php curl 伪造

chenjia9695 2014-10-30 08:17:17
http://www.yygh.net/index.php

直接表格提交,一直提示账号不存在。应该后台需要验证。


我想伪造Origin的来源。不知道这么设置origin的来源

$ch = curl_init(); //初始化
$this->url = "http://www.yygh.net/usercenter/userinfo_action.php";
$fields = 'actionpost=login&logintype=0&cardtype=1&userid=34262619702200379&pwd=123qwe&validate=cndm&imagesField.x=32&imageField.y=11';
curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式
curl_setopt($ch, CURLOPT_POSTFIELDS,$fields);

curl_setopt($ch, 这里);

curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
curl_setopt($ch, CURLOPT_URL, $this->url);


curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出

$this->content=curl_exec($ch);
curl_close($ch);
...全文
295 7 打赏 收藏 转发到动态 举报
写回复
用AI写文章
7 条回复
切换为时间正序
请发表友善的回复…
发表回复
chenjia9695 2014-10-31
  • 打赏
  • 举报
 回复
引用 4 楼 xuzuning 的回复:
他有验证码,你是如何处理的?
我需要输入验证码。把它的验证码的路径改为全路径
xuzuning 2014-10-31
  • 打赏
  • 举报
 回复
他有验证码,你是如何处理的?
chenjia9695 2014-10-31
  • 打赏
  • 举报
 回复
$cookie_file = dirname(__FILE__).'/cookie.txt'; //$cookie_file = tempnam("tmp","cookie"); //curl 只识别单引号字符串 $ch = curl_init(); //初始化 $this->url = "http://www.yygh.net/usercenter/userinfo_action.php"; curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file); //存储cookies curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0 curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: ' curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名 curl_setopt($ch, CURLOPT_URL, $this->url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出 $this->content=curl_exec($ch); curl_close($ch); $cookie_file = dirname(__FILE__).'/cookie.txt'; //$cookie_file = tempnam("tmp","cookie"); //curl 只识别单引号字符串 $ch = curl_init(); //初始化 $this->url = "http://www.yygh.net/usercenter/userinfo_action.php"; $fields = 'actionpost=login&logintype=0&cardtype=1&userid=330724197712316212&pwd=123qwe&validate=cndm&imagesField.x=32&imageField.y=11'; curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式 curl_setopt($ch, CURLOPT_POSTFIELDS,$fields); curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file); //使用上面获取的cookies curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0 curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: ' curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名 curl_setopt($ch, CURLOPT_URL, $this->url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出 $this->content=curl_exec($ch); print_r(get_headers('http://www.yygh.net/usercenter/userinfo_action.php')); curl_close($ch); echo $this->content;
chenjia9695 2014-10-31
  • 打赏
  • 举报
 回复
引用 1 楼 xuzuning 的回复:
print_r(get_headers('http://www.yygh.net/usercenter/userinfo_action.php'));
Array ( [0] => HTTP/1.1 200 OK [1] => Date: Fri, 31 Oct 2014 00:41:47 GMT [2] => Server: Apache/2.2.8 (Win32) [3] => Set-Cookie: PHPSESSID=e5dadd27a2c2387e05c077ab1c0141e5; path=/ [4] => Expires: Thu, 19 Nov 1981 08:52:00 GMT [5] => Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 [6] => Pragma: no-cache [7] => Set-Cookie: JamesID=deleted; expires=Thu, 31-Oct-2013 00:41:46 GMT; path=/ [8] => Set-Cookie: JamesUserID=deleted; expires=Thu, 31-Oct-2013 00:41:46 GMT; path=/ [9] => Set-Cookie: JamesLoginTime=deleted; expires=Thu, 31-Oct-2013 00:41:46 GMT; path=/ [10] => Content-Length: 1073 [11] => Connection: close [12] => Content-Type: text/html ) 你既不接收,也不发送他的 cookie,如何能成功?
$cookie_file = dirname(__FILE__).'/cookie.txt';
		//$cookie_file = tempnam("tmp","cookie");
		
		//curl 只识别单引号字符串
		$ch = curl_init(); //初始化		
		$this->url = "http://www.yygh.net/usercenter/userinfo_action.php";

		
		curl_setopt($ch, CURLOPT_COOKIEJAR,  $cookie_file); //存储cookies
		
		
		
		curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
		curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
		curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
		curl_setopt($ch, CURLOPT_URL, $this->url);
		
