1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Force redirect script - all browsers

Discussion in 'BlackHat Lounge' started by the_demon, Mar 19, 2011.

  1. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    Ok, I see so many of you guys in need of help and so many crappy meta resfresh scripts out there...

    What many of you do not know is:
    Chrome blocks PHP Location redirects
    Firefox can easily block meta refresh
    Various plugins can block javascript redirects

    Here's my solution that kicks the browsers @$$!

    Code:
    <?php
    header( 'http://mydomain.com/mywebpage.php' );
    ?>
    <meta http-equiv="refresh" content="0;url=http://mydomain.com/mywebpage.php" />
    <script type="text/javascript">
    window.location = "http://mydomain.com/mywebpage.php"
    </script>
    For people who need double refresh just copy this code and set the first page to redirect to page B (on your domain) Then bounce it out to final destination. You can of course use refer checks, magic key checks, browser checks, ip checks, etc. It all depends on what your purpose is.

    REP or Thanks appreciated ;)
     
    • Thanks Thanks x 7
    Last edited: Mar 19, 2011
  2. brent360

    brent360 Junior Member

    Joined:
    Feb 16, 2011
    Messages:
    102
    Likes Received:
    256
    What? If I have a php file like this:

    Code:
    <?php
    
       header( 'Location: http://www.yoursite.com/new_page.html' ) ;
    
    ?>
    Chrome blocks it?
     
  3. aReJay

    aReJay Power Member

    Joined:
    Apr 29, 2009
    Messages:
    736
    Likes Received:
    237
    Location:
    Down under
    Chrome accepts a Location as long as a status code is sent in conjunction.

    -aReJay
     
    • Thanks Thanks x 1
  4. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    I've had issues with chrome and PHP based redirects... sometimes it just freezes up and yields a blank white page. Also, people can turn off meta refresh in their browser so it's best to use all 3 methods to make sure the redirect happens ;) :)
     
  5. Ruchka

    Ruchka Junior Member

    Joined:
    Jan 24, 2009
    Messages:
    108
    Likes Received:
    13

    Hey this is very appreciated. I just tried this and am still getting the referrer showing up in chrOme.

    Any additional hints or tips, maybe there's something I'm not doing correctly?
     
  6. Ruchka

    Ruchka Junior Member

    Joined:
    Jan 24, 2009
    Messages:
    108
    Likes Received:
    13

    To be more specific, maybe all I need is further help with how to edit the code to do the redirect to page B.

    Right now I have an "index.php / index2.php" setup.
     
  7. M@rc0

    M@rc0 Registered Member

    Joined:
    May 19, 2010
    Messages:
    83
    Likes Received:
    22
    Occupation:
    Website owner
    Location:
    The Netherlands
    Home Page:
    I've got a question about this script:

    Is it possible to fill it in so that the redirect would come from
    Code:
    hxxp://w w w.domain.com
    Instead of
    Code:
    hxxp://w w w.domain.com/file.php
    Any help is really appreciated...
     
  8. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    Yes, I would call this "flash backing"

    www.site.com/page.php --> redirect to: www.domain.com/?key=push_that_guy_forward

    Code:
    <?php
    $key = $_GET['key'];
    if ($key=="push_that_guy_forward")
    {
    header( 'http://site-to-goto.com/mywebpage.php' );
    echo"<meta http-equiv="refresh" content="0;url=http://site-to-goto.com/mywebpage.php" />
    <script type="text/javascript">
    window.location = "http://site-to-goto.com/mywebpage.php"
    </script>";
    }
    else{
    echo ""; //do nothing
    }
    ?>

    Now, if you want to take this a step further.

    1. redirect to domain.com/?key=something
    2. drop a cookie
    3. refresh page domain.com
    4. if cookie = present load FORCE REDIRECT

    This would ensure that:
    a) no one (your cpa manager for example) gets the "unlock key"
    B) the refer should show up exactly as WWW.MYSITE.COM
    C) no key trailing in cpa company analytics or whatever...

    Try it out first just to make sure. If the refer is still showing with the key use a double refresh.
    If cookie present = reload once
    on reload #2 check cookie, if count =1 refresh again
    on reload if get cookie counter
    if counter= 2 PUSH FORWARD

    *** OPTIONAL ADVANCED OPERATION ***
    1. use session instead of cookie to be more stealthy
    2. will work for users who don't support or whom block cookies
    3. use session & cookie for double assurance that you get the desired result

    *** PISS YOUR CPA MANAGER & COMPETITORS OFF ***
    - use a mutating key

    -->if traffic_source=$mysecretplace
    --> Generate 1 time key, write key to database & log ip

    ... now your competitor who was redirected goes back to take a sneak peak at your code

    (check database)
    if $user_ip = $blocked_ip
    --> don't load page
    if key = used
    --> don't load page
    :hmpf: Huh, guess the page doesn't work. :(
     
    Last edited: Apr 18, 2011