$data=' { "button":[ { "type":"click", "name":"今日歌曲", "key":"V1001_TODAY_MUSIC" }, { "type":"click", "name":"歌手简介", "key":"V1001_TODAY_SINGER" }, { "name":"菜单", "sub_button":[ { "type":"click", "name":"hello word", "key":"V1001_HELLO_WORLD" }, { "type":"click", "name":"赞一下我们", "key":"V1001_GOOD" }] }] }'; $ch = curl_init($urlcon); //请求的URL地址 curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $data);//$data JSON类型字符串 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Content-Length: ' . strlen($data))); $data = curl_exec($ch); print_r($data);//创建成功返回:{"errcode":0,"errmsg":"ok"}
// POST传输
$data = array( 'partnerId' => '1001', 'method' => 'registerNotify', 'signed' => $str, 'msgBody' => $msgBody ); $data = json_encode($data,JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE); $status = http_post_data($url,$data); echo $status; function http_post_data($url, $data_string) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json; charset=utf-8', 'Content-Length: ' . strlen($data_string)) ); $return_content = curl_exec($ch); curl_close($charset); return $return_content; } // 获取 <?php echo '<pre>'; var_dump($_POST); echo file_get_contents("php://input"); //var_dump($_REQUEST); ?>
伪造IP和来源
echo getUrlData('http://url'); function getUrlData($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:8.8.8.8', 'CLIENT-IP:8.8.8.8')); //构造IP curl_setopt($ch, CURLOPT_REFERER, "http://www.google.com/"); //构造来路 curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt ( $ch, CURLOPT_CONNECTTIMEOUT, 30 ); $out = curl_exec($ch); curl_close($ch); return $out; }
测试调用:
function getClientIp() {
if (!empty($_SERVER["HTTP_CLIENT_IP"]))
$ip = $_SERVER["HTTP_CLIENT_IP"];
else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (!empty($_SERVER["REMOTE_ADDR"]))
$ip = $_SERVER["REMOTE_ADDR"];
else
$ip = "err";
return $ip;
}
echo "IP: " . getClientIp() . "";
echo "referer: " . $_SERVER["HTTP_REFERER"];
###### Post 数据 #######
<?php function Post($curlPost,$url){ $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_NOBODY, true); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, $curlPost); $return_str = curl_exec($curl); curl_close($curl); return $return_str; } $target = "http://url"; $post_data = "account=用户名&password=密码&mobile=手机号码"; echo $gets = Post($post_data, $target); ?>
#### 模拟登陆
1 <?php 2 $discuz_url = 'http://127.0.0.1/discuz/';//论坛地址 3 $login_url = $discuz_url .'logging.php?action=login';//登录页地址 4 5 6 $post_fields = array(); 7 //以下两项不需要修改 8 $post_fields['loginfield'] = 'username'; 9 $post_fields['loginsubmit'] = 'true'; 10 //用户名和密码,必须填写 11 $post_fields['username'] = 'tianxin'; 12 $post_fields['password'] = '111111'; 13 //安全提问 14 $post_fields['questionid'] = 0; 15 $post_fields['answer'] = ''; 16 //@todo验证码 17 $post_fields['seccodeverify'] = ''; 18 19 //获取表单FORMHASH 20 $ch = curl_init($login_url); 21 curl_setopt($ch, CURLOPT_HEADER, 0); 22 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 23 $contents = curl_exec($ch); 24 curl_close($ch); 25 preg_match('/<input\s*type="hidden"\s*name="formhash"\s*value="(.*?)"\s*\/>/i', $contents, $matches); 26 if(!empty($matches)) { 27 $formhash = $matches[1]; 28 } else { 29 die('Not found the forumhash.'); 30 } 31 32 33 34 //POST数据,获取COOKIE,cookie文件放在网站的temp目录下 35 $cookie_file = tempnam('./temp','cookie'); 36 37 $ch = curl_init($login_url); 38 curl_setopt($ch, CURLOPT_HEADER, 0); 39 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 40 curl_setopt($ch, CURLOPT_POST, 1); 41 curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields); 42 curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file); 43 curl_exec($ch); 44 curl_close($ch); 45 46 //取到了关键的cookie文件就可以带着cookie文件去模拟发帖,fid为论坛的栏目ID 47 $send_url = $discuz_url."post.php?action=newthread&fid=2"; 48 49 50 $ch = curl_init($send_url); 51 curl_setopt($ch, CURLOPT_HEADER, 0); 52 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 53 curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file); 54 $contents = curl_exec($ch); 55 curl_close($ch); 56 57 //这里的hash码和登陆窗口的hash码的正则不太一样,这里的hidden多了一个id属性 58 preg_match('/<input\s*type="hidden"\s*name="formhash"\s*id="formhash"\s*value="(.*?)"