How to Blank Referrer over HTTPS

 

Results 1 to 11 of 11
Heres what i want to do: Website 1 -> Website 2 (with https) -> Affiliate ...
  1. #1
    filipe3x is offline Registered Member
    Join Date
    Jan 2012
    Posts
    51
    Thanks
    102
    Thanked 5 Times in 5 Posts

    Default How to Blank Referrer over HTTPS

    Heres what i want to do:

    Website 1 -> Website 2 (with https) -> Affiliate link (with no referer field sent)
    I have the following code in the Website 1 (notice it is redirecting over a SSL connection)

    PHP Code:
    <?php 
    header
    ("Location: https://redirect/to/website2");
    ?>
    and this in the Website 2 (the "referer" header should be dropped, because it is redirecting from a HTTP Secure to a Non-secure HTTP)

    PHP Code:
    <?php 
    header
    ("Location: http://affiliate/link");
    ?>
    BUT everytime i run the script, the referrer from "Website 1" keeps getting leaked!

    Can you guys help me?

    I am testing the script with the help of this this tool http://www.stardrifter.org/cgi-bin/ref.cgi

    thanks
    Last edited by filipe3x; 07-10-2013 at 11:20 AM.




  2. #2
    Brainiac101's Avatar
    Brainiac101 is offline Newbies
    Join Date
    Jun 2013
    Location
    UK
    Posts
    46
    Thanks
    20
    Thanked 20 Times in 14 Posts

    Default Re: How to Blank Referrer over HTTPS

    Did you try not passing the "S" in the initial site, so it's http -> http instead of https -> http ?

  3. #3
    filipe3x is offline Registered Member
    Join Date
    Jan 2012
    Posts
    51
    Thanks
    102
    Thanked 5 Times in 5 Posts

    Default Re: How to Blank Referrer over HTTPS

    Yes! Any other solution for this problem?
    Last edited by filipe3x; 07-10-2013 at 11:17 AM.

  4. #4
    filipe3x is offline Registered Member
    Join Date
    Jan 2012
    Posts
    51
    Thanks
    102
    Thanked 5 Times in 5 Posts

    Default Re: How to Blank Referrer over HTTPS

    Please help

  5. #5
    mrblackjack's Avatar
    mrblackjack is online now The Master of Cloaking
    Join Date
    Dec 2011
    Location
    G00gle LaNd
    Posts
    866
    Thanks
    29
    Thanked 466 Times in 274 Posts

    Default Re: How to Blank Referrer over HTTPS

    It wont work, cause the initial request was from a non https website, so the ref value is saved across all 301 redirects. For https to blank the referrer, you need to direct visiting it, and then redirect from it forward. That is, the initial visit of a user must be to a https website, then redirect to the offer, or some website in between.

  6. The Following User Says Thank You to mrblackjack For This Useful Post:

    filipe3x (07-11-2013)

  7. #6
    filipe3x is offline Registered Member
    Join Date
    Jan 2012
    Posts
    51
    Thanks
    102
    Thanked 5 Times in 5 Posts

    Default Re: How to Blank Referrer over HTTPS

    mrblackjack i know its possible to do like i am doing. I see a lot of people doing it. The problem is the 302 redirect i made doesn't go thro the encrypted SSL connection hence the referrer gets leaked every f*cking time.

    How can I force Apache to do so?

    GET redirect1.php HTTP/1.0
    Accept: */*
    Accept-Language: en-US
    Referer: http://fuckin/referer
    x-flash-version: 10,3,183,7
    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; ...)
    Host: host.com
    Connection: Keep-Alive

    HTTP/1.1 302 Moved Temporarily
    Date: Wed, 02 May 2012 19:56:59 GMT
    Server: Apache
    X-Powered-By: PHP/5.2.17
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Set-Cookie: PHPSESSID=174272468a2**4e0; path=/
    Location: https://redirect2.php
    Content-Length: 0
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html

    -*

    GET redirect2.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    Referer: http://fuckin/referer
    User-Agent: ...
    Accept-Encoding: gzip, deflate
    Host: host.com
    Connection: Keep-Alive*

