Faking headers (http_referer & REMOTE_ADDR)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
spamyboy
Forum Contributor
Posts: 266
Joined: Sun Nov 06, 2005 11:29 am
Location: Lithuania, vilnius

Faking headers (http_referer & REMOTE_ADDR)

Post by spamyboy »

Arghh.. I'm realy pi**ed off on this. I never had such expirience playing with headers so... here is what I got.

Code: Select all

<?php header("Referer : http://www.googler.com/"); ?>
<html>
<head>
<title>test</title>
</head>
<body>
<?php
echo getenv("http_referer"); 
?>
</body>
</html>
Isnt

Code: Select all

<?php header("Referer : http://www.googler.com/"); ?>
same like set variable ?

Anyway, here is what I'm trying to do. Send fake headers to "banners exchange" company (468x60.lt).
So if I'm thinking right... then if I set headers in top of my page like

Code: Select all

<?php header("Referer : http://www.googler.com/"); ?>
then when some one clicks on banner, they should get referer

Code: Select all

http://www.googler.com/
but they don't... what's wrong, anyone ?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

The client/browser sets the referer header to its liking when sending a request to a http server and there's nothing you can do about it server-side.
User avatar
spamyboy
Forum Contributor
Posts: 266
Joined: Sun Nov 06, 2005 11:29 am
Location: Lithuania, vilnius

Post by spamyboy »

So you mean, it's imposible to fake header (referrer) with php ?
Last edited by spamyboy on Tue Dec 26, 2006 5:04 am, edited 1 time in total.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

It's impossible to make the browser fake the referer header with php, yes.
User avatar
spamyboy
Forum Contributor
Posts: 266
Joined: Sun Nov 06, 2005 11:29 am
Location: Lithuania, vilnius

Post by spamyboy »

Ok then I got some other ideas...

Code: Select all

<?php
$string = file_get_contents ("http://www.468x60.lt/serve.php?5766,1,1");
$string = strstr($string, 'click.php?');
$piece    = 10;
$piece2    = strstr($string,substr($string,$piece,$piece));
$skaiciai    = substr($piece2,0,"16");
echo '<div><iframe src="http://www.468x60.lt/click.php?'.$skaiciai.'"></iframe></div>';
?>
but now 468x60.lt system get's servers IP addres, how could I make that it would get current broswering this script user IP ?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

You can't. php runs server-side. All its actions are performed server-side, thus if php sends a http-request it does it from the server with the server's ip.
User avatar
spamyboy
Forum Contributor
Posts: 266
Joined: Sun Nov 06, 2005 11:29 am
Location: Lithuania, vilnius

Post by spamyboy »

Argh... then how about HTTP_X_FORWARDED_FOR ?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

May work only if the counter script accepts HTTP_X_FORWARDED_FOR.
User avatar
spamyboy
Forum Contributor
Posts: 266
Joined: Sun Nov 06, 2005 11:29 am
Location: Lithuania, vilnius

Post by spamyboy »

Could I get any example of using it ?
User avatar
phpdevuk
Forum Contributor
Posts: 220
Joined: Mon Jul 04, 2005 5:31 am
Location: UK
Contact:

Post by phpdevuk »

I believe its possible to set the user agent and referer using something like the snoopy class, but obviously the server ip address would not be correct for what ever referer you are pretending to be.
User avatar
spamyboy
Forum Contributor
Posts: 266
Joined: Sun Nov 06, 2005 11:29 am
Location: Lithuania, vilnius

Post by spamyboy »

anyone pleas, help to "trick" this systeam :|
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

You could accomplish this. You will need some client-side scripting too, to get the client's IP address and send it to the server. Look into AJAX.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

spamyboy wrote:anyone pleas, help to "trick" this systeam
Your patience is amazingly low. Be warned we do not tolerate bumping well.

You've been given multiple things to look into by users. Check them out.

cURL is another to check out while looking at Snoopy.
Post Reply