一、尝试过的URL跳转方法,代码如下:
-
echo '<meta http-equiv="refresh" content="0; URL='.$url.'">';
-
-
echo '<scrīpt language="Javascrīpt">window.location.href="'.$url.'";</scrīpt>';
-
-
echo '<script language="Javascrīpt">window.location.replace="'.$url.'";</ script>';
以上三种方法均无法传递REFERER地址.
二、使用PHP Socket函数伪造REFER
下面是PHP伪造REFERER代码部分,经过测试可以实现REFERER地址传递,其中$url是输入地址,代码如下:
-
$uinfo = parse_url($url);
-
-
if($uinfo['path'])
-
-
$data = $uinfo['path'];
-
-
else
-
-
$data = '/';
-
-
if(!$fsp = @fsockopen($uinfo['host'], (($uinfo['port']) ? $uinfo['port'] : "80"), $errno, $errstr, 12)){
-
-
echo "对不起对方网站暂时无法打开,请您稍后访问:".$uinfo['host']; exit;
-
-
}else{
-
-
fputs($fsp, "GET “.$data .” HTTP/1.0rn");
-
-
fputs($fsp, "Host: ".$uinfo['host']."rn");
-
-
fputs($fsp, "Referer: vcphp.comrn");
-
-
fputs($fsp, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)rnrn");
-
-
$res='';
-
-
while(!feof($fsp)) {
-
-
$res.=fgets($fsp, 128);
-
-
if(strstr($res,"200 OK")) {
-
-
header("Location:$url"); exit;
-
-
}
-
-
}
-
-
}
-
-
-
-
-
-
$arr=explode("n",$res);
-
-
$arr=explode(": ",$arr[3]);
-
-
header("location:".$arr[0]);
-
-
exit;
利用另一种方法 curl)伪造HTTP_REFERER,代码如下:
-
-
$ch = curl_init();
-
curl_setopt ($ch, CURLOPT_URL, "http://www.vcphp.com/");
-
curl_setopt ($ch, CURLOPT_REFERER, "http://www.vcphp.com/");
-
curl_exec ($ch);
-
curl_close ($ch);
-
-
-
$server = 'blog.qita.in';
-
$host = 'blog.qita.in';
-
$target = '/xxx.asp';
-
$referer = 'http://www.baidu.com/'; // Referer
-
$port = 80;
-
$fp = fsockopen($server, $port, $errno, $errstr, 30);
-
if (!$fp)
-
{
-
echo "$errstr ($errno)<br />n";
-
}
-
else
-
{
-
$out = "GET $target HTTP/1.1rn";
-
$out .= "Host: $hostrn";
-
$out .= "Cookie: ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEGrn";
-
$out .= "Referer: $refererrn";
-
$out .= "Connection: Closernrn";
-
fwrite($fp, $out);
-
while (!feof($fp))
-
{
-
echo fgets($fp, 128);
-
}
-
fclose($fp);
-
}
-
(责任编辑:最模板) |