\s*\/>/i', $contents, $matches); 59 if(!empty($matches)) { 60 $formhash = $matches[1]; 61 } else { 62 die('Not found the forumhash.'); 63 } 64 65 66 $post_data = array(); 67 //帖子标题 68 $post_data['subject'] = 'test2'; 69 //帖子内容 70 $post_data['message'] = 'test2'; 71 $post_data['topicsubmit'] = "yes"; 72 $post_data['extra'] = ''; 73 //帖子标签 74 $post_data['tags'] = 'test'; 75 //帖子的hash码,这个非常关键!假如缺少这个hash码,discuz会警告你来路的页面不正确 76 $post_data['formhash']=$formhash; 77 78 79 $ch = curl_init($send_url); 80 curl_setopt($ch, CURLOPT_REFERER, $send_url); //伪装REFERER 81 curl_setopt($ch, CURLOPT_HEADER, 0); 82 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0); 83 curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file); 84 curl_setopt($ch, CURLOPT_POST, 1); 85 curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); 86 $contents = curl_exec($ch); 87 curl_close($ch); 88 89 //清理cookie文件 90 unlink($cookie_file); 91 92 ?>
1 //提交数据,生成cookie,将cookie保存在临时目录下 2 //在指定目录中建立一个具有唯一文件名的文件。如果该目录不存在,tempnam() 会在系统临时目录中生成一个文件,并返回其文件名 3 4 $cookie_file=tempnam('./temp','cookie'); 5 $ch=curl_init(); 6 $login_url="http://www.xxx.com/login/"; 7 $curlPost="username=username&password=password"; 8 curl_setopt($ch,CURLOPT_URL,$login_url); 9 //启用时会将头文件的信息作为数据流输出 10 curl_setopt($ch,CURLOPT_HEADER,0); 11 curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);//显示http信息输出 12 curl_setopt($ch,CURLOPT_POST,1);//POST请求 13 curl_setopt($ch,CURLOPT_POSTFIELDS,$curlPost);//请求体 14 //设置连接结束后保存cookie信息的文件 15 curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file); 16 curl_exec($ch); 17 curl_close($ch);
1 client端: 2 <?php 3 $headers['CLIENT-IP'] = '202.103.229.40'; 4 $headers['X-FORWARDED-FOR'] = '202.103.229.40'; 5 6 $headerArr = array(); 7 foreach( $headers as $n => $v ) { 8 $headerArr[] = $n .':' . $v; 9 } 10 11 ob_start(); 12 $ch = curl_init(); 13 curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php"); 14 curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //构造IP 15 curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ "); //构造来路 16 curl_setopt( $ch, CURLOPT_HEADER, 1); 17 18 curl_exec($ch); 19 curl_close ($ch); 20 $out = ob_get_contents(); 21 ob_clean(); 22 23 echo $out; 24 ?> 25 26 服务器端 27 <?php 28 function GetIP(){ 29 if(!emptyempty($_SERVER["HTTP_CLIENT_IP"])) 30 $cip = $_SERVER["HTTP_CLIENT_IP"]; 31 else if(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"])) 32 $cip = $_SERVER["HTTP_X_FORWARDED_FOR"]; 33 else if(!emptyempty($_SERVER["REMOTE_ADDR"])) 34 $cip = $_SERVER["REMOTE_ADDR"]; 35 else 36 $cip = "无法获取!"; 37 return $cip; 38 } 39 echo "<br>访问IP: ".GetIP()."<br>"; 40 echo "<br>访问来路: ".$_SERVER["HTTP_REFERER"]; 41 42 ?>
############### 模拟登陆####################
1 function mycurl($url){ 2 $cookie_file = tempnam('./', 'myCookie'); 3 $login_url = ''; 4 $postdata = http_build_query( 5 array( 6 'username' => 'admin', 7 'pass' => 'admin888' 8 ) 9 ); 10 $ch = curl_init($login_url); 11 curl_setopt($ch, CURLOPT_HEADER, 0); 12 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 13 curl_setopt($ch, CURLOPT_POST, 1); 14 curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); 15 curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file); 16 curl_exec($ch); 17 curl_close($ch); 18 19 $ch = curl_init($url); 20 curl_setopt($ch, CURLOPT_HEADER, 0); 21 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 22 curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file); 23 $content = curl_exec($ch); 24 echo $content; 25 curl_close($ch); 26 }
function getWeixin($url){ $ch = curl_init(); $httpheader = array( 'Host' => 'mmbiz.qpic.cn', 'Connection' => 'keep-alive', 'Pragma' => 'no-cache', 'Cache-Control' => 'no-cache', 'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8', 'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36', 'Accept-Encoding' => 'gzip, deflate, sdch', 'Accept-Language' => 'zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4' ); $options = array( CURLOPT_HTTPHEADER => $httpheader, CURLOPT_URL => $url, CURLOPT_TIMEOUT => 5, CURLOPT_FOLLOWLOCATION => 1, CURLOPT_RETURNTRANSFER => true ); curl_setopt_array( $ch , $options ); $result = curl_exec( $ch ); curl_close($ch); return $result; }
浙公网安备 33010602011771号