PHP CURL library using IP to deceive, to hide the true client IP

First built environment, establish a ip.php.

code show as below:

<?

error_reporting(0);

function GetIP(){
if($_SERVER['HTTP_CLIENT_IP']){
   $onlineip=$_SERVER['HTTP_CLIENT_IP'];
   }elseif($_SERVER['HTTP_X_FORWARDED_FOR']){
   $onlineip=$_SERVER['HTTP_X_FORWARDED_FOR'];
   }else{
   $onlineip=$_SERVER['REMOTE_ADDR'];
   }
return $onlineip;
}

?>

Then create a index.php

code show as below:

<?php

error_reporting(0);

require 'ip.php';
   
echo '<hr>'.'Your IP is '.GetIP().'<br>'.'<hr>';

/*echo 'REMOTE_ADDR is '.$_SERVER['REMOTE_ADDR'].'<br>';
echo 'HTTP_CLIENT_IP is  '.$_SERVER['HTTP_CLIENT_IP'].'<br>';
echo 'HTTP_X_FORWARDED_FOR is '.$_SERVER['HTTP_X_FORWARDED_FOR'].'<br>';
echo 'HTTP_VIA is '.$_SERVER['HTTP_VIA'];*/

?>

test

IP display correctly, the client real IP is 218.241.179.50

Notes remove index.php inside, the agent was observed using

 

 

We can see REMOTE_ADDR method caught the proxy IP

HTTP_XFORWARDED_FOR still caught the real client IP

Next edit curl_proxy.php, sample code:

<?php

error_reporting(0);

function curl_string ($url,$user_agent,$proxy){
$ch = curl_init();
curl_setopt ($ch, CURLOPT_PROXY, $proxy);
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt ($ch, CURLOPT_COOKIEJAR, "d:\cookies.txt");
curl_setopt ($ch, CURLOPT_HEADER, 1);
curl_setopt ($ch, CURLOPT_HTTPHEADER, array('CLIENT-IP:125.210.188.36', 'X-FORWARDED-FOR:125.210.188.36'));  //此处可以改为任意假IP
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 120);

$result = curl_exec ($ch);
curl_close($ch);
return $result;
}
url_page = $ "http://s4nd.no-ip.org/test/index.php";
$ = user_agent "the Mozilla / 4.0";
$ = Proxy "http://125.210.188.36:80"; // this at the proxy server IP and PORT

$ String = curl_string ($ url_page, $ user_agent, $ proxy);

echo $ String;

?>

Access curl_proxy.php

 

122.66. *. * IP is the server running the script, so to achieve the client to hide the real IP purposes.

Some proxy servers can be detected HTTP_VIA method to use a proxy server, in fact transparent proxy and advanced anonymous proxy is very different.