php referrer blanker script

Discussion in 'Cloaking and Content Generators' started by n8g33k, Oct 4, 2009.

  1. n8g33k

    n8g33k Registered Member

    Joined:
    Dec 10, 2008
    Messages:
    60
    Likes Received:
    14
    Hi Guys,

    I just updated a php referrer blanker, i found on the forums.
    And wanted to share with you guys.

    Note: the methods used in the code don't always blank your referrer.
    So thats way it includes the referrer checks.

    enjoy :)

    Code:
    <?php
    
    $self = $_SERVER['SCRIPT_NAME'];
    
    //Grab arguments from the GET string
    $SEC = $_GET['S'];
    
    
    
    if ($_SERVER['HTTP_REFERER'] == $self || $_SERVER['HTTP_REFERER'] == '')
    {
    	// go to your landing page
    	do_MetaRefresh("referer.php");
    }
    else if($SEC == '3') // Bad! dump them somewhere!
    {
    	// Dump location
    	do_MetaRefresh("http://www.google.com");
    }
    
    
    
    // If on second bounce SEC = 1
    if(isset($SEC))
    {
    	if($SEC == '1') // Second time through--bounce them back!
    	{
    		// do a javascript redirect to the same site
    		do_Javascript("$self?S=2");
    	}else if($SEC == '2') // Last time through--bounce them back!
    	{
    		// do a form submit to the same site
    		do_form("$self?S=3");
    	}
    }
    else // First time through--bounce them back!
    {
    	// do a meta refresh to the same site
    	do_MetaRefresh("$self?S=1");
    }
    
    
    
    // functions
    
    function do_MetaRefresh($url)
    {
    	die("<HTML><HEAD>
    			<meta http-equiv=refresh content='0;url=$url'>
    		</HEAD><BODY></BODY></HTML>");
    }
    
    function do_Javascript($url)
    {
    	die("<HTML><HEAD>
    			<SCRIPT language='JavaScript'>
    				window.location='$url';
    			</SCRIPT>
    		</HEAD><BODY></BODY></HTML>");
    }
    
    function do_form($url)
    {
    	die("<HTML><HEAD></HEAD><BODY>
    		<form action='$url' method='GET' id='form1'></form>
    		<script language='JavaScript'> 
    			document.getElementById('form1').submit(); 
    		</script>
    		</BODY></HTML>");
    }
    
    ?>
     
  2. n8g33k

    n8g33k Registered Member

    Joined:
    Dec 10, 2008
    Messages:
    60
    Likes Received:
    14
    Ok so i just found a bug in the script. and I updated it even more.

    Code:
    <?php
    
    $self = $_SERVER['SCRIPT_NAME'];
    $fullpath = 'http://' . $HTTP_SERVER_VARS['HTTP_HOST'] . $HTTP_SERVER_VARS['REQUEST_URI'];
    
    
    session_start();
    $SEC = $_SESSION['sec'];
    
    
    
    if ($_SERVER['HTTP_REFERER'] == $fullpath)
    {
    	unset($_SESSION['sec']);
    	
    	// go to your landing page
    	header("location: referrer.php");
    	die();
    }
    elseif($SEC == '3') // Bad! dump them somewhere!
    {
    	unset($_SESSION['sec']);
    
    	// Dump location
    	do_MetaRefresh("http://www.google.nl");
    }
    
    
    
    // If on second bounce SEC = 1
    
    if($SEC == '1') // Second time through--bounce them back!
    {
    	$_SESSION['sec'] = 2;
    	// do a javascript redirect to the same site
    	do_Javascript("$self");
    }
    elseif($SEC == '2') // Last time through--bounce them back!
    {
    	$_SESSION['sec'] = 3;
    	// do a form submit to the same site
    	do_form("$self");
    }
    else // First time through--bounce them back!
    {
    	$_SESSION['sec'] = 1;
    	// do a meta refresh to the same site
    	do_MetaRefresh("$self");
    }
    
    
    
    // functions
    
    function do_MetaRefresh($url)
    {
    	die("<HTML><HEAD>
    			<meta http-equiv=refresh content='0;url=$url'>
    		</HEAD><BODY></BODY></HTML>");
    }
    
    function do_Javascript($url)
    {
    	die("<HTML><HEAD>
    			<SCRIPT language='JavaScript'>
    				window.location='$url';
    			</SCRIPT>
    		</HEAD><BODY></BODY></HTML>");
    }
    
    function do_form($url)
    {
    	die("<HTML><HEAD></HEAD><BODY>
    		<form action='$url' method='POST' id='form1'></form>
    		<script language='JavaScript'> 
    			document.getElementById('form1').submit(); 
    		</script>
    		</BODY></HTML>");
    }
    ?>
     
  3. n8g33k

    n8g33k Registered Member

    Joined:
    Dec 10, 2008
    Messages:
    60
    Likes Received:
    14
    Guys I'm still I little confused.
    Is this the right way of spoofing the referrer?
     
  4. Sliv3r

    Sliv3r Power Member

    Joined:
    Jul 1, 2009
    Messages:
    632
    Likes Received:
    259
    Occupation:
    VP at Blackfox Inc
    Location:
    Mordor
    Home Page:
    dude can u fake a referrer...on Blogspot ?
     
  5. n8g33k

    n8g33k Registered Member

    Joined:
    Dec 10, 2008
    Messages:
    60
    Likes Received:
    14
    @Sliv3r

    ??? you mean make the referrer Blogspot?