[TUT and CODE] How to Fake your Referer, Fake Referer Any Offer, Fake Referrer Script

JohnsonDaniel

Regular Member
Joined
May 16, 2008
Messages
389
Reaction score
1,398
Here is a script I made for Content Lock Pro buyers which will provide Fake Referer functionality.

I have decided to share with BHW for free - awesome for when you don't quite have
the <cough> right <cough> type of traffic :)

It will allow you to fake http referer when sending traffic.
Spoof referer, fake http refer, fake referrer, they can all be done.

We all know the value of a decent solution, and this one works in all
browsers tested so far.

Reports on further test results are welcomed in this thread.

The requirement:

Transfer, including any parameters (even dynamically generated) to a
destination link, whilst replacing the original referer info in the surfer's
browser to a new referer of our choice.

Self-host the script which will handle the transfer.

If the script is hosted on
HTML:
http://handler.com
construct fake referer urls like:
HTML:
http://handler.com/?url=DestUrlIncludingParameters&referer=FakeRefUrl
Steps to Make this work for you:

1. Save the following code as index.php and upload to the domain of your choice. The domain will "handle" the redirections, and will not be seen:

PHP:
<?php
// Extract URI minus http://handlerdomain.com/
$full_url = urldecode($_SERVER['REQUEST_URI']);
// Extract urls we need
$l = strlen($full_url);
$p_referer = strpos ($full_url, 'referer=');
$p_dest_2 = $p_referer - 1;
$p_referer = strpos ($full_url, '=',$p_referer) + 1;
$url_referer = substr ($full_url , $p_referer);
$p_dest_1 = strpos ($full_url, '=') + 1;
$l = $p_dest_2 - $p_dest_1;
$url_dest = substr ($full_url , $p_dest_1, $l);

// Create self-posting form.
if ($url_referer != '') {
    echo '<html><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"></head><body>
    <form action="'.urldecode($url_referer).'" method="post" id="myform">
    <input type="hidden" name="ref_spoof" value="'.urldecode($url_dest).'">
    </form><script language="JavaScript"> document.getElementById(\'myform\').submit();</script></body></html>';
} else {
    echo 'You must provide a referer';
}
?>
2. Insert the following code in any page (must either be a php page, or an
html page on a server which will execute php code within html files), any
WP page or post, or, if wanting to be able to use "any" post on your WP
blog as your referer, insert it in the WP header.php file (this will even permit
a fake referer to be a post which doesn't actually exist):

PHP:
<?php
if ($_POST['ref_spoof'] != NULL) {
    $offer = urldecode($_POST['ref_spoof']);
    $p1 = strpos ($offer, '?') + 1;
    $url_par = substr ($offer , $p1);
    $paryval = split ('&', $url_par);
    $p = array();
    foreach ($paryval as $value) {
        $p[] = split ('=',$value);
    }
    echo'<html><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"></head><body><form action="'.$offer.'" method="get" id="myform">';
    foreach ($p as $value) {
        echo '<input type="hidden" name="'.$value[0].'" value="'.$value[1].'">';
    }
    echo '</form><script language="JavaScript"> document.getElementById(\'myform\').submit();</script></body></html>';
}
?>
3. Usage:

Say, for example, you upload the first file, as index.php, to handler.com,
and you place the second code in a Wordpress Header.php, on myfavewpsite.com, which, say,
has a post like: myfavewpsite.com/post-with-ads.

Now, you want to send your visitors to this offer link:

myCPAnetwork.com?oid=12345&pid=6789&sid=yy7456

The link you would post or display or send your visitors to would be:

HTML:
http://handler.com/?url=myCPAnetwork.com?oid=12345&pid=6789&sid=yy7456&referer=myfavewpsite.com/post-with-ads
As mentioned above, tests are welcomed, but please, if using or testing, post observed results, and
leaks, if any (there shouldn't be, ever) in this thread.

Also, this will not work to use ASP-based pages as the fake referer, the page must be able to interpret php
code (most servers do).


Feel free to check other threads started by me to find my other shares:

1. Content Locking Methods to make $$$ per day:

a) http://www.blackhatworld.com/blackh...-my-twisted-method-1k-week-noob-friendly.html

b) http://www.blackhatworld.com/blackhat-seo/making-money/311722-my-twist-content-locking-80-day.html


2. Yourls Plugin, Shorten a Url, Iframe the Destination, and Execute Code (locker or other code):

a) http://www.blackhatworld.com/blackh...-like-gauging-interest-will-release-free.html

b) http://www.blackhatworld.com/blackh...reate-iframe-long-url-lock-call-any-code.html


3. Use your US-based VPS as a secure VPN for your private use.

http://www.blackhatworld.com/blackh...rver-vps-need-ip-private-vpn-your-server.html

ENJOY!

