JS Redirect + Keep or Spoof Referrer..??

X

x5g7j9l3x

Junior Member
Joined
Feb 20, 2009
Messages
127
Reaction score
1
I have a PHP page that checks the "$_SERVER['QUERY_STRING']" and if detects "http" in the URL string it forwards to that URL using a JS redirect..
so the referrer looks like "http://my-site.com/?http://stardrifter.org/cgi-bin/ref.cgi"

"http://stardrifter.org/cgi-bin/ref.cgi" is website that tells you yer referrer..

But on some browsers like "IE" this method doesn't keep the referrer and it shows up blank..

So i was wondering if there are any other ways to do a JS redirect that will keep or spoof the referrer for all browsers..??

This is my PHP-JS redirect code..
Code: 
<?php
if ($_SERVER['QUERY_STRING'] != ''){


If (stristr($_SERVER['QUERY_STRING'], "HTTP")){
$URL = $_SERVER['QUERY_STRING'];
Print "<html><body onLoad=\"java script: window.location='$URL';\"></body></html>";}


}
?>
 
Advertise on BHW
x5g7j9l3x said:
I have a PHP page that checks the "$_SERVER['QUERY_STRING']" and if detects "http" in the URL string it forwards to that URL using a JS redirect..
so the referrer looks like "http://my-site.com/?http://stardrifter.org/cgi-bin/ref.cgi"

"http://stardrifter.org/cgi-bin/ref.cgi" is website that tells you yer referrer..

But on some browsers like "IE" this method doesn't keep the referrer and it shows up blank..

So i was wondering if there are any other ways to do a JS redirect that will keep or spoof the referrer for all browsers..??

This is my PHP-JS redirect code..
Code: 
<?php
if ($_SERVER['QUERY_STRING'] != ''){


If (stristr($_SERVER['QUERY_STRING'], "HTTP")){
$URL = $_SERVER['QUERY_STRING'];
Print "<html><body onLoad=\"java script: window.location='$URL';\"></body></html>";}


}
?>
Click to expand...

The problem is that you're using window.location to redirect people.

What you want to do is make a GET request form on the page and have javascript automatically call .submit() on the form. THAT will keep the referer.
 
could you give me code example please..??
 
First page: (Starts the spoofing redirect; the one you would link to. Notice the SECONDPAGE.php that needs to be replaced.)
Code: 
<?php
        echo "
        <html>
        <head>
        <title>Redirecting...</title>
        </head>
        <body onload=\"javascript:document.aa.submit();\">
        <form action=\"./SECONDPAGE.php\" method=\"post\" name=\"aa\">
        <input type=\"hidden\" name=\"t\" value=\"{$_GET['t']}\"
        <input type=\"submit\" value=\"Continue\" />
        </form>
        </body>
        </html>";
?>

Second Page (One that that the referer would be and one inserted in the 1st)
Code: 
<?php

if (isset($_POST['t']) && $_POST['t'] != null)
{
    $target = null;

    switch ($_POST['t'])
    {
        case '1001':
            $target = 'http://www.whatismyreferer.com';
            break;
        case '1002':
            $target = 'http://www.google.com';
            break;
        case '1003':
            $target = 'http://www.drkencode.com';
            break;
        default:
            $target = null;
    }

    if ($target !== null)
    {
        //They check out. Send them to the destination!

        echo "
        <html>
        <head>
        <title>Redirecting...</title>
        </head>
        <body onload=\"javascript:document.aa.submit();\">
        <form action=\"".addcslashes($target,'"')."\" method=\"get\" name=\"aa\">
        <input type=\"submit\" value=\"Continue\" />
        </form>
        </body>
        </html>";
        die;
    }
    else
    {
        //Don't do anything! Just show the white hat page as usual...
    }
}
?>

<html>
<head>
    <title>Nice Whitehat Page</title>
</head>
<body>
    Hey, this is a nice innocent whitehat page.
</body>
</html>


So, basically link to the first page with the redirect number on the query string t-argument. Eg: http://www.mysite.com/spoof.php?t=1001.
It will then redirect to the whitehat page, moving the spoof page number to the post string (which isn't listed in referers, so it will be hidden). The spoof page, which has PHP code before the white hat page, will check for the target number argument, and if it exists, look it up on the list and send the user there via a javascript form submit. If the argument has not been set it will simply display the whitehat page. (The page they will see as the referer.)


Enjoy :)
 
Thanks for the script. Is there anyway to prevent the loop when someone hits the back button?
 
There's no way of checking if it's possible to go forward or back in JS. It would require a good amount of cookie-foo or serverside logging to make sure it doesn't break the back button. Sorry :-/
 
Profit said:
Thanks for the script. Is there anyway to prevent the loop when someone hits the back button?
Click to expand...

Yes. do all this in a 1x1 pixel frame at the end of a sentence so it looks like a period! As nested content within a page it wont fubar the back button.
:)

You could also cookie stuff from a css include... it will fail to load on the stuffing and then a blank one the rest of the time... nothing visual in the content like a broken image... usually just a tiny status icon that indicates not all the resources loaded which happens on half of all websites anyway. Seeing a css fail for being text/html makes sense too since a missing file would forward to a 404 html template in most servers. Standard practice there. Unless they feel the need to view the broken css content they will never know...
 
Last edited:
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Account Selling Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top