473,385 Members | 1,736 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > html referrer spoofing

Join Bytes to post your question to a community of 473,385 software developers and data experts.

html referrer spoofing

i would like to make a page thats only accessible from a certain website.
so i did this

if
(HttpContext.Current.Request.UrlReferrer.ToString( ).Trim().StartsWith(http:/
/www.approveddomain.com))

method();//access page

else

accessdenied();

--------------

did i do this right? i know there are programs out there that can spoof http
referrer would my code still work?

ie.spoofed url

http://www.hacker.com/@http://www.approveddomain.com

i need to make sure my code works 100% of the time.

Thanks

Aaron
Jul 21 '05 #1
1 1842
Well, all it would take is for somebody to write to the headers, and your
security has been defeated. Do you have any control over this other site? If
so, then you can have that site set some variable somewhere that your target
site goes in and reads. For example, it could generate a new GUID, store
this in a database, and then add it to the querystring. The target site can
then read this GUID, compare it to the database, and then clear the
database. If you need to be absolutely guaranteed that the user hasn't
modified the headers somehow, then you have to store something on your end
that the user/attacker can not get to.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"Aaron" <ku*****@yahoo.com> wrote in message
news:eB**************@TK2MSFTNGP12.phx.gbl...
i would like to make a page thats only accessible from a certain website.
so i did this

if
(HttpContext.Current.Request.UrlReferrer.ToString( ).Trim().StartsWith(http:/
/www.approveddomain.com))

method();//access page

else

accessdenied();

--------------

did i do this right? i know there are programs out there that can spoof
http
referrer would my code still work?

ie.spoofed url

http://www.hacker.com/@http://www.approveddomain.com

i need to make sure my code works 100% of the time.

Thanks

Aaron

Jul 21 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
how do I check if the referrer was used HTTP or HTTPS?
by: NotGiven | last post by:
I need to verify if the page that led the user to this page used http or httpS. for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php I want to know as opposed to...
PHP
3
spoofing in asp
by: Matt | last post by:
I want to know how ASP prevents "Spoofing" to happen?? Someone told me in ASP.NET, the server validation can prevent "Spoofing" to happen. Please advise.
ASP / Active Server Pages
5
Referrer Logs - Strange Entries
by: Ryann | last post by:
Hello. I had a strange entry in my referrer logs. The http-referrer reported that the user came from another site. But the file it claimed to come from a pdf file. I followed the link back and...
HTML / CSS
11
Referrer Spoofing in Javascript?
by: Rod Hilton | last post by:
Hey everyone, Does anyone know if it's possible to spoof a referral using Javascript - as in, when I go from web site A to web site B, if B uses php or javascript or something to see the...
Javascript
2
html referrer spoofing
by: Aaron | last post by:
i would like to make a page thats only accessible from a certain website. so i did this if (HttpContext.Current.Request.UrlReferrer.ToString().Trim().StartsWith(http:/ /www.approveddomain.com))...
C# / C Sharp
2
Parse the referrer
by: Fernando Rodríguez | last post by:
Hi, Is there a way to turn the document.referrer string into a Location like object, so I can extrac the domain and other parts of it? Thansk
Javascript
79
Should UA string spoofing be treated as a trademark violation?
by: VK | last post by:
I wandering about the common proctice of some UA's producers to spoof the UA string to pretend to be another browser (most often IE). Shouldn't it be considered as a trademark violation of the...
Javascript
4
printing HTML with appendix showing links, URL etc...
by: qwweeeit | last post by:
Hi all, I'm a newbie in JS, but I've used it to print html + additional informations: - list of links (also internals) both text (document.links.text) and href - title (document.title) - URL,...
Javascript
2
hacked referrer
by: Jonathan N. Little | last post by:
Obviously I am witnessing some kind of hacking in an attempt to exploit some security flaw in phpbb because I am seeing the activity being logged in my 404 handler script. What puzzles me is that...
PHP
1
rajiv07
How do i Call Perl script from HTML
by: rajiv07 | last post by:
Hi to All, I have try to execute a perl script in html.But nothing get display What i have tried so for is The referrer.pl --------------- #!/usr/bin/perl
Perl
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!