First lemme tell you guys what spoofing is, spoofing it something, that masquerades/changes itself to something else. Or in lay mans terms.. lets say you gotta be 18+ to go to club but cant enter since you're just 17.. your friend has an idea that he can make you look 18+, so what he does is he puts some weird makeup on your face and voila! you're looking just like 18+ dude! It's spoofing! you've made yourself look like something that you're not.
Before we go further, I recommend reading this tutorial. HTTP the very basics
Alright! now lets get some practical example, there's couple types of spoofing, here's some of them. In this particular tutorial we'll be talking about referral spoofing. But before that those who just popped on this tutorial lemme explain what referral is.. and yeah if you read my HTTP the very basics it's gonna be easy as a pie!
You know whenever you open a page, there's data that's send to server, server's basically requesting some data, for example, website address, IP address.. and referral address! referral address is the previous website link, for example, if you've come to this site(www.webdevtown.com) form some forum, site will save that forum's address.
Here's example of couple request headers
Accept: Content-Types that are acceptable for the response.
Host: The domain name of the server (for virtual hosting), and the TCP port number on which the server is listening. The port number may be omitted if the port is the standard port for the service requested.
Referer: This is the address of the previous web page from which a link to the currently requested page was followed. (The word “referrer” has been misspelled in the RFC as well as in most implementations to the point that it has become standard usage and is considered correct terminology)
User agent The user agent string of the user agent
Full list can be found here
So lets continue and.. and get to actual example. For this what you'll need is a server with PHP installed. What we're going to do is, save HTTP referral in a text file. So we know where the hits are coming from.
Here's the code for that.
//error_reporting(0);
$referer = $_SERVER["HTTP_REFERER"] . PHP_EOL;
$opened_file = fopen("referers.txt", "ab");
if(isset($referer)){
echo "referer is set";
fwrite($opened_file, $referer);
fclose($opened_file);
}else{
echo "you aint being referer from any site";
}
echo $referer;
</br> <a href="index.php"> Click me! </a>
Post this on your webpage, make sure it's .php file. We're also going to download a plugin for firefox so we can send fake referrals! here's the plugin.
Alright, so you've the plugin and the file's been uploaded, lets open the site for first time. Loaded? Now open the referels file it's created on your server.. It shouldn't have anything in, since there was no referral.. now lets open our refcontrol plugin, choose custom and enter in custom referel URL.
Press okay, then okay again and load the page. As expected page will load normally, however! it will show youtube as a referral! Magic!? and if you open referel file it should show www.youtube.com!
You've basically spoofed the referral. Now to make the process automatic, here's what you'll need to do, use cURL extension(little tutorial here) and send random referrals every time page refreshes! You can even use proxy along with random referral! Here's auto proxy changing script.
Please share if you liked this tutorial!
وردپرس فارسی
ReplyDelete