php 来路伪造
第一种:php_curl
开启方法:
1、找到php.ini, 修改extension=php_curl.dll 把前面的分号去掉;
2、把php_curl.dll, php5ts.dll, libeay32.dll, ssleay32.dll 复制到 windows/system32目录下 然后重启php的服务;
3、建test.php测试文件, 插入以下代码:
复制代码 代码如下:
<"http://www.example.com/search.asp">http://www.example.com/search.asp"http://www.example.com/">http://www.example.com/); //伪造来路页面
curl_setopt($chtml,CURLOPT_RETURNTRANSFER,1); //是否显示内容
curl_exec($ch); //执行
curl_close($ch); //返回关闭
"codetitle">复制代码 代码如下:
<"www.example.com"; //你要访问的域名
$target = "/test.asp"; //你要访问的页面地址
$referer = "http://www.example.com/"; //伪造来路页面
$fp = fsockopen($host, 80, $errno, $errstr, 30);
if(!$fp){
echo "$errstr($errno)<br />\n";
}else{
$out = "
GET $target HTTP/1.1
Host: $host
Referer: $referer
Connection: Close\r\n\r\n";
fwrite($fp, $out);
while(!feof($fp)){
echo fgets($fp, 1024);
}
fclose($fp);
}
"codetitle">复制代码 代码如下:
<"codetitle">复制代码 代码如下:
<"codetitle">复制代码 代码如下:
<"codetitle">复制代码 代码如下:
$ch = curl_init( http://www.webjx.com/ );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
$output = curl_exec($ch);
$fh = fopen( out.html , \'w\');
fwrite($fh, $output);
fclose($fh);
http的post实现
复制代码 代码如下:
//extract data from the post
extract($_POST);
//set POST variables
$url = \'http://www.webjx.com/get-post.php\';
$fields = array(
\'lname\'=>urlencode($last_name),
\'fname\'=>urlencode($first_name),
\'title\'=>urlencode($title),
\'company\'=>urlencode($institution),
\'age\'=>urlencode($age),
\'email\'=>urlencode($email),
\'phone\'=>urlencode($phone)
);
//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.\'=\'.$value.\'&\'; }
rtrim($fields_string ,\'&\');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
复制代码 代码如下:
<""){
$proxy=trim($proxy);
$user_agent ="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)";
$ch = curl_init(); // 初始化CURL句柄
if(!empty($proxy)){
curl_setopt ($ch, CURLOPT_PROXY, $proxy);//设置代理服务器
}
curl_setopt($ch, CURLOPT_URL, $url); //设置请求的URL
//curl_setopt($ch, CURLOPT_FAILONERROR, 1); // 启用时显示HTTP状态码,默认行为是忽略编号小于等于400的HTTP信息
//curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);//启用时会将服务器服务器返回的“Location:”放在header中递归的返回给服务器
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);// 设为TRUE把curl_exec()结果转化为字串,而不是直接输出
curl_setopt($ch, CURLOPT_POST, 1);//启用POST提交
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfield); //设置POST提交的字符串
//curl_setopt($ch, CURLOPT_PORT, 80); //设置端口
curl_setopt($ch, CURLOPT_TIMEOUT, 25); // 超时时间
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);//HTTP请求User-Agent:头
//curl_setopt($ch,CURLOPT_HEADER,1);//设为TRUE在输出中包含头信息
//$fp = fopen("example_homepage.txt", "w");//输出文件
//curl_setopt($ch, CURLOPT_FILE, $fp);//设置输出文件的位置,值是一个资源类型,默认为STDOUT (浏览器)。
curl_setopt($ch,CURLOPT_HTTPHEADER,array(
'Accept-Language: zh-cn',
'Connection: Keep-Alive',
'Cache-Control: no-cache'
));//设置HTTP头信息
$document = curl_exec($ch); //执行预定义的CURL
$info=curl_getinfo($ch); //得到返回信息的特性
//print_r($info);
if($info[http_code]=="405"){
echo "bad proxy {$proxy}\n"; //代理出错
exit;
}
//curl_close($ch);
return $document;
}
//请求URL
$url="http://example.cn/getInfo.php";
//POST提交数据,可用HTTPWATCH查看
$postfield="userName=test&year=2008&passWord=123456&Submit=";
//代理服务器
$proxy = '';
//请求
$str=curlrequest($url,$postfield,$proxy);
//输出结果
echo $str;
复制代码 代码如下:
<"$errstr($errno)");
fwrite($socket,"POST $remote_path HTTP/1.0\r\n");
fwrite($socket,"User-Agent: Socket Example\r\n");
fwrite($socket,"HOST: $remote_server\r\n");
fwrite($socket,"Content-type: application/x-www-form-urlencoded\r\n");
fwrite($socket,"Content-length: ".strlen($post_string)+8."\r\n");
fwrite($socket,"Accept:*
function request_by_curl($remote_server,$post_string){
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$remote_server);
curl_setopt($ch,CURLOPT_POSTFIELDS,'mypost='.$post_string);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_USERAGENT,"Jimmy's CURL Example beta");
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function request_by_other($remote_server,$post_string){
$context = array(
'http'=>array(
'method'=>'POST',
'header'=>'Content-type: application/x-www-form-urlencoded'."\r\n".
'User-Agent : Jimmy\'s POST Example beta'."\r\n".
'Content-length: '.strlen($post_string)+8,
'content'=>'mypost='.$post_string)
);
$stream_context = stream_context_create($context);
$data = file_get_contents($remote_server,FALSE,$stream_context);
return $data;
}
?>