How do you cheat on HTTP_REFERER?

Question

How do you cheat on HTTP_REFERER?

I need to try and trick HTTP_REFERER passed my other page so that on the landing page I can determine that the request comes from the "right" page and follows the corresponding logic.

How do I do this in JavaScript (AJAX)?
Can I do this in ASP.Net?

Tia rams

+3

spoofing http-referer

rams Mar 05 '09 at 10:36

source share

3 answers

, "" , . , , . URL- , "", , , .

+2

Rob Kennedy 05 . '09 22:47

, . HTTP_REFERER , ( , javascript, ).

(, "Referer:" ), , curl wget, BSD Linux ( OS/X). MS Windows, wget Cygwin.

    wget -O - --referer="http://example.com/some/path" http://example.com/

    curl -e "http://example.com/some/path" http://example.com/

, -, "" , . , ( "B" ) , ( "A" ), .

If you store a session cookie, you can insert some logic into page "A", which sets the boolean variable. Then add logic to page "B", which checks to see if the variable has been set.

I will leave this as an exercise for the reader to figure out how to do this in ASP.NET. (Because I'm a PHP programmer. -])

+2

ghoti Dec 13 '11 at 16:39

source share

Troy J. Farrell · Accepted Answer · 2009-03-05T22:44:33+0000

Generally speaking, you cannot force other browsers to return false HTTP_REFERER without an exploit, plugin, or other extension. If you want to change the value sent from your web browser and you are using FireFox, check out the Modify Headers extension .

HTTP_REFERER. , HTTP_REFERER .

How do you cheat on HTTP_REFERER?

More articles: