bundyxc Posted December 31, 2008 Share Posted December 31, 2008 I have the following form, and want to make it so that when it posts, then the referrer will come from example.com, even if I run the script on someothersite.com, do you know what I mean? <form name="frmfriendid" method="post" action="http://example.com/grabber.php"> <input type='text' name='friendid' class='input' value='Enter Friend ID Here' maxlength='15'/> <input type='hidden' name='r' class='input' value=''/> <input type='hidden' name='key' class='input' value='b8cc7d0331dcf4bf034108cd961b30e0'/> <br /> <input type='image' src='image/login.gif' class='button' name='action' value='Login' /> </form> I believe that this is called referrer spoofing, but I'm not actually using it for any blackhat stuff. Thanks guys. Quote Link to comment Share on other sites More sharing options...
premiso Posted December 31, 2008 Share Posted December 31, 2008 It is, but you need to configure your browser to do this or use cURL to send the fake headers. I believe Firefox allows Referrer spoofing, but not sure. You can find different software that does it online, just google "referrer spoofing". Quote Link to comment Share on other sites More sharing options...
rhodesa Posted December 31, 2008 Share Posted December 31, 2008 It is, but you need to configure your browser to do this or use cURL to send the fake headers. I believe Firefox allows Referrer spoofing, but not sure. You can find different software that does it online, just google "referrer spoofing". right, but if you plan on having this on your website, for others to use...this won't work. the form will have to submit to you, then you resend the data with CURL and the referrer spoof Quote Link to comment Share on other sites More sharing options...
bundyxc Posted December 31, 2008 Author Share Posted December 31, 2008 Thank you so much for your quick reply. I saw this, but I wasn't exactly sure how to use it. Where do I put the form information? Quote Link to comment Share on other sites More sharing options...
bundyxc Posted December 31, 2008 Author Share Posted December 31, 2008 <?php $post = $_POST["friendid=130379114&key=2eb814cc5d5d35365b096025ae4813a2&r=\r\n"]; header("Location: http://infiniteadds.org/grabber.php\r\n"). header("Host: http://infiniteadds.org/grabber.php\r\n"). header("Accept: text/xml,text/css, application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n"). header("Accept-Language: en-us,en;q=0.5\r\n"). header("Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"). header("Keep-Alive: 300\r\n"). header("Proxy-Connection: keep-alive\r\n"). header("Referer: http://infiniteadds.org/index.php\r\n"). header("Content-Type: application/x-www-form-urlencoded\r\n"). header("Content-Length: 88\r\n\r\n"). header("$post"); ?> This takes me to the correct site, but will not login. Any suggestions? Quote Link to comment Share on other sites More sharing options...
premiso Posted December 31, 2008 Share Posted December 31, 2008 I think the location takes you the site without posting. Once that location is read, everything else is ignored I believe.... You need to submit the form to a page on your site then use CURL to do the header stuff and send the request that way. Quote Link to comment Share on other sites More sharing options...
bundyxc Posted December 31, 2008 Author Share Posted December 31, 2008 Sorry, doublepost. Quote Link to comment Share on other sites More sharing options...
bundyxc Posted December 31, 2008 Author Share Posted December 31, 2008 Thank you. Here's what I have to far: <?php $url = "http://infiniteadds.org/grabber.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$url); // set url to post to curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable curl_setopt($ch, CURLOPT_TIMEOUT, 20); // times out after Ns curl_setopt($ch, CURLOPT_POST, 1); // set POST method curl_setopt($ch, CURLOPT_POSTFIELDS, "friendid=130379114&key=2eb814cc5d5d35365b096025ae4813a2&r="); // add POST fields curl_setopt($ch, CURLOPT_FAILONERROR, 0); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_COOKIEFILE, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); $result = curl_exec($ch); // run the whole process curl_close($ch); echo $result; ?> How do I tamper with the referrer? Quote Link to comment Share on other sites More sharing options...
xtopolis Posted December 31, 2008 Share Posted December 31, 2008 CURLOPT_REFERER The contents of the "Referer: " header to be used in a HTTP request. curl_setopt Quote Link to comment Share on other sites More sharing options...
bundyxc Posted December 31, 2008 Author Share Posted December 31, 2008 <?php $url = "http://infiniteadds.org/grabber.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$url); // set url to post to curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable curl_setopt($ch, CURLOPT_TIMEOUT, 20); // times out after Ns curl_setopt($ch, CURLOPT_POST, 1); // set POST method curl_setopt($ch, CURLOPT_POSTFIELDS, "friendid=130379114&key=2eb814cc5d5d35365b096025ae4813a2&r="); // add POST fields curl_setopt($ch, CURLOPT_REFERER, "http://infiniteadds.org/index.php"); //set referrer curl_setopt($ch, CURLOPT_FAILONERROR, 0); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_COOKIEFILE, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); $result = curl_exec($ch); // run the whole process curl_close($ch); echo $result; ?> Something like that? It isn't working for me.. Check out the top.. http://bundyxc.com/rofl/maybe.php All I want to be able to do is enter my login details on my site, and then have it log me in on the other site. Once I'm logged in, I should be on the other site, not mine. Quote Link to comment Share on other sites More sharing options...
xtopolis Posted January 1, 2009 Share Posted January 1, 2009 I think that you were getting different key values, and not inputting them. This works for me. <?php //------------ $fid = '130379114'; $firstURL = "http://infiniteadds.org/index.php"; $secondURL = "http://infiniteadds.org/grabber.php"; $referrer = "http://infiniteadds.org/index.php"; //------ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$firstURL); // set url to post to curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable curl_setopt($ch, CURLOPT_TIMEOUT, 20); // times out after Ns curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_COOKIEFILE, 1); $loginPage = curl_exec($ch); curl_close($ch); $key = array(); preg_match( "~value='[a-z0-9]{32}'~i", $loginPage, $key ); $key = substr( $key[0], 7, 32); //-------------------------------------------- $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$secondURL); // set url to post to curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable curl_setopt($ch, CURLOPT_TIMEOUT, 20); // times out after Ns curl_setopt($ch, CURLOPT_POST, TRUE); // set POST method curl_setopt($ch, CURLOPT_POSTFIELDS, "friendid=$fid&key=$key&r="); // add POST fields curl_setopt($ch, CURLOPT_REFERER, $referrer); //set referrer curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_COOKIEFILE, 1); $result = curl_exec($ch); // run the whole process curl_close($ch); header("Location: http://infiniteadds.org/index.php?fid=$fid&logged=1"); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.