How to spoof HTTP

DataTrend Software
CGI Scripts

AutoContact
AutoFollowUp
AutoMail
AutoMail Lite
Bookkeeper Lite
CountDown
CountDown Lite
CountLink
Script Feedback

PERL/CGI Books

How to Spoof HTTP_Referer
(or any other browser passed variable)

Security
Resources

Hack
Attacks
Denied

Hack
Attacks
Revealed

UNIX
Power
Tools

To see an ELEMENTARY way to spoof any referer (sic) value, you'll need telnet and a way to see the referer value that your server records (server logs always have the referer value in them).

Try the following:
(The example below assumes your homepage is index.html)

telnet www.yoursite.com 80 (press return)
GET /index.html HTTP/1.0 (press return)
Referer: http://www.hah-hah.com (press return)
(press return again)

Now, check your server logs and you'll see that "someone" from hah-hah.com grabbed your homepage.

If you are trying to "protect" a file by making sure that the referer value (or any other browser passed variable) is your own website, you can be bypassed by this simple technique. You cannot trust any browser passed variables.

Other resources on Spoofing and Hacks
Hack Attacks Encyclopedia History of hacking	Hack Proofing Your Network Common attacks and preventative methods.	Counter Hack Computer attacks and effective defenses.

PERL Programming Resources
Programming Perl Beginners	Learning Perl Writers	Perl Cookbook Learn by Example

Send mail to info@datatrendsoftware.com with questions about this web site or our products.
Copyright © Datatrend Software.
PO Box 80471, Raleigh, NC USA 27623.
800-536-6951 toll free fax

Send mail to info@datatrendsoftware.com with questions about this web site or our products. Copyright © Datatrend Software. PO Box 80471, Raleigh, NC USA 27623. 800-536-6951 toll free fax

Send mail to info@datatrendsoftware.com with questions about this web site or our products.
Copyright © Datatrend Software.
PO Box 80471, Raleigh, NC USA 27623.
800-536-6951 toll free fax