Page 1 of 1

Faking HTTP_REFERER

Posted: Sat Sep 17, 2005 3:15 pm
by anthony88guy
How would you go about disabling or faking a referering (not sure how to spell it) URL? I've searched google but wasn’t very successful, since their is the $_SERVER['HTTP_REFERER'] i thought maybe their is a way to do it in php.

Thanks

Posted: Sat Sep 17, 2005 3:48 pm
by Buddha443556
More details please?

$_SERVER['HTTP_REFERER'] is just the HTTP header from the user's current request. A referer header on a response makes no sense what so ever. Thus you can see my confusion. :?

Normally referers are faked/disabled on the client side either in the browser or by using a proxy. Referer spammers, of course, probably code their own bots to fake referer and wander the net.

Posted: Sat Sep 17, 2005 4:25 pm
by anthony88guy
Okay, this is my problem. If I have a link to a certain web page, it redirects me somewhere else. Its only from my website, so if you were referered from Google it would work. I think that its using $_SERVER['HTTP_REFERER'] to block me. Would their be anyway to get around this?

Posted: Sat Sep 17, 2005 5:55 pm
by shoebappa
I'd doubt a site would block you from linking to them, but lets pretend for a second that they were.

Lets say you're at google and can't find something so you type in http://www.yahoo.com in the address bar while still at google. Your browser doesn't send the Referer in the headers to yahoo to tell them you were just at google. However, lets say for whatever reason there was a link on http://www.google.com to http://www.yahoo.com. If you click that link, the browser sets the Referer to http://www.google.com.

Unfortunately even if you linked to your site and sent a header redirect, it will still send your site as the referer : (

Of course I wouldn't give up there, what about a meta refresh? Bingo, at least I think...

Here's my little test script:

Code: Select all

<?php

if ($_GET["redir"] == "header") {

	header("Location: http://www.google.com");

} else if ($_GET["redir"] == "meta") {

	echo "<html>\r\n<head>\r\n\t<meta http-equiv=\"refresh\" content=\"0;url=http://www.google.com/\">\r\n</head>";

} else {

	echo "<html>";

}

?>


<body>

	<a href="http://www.google.com">Link to Google</a><br />
	<a href="<?php echo $PHP_SELF; ?>?redir=header">Link to header redirect to Google</a><br />
	<a href="<?php echo $PHP_SELF; ?>?redir=meta">Link to meta refresh to Google</a>

</body>
</html>
And the header of each:

Link:

Code: Select all

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://localhost:8900/link.php    <------------ Sends the referer
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.google.com
Connection: Keep-Alive
Cookie: cookie stuff; testcookie=
Header redirect:

Code: Select all

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://localhost:8900/link.php    <------------ Sends the referer
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Cookie: cookie stuff; testcookie=
Connection: Keep-Alive
Host: www.google.com
And finally the Meta refresh:

Code: Select all

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.google.com
Connection: Keep-Alive
Cookie: cookie stuff; testcookie=
No referer. So if you linked to a file that did a meta refresh to the site, it shouldn't send to the other site that they were just at your site. This may be different in other browsers, at least Firefox works the same as IE...

Posted: Sat Sep 17, 2005 6:41 pm
by shoebappa
I also wanted to share how to send your own headers to another site, which can be fun.

I've used this to capture and send cookie information back and forth to another site so I can do assorted things with PHP on sites and content that required authentication. Basically simulating a browser.

I think PHP 5 adds the ability to do this with file_get_contents, but I used fsockopen. It's a mild pain to have to remove the headers but sometimes they're nice to have.

Here's some sample code that would ask for http://www.google.com telling them you're using IE, and yahoo.com linked to them : )

Code: Select all

<?php

	$fp = fsockopen("www.google.com", 80, $errno, $errstr, 30);
	if (!$fp) {
		 echo "$errstr ($errno)<br />\n";
	} else {
		$out = "GET / HTTP/1.1\r\n";
		$out .= "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\n";
		$out .= "Referer: http://www.yahoo.com\r\n";
		$out .= "Accept-Language: en-us\r\n";
		$out .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n";
		$out .= "Host: http://www.google.com\r\n";
		$out .= "Connection: Close\r\n\r\n";

		fwrite($fp, $out);
		while (!feof($fp)) {
			$content .= fgets($fp, 128);
		}
		fclose($fp);
	}

	echo $content;

?>

Posted: Sat Sep 17, 2005 6:47 pm
by anthony88guy
Wow, thanks for taking the time to make that great post.

