Jump to content

Recommended Posts

I have the following form, and want to make it so that when it posts, then the referrer will come from example.com, even if I run the script on someothersite.com, do you know what I mean?

 

 

<form name="frmfriendid" method="post" action="http://example.com/grabber.php">

<input type='text' name='friendid' class='input' value='Enter Friend ID Here' maxlength='15'/>

<input type='hidden' name='r' class='input' value=''/>

<input type='hidden' name='key' class='input' value='b8cc7d0331dcf4bf034108cd961b30e0'/>

<br />

<input type='image' src='image/login.gif' class='button' name='action' value='Login' />

</form>

 

 

I believe that this is called referrer spoofing, but I'm not actually using it for any blackhat stuff. :)

Thanks guys.

Link to comment
https://forums.phpfreaks.com/topic/139028-just-a-quick-question-easy/
Share on other sites

It is, but you need to configure your browser to do this or use cURL to send the fake headers.

 

I believe Firefox allows Referrer spoofing, but not sure. You can find different software that does it online, just google "referrer spoofing".

It is, but you need to configure your browser to do this or use cURL to send the fake headers.

 

I believe Firefox allows Referrer spoofing, but not sure. You can find different software that does it online, just google "referrer spoofing".

 

right, but if you plan on having this on your website, for others to use...this won't work. the form will have to submit to you, then you resend the data with CURL and the referrer spoof

 

<?php
$post = $_POST["friendid=130379114&key=2eb814cc5d5d35365b096025ae4813a2&r=\r\n"];
header("Location: http://infiniteadds.org/grabber.php\r\n").
header("Host: http://infiniteadds.org/grabber.php\r\n").
header("Accept: text/xml,text/css, application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n").
header("Accept-Language: en-us,en;q=0.5\r\n").
header("Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n").
header("Keep-Alive: 300\r\n").
header("Proxy-Connection: keep-alive\r\n").
header("Referer: http://infiniteadds.org/index.php\r\n").
header("Content-Type: application/x-www-form-urlencoded\r\n").
header("Content-Length: 88\r\n\r\n").
header("$post");
?>

 

This takes me to the correct site, but will not login. Any suggestions?

I think the location takes you the site without posting. Once that location is read, everything else is ignored I believe....

 

You need to submit the form to a page on your site then use CURL to do the header stuff and send the request that way.

Thank you. Here's what I have to far:

 

<?php
$url = "http://infiniteadds.org/grabber.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url); // set url to post to
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 20); // times out after Ns
curl_setopt($ch, CURLOPT_POST, 1); // set POST method
curl_setopt($ch, CURLOPT_POSTFIELDS, "friendid=130379114&key=2eb814cc5d5d35365b096025ae4813a2&r="); // add POST fields

curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

$result = curl_exec($ch); // run the whole process
curl_close($ch);
echo $result;
?> 

 

How do I tamper with the referrer?

<?php
$url = "http://infiniteadds.org/grabber.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url); // set url to post to
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 20); // times out after Ns
curl_setopt($ch, CURLOPT_POST, 1); // set POST method
curl_setopt($ch, CURLOPT_POSTFIELDS, "friendid=130379114&key=2eb814cc5d5d35365b096025ae4813a2&r="); // add POST fields
curl_setopt($ch, CURLOPT_REFERER, "http://infiniteadds.org/index.php"); //set referrer

curl_setopt($ch, CURLOPT_FAILONERROR, 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

$result = curl_exec($ch); // run the whole process
curl_close($ch);
echo $result;
?>

 

Something like that?

 

It isn't working for me.. Check out the top.. http://bundyxc.com/rofl/maybe.php

 

All I want to be able to do is enter my login details on my site, and then have it log me in on the other site. Once I'm logged in, I should be on the other site, not mine.

I think that you were getting different key values, and not inputting them.

This works for me.

<?php
//------------
$fid = '130379114';
$firstURL = "http://infiniteadds.org/index.php";
$secondURL = "http://infiniteadds.org/grabber.php";
$referrer = "http://infiniteadds.org/index.php";
//------

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,$firstURL); // set url to post to
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 20); // times out after Ns
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, 1);

$loginPage = curl_exec($ch);
curl_close($ch);

$key = array();
preg_match( "~value='[a-z0-9]{32}'~i", $loginPage, $key );
$key = substr( $key[0], 7, 32);

//--------------------------------------------

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$secondURL); // set url to post to
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 20); // times out after Ns
curl_setopt($ch, CURLOPT_POST, TRUE); // set POST method
curl_setopt($ch, CURLOPT_POSTFIELDS, "friendid=$fid&key=$key&r="); // add POST fields
curl_setopt($ch, CURLOPT_REFERER, $referrer); //set referrer
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, 1);

$result = curl_exec($ch); // run the whole process
curl_close($ch);

header("Location: http://infiniteadds.org/index.php?fid=$fid&logged=1");
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.