1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Referer Spoofing without external php script (?)

Discussion in 'PHP & Perl' started by Neoblade62, Aug 4, 2011.

  1. Neoblade62

    Neoblade62 Newbie

    Joined:
    Aug 4, 2011
    Messages:
    5
    Likes Received:
    0
    Hey,

    I currently have a problem with a site that recently disabled hotlinking of images. I have a tool creates a list of links allowing people to download the images of an online magazine viewer for offline use.

    So now that they disabled anything that doesn't have them as a referer, it stopped working. I had success displaying the images using a seperate php file (xyz.php?url=...), but the problem with that is, that when I put the links in a Download Manager it downloads copies of xyz.php. If renamed they do infact display the image, but this is very cumbersome and I would like to make it more user friendly.

    So to the request/question:
    Is there any way I can use php or JS to make all links leaving a certain page (or frame) on my server, recieve a fake referer of the destination site?
    (or if that is not possible then a predefined referer) (blank referer doesn't seem to work)

    I have searched most of the forum and found a lot of posts, but most of them (found in the BH SEO forum) use a method that is causing problems with downloading the images. Also I am using a wordpress blog, which sometimes causes external scripts to give out the 404 page (even if excluded from the rewrite rules)

    Also note: I already use a php script in order to carry out the XMLHttpRequest, but using that with the images works, but also gives me the downloading problem.

    Thanks for your time!
     
    Last edited: Aug 4, 2011
  2. The Doctor

    The Doctor Jr. VIP Jr. VIP

    Joined:
    Dec 18, 2010
    Messages:
    612
    Likes Received:
    188
    Occupation:
    Computer Scientist, Engineer, Programmer.
    Location:
    ☆☆☆☆☆☆
    The header function will allow you to specify content type and deliver a proper download so you will want to use curl to fake the referer and grab the image data then header to specify a filename for the browser then you will want to write the image data to the output buffer.
     
  3. Neoblade62

    Neoblade62 Newbie

    Joined:
    Aug 4, 2011
    Messages:
    5
    Likes Received:
    0
    I understood what you meant but have no idea how to implement it...
    I maybe should've mentioned that I code on a need basis, which means I have only little experience.
    Could you give me the code, or at least tell me where I can find it?
     
  4. The Doctor

    The Doctor Jr. VIP Jr. VIP

    Joined:
    Dec 18, 2010
    Messages:
    612
    Likes Received:
    188
    Occupation:
    Computer Scientist, Engineer, Programmer.
    Location:
    ☆☆☆☆☆☆
    Perhapse later today
     
  5. Neoblade62

    Neoblade62 Newbie

    Joined:
    Aug 4, 2011
    Messages:
    5
    Likes Received:
    0
    I hope you are still considering helping me, please.
    Really stuck atm.
     
  6. typeslowly

    typeslowly Registered Member

    Joined:
    Nov 30, 2008
    Messages:
    61
    Likes Received:
    9
    Location:
    United States
    Neoblade, you have PHP script on your server that is sending HTTP requests and you want to set the referrer?

    edit: post your script
     
  7. Neoblade62

    Neoblade62 Newbie

    Joined:
    Aug 4, 2011
    Messages:
    5
    Likes Received:
    0
    That script works fine, I can post it anyways

    Code:
    <?php
     
    $post_data = $HTTP_RAW_POST_DATA;
    
    $header[] = "Content-type: text/xml";
    $header[] = "Content-length: ".strlen($post_data);
    
    $ch = curl_init( $_GET['url'] ); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    curl_setopt($ch, CURLOPT_REFERER, '~have to remove url because of rules~');
    
    if ( strlen($post_data)>0 ){
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
    }
    
    $response = curl_exec($ch);     
    $response_headers = curl_getinfo($ch);     
    
    if (curl_errno($ch)) {
        print curl_error($ch);
    } else {
        curl_close($ch);
        header( 'Content-type: ' . $response_headers['content-type']);
        print $response;
    }
    
    
    ?>
    The problem with this though, is that when used for an image it will give me it as an php file and not a jpg.
    So I am looking for a script that makes all links leaving a page (or frame) have a custom referer.
     
  8. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,148
    Add this in the top:

    Code:
    $header[] = "Content-Type: image/jpg";
    
    and remove

    Code:
    $header[] = "Content-type: text/xml";
    
    ;)
     
  9. Neoblade62

    Neoblade62 Newbie

    Joined:
    Aug 4, 2011
    Messages:
    5
    Likes Received:
    0
    Thanks for the help, though sadly it didn't work.
    It now just tells me connection timed out.
    Without the change it would at least load the image (though with the php extension), but now it just times out.