1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Hey Guest Last month we upgraded BlackHatWorld.com to a new platform - . If you notice anything that requires attention please start a new thread here.
    Dismiss Notice

How to Blank Referrer over HTTPS

Discussion in 'Cloaking and Content Generators' started by filipe3x, Jul 9, 2013.

  1. filipe3x

    filipe3x Registered Member

    Joined:
    Jan 14, 2012
    Messages:
    52
    Likes Received:
    5
    Heres what i want to do:

    I have the following code in the Website 1 (notice it is redirecting over a SSL connection)

    PHP:
    <?php 
    header
    ("Location: https://redirect/to/website2");
    ?>
    and this in the Website 2 (the "referer" header should be dropped, because it is redirecting from a HTTP Secure to a Non-secure HTTP)

    PHP:
    <?php 
    header
    ("Location: http://affiliate/link");
    ?>
    BUT everytime i run the script, the referrer from "Website 1" keeps getting leaked!

    Can you guys help me?

    I am testing the script with the help of this this tool http://www.stardrifter.org/cgi-bin/ref.cgi

    thanks
     
    Last edited: Jul 10, 2013
  2. Brainiac101

    Brainiac101 Newbie

    Joined:
    Jun 15, 2013
    Messages:
    46
    Likes Received:
    22
    Occupation:
    Entrenepeur
    Location:
    UK
    Did you try not passing the "S" in the initial site, so it's http -> http instead of https -> http ?
     
  3. filipe3x

    filipe3x Registered Member

    Joined:
    Jan 14, 2012
    Messages:
    52
    Likes Received:
    5
    Yes! Any other solution for this problem?
     
    Last edited: Jul 10, 2013
  4. filipe3x

    filipe3x Registered Member

    Joined:
    Jan 14, 2012
    Messages:
    52
    Likes Received:
    5
    Please help
     
  5. mrblackjack

    mrblackjack Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 6, 2011
    Messages:
    953
    Likes Received:
    548
    Occupation:
    I live alone, I work alone, I make money alone
    Location:
    G00gle LaNd
    It wont work, cause the initial request was from a non https website, so the ref value is saved across all 301 redirects. For https to blank the referrer, you need to direct visiting it, and then redirect from it forward. That is, the initial visit of a user must be to a https website, then redirect to the offer, or some website in between.
     
    • Thanks Thanks x 1
  6. filipe3x

    filipe3x Registered Member

    Joined:
    Jan 14, 2012
    Messages:
    52
    Likes Received:
    5
    mrblackjack i know its possible to do like i am doing. I see a lot of people doing it. The problem is the 302 redirect i made doesn't go thro the encrypted SSL connection hence the referrer gets leaked every f*cking time.

    How can I force Apache to do so?

     
    Last edited: Jul 11, 2013
  7. mrblackjack

    mrblackjack Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 6, 2011
    Messages:
    953
    Likes Received:
    548
    Occupation:
    I live alone, I work alone, I make money alone
    Location:
    G00gle LaNd
    Read what I said:
     
  8. filipe3x

    filipe3x Registered Member

    Joined:
    Jan 14, 2012
    Messages:
    52
    Likes Received:
    5
    No, you dont need the initial request to be made from a https website... You just have to add the https request between the redirects, once the redirect go thro the SSL, the referer gets automatically killed. At least, thats what the theory says.

    I just dont understand why it isn't working for me!
     
  9. filipe3x

    filipe3x Registered Member

    Joined:
    Jan 14, 2012
    Messages:
    52
    Likes Received:
    5
    oh godammit

    Looks like you're right. At least partially right. My script is working at 100% in IE, but fails at chrome or firefox. The reason being - like you said - if the initial request was from a non https website (non secure connection) the referer always gets leaked. But if i do a request from a https the referer gets blanked, and everything is good :D

    Thanks for the help
     
    Last edited: Jul 11, 2013
  10. tylor43

    tylor43 Newbie

    Joined:
    Nov 11, 2013
    Messages:
    2
    Likes Received:
    0
    blankrefer has been cross browser tested and saves people from the headache of scripting.
     
  11. TZ2011

    TZ2011 Senior Member

    Joined:
    Jun 26, 2011
    Messages:
    832
    Likes Received:
    860
    Occupation:
    Cleaning servers
    Who is the owner of that site ? Can you trust him ? What if he is logging sites and redirects for some reason ?
    Whatever you can do alone, don't let to 3rd party "free" sites/services do for you.