PHP 使用CURL库IP欺骗，隐藏真实客户端IP

Posted 2022-04-20 chenhao1

首先搭建环境，建立个ip.php.

代码如下：

<?

error_reporting(0);

function GetIP()
if($_SERVER[‘HTTP_CLIENT_IP‘])
   $onlineip=$_SERVER[‘HTTP_CLIENT_IP‘];
   elseif($_SERVER[‘HTTP_X_FORWARDED_FOR‘])
   $onlineip=$_SERVER[‘HTTP_X_FORWARDED_FOR‘];
   else
   $onlineip=$_SERVER[‘REMOTE_ADDR‘];
   
return $onlineip;


?>

再建立个index.php

代码如下：

<?php

error_reporting(0);

require ‘ip.php‘;
   
echo ‘<hr>‘.‘Your IP is ‘.GetIP().‘<br>‘.‘<hr>‘;

/*echo ‘REMOTE_ADDR is ‘.$_SERVER[‘REMOTE_ADDR‘].‘<br>‘;
echo ‘HTTP_CLIENT_IP is  ‘.$_SERVER[‘HTTP_CLIENT_IP‘].‘<br>‘;
echo ‘HTTP_X_FORWARDED_FOR is ‘.$_SERVER[‘HTTP_X_FORWARDED_FOR‘].‘<br>‘;
echo ‘HTTP_VIA is ‘.$_SERVER[‘HTTP_VIA‘];*/

?>

测试

IP显示正确,客户端真实IP是218.241.179.50

去掉index.php里面的注释，使用代理观察

 

 

可以看到REMOTE_ADDR方法抓到了代理IP

HTTP_XFORWARDED_FOR还是抓到了客户端的真实IP

接下来编辑curl_proxy.php,示例代码：

<?php

error_reporting(0);

function curl_string ($url,$user_agent,$proxy)
$ch = curl_init();
curl_setopt ($ch, CURLOPT_PROXY, $proxy);
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt ($ch, CURLOPT_COOKIEJAR, "d:\cookies.txt");
curl_setopt ($ch, CURLOPT_HEADER, 1);
curl_setopt ($ch, CURLOPT_HTTPHEADER, array(‘CLIENT-IP:125.210.188.36‘, ‘X-FORWARDED-FOR:125.210.188.36‘));  //此处可以改为任意假IP
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 120);

$result = curl_exec ($ch);
curl_close($ch);
return $result;

$url_page = "http://s4nd.no-ip.org/test/index.php";
$user_agent = "Mozilla/4.0";
$proxy = "http://125.210.188.36:80";    //此处为代理服务器IP和PORT

$string = curl_string($url_page,$user_agent,$proxy);

echo $string;

?>

访问curl_proxy.php

 

122.66.*.*是运行脚本服务器的IP，这样就实现了隐藏客户端真实IP的目的。

有的代理服务器会被HTTP_VIA方法侦测到使用了代理服务器，实际上透明代理和高级匿名代理有很大区别。