Jump to content

Archived

This topic is now archived and is closed to further replies.

hustla

Header Modification

Recommended Posts

OK what i want to do is spoof the referer on a redirect

I tryed this
header("Location: www.something.com")
header("Referer: www.something2.com")

but what happens is it loses the referer after the redirect i sniffed it with etheral see below

Hypertext Transfer Protocol
    GET /members/links/pluginfeeds.php?ekgsso HTTP/1.1\r\n
        Request Method: GET
        Request URI: /members/links/pluginfeeds.php?ekgsso
        Request Version: HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*\r\n
    Referer: http://192.168.1.102/\r\n
    Accept-Language: en-us\r\n
    UA-CPU: x86\r\n
    Accept-Encoding: gzip, deflate\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\r\n
    Connection: Keep-Alive\r\n
    Host: www.featuredmemarea.com\r\n
    \r\n

As you can see from above 192.168.1.102 is me not what i specifed in the php header.
Is their anyway to create a GET header like above except where i modify the referer in php. Thanks

Share this post


Link to post
Share on other sites
try setting the referer before location:

header("Referer: www.something2.com");
header("Location: www.something.com");

Just a wild guess.

Share this post


Link to post
Share on other sites
yea i've tried that. i really dont think their is a way to do this. i could get the server to spoof the get request but i want the clients get header to modified. let me know guys

Share this post


Link to post
Share on other sites
you should read about Curl

Share this post


Link to post
Share on other sites
found a way using java script and the httprequest object but thats it. would rather not use that.

Share this post


Link to post
Share on other sites
The http referer is supplied by the browser, not the server. Because php is server side you can do nothing about it. Javascript will work (not reliably though) because it is run in the client side which supplies the referer field in the request.

Share this post


Link to post
Share on other sites
thats what i figured. guess i will go the java script way.Unfortantly in firefox you can't even spoof the referer unless you install a plugin. ohh well good old i.e security. 

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.