    HTTP/1.1 302 Moved Temporarily
    Date: ...
    Server: Apache
    X-Powered-By: PHP/5.2.17
    Location: http://redirect3.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html*

    -*

    GET redirect3.php HTTP/1.0
    Accept: */*
    Accept-Language: en-US
    Referer: http://fuckin/referer
    x-flash-version: 10,3,183,7
    User-Agent: Mozilla/4.0 (compatible; ...)
    Connection: Keep-Alive Host: host.com
    Cookie: PHPSESSID=174272468****56e4e0*

    HTTP/1.1 302 Moved Temporarily
    Date: Wed, 02 May 2012 19:56:59 GMT
    Server: Apache
    X-Powered-By: PHP/5.2.17
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: http://affiliate/link
    Content-Length: 0
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: text/html
    Last edited by filipe3x; 07-11-2013 at 11:01 AM.

  8. #7
    mrblackjack's Avatar
    mrblackjack is online now The Master of Cloaking
    Join Date
    Dec 2011
    Location
    G00gle LaNd
    Posts
    866
    Thanks
    29
    Thanked 466 Times in 274 Posts

    Default Re: How to Blank Referrer over HTTPS

    Read what I said:
    It wont work, cause the initial request was from a non https website

  9. #8
    filipe3x is offline Registered Member
    Join Date
    Jan 2012
    Posts
    51
    Thanks
    102
    Thanked 5 Times in 5 Posts

    Default Re: How to Blank Referrer over HTTPS

    No, you dont need the initial request to be made from a https website... You just have to add the https request between the redirects, once the redirect go thro the SSL, the referer gets automatically killed. At least, thats what the theory says.

    I just dont understand why it isn't working for me!

  10. #9
    filipe3x is offline Registered Member
    Join Date
    Jan 2012
    Posts
    51
    Thanks
    102
    Thanked 5 Times in 5 Posts

    Default Re: How to Blank Referrer over HTTPS

    oh godammit

    Looks like you're right. At least partially right. My script is working at 100% in IE, but fails at chrome or firefox. The reason being - like you said - if the initial request was from a non https website (non secure connection) the referer always gets leaked. But if i do a request from a https the referer gets blanked, and everything is good

    Thanks for the help
    Last edited by filipe3x; 07-11-2013 at 07:18 PM.

  11. #10
    tylor43 is offline Newbies
    Join Date
    Nov 2013
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: How to Blank Referrer over HTTPS

    Quote Originally Posted by filipe3x View Post
    oh godammit

    Looks like you're right. At least partially right. My script is working at 100% in IE, but fails at chrome or firefox. The reason being - like you said - if the initial request was from a non https website (non secure connection) the referer always gets leaked. But if i do a request from a https the referer gets blanked, and everything is good

    Thanks for the help
    blankrefer has been cross browser tested and saves people from the headache of scripting.

  12. #11
    TZ2011's Avatar
    TZ2011 is offline Power Member
    Join Date
    Jun 2011
    Location
    popupdevil.com
    Posts
    775
    Thanks
    789
    Thanked 783 Times in 287 Posts

    Default Re: How to Blank Referrer over HTTPS

    Who is the owner of that site ? Can you trust him ? What if he is logging sites and redirects for some reason ?
    Whatever you can do alone, don't let to 3rd party "free" sites/services do for you.


Similar Threads

  1. Replies: 7
    Last Post: 12-14-2013, 04:35 PM
  2. question about blank referrer with https
    By hannspree in forum Cloaking and Content Generators
    Replies: 2
    Last Post: 06-25-2011, 11:40 PM
  3. https blanks referrer no matter what?
    By invinceable in forum Black Hat SEO
    Replies: 6
    Last Post: 12-24-2010, 12:55 AM
  4. https + iframe = blank referrer?
    By ashilicious in forum Cloaking and Content Generators
    Replies: 29
    Last Post: 03-28-2009, 08:52 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




BlackHatWorld on Twitter BlackHatWorld on FaceBook


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103