		
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出
	
		 $this->content=curl_exec($ch);
		 curl_close($ch);
		 
		 
		 
		 
		 
		 $cookie_file = dirname(__FILE__).'/cookie.txt';
		//$cookie_file = tempnam("tmp","cookie");
		
		//curl 只识别单引号字符串
		$ch = curl_init(); //初始化		
		$this->url = "http://www.yygh.net/usercenter/userinfo_action.php";
$fields = 'actionpost=login&logintype=0&cardtype=1&userid=330724197712316212&pwd=123qwe&validate=cndm&imagesField.x=32&imageField.y=11';
		curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式
		curl_setopt($ch, CURLOPT_POSTFIELDS,$fields); 
		
		curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); //使用上面获取的cookies
		
		
		
		curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
		curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
		curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
		curl_setopt($ch, CURLOPT_URL, $this->url);
		
		
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出
	
		 $this->content=curl_exec($ch);
		 
		 print_r(get_headers('http://www.yygh.net/usercenter/userinfo_action.php'));
		 curl_close($ch);
		 echo $this->content;
用了cookie也不行。版主帮我看看是哪里的问题
xuzuning 2014-10-31
  • 打赏
  • 举报
 回复 
print_r(get_headers('http://www.yygh.net/usercenter/userinfo_action.php'));
Array ( [0] => HTTP/1.1 200 OK [1] => Date: Fri, 31 Oct 2014 00:41:47 GMT [2] => Server: Apache/2.2.8 (Win32) [3] => Set-Cookie: PHPSESSID=e5dadd27a2c2387e05c077ab1c0141e5; path=/ [4] => Expires: Thu, 19 Nov 1981 08:52:00 GMT [5] => Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 [6] => Pragma: no-cache [7] => Set-Cookie: JamesID=deleted; expires=Thu, 31-Oct-2013 00:41:46 GMT; path=/ [8] => Set-Cookie: JamesUserID=deleted; expires=Thu, 31-Oct-2013 00:41:46 GMT; path=/ [9] => Set-Cookie: JamesLoginTime=deleted; expires=Thu, 31-Oct-2013 00:41:46 GMT; path=/ [10] => Content-Length: 1073 [11] => Connection: close [12] => Content-Type: text/html ) 你既不接收,也不发送他的 cookie,如何能成功?
chenjia9695 2014-10-31
  • 打赏
  • 举报
 回复
引用 6 楼 xuzuning 的回复:
<?php
$cookie_file = dirname(__FILE__).'/cookie.txt';

if(isset($_GET['verification'])) {
  $url = 'http://www.yygh.net/include/validateimg.php?' . rand();
  $ch = curl_init(); //初始化       
  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); 
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_exec($ch);
  curl_close($ch);
  exit;
}
if(! $_POST) {
  $url = "http://www.yygh.net/usercenter/userinfo_action.php";
  $ch = curl_init(); //初始化       
  curl_setopt($ch, CURLOPT_COOKIEJAR,  $cookie_file); //存储cookies
  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出
  $content = curl_exec($ch);
  curl_close($ch);
echo <<< HTML
<form method=post>
<img src='?verification=1'>
<input type=text name=code>
<input type=submit value=ok>
</form>
HTML;
  exit;
}else {
  $ch = curl_init(); //初始化       
  $url = "http://www.yygh.net/usercenter/userinfo_action.php";
  $fields = array(
    'actionpost' => 'login',
    'logintype' => 0,
    'cardtype' => 1,
    'userid' => '330724197712316212',
    'pwd' => '123qwe',
    'validate' => $_POST['code'],
    //cndm&imagesField.x=32&imageField.y=11';
  );
  curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式
  curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); 
  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); //使用上面获取的cookies
  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出
  $content = curl_exec($ch);
  curl_close($ch);
  echo $content;  
}
请核实用户信息的正确性
最后一句话提醒我了原来是cardtype 写错了 card_type.. 这什么嘛、搞了一天。。。 最后谢谢版主
xuzuning 2014-10-31
  • 打赏
  • 举报
 回复 
<?php
$cookie_file = dirname(__FILE__).'/cookie.txt';

