一、尝试过的URL跳转方法,代码如下:

1. echo '<meta http-equiv="refresh" content="0; URL='.$url.'">';
2. echo '<scrīpt language="Javascrīpt">window.location.href="'.$url.'";</scrīpt>';
3. echo '<script language="Javascrīpt">window.location.replace="'.$url.'";</ script>';

以上三种方法均无法传递REFERER地址.

二、使用PHP Socket函数伪造REFER

下面是PHP伪造REFERER代码部分,经过测试可以实现REFERER地址传递,其中$url是输入地址,代码如下:

1. $uinfo = parse_url($url);//解析URL地址，比如http://phpfensi.com/archives/1.html
2. if($uinfo['path']) //
3. $data = $uinfo['path'];//这里得到/archives/1.html
4. else
5. $data = '/';//默认根
6. if(!$fsp = @fsockopen($uinfo['host'], (($uinfo['port']) ? $uinfo['port'] : "80"), $errno, $errstr, 12)){
7. echo "对不起对方网站暂时无法打开，请您稍后访问：".$uinfo['host']; exit;
8. }else{
9. fputs($fsp, "GET “.$data .” HTTP/1.0rn");//如果是跨站POST提交，可使用POST方法
10. fputs($fsp, "Host: ".$uinfo['host']."rn");
11. fputs($fsp, "Referer: phpfensi.comrn");//伪造REFERER地址
12. fputs($fsp, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)rnrn");
13. $res='';
14. while(!feof($fsp)) {
15. $res.=fgets($fsp, 128);
16. if(strstr($res,"200 OK")) {
17. header("Location:$url"); exit;
18. }
19. }
20. }
21. //如果是301或302状态码可以继续处理
22. //开源代码phpfensi.com
23. //返回地址大概形式：HTTP/1.1 301 Moved PermanentlynContent-Length: 164nContent-Type: text/htmlnLocation: http://phpfensi.com/
24. $arr=explode("n",$res);
25. $arr=explode(": ",$arr[3]);//Location后面是真实重定向地址
26. header("location:".$arr[0]);//跳转目标地址
27. exit;

利用另一种方法 curl)伪造HTTP_REFERER,代码如下:

1. //PHP(前提是装了curl):
2. $ch = curl_init();
3. curl_setopt ($ch, CURLOPT_URL, "http://www.phpfensi.com/");
4. curl_setopt ($ch, CURLOPT_REFERER, "http://www.phpfensi.com/");
5. curl_exec ($ch);
6. curl_close ($ch);
7. //PHP(不装curl用sock)
8. $server = 'blog.qita.in';
9. $host = 'blog.qita.in';
10. $target = '/xxx.asp';
11. $referer = 'http://www.baidu.com/'; // Referer
12. $port = 80;
13. $fp = fsockopen($server, $port, $errno, $errstr, 30);
14. if (!$fp)
15. {
16. echo "$errstr ($errno)<br />n";
17. }
18. else
19. {
20. $out = "GET $target HTTP/1.1rn";
21. $out .= "Host: $hostrn";
22. $out .= "Cookie: ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEGrn";
23. $out .= "Referer: $refererrn";
24. $out .= "Connection: Closernrn";
25. fwrite($fp, $out);
26. while (!feof($fp))
27. {
28. echo fgets($fp, 128);
29. }
30. fclose($fp);
31. }