curl伪造remote_addr

发布时间:2014-01-08 21:39:43 阅读:5218次

python 

http://cuiqingcai.com/1052.html

http://blog.csdn.net/winterto1990/article/details/51225822

[root@web_test python]# cat proxy.py 
# -*- coding:cp936 -*-
import urllib  
import urllib2  
url = "http://www.test.com/test.php"
#user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'  
#headers = { 'User-Agent' : user_agent  }  
proxies={"http":"http://125.88.74.122:82"}   #设置你想要使用的代理  
proxy_s=urllib2.ProxyHandler(proxies)       
opener=urllib2.build_opener(proxy_s)        
urllib2.install_opener(opener)  
values = {'username' : 'cqc',  'password' : 'XXXX' }  
headers = { 'User-Agent' : 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)' ,'Referer':'http://www.zhihu.com/articles'}  
data = urllib.urlencode(values)  
request = urllib2.Request(url, data, headers)  
response = urllib2.urlopen(request)  
page = response.read() 
print page

转:http://s4nds.diandian.com/post/2012-03-24/17240144

curl -x "125.88.74.122:82" "http://www.test.com/tpl/1.php"

curl -x "60.183.212.125:808" "http://www.test.com/tpl/1.php"

首先搭建环境,建立个ip.php.

代码如下:

<?
error_reporting(0);
function GetIP(){
if($_SERVER['HTTP_CLIENT_IP']){
   $onlineip=$_SERVER['HTTP_CLIENT_IP'];
   }elseif($_SERVER['HTTP_X_FORWARDED_FOR']){
   $onlineip=$_SERVER['HTTP_X_FORWARDED_FOR'];
   }else{
   $onlineip=$_SERVER['REMOTE_ADDR'];
   }
return $onlineip;
}
?>

再建立个index.php

代码如下:

<?php
error_reporting(0);
require 'ip.php';   
echo '<hr>'.'Your IP is '.GetIP().'<br>'.'<hr>';
/*echo 'REMOTE_ADDR is '.$_SERVER['REMOTE_ADDR'].'<br>';
echo 'HTTP_CLIENT_IP is  '.$_SERVER['HTTP_CLIENT_IP'].'<br>';
echo 'HTTP_X_FORWARDED_FOR is '.$_SERVER['HTTP_X_FORWARDED_FOR'].'<br>';
echo 'HTTP_VIA is '.$_SERVER['HTTP_VIA'];*/
?>

测试

IP显示正确,客户端真实IP是218.241.179.50

去掉index.php里面的注释,使用代理观察

可以看到REMOTE_ADDR方法抓到了代理IP

HTTP_XFORWARDED_FOR还是抓到了客户端的真实IP

接下来编辑curl_proxy.php,示例代码:

<?php
error_reporting(0);
function curl_string ($url,$user_agent,$proxy){
$ch = curl_init();
curl_setopt ($ch, CURLOPT_PROXY, $proxy);
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt ($ch, CURLOPT_COOKIEJAR, "d:\cookies.txt");
curl_setopt ($ch, CURLOPT_HEADER, 1);
curl_setopt ($ch, CURLOPT_HTTPHEADER, array('CLIENT-IP:125.210.188.36', 'X-FORWARDED-FOR:125.210.188.36'));  //此处可以改为任意假IP
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 120);
$result = curl_exec ($ch);
curl_close($ch);
return $result;
}
$url_page = "http://www.test.com/tpl/1.php";
$user_agent = "Mozilla/4.0";
$proxy = "http://125.88.74.122:82";    //此处为代理服务器IP和PORT
$string = curl_string($url_page,$user_agent,$proxy);
echo $string;
?>

访问curl_proxy.php

 

122.66.*.*是运行脚本服务器的IP,这样就实现了隐藏客户端真实IP的目的。

有的代理服务器会被HTTP_VIA方法侦测到使用了代理服务器,实际上透明代理和高级匿名代理有很大区别。

如有问题,可以QQ搜索群1028468525加入群聊,欢迎一起研究技术

支付宝 微信

有疑问联系站长,请联系QQ:QQ咨询

转载请注明:curl伪造remote_addr 出自老鄢博客 | 欢迎分享