[TUT and CODE] How to Fake your Referer, Fake Referer Any Offer, Fake Referrer Script

How do you test this? Is there a web site where you can paste in your link and it will show you the referer?

There are others you can use, and the best testing will come from multiple
destinations, some of which will "show" you the output onscreen, and others
which will "write" the output to a text file.

As a starting point, try using this as your destination url:

HTML:
http://referer.us/HTTP-Referer-Test.asp?Parameter1=Test+Spoof+Referer&Parameter2=UTF8+%E2%98%85%E2%98%86%E2%98%85%E2%98%86%E2%98%85&Parameter3=Did+Your+See+Five+Stars%3F
 
wooops just looked above and well I think I'll read more before I decide to comment.
 
Last edited:
I just had a look at this but still cant really work it out, could you show me some sort of working modal. Would be great just to get an idea on how it works please buddy. I have unlimited traffic all real visitors and need to exploit it to make money, will this be what I am looking for Daniel.
 
Last edited:
I just had a look at this but still cant really work it out, could you show me some sort of working modal. Would be great just to get an idea on how it works please buddy. I have unlimited traffic all real visitors and need to exploit it to make money, will this be what I am looking for Daniel.

well, daniel script works perfectly! you only need to read the explanation again...
 
A video can be Useful.. this makes it easy to understand. getting hard to understand somewhere between.

so if u can make the video then it would be nice.
 
Sent you a pm!

Replied.
For reference, Dvno879 was asking about using this with Tracking202/Prosper202.
It can be done, but create the "faked url" as the destination link in 202, by coding the original destination like this:


rather than trying to wrap the fake ref url creation around 202-generated urls.

A video can be Useful.. this makes it easy to understand. getting hard to understand somewhere between.

so if u can make the video then it would be nice.

Sure! Will get on with that now...
Anything else you'd like me to do? Perhaps create the sites for you? Add the fake code to other sites? Drive traffic to your sites? Write you some ebooks? Maybe even wipe your a**?

C'mon people - something like this has never been coded and offered up for free before, much less with a Tutorial and subsequent answers to questions.
If you don't know how to implement it, then hire someone to teach you, or give up on IM, as it doesn't look like you're well-suited to it!
 
A video can be Useful.. this makes it easy to understand. getting hard to understand somewhere between.

so if u can make the video then it would be nice.

it is easy to install as long as u follow the instruction step by step, for the

first time i have trouble to make it work "error 404, but after google it, i found

the problem related with my hosting server not because the script then i

contact my hosting support and finally it work! I test the referer in several

browser and the fake referer working good too.
 
Thanks for the script Daniel! I'm going through the script and looking at it, but I have a noob question:

1. Does the "handler" domain have to be one that we own or can it be any? For example, if I wanted to say spoof the referrer to where it would show gmail or Twitter (for example), would this be possible?

Thanks again for this great share man!
 
Hi,

In this scenario, you have 4 domains in play, and you are going to need to have control over 3 of them.

The domains:

1. the Handler domain - this is where you will upload the fake referer script, so it has to be somewhere where you can upload php files.
2. The domain to which you wish to send traffic, this is the destination link, and is the only domain/page involved which you don't need to control at all, it is the advertiser's page, usually, or a CPA offer page.
3. A site to which you either drive traffic, or which already receives traffic, but which is not considered "acceptable" to the Network or Advertiser, for whatever reason. This is your "naughty" site, it's the site which will link to the advertiser's page, but you do NOT want it to appear, anywhere, ever, and
4. Your spoofing referer site - this site IS acceptable to the advertiser's/networks, it's your "nice/clean" site and, although it doesn't really attract any traffic on its own merits, you want it to "appear" as the referer, so the advertiser's think that your traffic is coming from here.

You have to own/control site 4 for two reasons:

a) because you have to upload some php code to it, as explained in the OP, and
b) because you "should" add links to the advertiser's pages, or the CPA offer pages, so, when it is seen as the referer, and gets checked, it appears feasible that your traffic could actually be coming via that site.

So no, unfortunately, you are not going to be able to make "google" or "yahoo" appear as your fake referers...
 
Hi,

In this scenario, you have 4 domains in play, and you are going to need to have control over 3 of them.

The domains:

1. the Handler domain - this is where you will upload the fake referer script, so it has to be somewhere where you can upload php files.
2. The domain to which you wish to send traffic, this is the destination link, and is the only domain/page involved which you don't need to control at all, it is the advertiser's page, usually, or a CPA offer page.
3. A site to which you either drive traffic, or which already receives traffic, but which is not considered "acceptable" to the Network or Advertiser, for whatever reason. This is your "naughty" site, it's the site which will link to the advertiser's page, but you do NOT want it to appear, anywhere, ever, and
4. Your spoofing referer site - this site IS acceptable to the advertiser's/networks, it's your "nice/clean" site and, although it doesn't really attract any traffic on its own merits, you want it to "appear" as the referer, so the advertiser's think that your traffic is coming from here.

