1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

fake referrer php script

Discussion in 'PHP & Perl' started by gibberish, Dec 22, 2012.

  1. gibberish

    gibberish Newbie

    Joined:
    Dec 22, 2012
    Messages:
    5
    Likes Received:
    0
    Ok, I have a script here which fakes the referer, I have tested it with a url shortener and it seems to work fine (it sets the referrer to what it should). What I plan to do is set up a site especially for the 'fake' referrer so it looks all legit and source of traffic from elsewhere by running this script.

    Is there any risk with this, ie will I give the network / advertiser any reason to suspect something is up with me or anything?

    Code:
    <?php
    
        echo geturl('affiliateurl', 'fakerefferer');
    
        function geturl($url, $referer) { 
    
            $headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg,text/html,application/xhtml+xml'; 
            $headers[] = 'Connection: Keep-Alive'; 
            $headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; 
            $useragent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;  .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)'; 
    
            $process = curl_init($url); 
            curl_setopt($process, CURLOPT_HTTPHEADER, $headers); 
            curl_setopt($process, CURLOPT_HEADER, 0); 
            curl_setopt($process, CURLOPT_USERAGENT, $useragent);
            curl_setopt($process, CURLOPT_REFERER, $referer);
            curl_setopt($process, CURLOPT_TIMEOUT, 30); 
            curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); 
            curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); 
    
            $return = curl_exec($process); 
            curl_close($process); 
    
            return $return; 
        } 
    
    ?>
     
  2. MrBlue

    MrBlue Senior Member

    Joined:
    Dec 18, 2009
    Messages:
    950
    Likes Received:
    662
    Occupation:
    Web/Bot Developer
    Unless you use proxies, all your traffic will coming from the same IP address which is the server that this script is hosted on.
     
    • Thanks Thanks x 3
  3. GhostProtocol

    GhostProtocol Newbie

    Joined:
    Dec 22, 2012
    Messages:
    20
    Likes Received:
    39
    Occupation:
    Bullet proof hosting & servers, Private Exclusive
    Location:
    Ghosted
    yep you should use proxies. i dont think its a right method to fake referrer. sooner or later advertiser would find that all hits are coming from the same ip
     
  4. gibberish

    gibberish Newbie

    Joined:
    Dec 22, 2012
    Messages:
    5
    Likes Received:
    0
    shoot! ok how can I add a proxy to this script, any ideas?
     
  5. gibberish

    gibberish Newbie

    Joined:
    Dec 22, 2012
    Messages:
    5
    Likes Received:
    0
    Really need some expert coders to verify this for me i think.
     
    Last edited: Dec 29, 2012
  6. gibberish

    gibberish Newbie

    Joined:
    Dec 22, 2012
    Messages:
    5
    Likes Received:
    0
    can anybody help with this? basically I'm trying to acheive this:

    Visitor loads page > cookie drops, the page loaded isn't neccesarily my OWN site, then need to run the script and set the referrer to my white hat site but still make it look like the requests are coming from the client and not my server, as others have clearly pointed out the curl script still shows my ip in there.

    Is it possible another way?
     
  7. artizhay

    artizhay BANNED BANNED

    Joined:
    Nov 21, 2010
    Messages:
    1,867
    Likes Received:
    1,335
    You're running cURL, which is never going to get you anywhere, proxies or not. You're going to be basically downloading the HTML front-end of whatever site you load, so you'll be showing visitors a ripped copy of the destination site.

    This means that's many of the relative paths (form submits, links, etc.) will not work, none of the server-side coding will run (such as database queries, etc.), the cookie won't match their domain, and none of the javascript that many advertisers/networks use will work properly due to broken paths or cross-domain issues.

    Truly modifying the user's referer wouldn't be done with PHP, as the referer is a client-sider browser element, and PHP is server-side, having nothing to do with the browser at all.
     
    • Thanks Thanks x 2
    Last edited: Dec 29, 2012
  8. gibberish

    gibberish Newbie

    Joined:
    Dec 22, 2012
    Messages:
    5
    Likes Received:
    0
    not sure Im understanding u but the method I'm using drops the cookie while users are on other sites when the user loads the page they load the image which redirects to the script and drops the cookie using header:location so the user doesn't actually browse the page but they get the aff cookie, I was thinking I could name the referrer as a bot or something and if my ip gets banned I can switch host ip. the question is will they be able to link my ip to my cookies or not?
     
  9. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    You got 2 concepts here that you're trying to merge into 1 idea, but its not the same.

    The 2 concepts are your SCRIPT and the USER.

    Your SCRIPT sits on your server and reflects whatever clever thing you want to do. You can fake referer all day long from your script that sits on your server, you can manipulate cookies and all kinds of cool stuff.

    The USER has their own browser, their own cookies for interacting with your affiliate, and there's nothing you can do to inject 3rd party cookies to your user. While you can fake referer of your user to a limited extent, you can't do it as you're supposing.

    Using scripts to fake referers or manipulate cookies only works for your server, your script. It can come in handy if you're scraping and need to simulate various headers or that you're logged in, emulate cookies or fake referers. None of this can apply to a visitor who views your script.
     
  10. shopping2012

    shopping2012 Junior Member

    Joined:
    Jun 22, 2011
    Messages:
    125
    Likes Received:
    807
    Occupation:
    Import
    Location:
    Munich
    This could be mainly easily done by e.g. using "Ubot" and compile the bot, in fact you don't need it server-side.
    Here you could load endless proxies and fake referrers, user-agents and much more to make it more "human" ;-)
     
  11. mmkevin

    mmkevin Newbie

    Joined:
    Feb 27, 2012
    Messages:
    14
    Likes Received:
    1
    is it ubotstudio?
     
  12. shopping2012

    shopping2012 Junior Member

    Joined:
    Jun 22, 2011
    Messages:
    125
    Likes Received:
    807
    Occupation:
    Import
    Location:
    Munich
    Yes, I am using an own made bot for faking referrers and user-agents to blast my website to e.g. AWSTATS websites to get it in their logs. Does not make much SEO sense, nevertheless I can "upgrade" my links in Google :)
     
  13. firescape

    firescape Newbie

    Joined:
    Feb 1, 2013
    Messages:
    10
    Likes Received:
    0
    Is this a programming question or unrelated? I believe there are better methods of faking the referrer than using curl. I think javascript is your best bet.
     
  14. godkiller

    godkiller Newbie

    Joined:
    Dec 13, 2009
    Messages:
    1
    Likes Received:
    0
    only way you can fake the refferer is find a XSS on google .
    thats all there isnt any shortcut.