强大的PHP伪造IP头、Cookies、Reference 

<?
$fp = fsockopen ("openyy.subsir.com", 80, $errno, $errstr, 30);
if (!$fp) {
        echo "$errstr ($errno)\n";
} else {
        $msg="GET /getip.php HTTP/1.0\r\n";
        $msg.="Host:openyy.subsir.com \r\n";
        $msg.="Referer: http://openyy.subsir.com/getip.php \r\n";
        $msg.="Client-IP: 202.101.201.11\r\n";
        $msg.="X-Forwarded-For: 202.101.201.11\r\n"; //主要是这里来构造IP
        $msg.="Connection: Close\r\n\r\n";
        fputs ($fp, $msg);
        while (!feof($fp)) {
                echo fgets ($fp,1024);
        }
        fclose ($fp);
}
?>



HTTP-REFERER这个变量已经越来越不可靠了,完全就是可以伪造出来的东东。 
以下是伪造方法:
PHP(前提是装了curl): 
PHP代码 

$ch = curl_init(); 
curl_setopt ($ch, CURLOPT_URL, "http://www.dc9.cn/xxx.asp"); 
curl_setopt ($ch, CURLOPT_REFERER, "http://www.dc9.cn/"); 
curl_exec ($ch); 
curl_close ($ch); 
PHP(不装curl用sock) 
PHP代码 
$server = 'www.dc9.cn'; 
$host = 'www.dc9.cn'; 
$target = '/xxx.asp'; 
$referer = 'http://www.dc9.cn/'; // Referer 
$port = 80; 
$fp = fsockopen($server, $port, $errno, $errstr, 30); 
if (!$fp) { 
        echo "$errstr ($errno)\n"; 
} else { 
        $out = "GET $target HTTP/1.1\r\n"; 
        $out .= "Host: $host\r\n"; 
        $out .= "Cookie: ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEG\r\n"; 
        $out .= "Referer: $referer\r\n"; 
        $out .= "Connection: Close\r\n\r\n"; 
        fwrite($fp, $out); 
        while (!feof($fp)) { 
                echo fgets($fp, 128); 
        } 
        fclose($fp); 
}

IP也可以伪造

$fp = fsockopen ("192.168.0.128", 80, $errno, $errstr, 30);
if (!$fp) {
        echo "$errstr ($errno)\n";
} else {
        $msg="GET /003.php HTTP/1.0\r\n";
        $msg.="Host: 192.168.0.128\r\n";
        $msg.="Referer: http://www.baidu.com\r\n";

        $msg.="Client-IP: 1.1.1.1\r\n";
        $msg.="X-Forwarded-For: 1.1.1.1\r\n"; //主要是这里来构造IP
        $msg.="Connection: Close\r\n\r\n";
        fputs ($fp, $msg);
        while (!feof($fp)) {
                echo fgets ($fp,1024);
        }
        fclose ($fp);
}

其实这个可以用$_SERVER['REMOTE_ADDR']来得到正确IP,但是人们为了得到代理访问IP,而采用的得到IP的方法往往不是$_SERVER['REMOTE_ADDR'],这就为我们提供了机会。

注意以上在现实中用处不是很大,因为这好像对第三方统计没有用,而现在都是用的第三方统计。

 

//server端获取IP通用方法 

function GetIP() {
 if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'),'unknown')){
      $ip = getenv('HTTP_CLIENT_IP');
 }elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')){
      $ip = getenv('HTTP_X_FORWARDED_FOR');
 }elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')){
      $ip = getenv('REMOTE_ADDR');
 }elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')){
      $ip = $_SERVER['REMOTE_ADDR'];
 }
 return preg_match("/[\d\.]{7,15}/",$ip,$matches)?$matches[0]:'unknown';
}
posted @ 2012-07-03 14:11  subsir  阅读(1518)  评论(0编辑  收藏  举报