473,320 Members | 1,838 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

html referrer spoofing

i would like to make a page thats only accessible from a certain website.
so i did this

if
(HttpContext.Current.Request.UrlReferrer.ToString( ).Trim().StartsWith(http:/
/www.approveddomain.com))

method();//access page

else

accessdenied();

--------------

did i do this right? i know there are programs out there that can spoof http
referrer would my code still work?

ie.spoofed url

http://www.hacker.com/@http://www.approveddomain.com

i need to make sure my code works 100% of the time.

Thanks

Aaron
Nov 18 '05 #1
1 1732
Well, all it would take is for somebody to write to the headers, and your
security has been defeated. Do you have any control over this other site? If
so, then you can have that site set some variable somewhere that your target
site goes in and reads. For example, it could generate a new GUID, store
this in a database, and then add it to the querystring. The target site can
then read this GUID, compare it to the database, and then clear the
database. If you need to be absolutely guaranteed that the user hasn't
modified the headers somehow, then you have to store something on your end
that the user/attacker can not get to.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"Aaron" <ku*****@yahoo.com> wrote in message
news:eB**************@TK2MSFTNGP12.phx.gbl...
i would like to make a page thats only accessible from a certain website.
so i did this

if
(HttpContext.Current.Request.UrlReferrer.ToString( ).Trim().StartsWith(http:/
/www.approveddomain.com))

method();//access page

else

accessdenied();

--------------

did i do this right? i know there are programs out there that can spoof
http
referrer would my code still work?

ie.spoofed url

http://www.hacker.com/@http://www.approveddomain.com

i need to make sure my code works 100% of the time.

Thanks

Aaron

Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
by: NotGiven | last post by:
I need to verify if the page that led the user to this page used http or httpS. for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php I want to know as opposed to...
3
by: Matt | last post by:
I want to know how ASP prevents "Spoofing" to happen?? Someone told me in ASP.NET, the server validation can prevent "Spoofing" to happen. Please advise.
5
by: Ryann | last post by:
Hello. I had a strange entry in my referrer logs. The http-referrer reported that the user came from another site. But the file it claimed to come from a pdf file. I followed the link back and...
11
by: Rod Hilton | last post by:
Hey everyone, Does anyone know if it's possible to spoof a referral using Javascript - as in, when I go from web site A to web site B, if B uses php or javascript or something to see the...
2
by: Aaron | last post by:
i would like to make a page thats only accessible from a certain website. so i did this if (HttpContext.Current.Request.UrlReferrer.ToString().Trim().StartsWith(http:/ /www.approveddomain.com))...
2
by: Fernando Rodríguez | last post by:
Hi, Is there a way to turn the document.referrer string into a Location like object, so I can extrac the domain and other parts of it? Thansk
79
by: VK | last post by:
I wandering about the common proctice of some UA's producers to spoof the UA string to pretend to be another browser (most often IE). Shouldn't it be considered as a trademark violation of the...
4
by: qwweeeit | last post by:
Hi all, I'm a newbie in JS, but I've used it to print html + additional informations: - list of links (also internals) both text (document.links.text) and href - title (document.title) - URL,...
2
by: Jonathan N. Little | last post by:
Obviously I am witnessing some kind of hacking in an attempt to exploit some security flaw in phpbb because I am seeing the activity being logged in my 404 handler script. What puzzles me is that...
1
rajiv07
by: rajiv07 | last post by:
Hi to All, I have try to execute a perl script in html.But nothing get display What i have tried so for is The referrer.pl --------------- #!/usr/bin/perl
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.