Of Stack

php uses curl to realize the method of forging IP source

  • 2021-08-06 20:59:19
  • OfStack

In this paper, an example is given to describe the method of forging IP source by php using curl. Can realize forged IP source, forged domain name, forged user information, share for your reference. The specific implementation method is as follows:

Define forged user browser information HTTP_USER_AGENT 

$binfo =array('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar)','Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0','Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; Alexa Toolbar)','Mozilla/4.0(compatible; MSIE 6.0; Windows NT 5.1; SV1)',$_SERVER['HTTP_USER_AGENT']);

//123.125.68.*

//125.90.88.*

Define forged IP source section, here I am looking for Baidu's IP address 
$cip = '123.125.68.'.mt_rand(0,254);

$xip = '125.90.88.'.mt_rand(0,254);

$header = array( 

'CLIENT-IP:'.$cip, 

'X-FORWARDED-FOR:'.$xip, 

);

Using curl to start sending fake information to the server 
function getimgs( $url,$userinfo,$header)

{

 $ch = curl_init();

 $timeout = 5;

 curl_setopt ($ch, CURLOPT_URL, "$url");

 curl_setopt ($ch, CURLOPT_HTTPHEADER, $header);

 curl_setopt ($ch, CURLOPT_REFERER, "http://www.baidu.com/"); 

 curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

 curl_setopt ($ch, CURLOPT_USERAGENT, "$userinfo");

 curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);  

 $contents = curl_exec($ch);

 curl_close($ch);

 return $contents;

}

We'll save the data when we get it 
function saveimgs( $handle )

{

 $fp = fopen('a.jpg',"w");

 fwrite($fp,$handle);

 unset($fp);

 unset($handle);

}

Testing forged IP instances 
$url ='https://www.ofstack.com/images/logo.gif';

$u = $binfo[mt_rand(0,3)];

saveimgs(getimgs($url,$u,$header));

So in your current directory successfully saved a file a. jpg file, I can now check whether the server log is our custom user information

192.168.1.108 - - [22/Jul/2013:10:29:37 +0800] "GET /test.php HTTP/1.1" 200 1244 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar)"
192.168.1.108 - - [22/Jul/2013:10:29:37 +0800] "GET / HTTP/1.1" 200 40538 "http://www.baidu.com/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; Alexa Toolbar)"
192.168.1.108 - - [22/Jul/2013:10:29:37 +0800] "GET /test.php HTTP/1.1" 200 1244 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar)"
192.168.1.108 - - [22/Jul/2013:10:29:37 +0800] "GET / HTTP/1.1" 200 40538 "http://www.baidu.com/" "Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0"

See it, exactly right ah, just IP address I didn't test out, this use of php to get ip address will show that I forged IP address.

I hope this article is helpful to everyone's PHP programming.

Related articles: