Government Security
Network Security Resources

Jump to content

Photo

How To Fake Referer-variable?


  • Please log in to reply
12 replies to this topic

#1 Jonas

Jonas

    Private

  • Members
  • 6 posts

Posted 12 October 2006 - 09:25 AM

Hi,

This is my first post, so be gentle :) I have searched google and this forum for a script but I don't really know excately what to search for as I can't find any.

Are there any script out there that can fake the referer-field when you link to external websites?

Thanks for your time!

Jonas

#2 Jeffrey

Jeffrey

    Specialist

  • Sergeant Major
  • 1,109 posts

Posted 12 October 2006 - 09:59 AM

Ok, there are two ways that I know of. One is a server-side script feature and the other is just a basic feature of web browsers. Most server-side languages provide a way of injecting tags into the response header. This example is written in ASP.

<%Response.AddHeader("Referer", "http://mysitenotyours.com")%>
And the next version is much more simple. All it is is a meta tag that you include in an html document and it will change the referering url of any page accessed from that page.

<meta http-equiv="Referer" content="http://mysitenotyours.com">

If any of this is wrong, please let me know. I have never actually used these codes. Just general knowledge.


ANUBIS

#3 Jonas

Jonas

    Private

  • Members
  • 6 posts

Posted 12 October 2006 - 10:16 AM

Hi Jeffrey,

Thanks for your time!
The meta-way didn't work. I checked it out.

I don't know asp.

I have heard of several scripts already out there, I just can't find them. :)
Guess I have to look harder!




Ok, there are two ways that I know of. One is a server-side script feature and the other is just a basic feature of web browsers. Most server-side languages provide a way of injecting tags into the response header. This example is written in ASP.

<%Response.AddHeader("Referer", "http://mysitenotyours.com")%>
And the next version is much more simple. All it is is a meta tag that you include in an html document and it will change the referering url of any page accessed from that page.

<meta http-equiv="Referer" content="http://mysitenotyours.com">

If any of this is wrong, please let me know. I have never actually used these codes. Just general knowledge.


ANUBIS



#4 Jeffrey

Jeffrey

    Specialist

  • Sergeant Major
  • 1,109 posts

Posted 12 October 2006 - 10:29 AM

Hey Jonas,

I misspelled Referer. Try spelling it Referrer. I still don't know if this will work, but its worth a try. I was looking it up on google trying to see what it was even used for if it didnt work for you and realized I had spelled it wrong. I hope it works for you, I am at work right now and dont have access to an http server. So good luck!

Something else, everywhere I read about the http-equiv meta tage I see the meta refresh mentioned as well. So maybe this is the key, try doing a meta refresh along with it if it doesnt work.

ANUBIS

#5 Jonas

Jonas

    Private

  • Members
  • 6 posts

Posted 12 October 2006 - 10:36 AM

As far as I know it's mispelled 'referer' on purpose (for some reason)
I did try your suggestion but no luck!
Thanks anyway.


Hey Jonas,

I misspelled Referer. Try spelling it Referrer. I still don't know if this will work, but its worth a try. I was looking it up on google trying to see what it was even used for if it didnt work for you and realized I had spelled it wrong. I hope it works for you, I am at work right now and dont have access to an http server. So good luck!

Something else, everywhere I read about the http-equiv meta tage I see the meta refresh mentioned as well. So maybe this is the key, try doing a meta refresh along with it if it doesnt work.

ANUBIS



#6 Jeffrey

Jeffrey

    Specialist

  • Sergeant Major
  • 1,109 posts

Posted 12 October 2006 - 12:25 PM

I have been doing alot of searching on google and I dont think it can be done from a client-side script. If you know any server-side scripting languages, goto a resource site and looking up support for editing the http request headers. If you can do this than you are set, only thing is you need to be able to host a server-side script...


ANUBIS

#7 Jeremy

Jeremy

    Commander in Chief

  • Retired Admin
  • 2,459 posts

Posted 12 October 2006 - 01:24 PM

The referrer data comes from the client (web browser) and is parsed by the web server.
So if "user" is on "http://site.com" and clicks on a link to "http://siteB.net," user's browser tells siteB.net that it was referred from site.com. It is up to siteB.net to decide how that referrer data is used; thats where the ASP and meta tag Jeff mentioned comes into play. site.com has no control over what referrer info siteB.net receives.
There are add-ons to browsers that fake the referrer data. For instance, here is a link to some of the firefox ones. /https://addons.mozilla.org/search.php?q=referrer&type=A&app=firefox

#8 Jonas

Jonas

    Private

  • Members
  • 6 posts

Posted 12 October 2006 - 01:51 PM

Take a look at this guys - I found this: I don't know php - you think it's valid?

