php referrer blanker script

n8g33k

Registered Member
Joined
Dec 10, 2008
Messages
61
Reaction score
15
Hi Guys,

I just updated a php referrer blanker, i found on the forums.
And wanted to share with you guys.

Note: the methods used in the code don't always blank your referrer.
So thats way it includes the referrer checks.

enjoy :)

Code:
<?php

$self = $_SERVER['SCRIPT_NAME'];

//Grab arguments from the GET string
$SEC = $_GET['S'];



if ($_SERVER['HTTP_REFERER'] == $self || $_SERVER['HTTP_REFERER'] == '')
{
	// go to your landing page
	do_MetaRefresh("referer.php");
}
else if($SEC == '3') // Bad! dump them somewhere!
{
	// Dump location
	do_MetaRefresh("http://www.google.com");
}



// If on second bounce SEC = 1
if(isset($SEC))
{
	if($SEC == '1') // Second time through--bounce them back!
	{
		// do a javascript redirect to the same site
		do_Javascript("$self?S=2");
	}else if($SEC == '2') // Last time through--bounce them back!
	{
		// do a form submit to the same site
		do_form("$self?S=3");
	}
}
else // First time through--bounce them back!
{
	// do a meta refresh to the same site
	do_MetaRefresh("$self?S=1");
}



// functions

function do_MetaRefresh($url)
{
	die("<HTML><HEAD>
			<meta http-equiv=refresh content='0;url=$url'>
		</HEAD><BODY></BODY></HTML>");
}

function do_Javascript($url)
{
	die("<HTML><HEAD>
			<SCRIPT language='JavaScript'>
				window.location='$url';
			</SCRIPT>
		</HEAD><BODY></BODY></HTML>");
}

function do_form($url)
{
	die("<HTML><HEAD></HEAD><BODY>
		<form action='$url' method='GET' id='form1'></form>
		<script language='JavaScript'> 
			document.getElementById('form1').submit(); 
		</script>
		</BODY></HTML>");
}

?>
 
Ok so i just found a bug in the script. and I updated it even more.

Code:
<?php

$self = $_SERVER['SCRIPT_NAME'];
$fullpath = 'http://' . $HTTP_SERVER_VARS['HTTP_HOST'] . $HTTP_SERVER_VARS['REQUEST_URI'];


session_start();
$SEC = $_SESSION['sec'];



if ($_SERVER['HTTP_REFERER'] == $fullpath)
{
	unset($_SESSION['sec']);
	
	// go to your landing page
	header("location: referrer.php");
	die();
}
elseif($SEC == '3') // Bad! dump them somewhere!
{
	unset($_SESSION['sec']);

	// Dump location
	do_MetaRefresh("http://www.google.nl");
}



// If on second bounce SEC = 1

if($SEC == '1') // Second time through--bounce them back!
{
	$_SESSION['sec'] = 2;
	// do a javascript redirect to the same site
	do_Javascript("$self");
}
elseif($SEC == '2') // Last time through--bounce them back!
{
	$_SESSION['sec'] = 3;
	// do a form submit to the same site
	do_form("$self");
}
else // First time through--bounce them back!
{
	$_SESSION['sec'] = 1;
	// do a meta refresh to the same site
	do_MetaRefresh("$self");
}



// functions

function do_MetaRefresh($url)
{
	die("<HTML><HEAD>
			<meta http-equiv=refresh content='0;url=$url'>
		</HEAD><BODY></BODY></HTML>");
}

function do_Javascript($url)
{
	die("<HTML><HEAD>
			<SCRIPT language='JavaScript'>
				window.location='$url';
			</SCRIPT>
		</HEAD><BODY></BODY></HTML>");
}

function do_form($url)
{
	die("<HTML><HEAD></HEAD><BODY>
		<form action='$url' method='POST' id='form1'></form>
		<script language='JavaScript'> 
			document.getElementById('form1').submit(); 
		</script>
		</BODY></HTML>");
}
?>
 
Guys I'm still I little confused.
Is this the right way of spoofing the referrer?
 
dude can u fake a referrer...on Blogspot ?
 
@Sliv3r

??? you mean make the referrer Blogspot?
 
Back
Top