[ACCEPTED]-PHP - Referer redirect script-http-referer

Accepted answer
Score: 13

this function should give you a starting 4 point it will fetch any http url with the 3 specified referrer

handling the query parms 2 should be pretty trivial, so i will leave 1 that part for you to do


    echo geturl('http://some-url', 'http://referring-url');

    function geturl($url, $referer) { 

        $headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg,text/html,application/xhtml+xml'; 
        $headers[] = 'Connection: Keep-Alive'; 
        $headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; 
        $useragent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)'; 

        $process = curl_init($url); 
        curl_setopt($process, CURLOPT_HTTPHEADER, $headers); 
        curl_setopt($process, CURLOPT_HEADER, 0); 
        curl_setopt($process, CURLOPT_USERAGENT, $useragent);
        curl_setopt($process, CURLOPT_REFERER, $referer);
        curl_setopt($process, CURLOPT_TIMEOUT, 30); 
        curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); 
        curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); 

        $return = curl_exec($process); 

        return $return; 

Score: 2

You can use one of the services available 34 on Internet which allow hiding referrers 33 (by setting their address), but you cannot 32 impose a specific referrer that ain't the 31 actual referrer. The user must actually 30 be redirected to that website (which will 29 appear as a referrer) before he is redirected 28 to the target website.

One of such services: http://linkanon.com


Since 27 you changed your question now, my comment 26 about writing a user agent in PHP which 25 acts like a proxy, applies, but then this 24 gets close to a criminal activity, because 23 you will be displaying a third party website 22 to a user who might think that she is in 21 the actual website, while in fact she will 20 have loaded your content (the content you 19 have passed on). To perform this close-to-criminal 18 activity (you are one step away from trying 17 to read a username and password), you load 16 the third party's website content with PHP 15 by using your own written user agent which 14 specifies the fake referrer and simply passes 13 the output to visitor of your website. The 12 function in PHP which lets one send HTTP 11 headers, is header($header):

header("Referer: http://example.org");

Instead of shouting 10 at people who try to help, you could try 9 to read HTTP (that's the protocol according 8 to which the world turns around) specification 7 regarding Referer header: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html (See Section 6 14.36).

You also might want to read http://en.wikipedia.org/wiki/Referrer_spoofing where 5 you can see that it's all about client side. PHP 4 is server side. All you can do is try to 3 write a client code (Javascript) generated 2 by PHP, but if you have any luck, then you're 1 breaking into user's world.

Score: 0

The referer is set by your browser, not 25 by any server side mechanism. You could, I 24 guess, construct a proxy in PHP that makes 23 the request of the remote server and sets 22 the referer header appropriately. It seems 21 more useful to just use a Firefox plugin, e.g. http://www.stardrifter.org/refcontrol/.

Edit: I'd 20 reword your question to make it clear you 19 want to write a PHP proxy, with a custom 18 referrer header. I'd probably just modify 17 something like http://sourceforge.net/projects/poxy/ to take the referrer parameter 16 and pass it on.

Edit again: You may be clear 15 on what you're asking, but asking for the 14 impossible doesn't make it possible. The 13 browser is responsible for setting the referrer 12 header; it uses the URI that caused it to 11 redirect to a new resource. You're asking 10 for a script that says "Please visit 9 http://example.net, but pretend that I'm actually www.foo.com 8 when you do so". There is no mechanism 7 for the server to instruct the browser to 6 "lie" about where it came from.

I 5 suppose it may be possible via some convoluted 4 JavaScript hacking, but it would be hacking 3 in the black hat sense - a web site being 2 able to force a browser to spoof the referrer 1 would be a real security hole.

More Related questions