Jump to content

Archived

This topic is now archived and is closed to further replies.

hustla

Java Script question

Recommended Posts

Im tring to get java script to spoof a referer via the XMLHTTP object but i cannot get it working properly. 

here is an example that wont work
yahoo is the target and google is the fake referere this is the location of the script http://thisfileshost/spoof2.php


<script type="text/javascript">
var x = new ActiveXObject("Microsoft.XMLHTTP");
x.open("GET\thttp://www.yahoo.com\tHTTP/1.0\r\nHost:\twww.yahoo.com\r\nReferer:\thttp://www.google.com\r\n\r\nGET\thttp://nosuchhost/\tHTTP/1.0\r\nFoobar:","http://thisfileshost/spoof2.php",false);
x.send();
alert(x.responseText);
</script>

not sure what im missing here i get a file not found error 404 

Thanks guys

Share this post


Link to post
Share on other sites
...  did you not see the javascript forum?  i'm moving this there.

Share this post


Link to post
Share on other sites
this is the article i followed

http://www.cgisecurity.com/lib/XmlHTTPRequest.shtml

Share this post


Link to post
Share on other sites
read a little more and i believe its a proxy issue. is their any other methods you guys know of to spoof the referer without a forward proxy.

Share this post


Link to post
Share on other sites
Found a much easier solution to spoof a referer via activex althought it does require you to enable the intilize and script control that are marked not safe option in ie settings. Don't know much about active x controls so if you guys know how to convert this small script to a control the user can install so they don't have to enable this option that would be great otherwise i guess i will spend a few hours reading. thanks below is the source. forgive the spelling to lazy to fix.

<SCRIPT language="Javascript">
function spoofit()
{
var target;
var referer;

target = document.getElementById('url').value;
referer = document.getElementById('ref').value;

var header = "Referer: " + referer + "\n\r";
var objIE = new ActiveXObject("InternetExplorer.Application");
objIE.Visible = true;
objIE.Navigate(target, 2, "", "", header);
}
</SCRIPT>

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.