Fake a HTTP referrer

[j2k]

Hi,

Is it possible to send a form as normal, but fake it's referrer URL?

I have a script, however it must be called from a specific server. Is there a way to overcome this? If I submit the form via the file on my hard drive, as the HTTP referrer doesn't match, an error is produced.

I was thinking maybe use JavaScript or something?

TIA.

[sail3005]

i don't think that you can altar it. that would probably get a lot of people mad, because just about any website could steal their scripts.

perhaps what you could do, is store what the referrer is in a text file, and then include it. that way you can easily change it when you move it from your HD to your site.

[JoshT]

Yes, you can fake the referrer, cookies, user agent, or anything. Just use telnet to connect to a server and manually type the HTTP commands.

[j2k]

Hmm. Thanks for that JoshT. Do you have any source, perhaps in Visual Basic to do that? As in connect to a server, and post a form, faking the referrer?

Thanks.

[JoshT]

I don't have any decent code handy, but use your favorite language to content to a webserver and send the following (note newlines, and my HTTP might be a little off).

Code:

POST /somepage.cgi HTTP/1.0
Referer: http://www.microsoft.com/penguin.html
Content-length: (length of form data goes here)

field1=value1&field2=value2

And referer is supposed to be misspelled.

[j2k]

JoshT,

I tried it your way, but I get 'Bad Request'. If I spell it 'referrer', there is no error, but the script does not work.

Please help

[j2k]

EDIT: Now it works with 'referer' but it still doesn't execute.

[JoshT]

Hmm. Try a simpler request and see if you have any problems:

Code:

HEAD / HTTP/1.0

(then 2 newlines / enters)

[JoshT]

Also, whatever number you put for Content-length, the server won't send a response until you've sent it that much data.

[j2k]

JoshT!

The Content-length wasn't right!! It now works! THANKS!