Page 1 of 1

Faking headers (http_referer & REMOTE_ADDR)

Posted: Tue Dec 26, 2006 4:00 am
by spamyboy
Arghh.. I'm realy pi**ed off on this. I never had such expirience playing with headers so... here is what I got.

Code: Select all

<?php header("Referer : http://www.googler.com/"); ?>
<html>
<head>
<title>test</title>
</head>
<body>
<?php
echo getenv("http_referer"); 
?>
</body>
</html>
Isnt

Code: Select all

<?php header("Referer : http://www.googler.com/"); ?>
same like set variable ?

Anyway, here is what I'm trying to do. Send fake headers to "banners exchange" company (468x60.lt).
So if I'm thinking right... then if I set headers in top of my page like

Code: Select all

<?php header("Referer : http://www.googler.com/"); ?>
then when some one clicks on banner, they should get referer

Code: Select all

http://www.googler.com/
but they don't... what's wrong, anyone ?

Posted: Tue Dec 26, 2006 4:40 am
by volka
The client/browser sets the referer header to its liking when sending a request to a http server and there's nothing you can do about it server-side.

Posted: Tue Dec 26, 2006 4:50 am
by spamyboy
So you mean, it's imposible to fake header (referrer) with php ?

Posted: Tue Dec 26, 2006 4:58 am
by volka
It's impossible to make the browser fake the referer header with php, yes.

Posted: Thu Dec 28, 2006 5:13 am
by spamyboy
Ok then I got some other ideas...

Code: Select all

<?php
$string = file_get_contents ("http://www.468x60.lt/serve.php?5766,1,1");
$string = strstr($string, 'click.php?');
$piece    = 10;
$piece2    = strstr($string,substr($string,$piece,$piece));
$skaiciai    = substr($piece2,0,"16");
echo '<div><iframe src="http://www.468x60.lt/click.php?'.$skaiciai.'"></iframe></div>';
?>
but now 468x60.lt system get's servers IP addres, how could I make that it would get current broswering this script user IP ?

Posted: Thu Dec 28, 2006 5:40 am
by volka
You can't. php runs server-side. All its actions are performed server-side, thus if php sends a http-request it does it from the server with the server's ip.

Posted: Thu Dec 28, 2006 5:42 am
by spamyboy
Argh... then how about HTTP_X_FORWARDED_FOR ?

Posted: Thu Dec 28, 2006 5:52 am
by volka
May work only if the counter script accepts HTTP_X_FORWARDED_FOR.

Posted: Thu Dec 28, 2006 5:55 am
by spamyboy
Could I get any example of using it ?

Posted: Thu Dec 28, 2006 7:27 am
by phpdevuk
I believe its possible to set the user agent and referer using something like the snoopy class, but obviously the server ip address would not be correct for what ever referer you are pretending to be.

Posted: Thu Dec 28, 2006 7:56 am
by spamyboy
anyone pleas, help to "trick" this systeam :|

Posted: Thu Dec 28, 2006 7:58 am
by jayshields
You could accomplish this. You will need some client-side scripting too, to get the client's IP address and send it to the server. Look into AJAX.

Posted: Thu Dec 28, 2006 8:03 am
by feyd
spamyboy wrote:anyone pleas, help to "trick" this systeam
Your patience is amazingly low. Be warned we do not tolerate bumping well.

You've been given multiple things to look into by users. Check them out.

cURL is another to check out while looking at Snoopy.