伪造ip请求代码

转自：http://gaojohn.blogchina.com/1257810.html

HTTP_CLIENT_IP：可通过http头伪造
HTTP_X_FORWARDED_FOR：可通过http头伪造
REMOTE_ADDR：可能是用户真实IP也可能是代理IP

服务端获取IP地址 http://www.taoyiz.com/util/ip 其代码如下:

$s_onlineip = getenv(‘HTTP_CLIENT_IP’);

echo “HTTP_CLIENT_IP:”.$s_onlineip.”<br/>\n”;

$s_onlineip = getenv(‘HTTP_X_FORWARDED_FOR’);

echo “HTTP_X_FORWARDED_FOR:”.$s_onlineip.”<br/>\n”;

$s_onlineip = getenv(‘REMOTE_ADDR’);

echo “REMOTE_ADDR:”.$s_onlineip.”<br/>\n”;

$s_onlineip = $_SERVER['REMOTE_ADDR'];

echo “\$_SERVER['REMOTE_ADDR']:”.$s_onlineip.”<br/>\n”;

客户端代码：
伪造IP测试：

$url = ‘http://www.taoyiz.com/util/ip’;

$data_string = ‘test=test’;

$URL_Info    =    parse_url($url);

$request = ”;

if (!isset($URL_Info["port"]))

$URL_Info["port"]=80;

$request.=”POST “.$URL_Info["path"].” HTTP/1.1\n”;

$request.=”Host: “.$URL_Info["host"].”\n”;

$request.=”Referer: “.$URL_Info["host"].”\n”;

$request.=”Content-type: application/x-www-form-urlencoded\n”;

$request.=”X-Forwarded-For:192.168.1.4\n”;//HTTP_X_FORWARDED_FOR的值

$request.=”client_ip:192.168.1.5\n”;//HTTP_CLIENT_IP的值

$request.=”Content-length: “.strlen($data_string).”\n”;

$request.=”Connection: close\n”;

$request.=”\n”;

$request.=$data_string.”\n”;
//套接字读取（原来可以这样用，直接对句柄fputs()和fgets()进行发送和接收）

$fp = fsockopen($URL_Info["host"], $URL_Info["port"]);

fputs($fp, $request);

$result = ”;

while(!feof($fp)) {

$result .= fgets($fp 1024);

}

fclose($fp);

echo $result;

输出：

HTTP_CLIENT_IP:192.168.1.5

HTTP_X_FORWARDED_FOR:192.168.1.4

REMOTE_ADDR:127.0.0.1

$_SERVER['REMOTE_ADDR']:127.0.0.1

代理IP测试：

$cUrl = curl_init();

curl_setopt($cUrl CURLOPT_URL $url);

curl_setopt($cUrl CURLOPT_RETURNTRANSFER 1);

curl_setopt($cUrl CURLOPT_HEADER 1);

curl_setopt($cUrl CURLOPT_USERAGENT “Mozilla/99.99″);

//curl_setopt($cUrl CURLOPT_TIMEOUT 10);

curl_setopt($cUrl CURLOPT_PROXY ’125.77.194.103:80′);

$c = curl_exec($cUrl);

curl_close($cUrl);

echo $c;

输出：

HTTP_CLIENT_IP:

HTTP_X_FORWARDED_FOR:

REMOTE_ADDR:125.77.194.103

$_SERVER['REMOTE_ADDR']:125.77.194.103