Hey everyone,
Does anyone know if it's possible to spoof a referral using Javascript - as
in, when I go from web site A to web site B, if B uses php or javascript or
something to see the referring site, instead of site A they see site C,
which A does something to make B see?
I'm trying to write a script for a site that will allow someone to send a
GET request to my script and have it be converted to a POST for another
site (so that you can bookmark searches for sites using POST). It works
fine, using PHP-generated Javascript, but the problem is that one specific
site, I think checks to make sure the referring site was it's own, making
it impossible to use my script for its intended purpose in this instance.
I was hoping I could do something in javascript to fool the site into
thinking I came from the "right" page.
The referrer is stored in the browser, so I imagine there has to be some
way to spoof a referrer using javascript. Any ideas?
11  15735 
Rod Hilton said: The referrer is stored in the browser, so I imagine there has to be some
way to spoof a referrer using javascript. Any ideas?
That's an odd thing to imagine. There are far more things
stored in the browser that are not available to script than
are available.
The authors of the popular browsers are, for the most part,
intelligent and honest, and try to avoid making it easy for
people to get away with the sort of spoofing that would make
any feature of the system (such as HTTP-REFERRER) completely
useless.
Lee <RE**************@cox.net> wrote in news:ck*********@drn.newsguy.com: Rod Hilton said:
The referrer is stored in the browser, so I imagine there has to be some
way to spoof a referrer using javascript. Any ideas?
That's an odd thing to imagine. There are far more things
stored in the browser that are not available to script than
are available.
The authors of the popular browsers are, for the most part,
intelligent and honest, and try to avoid making it easy for
people to get away with the sort of spoofing that would make
any feature of the system (such as HTTP-REFERRER) completely
useless.
Well, I'm mostly imagining it because I want to do it so badly. ;)
I'll take this answer as a no, then? That's disappointing - searches that
use POST make it impossible to use my web browsers bookmark/nickname
feature.
Ah well. Thanks
Rod Hilton <ro*@NOSPAMair0day.com> wrote in
news:Xn*********************************@216.196.9 7.136: any feature of the system (such as HTTP-REFERRER) completely
useless.
referer, as all other headers the browser sends can be easily spoofed. A
site relying on those is broken in the first place.
Well, I'm mostly imagining it because I want to do it so badly. ;)
Then use Perl, PHP or some other server-side trick.
--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
John Bokma <po********@castleamber.com> wrote in
news:Xn*************************@130.133.1.4: Then use Perl, PHP or some other server-side trick.
Is that possible? To visit site B from site A and have site B think site A
was something else? It would seem like, after A sends the page to the
client, it has lost its opportunity to influence site B's data in any way.
I'm well versed in PHP (well, pretty well versed), and I don't know of a
way to do that.
Rod Hilton <ro*@NOSPAMair0day.com> wrote in
news:Xn********************************@216.196.97 .136: John Bokma <po********@castleamber.com> wrote in
news:Xn*************************@130.133.1.4:
Then use Perl, PHP or some other server-side trick.
Is that possible? To visit site B from site A and have site B think
site A was something else?
Your browser can do it, so yes. The browser *sends* the referer to the
site, it can put anything it wants in that header.
It would seem like, after A sends the page
to the client, it has lost its opportunity to influence site B's data
in any way.
I'm well versed in PHP (well, pretty well versed), and I don't know of
a way to do that.
Can you send the headers? If you can, you can send anything you want.
Including a spoofed header.
--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
John Bokma <po********@castleamber.com> wrote in
news:Xn*************************@130.133.1.4: Can you send the headers? If you can, you can send anything you want.
Including a spoofed header.
Well, you could have the PHP script send a different location header, but
that would actually redirect the browser. What I'm saying is, when the
client makes a connection to site B, it doesn't run anything by site A
again, so what could A do to spoof the header as it appears to site B? The
connection between the client and A is over.. and I don't think A can tell
the browser it's at a different site - any method I can think of to do that
redirects the browser. That's why I thought it might be a task more
related to javascript than any server side application.
Rod Hilton said:
John Bokma <po********@castleamber.com> wrote in
news:Xn*************************@130.133.1.4:
Can you send the headers? If you can, you can send anything you want.
Including a spoofed header.
Well, you could have the PHP script send a different location header, but
that would actually redirect the browser. What I'm saying is, when the
client makes a connection to site B, it doesn't run anything by site A
again, so what could A do to spoof the header as it appears to site B? The
connection between the client and A is over.. and I don't think A can tell
the browser it's at a different site - any method I can think of to do that
redirects the browser. That's why I thought it might be a task more
related to javascript than any server side application.
