Jump to content


Photo

Header Modification


  • Please log in to reply
6 replies to this topic

#1 hustla

hustla
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 13 July 2006 - 12:52 AM

OK what i want to do is spoof the referer on a redirect

I tryed this
header("Location: www.something.com")
header("Referer: www.something2.com")

but what happens is it loses the referer after the redirect i sniffed it with etheral see below

Hypertext Transfer Protocol
    GET /members/links/pluginfeeds.php?ekgsso HTTP/1.1\r\n
        Request Method: GET
        Request URI: /members/links/pluginfeeds.php?ekgsso
        Request Version: HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*\r\n
    Referer: http://192.168.1.102/\r\n
    Accept-Language: en-us\r\n
    UA-CPU: x86\r\n
    Accept-Encoding: gzip, deflate\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\r\n
    Connection: Keep-Alive\r\n
    Host: www.featuredmemarea.com\r\n
    \r\n

As you can see from above 192.168.1.102 is me not what i specifed in the php header.
Is their anyway to create a GET header like above except where i modify the referer in php. Thanks


#2 hvle

hvle
  • Members
  • PipPipPip
  • Advanced Member
  • 667 posts
  • Locationmelbourne, Australia

Posted 13 July 2006 - 02:22 AM

try setting the referer before location:

header("Referer: www.something2.com");
header("Location: www.something.com");

Just a wild guess.

Life's too short for arguing.

#3 hustla

hustla
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 13 July 2006 - 02:37 AM

yea i've tried that. i really dont think their is a way to do this. i could get the server to spoof the get request but i want the clients get header to modified. let me know guys

#4 hvle

hvle
  • Members
  • PipPipPip
  • Advanced Member
  • 667 posts
  • Locationmelbourne, Australia

Posted 13 July 2006 - 02:38 AM

you should read about Curl

Life's too short for arguing.

#5 hustla

hustla
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 13 July 2006 - 03:44 AM

found a way using java script and the httprequest object but thats it. would rather not use that.

#6 gewthen

gewthen
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 13 July 2006 - 03:51 AM

The http referer is supplied by the browser, not the server. Because php is server side you can do nothing about it. Javascript will work (not reliably though) because it is run in the client side which supplies the referer field in the request.

#7 hustla

hustla
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 13 July 2006 - 03:58 AM

thats what i figured. guess i will go the java script way.Unfortantly in firefox you can't even spoof the referer unless you install a plugin. ohh well good old i.e security. 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users