1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Referrer Spoofing

Discussion in 'Cloaking and Content Generators' started by sycorakX, Nov 28, 2013.

  1. sycorakX

    sycorakX Newbie

    Joined:
    Sep 2, 2013
    Messages:
    2
    Likes Received:
    0
    Hello ...
    I want to spoof referrer and show it as facebook... is this possible ...
    If yes then please tell me how to do it...

    Ya I know this had beed already answered but I can't get it exactly there... :eek:
     
  2. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
  3. sycorakX

    sycorakX Newbie

    Joined:
    Sep 2, 2013
    Messages:
    2
    Likes Received:
    0
    Can I fake it as facebook by using that script...
     
  4. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
    No, not unless you own facebook lol. The referrer is sent by the browser, not on the server side. So you can't actually modify it using php or javascript. You can send blank referrer / spoof referrer ( from a server that you own), but can't randomly put any domain as referrer.

    Actually fb had a vulnerability some time ago which allowed to use it as referrer, but it most probably has been patched by now.
    However, if you want to fetch a page's content and display it on your domain, you can fake the referrer. Here's a script to do that:

    Code:
    <?php
    
        echo geturl('http://some-url', 'http://referring-url');
    
        function geturl($url, $referer) { 
    
            $headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg,text/html,application/xhtml+xml'; 
            $headers[] = 'Connection: Keep-Alive'; 
            $headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; 
            $useragent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)'; 
    
            $process = curl_init($url); 
            curl_setopt($process, CURLOPT_HTTPHEADER, $headers); 
            curl_setopt($process, CURLOPT_HEADER, 0); 
            curl_setopt($process, CURLOPT_USERAGENT, $useragent);
            curl_setopt($process, CURLOPT_REFERER, $referer);
            curl_setopt($process, CURLOPT_TIMEOUT, 30); 
            curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); 
            curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); 
    
            $return = curl_exec($process); 
            curl_close($process); 
    
            return $return; 
        } 
    
    ?>
    
     
    Last edited: Nov 28, 2013