The client connects to a PHP page on server A, which sends spoofed header
information to server B, recieves the HTTP response, and sends that response to
the client.
On 8 Oct 2004 14:36:40 -0700, Lee <RE**************@cox.net> wrote: Rod Hilton said:
The referrer is stored in the browser, so I imagine there has to be some
way to spoof a referrer using javascript. Any ideas?
That's an odd thing to imagine. There are far more things
stored in the browser that are not available to script than
are available.
the XML HTTP Request Object lets you set any header, including the
Referrer of course.
Jim.
Rod Hilton wrote: John Bokma <po********@castleamber.com> wrote in
news:Xn*************************@130.133.1.4:
Can you send the headers? If you can, you can send anything you want.
Including a spoofed header.
Well, you could have the PHP script send a different location header,
but that would actually redirect the browser. What I'm saying is,
when the client makes a connection to site B, it doesn't run anything
by site A again, so what could A do to spoof the header as it appears
to site B? The connection between the client and A is over.. and I
don't think A can tell the browser it's at a different site - any
method I can think of to do that redirects the browser. That's why I
thought it might be a task more related to javascript than any server
side application.
Server side you can fetch the page from the other site, like a browser
does, and hence you can spoof whatever you want.
--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
Lee <RE**************@cox.net> wrote in news:ck********@drn.newsguy.com: Rod Hilton said:
John Bokma <po********@castleamber.com> wrote in
news:Xn*************************@130.133.1.4:
Can you send the headers? If you can, you can send anything you
want. Including a spoofed header.
Well, you could have the PHP script send a different location header,
but that would actually redirect the browser. What I'm saying is,
when the client makes a connection to site B, it doesn't run anything
by site A again, so what could A do to spoof the header as it appears
to site B? The connection between the client and A is over.. and I
don't think A can tell the browser it's at a different site - any
method I can think of to do that redirects the browser. That's why I
thought it might be a task more related to javascript than any server
side application.
The client connects to a PHP page on server A, which sends spoofed
header information to server B, recieves the HTTP response, and sends
that response to the client.
I was doing that. The problem is how much work it takes to parse the
thing. If the HTML sent back uses relative links, I have to parse the
thing and force all of the links and srcs to be absolute, which is a lot of
work. I want the client to make the connection to B, otherwise my script
has to be extremly complex, I believe.
Rod Hilton wrote:
[ header spoofing ] I was doing that. The problem is how much work it takes to parse the
thing. If the HTML sent back uses relative links, I have to parse the
thing and force all of the links and srcs to be absolute, which is a
lot of work.
Just set a baseurl in the <head> part
I want the client to make the connection to B, otherwise
my script has to be extremly complex, I believe.
Or use Perl
--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: brett |
last post by:
When I use this code:
<select name="status" onChange =
"location.href=this.options.value">
<option value="mypage.htm">Select View</option>
</select>
I don't have a referrer. When I click an...
|
by: Alex |
last post by:
Hi!!
i have a major problem, and i've been searching for a solution for
about 2 weeks, but havent found one.
i have to do a POST-Request to a server, but the server shouldnt know
my referrer....
|
by: X l e c t r i c |
last post by:
Hi,
I'm trying to put the last URL visited to a text input using
history.previous for WebTV (because I can't get document.referrer to
work with WebTV) and document.referrer for PC. This is for...
|
by: Aaron |
last post by:
i would like to make a page thats only accessible from a certain website.
so i did this
if
(HttpContext.Current.Request.UrlReferrer.ToString().Trim().StartsWith(http:/
/www.approveddomain.com))...
|
by: Suman |
last post by:
Hi all,
Is there a way to set the value of HTTP header Referrer to null or to
any specified value?? I have tried doing this
document.Referrer= null
but document.Referrer is a read only...
|
by: Nospam |
last post by:
does anyone know if there is anything wrong with this code? <SCRIPT
LANGUAGE="JavaScript">document.referrer.indexOf("http://www.example.com")
!= -1){ ...
|
by: Nospam |
last post by:
I have a site http://www.example.com, and I want to link to an article on
another site http://www.example2.com, how would I use the site
http://www.example.com , as a referrer to the article on the...
|
by: Trev |
last post by:
Hi all,
I'm trying to create some javascript that will provide the user of the
referring page, but if I do something like the following:
<HTML>
<HEAD>
</HEAD>
<BODY>
<script>
|
by: Jonathan N. Little |
last post by:
Obviously I am witnessing some kind of hacking in an attempt to exploit
some security flaw in phpbb because I am seeing the activity being
logged in my 404 handler script. What puzzles me is that...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
