1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is There A 100% Effective Refferal Spoofing Method?

Discussion in 'Black Hat SEO' started by fatbap, Mar 11, 2016.

  1. fatbap

    fatbap Regular Member

    Joined:
    Mar 3, 2013
    Messages:
    226
    Likes Received:
    22
    Is there a 100% effective way to either change or blank the refferrer? Anyone experienced with this?

    thanks
     
  2. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    160
    Likes Received:
    64
    Not 100% effective because it's impossible but here is my way (that I have posted a bunch of times btw)

    WARNING: This code contain a fail safe, if the referer can't be changed the traffic will not be redirected! This is for education only, use it at your own risk!
    PHP:
    <?php
    if(isset($_GET['redir']) && !empty($_GET['redir'])) {
        
    $redir_url substr($_SERVER["REQUEST_URI"], strpos($_SERVER["REQUEST_URI"], "redir=") + 6);
        
    $uri preg_split("/.redir.*/i"$_SERVER["REQUEST_URI"]);
        
    $refresh_url 'http://' $_SERVER['HTTP_HOST'] . $uri[0];
        
    setcookie("redir"$redir_urltime()+5);
        exit(
    header('Location: ' $refresh_url));
    }
    elseif(isset(
    $_COOKIE['redir']) && !empty($_COOKIE['redir'])) {
        
    $referer $_SERVER['HTTP_REFERER'];
        
    $domain $_SERVER['HTTP_HOST']; 
        if (
    strpos($referer$domain) === false)  {
            echo 
    '<form action="" method="get"></form>';
            echo 
    '<script>document.forms[0].submit();</script>';
        }else {
            
    $redir_url urldecode($_COOKIE['redir']);
            
    setcookie("redir"""time()-5);
            exit(
    header('Location: ' $redir_url));
        }
    }
    ?>
    Send traffic to 'http://mydomain.com?redir=http://redirdomain.com' (where 'http://redirdomain.com' is the url where you want to send traffic to and 'http://mydomain.com/' the referer you want to display).

    Tested and working with the following browsers:
    - IE 7+
    - Chrome 29+
    - FF 14+
    - Opera 12
    - Edge
    - Safari 7+
    - Chrome Mobile (Android 4.4+)
    - Safari Mobile (IOS 7.1+)
     
  3. renzuken

    renzuken Junior Member

    Joined:
    Sep 9, 2009
    Messages:
    162
    Likes Received:
    66
    Location:
    /cat/proc/
    depends on what are you trying to do..
    if its php, curl can do that well..but your server ip cannot be spoof.

    if just a simple redirect using html javascript make the page secure , any referer are always blank.
     
  4. fatbap

    fatbap Regular Member

    Joined:
    Mar 3, 2013
    Messages:
    226
    Likes Received:
    22
    Thanks for this, but where does the code go? Is it index.php or something? Thanks
     
  5. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    160
    Likes Received:
    64
    Depends on your site, if you are using Wordpress you could copy/past this in your header.php files but it doesn't really matter as long as the code is on the page you want to use for the fake referrer however it will speed up the redirection if it's the first code to be executed.
     
  6. fatbap

    fatbap Regular Member

    Joined:
    Mar 3, 2013
    Messages:
    226
    Likes Received:
    22

    I'm going to use this, is there a way to check it's working? Thanks for you help
     
  7. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    160
    Likes Received:
    64
  8. fatbap

    fatbap Regular Member

    Joined:
    Mar 3, 2013
    Messages:
    226
    Likes Received:
    22
    Hi, I replaced all the code in header.php for my site's active wp theme. Then used the link you told me to send the traffic to, using my own url and whatismyreferer.com. The first result from the test showed the referrer was successfully hidden. However every try after then shows my URL. Is there anything you can suggest as to why this is?
     
  9. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    160
    Likes Received:
    64
    It's weired that it only worked once, what browser did you used? PM me your Skype if you want
     
  10. renzuken

    renzuken Junior Member

    Joined:
    Sep 9, 2009
    Messages:
    162
    Likes Received:
    66
    Location:
    /cat/proc/
    i dont quite understand what your trying to do


    if its your trying to null the referer from your outgoing links??


    try playing with META refferer tag

    works both on latest crome and FF

    if your looking on more complex answer..

    explain more