If you like my stuff, please post on the threads with your thoughts, your mods, your methods or your spins.

Please - no PMs, keep questions to the relevant threads.


 
Last edited:
Thank you Johnson. I always appreciate coders. I have also modified one famous fake ref. script for myself..But my only problem is traffic lol :)

So I think it will take some time people to understand what they can make with this , but when they understand , u will get more feedback.

Some questions :
Q1) Can handler.com replaced by any php server path like handler.com/directory/index.php ? or neccessarily root of domain ?

Q2) Do you think it causes a problem if both of the codes are installed in the same domain ?

For example I installed both Code 1 and code 2 on myfavewpsite.com .By this mean even code2 leaks its refferer ; CPA company will not see the domain "handler.com" but still code1 which is still on myfavewpsite.com ? of course I am not mentioning about leakage of the main traffic source , just the eliminating middle man "handler domain" ..
 
Great share! Thanks so much for this one! I'll test it out right away.
 
Thank you Johnson. I always appreciate coders. I have also modified one famous fake ref. script for myself..But my only problem is traffic lol :)

So I think it will take some time people to understand what they can make with this , but when they understand , u will get more feedback.

Some questions :
Q1) Can handler.com replaced by any php server path like handler.com/directory/index.php ? or neccessarily root of domain ?

Q2) Do you think it causes a problem if both of the codes are installed in the same domain ?

For example I installed both Code 1 and code 2 on myfavewpsite.com .By this mean even code2 leaks its refferer ; CPA company will not see the domain "handler.com" but still code1 which is still on myfavewpsite.com ? of course I am not mentioning about leakage of the main traffic source , just the eliminating middle man "handler domain" ..

Hi,

Best thing to do, test it out.

From our tests, there is no issue with using a directory, as asked in your first question, but, as you rightly point out, this script must be the index.php file.

As to the 2nd question, it also shouldn't matter if you choose to create that directory on the same domain on which you host your "clean" wp site.

Myself, I use the middle man "handler domain", and I name it something related to tracking or stats or similar. There's no site on it and I don't care if it "leaks", as I'm happy to openly claim that I process my traffic through that site since it's where I run my own tracking system ;)

At the end of the day, what's important is that, if your traffic flow is:

my "naughty" site => handler.com/?url=myofferlink&ref=myCleanpost => offer

all that really "matters" is that my"naughty"site disappears completely ;)

Also, unlike other fake ref systems, with this one, go and have a look at the source code of myfavewpsite.com/post-with-ads...which is what will be shown as your referer.

There is no trace, whatsoever, anywhere, of either the handler.com domain, and, of course, MUCH less, of my"naughty"site.com :)

Thanks for the comments - you're right, it's not going to be easy for noob's to see the power of this, but, it's actually coded to be VERY powerful, AND noob-friendly, lol
 
is it okay if we shorten the faking url?

For use in your own system, yes, it should be fine.

If you are a Content Lock Pro user, please pose the question to either CLP Support via email, or on our buyer's area, as this was coded specifically for CLP users, and usage in our system is a bit different, due to dynamic parameter placement.
 
Hey,

Doesnt work for me?? When I run the url that you said to do, I did it all right but it tries to search within my directory or something...


http://handler(example).com/(myfakereferrer).com


This is what it shows up as... and I get an error message..

Not Found

The requested URL /(myfakereferrer).com was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


Any pointers? Not working here...
 
Hey,

Doesnt work for me?? When I run the url that you said to do, I did it all right but it tries to search within my directory or something...


http://handler(example).com/(myfakereferrer).com
This is what it shows up as... and I get an error message..

Not Found

The requested URL /(myfakereferrer).com was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


Any pointers? Not working here...

Ok,
Let's assume you uploaded the first code, saved as index.php, to handler.com.

You have placed the second code in the head section of, say:

myfakereferer.com

And you want to send traffic to:

myCPAoffer.com/parameters

You need to get your traffic to use this link:

Code:
http://handler.com/?url=myCPAoffer.com/parameters&referer=myfakerefer.com
That WILL take you to myCPAoffer.com/parameters, and you "should" arrive with myfakereferer.com as your referer.

Your server, where you place the fake referer code must be able to interpret php as php - if placed on an html page, on a sevre that won't interpret php on html files, it won't work.
 