You have to own/control site 4 for two reasons:

a) because you have to upload some php code to it, as explained in the OP, and
b) because you "should" add links to the advertiser's pages, or the CPA offer pages, so, when it is seen as the referer, and gets checked, it appears feasible that your traffic could actually be coming via that site.

So no, unfortunately, you are not going to be able to make "google" or "yahoo" appear as your fake referers...

Thanks Daniel. So since I would own the sites, would it be possible to use a specific landing page for the spoof site instead of just the homepage for it?
 
Thanks Daniel. So since I would own the sites, would it be possible to use a specific landing page for the spoof site instead of just the homepage for it?

Yes, as the spoofed referer you can show a specific page or post, or you can show the index, your choice :)
 
Via PM, I was told that if you fake a destination url without parameters, the script returns some junk appended to the destination url.
For example, if the destination url is
then you would land on
.

This was because this faker was specifically coded to allow CLP users to send visitors to CPA offers, and ALL offer urls have parameters, so no coding was included to take care of destination urls which don't have parameters.

However, it turns out people want to use the faker for other things and, in some cases, the destination urls don't have parameters, so they'd prefer to not have that junk appended.

I have now coded to cover the case where the destination url doesn't have parameters, the new code is ONLY for the second part of the code in my original post, which is the code you would paste into the site or page you wish to be able to use as your fake referer.

The code to be pasted in should now be:

PHP:
<?php
if ($_POST['ref_spoof'] != NULL) {
    $offer = urldecode($_POST['ref_spoof']);
    $p1 = strpos ($offer, '?') + 1;
    $url_par = substr ($offer , $p1);
    $paryval = split ('&', $url_par);
    $p = array();
    foreach ($paryval as $value) {
        $p[] = split ('=',$value);
    }
    echo'<html><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"></head><body><form action="'.$offer.'" method="get" id="myform">';
    if ($p1 != 1) {
    foreach ($p as $value) {
        echo '<input type="hidden" name="'.$value[0].'" value="'.$value[1].'">';
    }
    }
    echo '</form><script language="JavaScript"> document.getElementById(\'myform\').submit();</script></body></html>';
}
?>

The only difference is that if the destination url has no parameters, the p1 variable will evaluate to 1, so we only add on parameters to transfer where p1 does not evaluate to 1.

Again, this replaces the SECOND part of the code in my OP, the part you will add to faking sites or pages. The first code, which gets saved as index.php and uploaded to your "handler domain" remains unchanged, as does everything else.

NOTE TO MODS: I was unable to edit the OP. I would "love" to be able to edit it, or for THIS post to become the 2nd post in this thread, otherwise it's kind of lost. If any of you guys/gals are able to do that, it would be awesome :)
 
Awesome, thanks for the update Johnson! The good thing is that it was only a display error, the scripts work perfectly regardless.
 
Finally tested this out. Works great Daniel! What I especially like about this script over the others out there is that this script provides an extra layer of protection. For anyone wondering, I believe if the fake referrer were to ever fail (but not likely to), then the middle domain would show. And we all know that the middle domain is the "tracking" domain, so the BH domain won't show. So we're safe either way :-)

Thanks again Daniel for this awesome share!
 
Finally tested this out. Works great Daniel! What I especially like about this script over the others out there is that this script provides an extra layer of protection. For anyone wondering, I believe if the fake referrer were to ever fail (but not likely to), then the middle domain would show. And we all know that the middle domain is the "tracking" domain, so the BH domain won't show. So we're safe either way :-)

Thanks again Daniel for this awesome share!

You're right :) There is a tiny, infinitesimal chance, that there could be an occasional leak. If there ever was, though, which is doubtful, at most it would leak the handler domain, and never, ever, the original domain that the link was clicked on.
Nevertheless, what I most like about it is the fact that you can dynamically set any destination link you wish, and, of course, parameters, so it will work easily with Prosper202 links, CLP links, etc, whereas, with CPA-R, you had to set up your static destination links, rather than being able to generate them "on the fly".
Similar functionality is available on a well-known blanking/spoofing site, but they have been suffering from some overload lately, so I feel more comfortable when I'm self hosting the handler script, rather than being dependent upon a 3rd-party site.

Thanks for posting your results :)

The blanker is still in the works, it's 98% there. It won't blank Opera yet, but it shows up the script location rather than the original url.
Will get Opera blanked too, though, I just need to do some further tests and tweaking.
The blanker will include a fall-back url, so non-blanked traffic will never reach the destination.

More test results posts in this thread will encourage me to share the blanker as soon as its ready :)
 
Great post, going to use this method with a few of your other awsome tuts on this forum. Thanks again!
 
Last edited:
Exactly what I've been searching for.

Waiting eagerly for the update.
 
Back
Top