But how would I integrate that into my website.

For instance lets say I want to go to http://www.google.com. So I have a link on my website: Click here to search Google... So how would you implement the meta refresh on the link?

Posted: Sat Sep 17, 2005 6:57 pm
by shoebappa
You'd have to have a seperate file with (this is could be a regular html file or you could make a generic php file that you pass the url to redirect to and set the meta refresh url by echoing the php variable):

Code: Select all

<html>
<head>
  <meta http-equiv="refresh" content="0;url=http://www.google.com/">
</head>
<body> 
  Redirecting to www.google.com
</body> 
</html>
Then on your site you'd link to the meta refresh file which would point them to google. Note the content="0;url=address" where 0 is the number of seconds the client will wait before redirecting.

Posted: Sun Sep 18, 2005 11:44 am
by anthony88guy
Good thinking. Works great. Now if I had a javascript function on body load to submit a form to this blocked website, would their be anyway to get around this? I dont think its possible since its using post.

any ideas, thanks alot

Posted: Sun Sep 18, 2005 6:37 pm
by shoebappa
I don't think you'd actually be able to take them to the resulting page, but if you just wanted to submit data from your site and then display either your own code or the resulting code, you could use the above fsockopen method and write post headers to thier server.

Sample post headers with two text fields and a submit button (I removed the Referer from there, but normally it is there):

Code: Select all

POST / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.somewhere.com
Content-Length: 48
Connection: Keep-Alive
Cache-Control: no-cache

name=shoebappa&email=shoe@shoe.com&Submit=Submit
What would come back to your script would be the source of the page. If you echo that you'd need to strip out the resulting headers. The images from the other site's source wouldn't display, so you could either strip out just the content and display it in your page, or go through and replace the paths of the src="" inserting the domain and path of thier server... But then you might have a referer problem with the images too.

I notice a Content-Length in the header, you may have to calculate that somehow...

Also the POST / HTTP/1.1 the / after post is the path to whatever file you're posting to. Here it was just the root, but would probably be something like /location/of/form.php and then the Host: part would be the domain or IP of thier server.

Posted: Sun Sep 18, 2005 8:04 pm
by anthony88guy
Here it goes:

Code: Select all

<?php
$host = "http://members.theeliteforces.com";
$fp = fsockopen($host,80,$errno,$errstr,100);
$query = "usrname=testing&password=testing&login=Submit\r\n";

if(!$fp){
   echo "<br/>\n $errstr ($errno) <br/>\n";
}else{

	$out ="POST /index.php HTTP/1.1\r\n";
	$out.="Host: $host \r\n";
	$out.="Content-length:".strlen($query)." \r\n";
	$out.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* \r\n";
	$out.="Accept-Language: en-us \r\n";
	$out.="Content-Type: application/x-www-form-urlencoded \r\n";
	$out.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) \r\n";
	$out.="Connection: Keep-Alive r\n";
	$out.="Cache-Control: no-cache \r\n";
	$out.=$query;

	while(!feof($fp)){
		echo fgets($fp,128);
	}
   		fclose($fp);
}
 
?>
I found some stuff on the web, and incorporated most of your headers. I don’t know what the last while loop does. And I receive the following error:
Warning: fsockopen(): php_network_getaddresses: getaddrinfo failed: No address associated with hostname in /home/theelite/public_html/fsockopen.php on line 3

Warning: fsockopen(): unable to connect to http://members.theeliteforces.com/:80 in /home/theelite/public_html/fsockopen.php on line 3

Unknown error: 0 (0)
I’m trying to log myself in. With the username: testing and password: testing. (The $query at the top is correct)

Again, thanks