I found many ways to use Curl to forge the client source IP on the Internet. Almost all of them used the curl function. Later, I verified the results of using this function.
It is powerful. It can not only forge the client source IP but also the proxy IP. Let’s take a look at the code below.
Generally, there are three situations in which a server obtains a client’s IP
1. Without proxy:
#http://www.bKjia.c0m
REMOTE_ADDR=Customer IP
HTTP_VIA = empty
HTTP_X_FORWARDED_FOR = empty
2. When using a proxy and the proxy server is set to forward the client IP:
REMOTE_ADDR = proxy server IP
HTTP_VIA = proxy server IP
HTTP_X_FORWARDED_FOR = Customer IP
HTTP_VIA and HTTP_X_FORWARDED_FOR values can be customized by adding Header headers, and then the client IP can be hidden through this, provided that the service
X_FORWARDED_FOR is enabled on the server side.
To test the effect, create a new PHP program on the server side:
1.php requests index.php.
1.php code:
The code is as follows
代码如下 |
复制代码 |
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://localhost/index.php");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:8.8.8.8', 'CLIENT-IP:8.8.8.8'));
//构造IP
curl_setopt($ch, CURLOPT_REFERER, "http://www.bKjia.c0m/ "); //构造来路
curl_setopt($ch, CURLOPT_HEADER, 1);
$out = curl_exec($ch);
curl_close($ch);
|
| Copy code
|
|
代码如下 |
复制代码 |
function getClientIp() {
if (!empty($_SERVER["HTTP_CLIENT_IP"]))
$ip = $_SERVER["HTTP_CLIENT_IP"];
else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (!empty($_SERVER["REMOTE_ADDR"]))
$ip = $_SERVER["REMOTE_ADDR"];
else
$ip = "err";
return $ip;
}
echo "IP: " . getClientIp() . "";
echo "referer: " . $_SERVER["HTTP_REFERER"];
echo "IP: " . getClientIp() . "";
echo "referer: " . $_SERVER["HTTP_REFERER"];
|
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://localhost/index.php");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:8.8.8.8', 'CLIENT-IP:8.8.8.8'));
//Construct IP
curl_setopt($ch, CURLOPT_REFERER, "http://www.bKjia.c0m/ "); //Construction origin
curl_setopt($ch, CURLOPT_HEADER, 1);
$out = curl_exec($ch);
curl_close($ch);
2.php code is as follows:
The code is as follows
| Copy code
|
function getClientIp() {
If (!empty($_SERVER["HTTP_CLIENT_IP"]))
$ip = $_SERVER["HTTP_CLIENT_IP"]; |
else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (!empty($_SERVER["REMOTE_ADDR"]))
$ip = $_SERVER["REMOTE_ADDR"];
else
$ip = "err";
Return $ip;
}
echo "IP: " . getClientIp() . "";
echo "referer: " . $_SERVER["HTTP_REFERER"];
echo "IP: " . getClientIp() . "";
echo "referer: " . $_SERVER["HTTP_REFERER"];
The forgery is successful. Does this provide a good IP-changing solution for friends who "fake tickets"? !
Ha ha.
HTTP/1.1 200 OK Date: Wed, 03 Apr 2013 06:20:42 GMT Server: Apache/2.2.22 (Win32) PHP/5.3.13<🎜>
<🎜>X-Powered-By: PHP/5.3.13 Content-Length: 44 Content-Type: text/html<🎜>
IP: 8.8.8.8<🎜>
referer: http://www.bKjia.c0m/<🎜>
<🎜><🎜>Let’s look at the curl function<🎜><🎜>
<🎜>List of curl related functions:<🎜>
curl_init — Initialize a CURL session<🎜>
curl_setopt — Set an option for CURL calls <🎜>
curl_exec — Execute a CURL session<🎜>
curl_close — Close a CURL session <🎜>
curl_version — Returns the current CURL version <🎜>
1>curl_init — Initialize a CURL session
http://www.bkjia.com/PHPjc/633127.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/633127.htmlTechArticleI have found many ways to use Curl to forge the client source IP on the Internet. Almost all of them use the curl function. Later, it was verified that the use of this function is indeed powerful. Not only can it forge the client source...