php referrer blanker script

n8g33k · Oct 4, 2009

Hi Guys,

I just updated a php referrer blanker, i found on the forums.
And wanted to share with you guys.

Note: the methods used in the code don't always blank your referrer.
So thats way it includes the referrer checks.

enjoy

Code:

<?php

$self = $_SERVER['SCRIPT_NAME'];

//Grab arguments from the GET string
$SEC = $_GET['S'];



if ($_SERVER['HTTP_REFERER'] == $self || $_SERVER['HTTP_REFERER'] == '')
{
	// go to your landing page
	do_MetaRefresh("referer.php");
}
else if($SEC == '3') // Bad! dump them somewhere!
{
	// Dump location
	do_MetaRefresh("http://www.google.com");
}



// If on second bounce SEC = 1
if(isset($SEC))
{
	if($SEC == '1') // Second time through--bounce them back!
	{
		// do a javascript redirect to the same site
		do_Javascript("$self?S=2");
	}else if($SEC == '2') // Last time through--bounce them back!
	{
		// do a form submit to the same site
		do_form("$self?S=3");
	}
}
else // First time through--bounce them back!
{
	// do a meta refresh to the same site
	do_MetaRefresh("$self?S=1");
}



// functions

function do_MetaRefresh($url)
{
	die("<HTML><HEAD>
			<meta http-equiv=refresh content='0;url=$url'>
		</HEAD><BODY></BODY></HTML>");
}

function do_Javascript($url)
{
	die("<HTML><HEAD>
			<SCRIPT language='JavaScript'>
				window.location='$url';
			</SCRIPT>
		</HEAD><BODY></BODY></HTML>");
}

function do_form($url)
{
	die("<HTML><HEAD></HEAD><BODY>
		<form action='$url' method='GET' id='form1'></form>
		<script language='JavaScript'> 
			document.getElementById('form1').submit(); 
		</script>
		</BODY></HTML>");
}

?>

n8g33k · Oct 5, 2009

Ok so i just found a bug in the script. and I updated it even more.

Code:

<?php

$self = $_SERVER['SCRIPT_NAME'];
$fullpath = 'http://' . $HTTP_SERVER_VARS['HTTP_HOST'] . $HTTP_SERVER_VARS['REQUEST_URI'];


session_start();
$SEC = $_SESSION['sec'];



if ($_SERVER['HTTP_REFERER'] == $fullpath)
{
	unset($_SESSION['sec']);
	
	// go to your landing page
	header("location: referrer.php");
	die();
}
elseif($SEC == '3') // Bad! dump them somewhere!
{
	unset($_SESSION['sec']);

	// Dump location
	do_MetaRefresh("http://www.google.nl");
}



// If on second bounce SEC = 1

if($SEC == '1') // Second time through--bounce them back!
{
	$_SESSION['sec'] = 2;
	// do a javascript redirect to the same site
	do_Javascript("$self");
}
elseif($SEC == '2') // Last time through--bounce them back!
{
	$_SESSION['sec'] = 3;
	// do a form submit to the same site
	do_form("$self");
}
else // First time through--bounce them back!
{
	$_SESSION['sec'] = 1;
	// do a meta refresh to the same site
	do_MetaRefresh("$self");
}



// functions

function do_MetaRefresh($url)
{
	die("<HTML><HEAD>
			<meta http-equiv=refresh content='0;url=$url'>
		</HEAD><BODY></BODY></HTML>");
}

function do_Javascript($url)
{
	die("<HTML><HEAD>
			<SCRIPT language='JavaScript'>
				window.location='$url';
			</SCRIPT>
		</HEAD><BODY></BODY></HTML>");
}

function do_form($url)
{
	die("<HTML><HEAD></HEAD><BODY>
		<form action='$url' method='POST' id='form1'></form>
		<script language='JavaScript'> 
			document.getElementById('form1').submit(); 
		</script>
		</BODY></HTML>");
}
?>

n8g33k · Oct 5, 2009

Guys I'm still I little confused.
Is this the right way of spoofing the referrer?

Sliv3r · Oct 5, 2009

dude can u fake a referrer...on Blogspot ?

n8g33k · Oct 5, 2009

@Sliv3r

??? you mean make the referrer Blogspot?

php referrer blanker script

n8g33k

Registered Member

n8g33k

Registered Member

n8g33k

Registered Member

Sliv3r

Power Member

n8g33k

Registered Member

Main Menu

Marketplace

Making Money

BlackHatWorld

Other