JS Redirect + Keep or Spoof Referrer..??

x5g7j9l3x

Junior Member
Joined
Feb 20, 2009
Messages
127
Reaction score
1
I have a PHP page that checks the "$_SERVER['QUERY_STRING']" and if detects "http" in the URL string it forwards to that URL using a JS redirect..
so the referrer looks like "http://my-site.com/?http://stardrifter.org/cgi-bin/ref.cgi"

"http://stardrifter.org/cgi-bin/ref.cgi" is website that tells you yer referrer..

But on some browsers like "IE" this method doesn't keep the referrer and it shows up blank..

So i was wondering if there are any other ways to do a JS redirect that will keep or spoof the referrer for all browsers..??

This is my PHP-JS redirect code..
Code:
<?php
if ($_SERVER['QUERY_STRING'] != ''){


If (stristr($_SERVER['QUERY_STRING'], "HTTP")){
$URL = $_SERVER['QUERY_STRING'];
Print "<html><body onLoad=\"java script: window.location='$URL';\"></body></html>";}


}
?>
 
I have a PHP page that checks the "$_SERVER['QUERY_STRING']" and if detects "http" in the URL string it forwards to that URL using a JS redirect..
so the referrer looks like "http://my-site.com/?http://stardrifter.org/cgi-bin/ref.cgi"

"http://stardrifter.org/cgi-bin/ref.cgi" is website that tells you yer referrer..

But on some browsers like "IE" this method doesn't keep the referrer and it shows up blank..

So i was wondering if there are any other ways to do a JS redirect that will keep or spoof the referrer for all browsers..??

This is my PHP-JS redirect code..
Code:
<?php
if ($_SERVER['QUERY_STRING'] != ''){


If (stristr($_SERVER['QUERY_STRING'], "HTTP")){
$URL = $_SERVER['QUERY_STRING'];
Print "<html><body onLoad=\"java script: window.location='$URL';\"></body></html>";}


}
?>

The problem is that you're using window.location to redirect people.

What you want to do is make a GET request form on the page and have javascript automatically call .submit() on the form. THAT will keep the referer.
 
could you give me code example please..??
 
First page: (Starts the spoofing redirect; the one you would link to. Notice the SECONDPAGE.php that needs to be replaced.)
Code:
<?php
        echo "
        <html>
        <head>
        <title>Redirecting...</title>
        </head>
        <body onload=\"javascript:document.aa.submit();\">
        <form action=\"./SECONDPAGE.php\" method=\"post\" name=\"aa\">
        <input type=\"hidden\" name=\"t\" value=\"{$_GET['t']}\"
        <input type=\"submit\" value=\"Continue\" />
        </form>
        </body>
        </html>";
?>

Second Page (One that that the referer would be and one inserted in the 1st)
Code:
<?php

if (isset($_POST['t']) && $_POST['t'] != null)
{
    $target = null;

    switch ($_POST['t'])
    {
        case '1001':
            $target = 'http://www.whatismyreferer.com';
            break;
        case '1002':
            $target = 'http://www.google.com';
            break;
        case '1003':
            $target = 'http://www.drkencode.com';
            break;
        default:
            $target = null;
    }

    if ($target !== null)
    {
        //They check out. Send them to the destination!

        echo "
        <html>
        <head>
        <title>Redirecting...</title>
        </head>
        <body onload=\"javascript:document.aa.submit();\">
        <form action=\"".addcslashes($target,'"')."\" method=\"get\" name=\"aa\">
        <input type=\"submit\" value=\"Continue\" />
        </form>
        </body>
        </html>";
        die;
    }
    else
    {
        //Don't do anything! Just show the white hat page as usual...
    }
}
?>

<html>
<head>
    <title>Nice Whitehat Page</title>
</head>
<body>
    Hey, this is a nice innocent whitehat page.
</body>
</html>


So, basically link to the first page with the redirect number on the query string t-argument. Eg: http://www.mysite.com/spoof.php?t=1001.
It will then redirect to the whitehat page, moving the spoof page number to the post string (which isn't listed in referers, so it will be hidden). The spoof page, which has PHP code before the white hat page, will check for the target number argument, and if it exists, look it up on the list and send the user there via a javascript form submit. If the argument has not been set it will simply display the whitehat page. (The page they will see as the referer.)


Enjoy :)
 
Thanks for the script. Is there anyway to prevent the loop when someone hits the back button?
 
There's no way of checking if it's possible to go forward or back in JS. It would require a good amount of cookie-foo or serverside logging to make sure it doesn't break the back button. Sorry :-/
 
Thanks for the script. Is there anyway to prevent the loop when someone hits the back button?

Yes. do all this in a 1x1 pixel frame at the end of a sentence so it looks like a period! As nested content within a page it wont fubar the back button.
:)

You could also cookie stuff from a css include... it will fail to load on the stuffing and then a blank one the rest of the time... nothing visual in the content like a broken image... usually just a tiny status icon that indicates not all the resources loaded which happens on half of all websites anyway. Seeing a css fail for being text/html makes sense too since a missing file would forward to a 404 html template in most servers. Standard practice there. Unless they feel the need to view the broken css content they will never know...
 
Last edited:
Back
Top