PHP curl伪造IP地址和header信息代码实例
curl虽然功能强大,但是只能伪造$_SERVER["HTTP_X_FORWARDED_FOR"],对于大多数IP地址检测程序来说,$_SERVER["REMOTE_ADDR"]很难被伪造:
首先是client.php的代码
$headers['CLIENT-IP']='202.103.229.40';
$headers['X-FORWARDED-FOR']='202.103.229.40';
$headerArr=array();
foreach($headersas$n=>$v){
$headerArr[]=$n.':'.$v;
}
ob_start();
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,"http://localhost/curl/server.php");
curl_setopt($ch,CURLOPT_HTTPHEADER,$headerArr); //构造IP
curl_setopt($ch,CURLOPT_REFERER,"http://www.163.com/"); //构造来路
curl_setopt($ch,CURLOPT_HEADER,1);
curl_exec($ch);
curl_close($ch);
$out=ob_get_contents();
ob_clean();
echo$out;
然后是server.php
functionGetIP(){
if(!emptyempty($_SERVER["HTTP_CLIENT_IP"]))
$cip=$_SERVER["HTTP_CLIENT_IP"];
elseif(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$cip=$_SERVER["HTTP_X_FORWARDED_FOR"];
elseif(!emptyempty($_SERVER["REMOTE_ADDR"]))
$cip=$_SERVER["REMOTE_ADDR"];
else
$cip="无法获取!";
return$cip;
}
echo"<br>访问IP:".GetIP()."<br>";
echo"<br>访问来路:".$_SERVER["HTTP_REFERER"];