1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Referrer Spoofing

Discussion in 'Cloaking and Content Generators' started by sycorakX, Nov 28, 2013.

  1. sycorakX

    sycorakX Newbie

    Joined:
    Sep 2, 2013
    Messages:
    2
    Likes Received:
    0
    Hello ...
    I want to spoof referrer and show it as facebook... is this possible ...
    If yes then please tell me how to do it...

    Ya I know this had beed already answered but I can't get it exactly there... :eek:
     
  2. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,476
    Likes Received:
    3,103
    Gender:
    Male
  3. sycorakX

    sycorakX Newbie

    Joined:
    Sep 2, 2013
    Messages:
    2
    Likes Received:
    0
    Can I fake it as facebook by using that script...
     
  4. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,476
    Likes Received:
    3,103
    Gender:
    Male
    No, not unless you own facebook lol. The referrer is sent by the browser, not on the server side. So you can't actually modify it using php or javascript. You can send blank referrer / spoof referrer ( from a server that you own), but can't randomly put any domain as referrer.

    Actually fb had a vulnerability some time ago which allowed to use it as referrer, but it most probably has been patched by now.
    However, if you want to fetch a page's content and display it on your domain, you can fake the referrer. Here's a script to do that:

    Code:
    <?php
    
        echo geturl('http://some-url', 'http://referring-url');
    
        function geturl($url, $referer) { 
    
            $headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg,text/html,application/xhtml+xml'; 
            $headers[] = 'Connection: Keep-Alive'; 
            $headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; 
            $useragent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)'; 
    
            $process = curl_init($url); 
            curl_setopt($process, CURLOPT_HTTPHEADER, $headers); 
            curl_setopt($process, CURLOPT_HEADER, 0); 
            curl_setopt($process, CURLOPT_USERAGENT, $useragent);
            curl_setopt($process, CURLOPT_REFERER, $referer);
            curl_setopt($process, CURLOPT_TIMEOUT, 30); 
            curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); 
            curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); 
    
            $return = curl_exec($process); 
            curl_close($process); 
    
            return $return; 
        } 
    
    ?>
    
     
    Last edited: Nov 28, 2013
  5. Arpit malhotra

    Arpit malhotra BANNED BANNED

    Joined:
    Sep 28, 2016
    Messages:
    163
    Likes Received:
    23
    Gender:
    Male
    So what exactly happens with the script you provided?