Author: Wolfman ,Wolfman@deny.de ,http://wolfman.deny.de
Note - Permission to share and/or link this text is granted as long as it remains unchanged.

External linking with out referer
---------------------------------

Case /Probleme
--------------
You have links to an external site.
But the external site does not like you ,
so they block everything that has your site
as referer. Or you don't want your site to
show up in there logs.

One Solution:
------------------
Here is a little PHP script to help you out.

.... strip_ref.php ....

<HTML><HEAD><TITLE>Redirect.......</TITLE>

<?php
Print '<meta http-equiv="refresh" content="0; URL=' . $url . '">' ;
?>

</head><body></body></html>

.... strip_ref.php ....

When your link normaly would look like this
<a href="http://Mytarget.com">Target link</a>
Do like this
<a href="Strip_ref.php?url=http://Mytarget.com">Target link</a>
OR
<a href="http://Mytarget.com" target=_blank>Target link</a>
Do like this
<a href="Strip_ref.php?url=http://Mytarget.com" target=_blank>Target link</a>

To test use any script listing Env variables

#9 Jeremy

Jeremy

    Commander in Chief

  • Retired Admin
  • 2,459 posts

Posted 12 October 2006 - 02:12 PM

That is a legit script if thats what you are asking. I am not sure what info browsers pass when they are redirected versus following links. If browsers do really treat that meta tag as a "refresh" then no eniroment data would be included. it would be treated as manually typing in the url.

#10 No Dice

No Dice

    Retired GSO Second Lieutenant

  • Sergeant Major
  • 723 posts

Posted 12 October 2006 - 03:17 PM

Are you really just looking for something like this /http://anonym.to/ or /http://lix.in/

I could be way off ???

#11 Jeffrey

Jeffrey

    Specialist

  • Sergeant Major
  • 1,109 posts

Posted 13 October 2006 - 06:50 AM

Jonas,

One problem with that script is that it will set the referer to the site that that script is hosted on. What you need is like I said earlier, manually setting the request http header value. Here are some examples in a couple of languages, maybe this can help you out.

PHP
<?
header('Referer: http://imtrickingyou.com');
header('Location: http://thisiswhereiwannago.com');
?>

ASP
<%
Response.AddHeader "Referer: http://thisisnotwhoiam.com"
Response.Redirect "http://thisiswhereiwannabe.com"
%>

Perl
print "Referer: http://herewegoagain.com";
print "Location: http://thisiswhereiwannago.com";

I do not program regularly in these languages, so these may be prone to errors but I think they are correct. I know the http protocol and have written several servers so I know the protocol portion is correct, just not if the implementation in the language is. But if I am wrong, like I say always, please correct me.


ANUBIS

#12 Jonas

Jonas

    Private

  • Members
  • 6 posts

Posted 13 October 2006 - 09:01 AM

Your help is much appreciated!

No Dice:
the problem with that service is that the same ip will be used on each request.

Jeffrey:
Thanks for your help, can I get you to take a look at the code below?

What do you guys think of this script:
http://www.rootsecur...eferer_set1.txt
---------------------------------------------------------------

#!usr/bin/perl

print "Content-Type: text/html\n\n";

my $url = "http://WEBSITE_HERE";

use LWP::UserAgent;
use HTTP::Request::Common qw(GET POST);

my $agent = LWP::UserAgent->new;
my $req = GET $url, Referer => "(REFERER_VALUE_HERE)";

print $agent->request($req)->as_string;

#13 Jeffrey

Jeffrey

    Specialist

  • Sergeant Major
  • 1,109 posts

Posted 13 October 2006 - 10:31 AM

Jonas,

Yeah this will work. Just curious, but what are you trying to implement? Most hosting services provide perl cgi, so if you had to you could even post this on another site and just set query variables

hxxp://somesite.com/refer.pl?url=somesite.com&referer=somesite.com



ANUBIS




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users