web渗透:php ip地址,伪造ip
作者:互联网
常见获取ip方式(转载于):https://cloud.tencent.com/developer/article/1724254
本文选取方式二
<?php //方法1: $ip = $_SERVER["REMOTE_ADDR"]; echo $ip; //方法2: $ip = ($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"]; $ip = ($ip) ? $ip : $_SERVER["REMOTE_ADDR"]; echo $ip; //方法3: function getRealIp() { $ip=false; if(!empty($_SERVER["HTTP_CLIENT_IP"])){ $ip = $_SERVER["HTTP_CLIENT_IP"]; } if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ips = explode (", ", $_SERVER['HTTP_X_FORWARDED_FOR']); if ($ip) { array_unshift($ips, $ip); $ip = FALSE; } for ($i = 0; $i < count($ips); $i++) { if (!eregi ("^(10│172.16│192.168).", $ips[$i])) { $ip = $ips[$i]; break; } } } return ($ip ? $ip : $_SERVER['REMOTE_ADDR']); } echo getRealIp(); //方法4: if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) { $ip = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]; } elseif ($HTTP_SERVER_VARS["HTTP_CLIENT_IP"]) { $ip = $HTTP_SERVER_VARS["HTTP_CLIENT_IP"]; } elseif ($HTTP_SERVER_VARS["REMOTE_ADDR"]) { $ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; } elseif (getenv("HTTP_X_FORWARDED_FOR")) { $ip = getenv("HTTP_X_FORWARDED_FOR"); } elseif (getenv("HTTP_CLIENT_IP")) { $ip = getenv("HTTP_CLIENT_IP"); } elseif (getenv("REMOTE_ADDR")) { $ip = getenv("REMOTE_ADDR"); } else { $ip = "Unknown"; } echo $ip ; //方法5: if(getenv('HTTP_CLIENT_IP')) { $onlineip = getenv('HTTP_CLIENT_IP'); } elseif(getenv('HTTP_X_FORWARDED_FOR')) { $onlineip = getenv('HTTP_X_FORWARDED_FOR'); } elseif(getenv('REMOTE_ADDR')) { $onlineip = getenv('REMOTE_ADDR'); } else { $onlineip = $HTTP_SERVER_VARS['REMOTE_ADDR']; } echo $onlineip;
HTTP_X_FORWARDED_FOR获取到的IP地址(转载于):http://t.csdn.cn/7GlRz
使用burpsuit进行ip地址爆破
根据情况设置参数并开始爆破
返回如下数据即为成功
标签:web,php,爆破,ip,获取,地址,HTTP,转载 来源: https://www.cnblogs.com/Qingsui-0709/p/16394611.html