[LuckyPimp]

I am trying to figure out some information on how to spoof a http referrer in c++ and I am not getting too much luck. Any ideas on the function or a place to look?

Thanks

[hyjacked]

I have no clue, check around the underground hacking sites though. That sounds like something they would be into.

[LuckyPimp]

Thanks, I need it for a legit program though.

[hyjacked]

could you explain a bit more about what you are doing, and what you want the program to do, maybe a bit more information and i may be able to think up some ways to go about it.

and yea what they do isn't legit, but if you can find the source, what does it matter that they use it for illegal, while you use it for legal.

[r00tb00t]

Hey this is my first post but I hope it help!

When a browser sends a request for a web page it looks like this

GET /a_web_page.html HTTP/1.1
Host: AwebSITE.com
Referer: LASTwebSITE.com
(Not all of a request but that doesn't matter yet!)

The line:
GET /a_web_page.html HTTP/1.1
means to get the file '/a_web_page.html" from a server using HTTP version 1.1 (<thats the highest at the moment! I think?)

The line:
Host: AwebSITE.com
means to get it from the web site 'AwebSITE.com'

And finally the line:
Referer: LASTwebSITE.com
Is the last web site you visited


EXAMPLE:

If you were on: http://www.somesite.com/page1.html
and you clicked a link to: http://www.somesite.com/folder/page2.html
the HTTP head would look like this!

GET /folder/page2.html HTTP/1.1
Host: http://www.somesite.com
Referer: http://www.somesite.com

From there if you were to click a link to:
http://anothersite.com/page1.asp
then it would look like this:

GET /page1.asp HTTP/1.1
Host: http://www.anothersite.com
Referer: http://www.somesite.com

Now, some web pages only let people in from a certain domain so the HTTP REFERER must be 'Spoofed', (faked). We can do this in telnet.

OK Windows user...goto start>run>and type cmd > then hit enter
TU-DA.....A Command Prompt!

Now open telnet:

c:>telnet (hit enter)

Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+]'

Microsoft Telnet>

know let say we want a page (securepage.html) from: http://www.securesite.com and they only let people in from http://www.trustedsite.com. We need to make our own HTTP Header Request.

Type:
o www.securesite.com 80 (change 'www.securesite.com' for you chosen site and the port if needs be!)

then whack enter!

****because my telnet it buggered it looks like nothing has happen:


Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+]'

Microsoft Telnet> o www.securesite.com 80
Connecting To www.securesite.com...


****But When I type i find my self type of the text already:

GET /apage.html HTTP/1.1net Client

Escape Character is 'CTRL+]'

Microsoft Telnet> o www.securesite.com 80
Connecting To www.securesite.com...


****But this is ok it only send what you have written. Know we write our fake header!

type this:
GET /securepage.html HTTP/1.1 (hit enter)

type this:
Host: http://www.securesite.com (hit enter)

type this:
Referer: http://www.trustedsite.com (hit enter)
(hit enter again)
maybe 2 or 3 seconds delay...but sure enough a webpage's html source will be displayed on the screen...

II this helps although I know nothing at all about c/c++ programming (not a sausage), so I cant actually tell you any coding...SORRY!


r00tb00t

[proxomitronfan]

Proxomitron offeres these features. It's terribly useful for slowing down evil sites that harvest needless information

http://proxomitron.info

for better rules

http://jd5000.net


=D =D


Here is an open source project:

http://livehttpheaders.mozdev.org/

You'll want to look closely at "replay headers"

hope this helps

[valdineyap]

hint: changereferrer.com is a good site to change your referer!