功能如下:通过ie地址栏直接输入:http://www.xxx.com/a.php在a.php当中直接用js或者php 重新定向到http://baidu.com我想让百度认为我的来源是:http://google.cn前提是我想在a.php当中重新定向到,http://baidu.com这个页面之后让用户看到http://baidu.com这个页面,当然如果不想让用户看到http://baidu.com这个页面的话.可以用curl模拟浏览器头设置来源就可以,部然后用curl问http://baidu.com就可以了。不知道如果想实现上面所述功能应当在a.php当中做些什么,请各位老师指点,谢谢了
Accept: */*
Referer: http://www.yto.net.cn/
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB5; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: www.yto.net.cn
Content-Length: 60
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDCSTTBATQ=PNIDLGMCOLGIFIOCNFCFCOGF; ASPSESSIONIDCQTTDATR=NEJHHHDDCKEFDCOGLJAMNDFGNumberText=2171011262&yanma=6384&loginvip.x=20&loginvip.y=24这是一个http的请求,只要你请求的时候,构造上面的头,就能达到你的要求。
需要构造的地方主要有这几个 referer,cookie,host这些。当然,最好就是全部构造成ie的样子来伪造。你的问题,要伪造的是Referer。
并实际打开http://baidu.com(可以让用户看到百度的首页),并让百度页面的Referer为:http://google.cn呢?
后退 前进
fsockopen
(PHP 3, PHP 4 , PHP 5)fsockopen -- Open Internet or Unix domain socket connection
Description
resource fsockopen ( string target, int port [, int errno [, string errstr [, float timeout]]])
Initiates a socket connection to the resource specified by target. PHP supports targets in the Internet and Unix domains as described in 附录 N. A list of supported transports can also be retrieved using stream_get_transports(). 注: If you need to set a timeout for reading/writing data over the socket, use stream_set_timeout(), as the timeout parameter to fsockopen() only applies while connecting the socket. As of PHP 4.3.0, if you have compiled in OpenSSL support, you may prefix the hostname with either 'ssl://' or 'tls://' to use an SSL or TLS client connection over TCP/IP to connect to the remote host. fsockopen() returns a file pointer which may be used together with the other file functions (such as fgets(), fgetss(), fwrite(), fclose(), and feof()). If the call fails, it will return FALSE and if the optional errno and errstr arguments are present they will be set to indicate the actual system level error that occurred in the system-level connect() call. If the value returned in errno is 0 and the function returned FALSE, it is an indication that the error occurred before the connect() call. This is most likely due to a problem initializing the socket. Note that the errno and errstr arguments will always be passed by reference. Depending on the environment, the Unix domain or the optional connect timeout may not be available. The socket will by default be opened in blocking mode. You can switch it to non-blocking mode by using stream_set_blocking(). 例子 1. fsockopen() Example<?php
$fp = fsockopen("www.example.com", 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)<br />\n";
} else {
$out = "GET / HTTP/1.1\r\n";
$out .= "Host: www.example.com\r\n";
$out .= "Connection: Close\r\n\r\n"; fwrite($fp, $out);
while (!feof($fp)) {
echo fgets($fp, 128);
}
fclose($fp);
}
?>
The example below shows how to retrieve the day and time from the UDP service "daytime" (port 13) in your own machine. 例子 2. Using UDP connection<?php
$fp = fsockopen("udp://127.0.0.1", 13, $errno, $errstr);
if (!$fp) {
echo "ERROR: $errno - $errstr<br />\n";
} else {
fwrite($fp, "\n");
echo fread($fp, 26);
fclose($fp);
}
?>
警告
UDP sockets will sometimes appear to have opened without an error, even if the remote host is unreachable. The error will only become apparent when you read or write data to/from the socket. The reason for this is because UDP is a "connectionless" protocol, which means that the operating system does not try to establish a link for the socket until it actually needs to send or receive data.
注: 当指定数字的 IPv6 地址(例如 fe80::1)时必须将 IP 地址放在方括号内。例如 tcp://[fe80::1]:80。注: The timeout parameter was introduced in PHP 3.0.9 and UDP support was added in PHP 4. See also pfsockopen(), stream_set_blocking(), stream_set_timeout(), fgets(), fgetss(), fwrite(), fclose(), feof(), and the Curl extension.
后退 起点 前进
dns_get_record 上一级 gethostbyaddr
$fp = fsockopen("www.example.com", 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)<br />\n";
} else {
$out = "GET / HTTP/1.1\r\n";
$out .= "Host: www.example.com\r\n";
$out .= "Connection: Close\r\n\r\n"; fwrite($fp, $out);
while (!feof($fp)) {
echo fgets($fp, 128);
}
fclose($fp);
}
?>
不是让你模拟一个连接。他要在百度看到的ip是客户的而不是你服务器的。
这是根本做不到的。除非你黑了客户的IE。或是让客户使用你写的游览器。
用vc或者delphi写一个activex,让ax来做
写无签名activex就相当于黑客户端了,一般有点安全意识的人都不会装的。
js跨域目前能实现吗?不用插件。
1.正规的办法,不犯法的。联系google公司让他们帮你跳转。
2.写黑客软件控制客户机器(找到微软未被发现的bug加以利用)。
再次请教:Gdj
请问一下如果实现js跨域访问a.php当中框架(test)<iframe name="test" id="test" src="http://126.com"></iframe>
的元素的话,必须在http://126.com当中嵌入我的js代码才能实现吗?有其它办法没有?
我在想别人网站的页面也不充许放入我的js代码啊?如果我有在别人页面加入js代码的权限,也就不需要这样麻烦了。
呵呵,个人想法,还请gdj指教