Disclaimer: This article is a blogger original article, shall not be reproduced without the bloggers allowed. https://blog.csdn.net/Lonelyhat/article/details/89854015
Advance summary:
New knowledge: how to modify or fake ip?
Code audit is important
Use of burp suit
topic:
analysis:
After opening the title page you will find this question is a code audit questions
Analysis Code
<?php
function GetIP(){
if(!empty($_SERVER["HTTP_CLIENT_IP"]))
$cip = $_SERVER["HTTP_CLIENT_IP"];
else if(!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if(!empty($_SERVER["REMOTE_ADDR"]))
$cip = $_SERVER["REMOTE_ADDR"];
else
$cip = "0.0.0.0";
return $cip;
}
$GetIPs = GetIP();
if ($GetIPs=="1.1.1.1"){
echo "Great! Key is *********";
}
else{
echo "错误!你的IP不在访问列表之内!";
}
?>
Directly see the last code block
We only need to modify the IP address in the header can be
Modify the IP address is 1.1.1.1, and you can display key
Start:
First Baidu, how to modify the ip address in the header
The general use of X-Forwarded-for it
As to forge ip must first capture
Use Burp suit, to capture packets transmitted Repeater
We collected many fake ip statement
Client-IP: 1.1.1.1
x-forwarded-for: 127.0.0.1
x-remote-IP: 127.0.0.1
x-remote-IP: 127.0.0.1
x-client-IP: 127.0.0.1
x-forwarded-for:1.1.1.1
x-client-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
Any one can add
The first first add
GO second look
The third found a
answer:
Great! Key is SimCTF{daima_shengji}