fsockopen socket 无服务器限制 支持header、cookie、refer 挂马远程
function http($url, $limit = 0, $post = '', $cookie = '', $ip = '', $timeout = 15, $block = TRUE, $encodetype = 'URLENCODE', $position = 0, $files = array()) {
$return = '';
$matches = parse_url($url);
$scheme = $matches['scheme'];
$host = $matches['host'];
$path = isset($matches['path']) ? $matches['path'].($matches['query'] ? '?'.$matches['query'] : '') : '/';
$port = !empty($matches['port']) ? $matches['port'] : ($scheme == 'http' ? '80' : '');
$boundary = $encodetype == 'URLENCODE' ? '' : random(40);
if($post) {
if(!is_array($post)) {
parse_str($post, $post);
}
format_postkey($post, $postnew);
$post = $postnew;
}
if($post) {
if($encodetype == 'URLENCODE') {
$data = http_build_query($post);
} else {
$data = '';
foreach($post as $k => $v) {
$data .= "--$boundary\r\n";
$data .= 'Content-Disposition: form-data; name="'.$k.'"'.(isset($files[$k]) ? '; filename="'.basename($files[$k]).'"; Content-Type: application/octet-stream' : '')."\r\n\r\n";
$data .= $v."\r\n";
}
foreach($files as $k => $file) {
if(!isset($post[$k]) && file_exists($file)) {
if($fp = @fopen($file, 'r')) {
$v = fread($fp, filesize($file));
fclose($fp);
$data .= "--$boundary\r\n";
$data .= 'Content-Disposition: form-data; name="'.$k.'"; filename="'.basename($file).'"; Content-Type: application/octet-stream'."\r\n\r\n";
$data .= $v."\r\n";
}
}
}
$data .= "--$boundary\r\n";
}
$out = "POST $path HTTP/1.0\r\n";
$header = "Accept: */*\r\n";
$header .= "Accept-Language: zh-cn\r\n";
$header .= $encodetype == 'URLENCODE' ? "Content-Type: application/x-www-form-urlencoded\r\n" : "Content-Type: multipart/form-data; boundary=$boundary\r\n";
$header .= 'Content-Length: '.strlen($data)."\r\n";
$header .= "User-Agent: $_SERVER[HTTP_USER_AGENT]\r\n";
$header .= "Host: $host:$port\r\n";
$header .= "Connection: Close\r\n";
$header .= "Cache-Control: no-cache\r\n";
$header .= "Cookie: $cookie\r\n\r\n";
$out .= $header;
$out .= $data;
} else {
$out = "GET $path HTTP/1.0\r\n";
$header = "Accept: */*\r\n";
$header .= "Accept-Language: zh-cn\r\n";
$header .= "User-Agent: $_SERVER[HTTP_USER_AGENT]\r\n";
$header .= "Host: $host:$port\r\n";
$header .= "Connection: Close\r\n";
$header .= "Cookie: $cookie\r\n\r\n";
$out .= $header;
}
$fpflag = 0;
if(!$fp = @fsocketopen(($ip ? $ip : $host), $port, $errno, $errstr, $timeout)) {
$context = array(
'http' => array(
'method' => $post ? 'POST' : 'GET',
'header' => $header,
'content' => $post,
'timeout' => $timeout,
),
);
$context = stream_context_create($context);
$fp = @fopen($scheme.'://'.($ip ? $ip : $host).':'.$port.$path, 'b', false, $context);
$fpflag = 1;
}
if(!$fp) {
return '';
} else {
stream_set_blocking($fp, $block);
stream_set_timeout($fp, $timeout);
@fwrite($fp, $out);
$status = stream_get_meta_data($fp);
if(!$status['timed_out']) {
while (!feof($fp) && !$fpflag) {
$header = @fgets($fp);
if($header && ($header == "\r\n" || $header == "\n")) {
break;
}
}
if($position) {
for($i=0; $i<$position; $i++) {
$char = fgetc($fp);
if($char == "\n" && $oldchar != "\r") {
$i++;
}
$oldchar = $char;
}
}
if($limit) {
$return = stream_get_contents($fp, $limit);
} else {
$return = stream_get_contents($fp);
}
}
@fclose($fp);
return $return;
}
}
function format_postkey($post, &$result, $key = '') {
foreach($post as $k => $v) {
$_k = $key ? $key.'['.$k.']' : $k;
if(is_array($v)) {
format_postkey($v, $result, $_k);
} else {
$result[$_k] = $v;
}
}
}
function fsocketopen($hostname, $port = 80, &$errno, &$errstr, $timeout = 15) {
$fp = '';
if(function_exists('fsockopen')) {
$fp = @fsockopen($hostname, $port, $errno, $errstr, $timeout);
} elseif(function_exists('pfsockopen')) {
$fp = @pfsockopen($hostname, $port, $errno, $errstr, $timeout);
} elseif(function_exists('stream_socket_client')) {
$fp = @stream_socket_client($hostname.':'.$port, $errno, $errstr, $timeout);
}
return $fp;
}
//http://my.oschina.net/cart/
var_dump(http('http://www.baidu.com'));
exit();
如在实战采集、挂马中,fsockopen、pfsockopen、stream_socket_client、curl、fopen都被运维工程师禁用了,怎么办呢?
嘿嘿,只要他不封80端口,我们还有一招:socket_create 接下来演示如何使用socket采集demo
需要打开PHP的sockets扩展
extension=php_sockets.dll
$socket = socket_create ( AF_INET, SOCK_STREAM, getprotobyname ( 'tcp' ) );
if (! socket_connect ( $socket, gethostbyname ( 'www.baidu.com' ), 80 )) {
die ( 'Socket error : ' . socket_strerror ( socket_last_error () ) );
}
$header = "GET / HTTP/1.0\r\n";
$header .= "Host: www.baidu.com\r\n";
$header .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$header .= "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36\r\n";
$header .= "Keep-Alive: timeout=5, max=100";
$header .= "Connection: Keep-Alive\r\n\r\n";
socket_write ( $socket, $header, strlen ( $header ) );
$result = '';
while ( $out = socket_read ( $socket, 1024 ) ) {
$result .= $out;
}
socket_close ( $socket );
//http://my.oschina.net/cart/
var_dump ( substr ( $result, strpos ( $result, "\r\n\r\n" ) + 4 ) );
exit();