP sources, curllip This article describes the method of php using curl to implement forged IP sources. . It can forge IP sources, forge domain names, forge user information, etc.