if(isset($_GET['verification'])) {
  $url = 'http://www.yygh.net/include/validateimg.php?' . rand();
  $ch = curl_init(); //初始化       
  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); 
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_exec($ch);
  curl_close($ch);
  exit;
}
if(! $_POST) {
  $url = "http://www.yygh.net/usercenter/userinfo_action.php";
  $ch = curl_init(); //初始化       
  curl_setopt($ch, CURLOPT_COOKIEJAR,  $cookie_file); //存储cookies
  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出
  $content = curl_exec($ch);
  curl_close($ch);
echo <<< HTML
<form method=post>
<img src='?verification=1'>
<input type=text name=code>
<input type=submit value=ok>
</form>
HTML;
  exit;
}else {
  $ch = curl_init(); //初始化       
  $url = "http://www.yygh.net/usercenter/userinfo_action.php";
  $fields = array(
    'actionpost' => 'login',
    'logintype' => 0,
    'cardtype' => 1,
    'userid' => '330724197712316212',
    'pwd' => '123qwe',
    'validate' => $_POST['code'],
    //cndm&imagesField.x=32&imageField.y=11';
  );
  curl_setopt($ch, CURLOPT_POST, 1);//设置为POST方式
  curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); 
  curl_setopt($ch, CURLOPT_COOKIEFILE,  $cookie_file); //使用上面获取的cookies
  curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); //强制协议为1.0
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: ')); //头部要送出'Expect: '
  curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); //强制使用IPV4协议解析域名
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //返回字符串,而非直接输出
  $content = curl_exec($ch);
  curl_close($ch);
  echo $content;  
}
请核实用户信息的正确性
PHP curl伪造IP地址和header信息代码实例
curl虽然功能强大,但是只能伪造$_SERVER[“HTTP_X_FORWARDED_FOR”],对于大多数IP地址检测程序来说,$_SERVER[“REMOTE_ADDR”]很难被伪造: 首先是client.php的代码 复制代码 代码如下: $headers[‘CLIENT-IP’] = ‘202.103.229.40’;  $headers[‘X-FORWARDED-FOR’] = ‘202.103.229.40’;   $headerArr = array();  foreach( $headers as $n => $v ) {      $headerArr[] = $n
php curl 伪造IP来源的实例代码
curl发出请求的文件fake_ip.php: 代码 复制代码 代码如下: <?php $ch = curl_init(); $url = “http://localhost/target_ip.php”; $header = array( ‘CLIENT-IP:58.68.44.61’, ‘X-FORWARDED-FOR:58.68.44.61’, ); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, $header); curl_setopt($ch, CURLOPT_RETURNTRANS
php使用curl伪造来源ip和refer的方法示例
本文实例讲述了php使用curl伪造来源ip和refer的方法。分享给大家供大家参考,具体如下: php curl伪造来源ip和来路refer实例代码1: //随机IP function Rand_IP(){ $ip2id= round(rand(600000, 2550000) / 10000); //第一种方法,直接生成 $ip3id= round(rand(600000, 2550000) / 10000); $ip4id= round(rand(600000, 2550000) / 10000); //下面是第二种方法,在以下数据中随机抽取 $arr_1 = array(
php采用curl实现伪造IP来源的方法
本文实例讲述了php采用curl实现伪造IP来源的方法。可以实现伪造IP来源, 伪造域名, 伪造用户信息,分享给大家供大家参考。具体实现方法如下: 定义伪造用户浏览器信息HTTP_USER_AGENT 复制代码 代码如下:$binfo =array(‘Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2; AskTbPTV/5.17.0.25589; Alexa Toolbar)’,’Mozilla/5.0 (Windows NT 5.1; rv:22.0)
php使用curl伪造浏览器访问操作示例
本文实例讲述了php使用curl伪造浏览器访问操作。分享给大家供大家参考,具体如下: 原理 服务器主要通过User-Agent识别客户端是何种设备 User-Agent是Http协议中的一部分,属于头域的组成部分。基本格式为: 浏览器标识 (操作系统标识; 加密等级标识; 浏览器语言) 渲染引擎标识 版本信息。 具体方法如下 /** * curl获取数据 * @param $url * @return mixed */ function get_url($url) { $ifpost = 0; $datafields = ''; $cookiefile = ''; $
基础编程

21,886

社区成员

140,364

社区内容

发帖
与我相关
我的任务
社区描述
从PHP安装配置,PHP入门,PHP基础到PHP应用
社区管理员
  • 基础编程社区
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章