这篇文章主要介绍了PHP curl伪造IP地址和header信息代码实例,本文给出服务器端和客户端实现代码,提供伪造功能和服务器端检测代码,需要的朋友可以参考下 curl虽然功能强大,但是只能伪造$_SERVER[HTTP_X_FORWARDED_FOR],对于大多数IP地址检测程序来说,$_SERVER[REMOTE_ADDR]很难被伪造: 首先是client.php的代码 代码如下: $headers['CLIENT-IP'] = '202.103.229.40'; $headers['X-FORWARDED-FOR'] = '202.103.229.40'; $headerArr = array(); foreach( $headers as $n = $v ) { $headerArr[] = $n .':' . $v; } ob_start(); $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, http://localhost/curl/server.php); curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //构造IP curl_setopt ($ch, CURLOPT_REFERER, http://www.163.com/ ); //构造来路 curl_setopt( $ch, CURLOPT_HEADER, 1); curl_exec($ch); curl_close ($ch); $out = ob_get_contents(); ob_clean(); echo $out; 然后是server.php 代码如下: function GetIP(){ if(!emptyempty($_SERVER[HTTP_CLIENT_IP])) $cip = $_SERVER[HTTP_CLIENT_IP]; else if(!emptyempty($_SERVER[HTTP_X_FORWARDED_FOR])) $cip = $_SERVER[HTTP_X_FORWARDED_FOR]; else if(!emptyempty($_SERVER[REMOTE_ADDR])) $cip = $_SERVER[REMOTE_ADDR]; else $cip = 无法获取!; return $cip; } echo 访问IP: .GetIP().; echo 访问来路: .$_SERVER[HTTP_REFERER];