Last edited:
hello I get 403 forbidden when install your script
here's what i did, please can u or someone tell me what's wrong in my step,
I have 2 addon domain both are new domain (no installation/sites in it, except for domain A that have clpro in folder): domain A.com (handler) and domain B.com (fake referer sites) ; both host in the same hostgator server
my destination url: http://google.com (just for test)

1.I make index.php and upload it in domain A (handler), here's inside file
<?php
// Extract URI minus http://domainA.com/
$full_url = urldecode($_SERVER['REQUEST_URI']);
// Extract urls we need
$l = strlen($full_url);
$p_referer = strpos ($full_url, 'referer=');
$p_dest_2 = $p_referer - 1;
$p_referer = strpos ($full_url, '=',$p_referer) + 1;
$url_referer = substr ($full_url , $p_referer);
$p_dest_1 = strpos ($full_url, '=') + 1;
$l = $p_dest_2 - $p_dest_1;
$url_dest = substr ($full_url , $p_dest_1, $l);

// Create self-posting form.
if ($url_referer != '') {
echo '<html><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"></head><body>
<form action="'.urldecode($url_referer).'" method="post" id="myform">
<input type="hidden" name="ref_spoof" value="'.urldecode($url_dest).'">
</form><script language="JavaScript"> document.getElementById(\'myform\').submit();</script></body></html>';
} else {
echo 'You must provide a referer';
}
?>

2. I make faking sites as referer sites at domain B, i name it test.php
here's inside the test.php file
<html>

<head>

<?php
if ($_POST['ref_spoof'] != NULL) {
$offer = urldecode($_POST['ref_spoof']);
$p1 = strpos ($offer, '?') + 1;
$url_par = substr ($offer , $p1);
$paryval = split ('&', $url_par);
$p = array();
foreach ($paryval as $value) {
$p[] = split ('=',$value);
}
echo'<html><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"></head><body><form action="'.$offer.'" method="get" id="myform">';
foreach ($p as $value) {
echo '<input type="hidden" name="'.$value[0].'" value="'.$value[1].'">';
}
echo '</form><script language="JavaScript"> document.getElementById(\'myform\').submit();</script></body></html>';
}
?>


<title>All Countries </title>
</head>
<body>
<body bgcolor="#333333">

<div align="center">
<center>

<font color="#FFFFFF" size="7">this is test page </font>
</body>

</html>
3. I set the url http://domainA.com/?url=http://google.com?&referer=domainB.com/test.php
and then i get this when insert that url in my browser
403 Forbidden Page
Forbidden
You don't have permission to access / on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at domainA.com Port 80
please help me which one in my step that incorrect, I really appreciate it
 
hello I get 403 forbidden when install your script
here's what i did, please can u or someone tell me what's wrong in my step,
I have 2 addon domain both are new domain (no installation/sites in it, except for domain A that have clpro in folder): domain A.com (handler) and domain B.com (fake referer sites) ; both host in the same hostgator server
my destination url: http://google.com (just for test)

1.I make index.php and upload it in domain A (handler), here's inside file


2. I make faking sites as referer sites at domain B, i name it test.php
here's inside the test.php file

3. I set the url http://domainA.com/?url=http://google.com?&referer=domainB.com/test.php
and then i get this when insert that url in my browser
403 Forbidden Page

please help me which one in my step that incorrect, I really appreciate it

Looks like it's the construction of your url, should be:

Code:
http://domainA.com/?url=http://google.com&referer=http://domainB.com/test.php

Note one less ?, and http:// before domainB

Have you tried to visit domainB.com/test.php just to check that page exists and the domains are resolving correctly?

Everything else looks ok, please post back when you test using the above format for your url.
 
Looks like it's the construction of your url, should be:

Code:
http://domainA.com/?url=http://google.com&referer=http://domainB.com/test.php
Note one less ?, and http:// before domainB

Have you tried to visit domainB.com/test.php just to check that page exists and the domains are resolving correctly?

Everything else looks ok, please post back when you test using the above format for your url.
yep, construction my url exactly as your example above (i misstype when posting here) , and still get that 403 forbidden error. and i already check my domainB.com and that test.php page exist. so how to fix it?
 
Nope, still doesnt work. Same error and I tried on 2 different servers.. also been doing them all with .php and not even bothered with .html as I never use that anyways..

Still get the same error message as above... wondering if anyone else got this to work since it keeps on looking inside a directory every time and doesnt redirect anything for me..

Maybe you can do a video on how you do it on your end? Thanks!
 
Ok i figured it out guys!! In the first example he showed us he didnt USE ANY HTTP://...

YOU HAVE TO USE HTTP:// for this to work! I added it and it works now... thanks!! also tested it and 100% working! :)
 
Ok i figured it out guys!! In the first example he showed us he didnt USE ANY HTTP://...


Nope, in examples, I tend to write DomainYouWant.ext rather than putting the whole thing in correctly, but you do need to replace those things for full urls :)

Let us know how it goes.
 
yep, construction my url exactly as your example above (i misstype when posting here) , and still get that 403 forbidden error. and i already check my domainB.com and that test.php page exist. so how to fix it?

Which domain is returning the error message? A or B?

It's possibly something in, or not in, your .htaccess file, which is disallowing the php redirects.
 
Back
Top