Saturday, October 27, 2012

URL spoofing

This is my reply to one forum member who thinks that URL can be spoofed by simply updating the http header..

Originally Posted by camjohnson95. The referrer can be set when loading the page via an HTTPRequest.

It is always very interesting to read those 'referrer spoof' discussions.... whether people do not know anything about the subject... or know a lot and just play 'noobs'. I actually tried the httprequest method in both asp.net and php. For php you can find a bunch of those so-called php proxy scripts and this will give you a great explanation how the process works. The problem with that is all clients will hit the destination site from one ip address only, this will be your server's ip. What is even worse, the user-agent will be the same for all visitors, unless you bother to preserve and copy the visitor's user-agent. Still, this will look weird in the target site logs. Doing the same thing in asp.net gives the same results, it's just a little harder to implement than php. But... As i heard, there is another method that actually works... it is however less comprehensible that the httprequest.. And as i heard it costs much more than forty bucks.

I've done URL spoofing for one of my clients. It is doable. If you want to hire me for that type of project, I can certainly help you, but not for $40.

No comments:

Post a Comment