伪造Http请求IP地址

https://blog.csdn.net/rodjohnson_523391/article/details/84896392

 

注意：[color=red][b]伪造Http请求IP地址一般为非推荐使用手段[/b][/color]

一般使用：[color=red][b]简单投票网站重复投票，黑别人网站[/b][/color]

在项目开发中（web项目），我负责的系统（简称PC），需要调其它系统接口，并且该系统需要获取客户端（浏览器访问端）的IP地址，给我愁死了，

正常流程：浏览器---访问PC系统----PC系统需要调第三方系统，此时默认情况下，PC发起的request请求IP地址是PC所在服务器的IP地址，而不是请求浏览器端的IP地址

所以，就想着是否能把request里的IP地址给修改了，因为在PC系统里是能获取到请求IP地址的，结果是修改不了

最后了解到：可以在http请求头里，追加一个头信息（名称：x-forwarded-for），它会位于原始IP地址之前，所以当第三方系统获取地址时，就获取到了真实的浏览器访问地址IP了

本代码以java为列：

X-Forwarded-For:简称XFF头，它代表客户端，也就是HTTP的请求端真实的IP，只有在通过了HTTP 代理或者负载均衡服务器时才会添加该项。

httpPost.addHeader("x-forwarded-for",ip);

详细代码如下：

package com.sh.portal.framework.client.http;

import java.io.IOException;

import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicHeader;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import org.springframework.stereotype.Component;

import com.sh.portal.framework.client.RemoteServerArgs;
import com.sh.portal.framework.client.RemoteServerClient;
import com.sh.portal.framework.client.RemoteServerResponse;
import com.sh.portal.util.CommonUtils;

@Component
public class RemoteServerClientImpl implements RemoteServerClient {

    private static final String DEFAULT_ENCODE = "UTF-8";

    private static final String APPLICATION_JSON = "application/json";

    @Override
    public RemoteServerResponse post(RemoteServerArgs args) throws IOException {
        String ip = CommonUtils.getRequestIpAddress();
        // 创建HttpClientBuilder  
        HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();

        // HttpClient
        CloseableHttpClient closeableHttpClient = httpClientBuilder.build();
        // 请求参数
        StringEntity entity = new StringEntity(args.getRequestJson(), DEFAULT_ENCODE);
        entity.setContentEncoding(new BasicHeader(HTTP.CONTENT_TYPE, APPLICATION_JSON));
        HttpPost httpPost = new HttpPost(args.getUrl());  
        httpPost.addHeader(HTTP.CONTENT_TYPE, APPLICATION_JSON);
        //此处区别PC终端类型
        httpPost.addHeader("typeFlg", "9");
        //此处增加浏览器端访问IP
        if(!ip.equals("")){
            httpPost.addHeader("x-forwarded-for",ip);
        }
        httpPost.setEntity(entity);
        httpPost.setConfig(RequestConfig.DEFAULT);

        HttpResponse httpResponse;  
        // post请求  
        httpResponse = closeableHttpClient.execute(httpPost);
        HttpEntity httpEntity = httpResponse.getEntity();
        RemoteServerResponse response;
        if (httpEntity != null) {
            response = new RemoteServerResponse(httpResponse.getStatusLine().getStatusCode(), 
                EntityUtils.toString(httpEntity, DEFAULT_ENCODE));
        } else {
            response = new RemoteServerResponse(httpResponse.getStatusLine().getStatusCode(), 
                    StringUtils.EMPTY);
        }
        //释放资源  
        closeableHttpClient.close();  
        return response;
    }

}