ASP,PHP与.NET伪造HTTP-REFERER方法及防止伪造REFERER的方法
[ 2012-01-10 09:01:26 | 作者: admin ]
HTTP-REFERER这个变量已经越来越不可靠了,完全就是可以伪造出来的东东。
以下是伪造方法:
ASP/Visual Basic代码
dim http
set http=server.createobject("MSXML2.XMLHTTP") '//MSXML2.serverXMLHTTP也可以
Http.open "GET",url,false
Http.setRequestHeader "Referer","http://www.52news.com/"
Http.send()
PHP(前提是装了curl):
PHP代码
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://www.52news.com/xxx.asp");
curl_setopt ($ch, CURLOPT_REFERER, "http://www.52news.com/");
...
阅读全文…
以下是伪造方法:
ASP/Visual Basic代码
dim http
set http=server.createobject("MSXML2.XMLHTTP") '//MSXML2.serverXMLHTTP也可以
Http.open "GET",url,false
Http.setRequestHeader "Referer","http://www.52news.com/"
Http.send()
PHP(前提是装了curl):
PHP代码
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://www.52news.com/xxx.asp");
curl_setopt ($ch, CURLOPT_REFERER, "http://www.52news.com/");
...
阅读全文…
防MSXML2.XMLHTTP采集方法
[ 2012-01-10 08:52:03 | 作者: admin ]
数据采集中的攻防策略-防止数据被采集的一种新方法
用Request.ServerVariables ("all_http")或Request.ServerVariables ("ALL_RAW")方法获取到的http请求报头
HTTP_ACCEPT:*/*
HTTP_ACCEPT_LANGUAGE:zh-cn
HTTP_CONNECTION:Keep-Alive
HTTP_HOST:192.168.1.54:81
HTTP_USER_AGENT:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP_COOKIE:ASPSESSIONIDASBBCRRQ=NDMJNFOCOEMAMJHEKDDEHKAP
HTTP_ACCEPT_ENCODING:gzip, deflate
被MSXML2.XMLHTTP采集时的http报头
...
阅读全文…
用Request.ServerVariables ("all_http")或Request.ServerVariables ("ALL_RAW")方法获取到的http请求报头
HTTP_ACCEPT:*/*
HTTP_ACCEPT_LANGUAGE:zh-cn
HTTP_CONNECTION:Keep-Alive
HTTP_HOST:192.168.1.54:81
HTTP_USER_AGENT:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP_COOKIE:ASPSESSIONIDASBBCRRQ=NDMJNFOCOEMAMJHEKDDEHKAP
HTTP_ACCEPT_ENCODING:gzip, deflate
被MSXML2.XMLHTTP采集时的http报头
...
阅读全文…
1
