digplanet beta 1: Athena
Share digplanet:

Agriculture

Applied sciences

Arts

Belief

Business

Chronology

Culture

Education

Environment

Geography

Health

History

Humanities

Language

Law

Life

Mathematics

Nature

People

Politics

Science

Society

Technology

In HTTP networking, typically on the World Wide Web, referer spoofing (based on a canonised misspelling of "referrer") is the sending of incorrect referer information in an HTTP request in order to prevent a website from obtaining accurate data on the identity of the web page previously visited by the user.

Overview[edit]

Referer spoofing is typically done for data privacy reasons, in testing, or in order to request information which some web servers may only supply in response to requests with specific HTTP referers.

To improve their privacy, individual browser users may replace accurate referer data with inaccurate data, though many simply suppress their browser's sending of any referer data. Sending no referrer information is not technically spoofing, though sometimes also described as such.

In software, systems and networks testing, and sometimes penetration testing, referer spoofing is often just part of a larger procedure of transmitting both accurate and inaccurate and both expected and unexpected input to the HTTPD system being tested and observing the results.

While many web sites are configured to gather referer information and serve different content depending on the referer information obtained, exclusively relying on HTTP referer information for authentication and authorization purposes is not a genuine computer security measure. HTTP referer information is freely alterable and interceptable, and is not a password, though some poorly configured systems treat it as such.

Application[edit]

Some websites, especially many image hosting sites, utilise referer information to secure their materials: only browsers arriving from their web pages are served images. Additionally a site may want users to click through pages with advertising content before directly being able to access a downloadable file — using the referring page or referring site information can help a site redirect unauthorized users to the landing page the site would like to use.

If attackers acquire knowledge of these approved referers, which is often trivial because many sites follow a common template,[citation needed] they can use that information combined with this exploit to gain free access to the materials.

Spoofing often allows access to a site's content where the site's web server is configured to block browsers that do not send referer headers. Website owners may do this to disallow hotlinking.

It can also be used to defeat referer checking controls that are used to mitigate Cross-Site Request Forgery attacks.

Tools[edit]

Several software tools exist to facilitate referer spoofing in web browsers. Some are extensions to popular browsers such as Mozilla Firefox or Internet Explorer, which may provide facilities to customise and manage referrer URLs for each website the user visits.

Other tools include proxy servers, to which an individual configures their browser to send all HTTP requests. The proxy then forwards different headers to the intended website, usually removing or modifying the referer header. Such proxies may also present privacy issues for users, as they may log the user's activity.

See also[edit]

Notes[edit]


Original courtesy of Wikipedia: http://en.wikipedia.org/wiki/Referer_spoofing — Please support Wikipedia.
This page uses Creative Commons Licensed content from Wikipedia. A portion of the proceeds from advertising on Digplanet goes to supporting Wikipedia.
237 videos foundNext > 

how to spoof referer http with fiddlre

in this tutorial i make u how to capture traffic and then modify it as an example i use level3 of spoofing from enigmagroup a site were u can lear to hack. w...

Spoofy - Google Chrome Extension (Referrer-Spoofing)

Spoofy is a smart tool to spoof the referrer of any website. • The location of the current tab is always the referer-URL • Just paste the target-URL into the...

spoof referer 2014 www.yah-underworld.com

http://www.yah-underworld.com spoof referer.

Spoofing the referrer and Iframing Content with WP Traffic Tools (WPTT)

For Commenting: http://www.wptraffictools.com/spoofing-the-referrer-and-iframing-content-with-wp-traffic-tools-wptt/ Hatnohat Marketing & Development present...

Referrer Spoofing with WP Traffic Tools

http://www.wptraffictools.com/spoof-referrer/ Short customer service video highlighting the referrer spoofing capabilities of the Link Management module.

No Agenda Everywhere - HTTP Referrer spoofing

http://NoAgendaEverywhere.com for details. This is a PR initiative to spread the word about the http://www.NoAgendaShow.com No Agenda Show podcast with Adam ...

Free Traffic Exchange With Referrer Spoofing

Want to spoof your referrer? And not pay for it? Get traffic from whichever site you specify: google.com, youtube,amazon,ebay,facebook,linkedin, twitter OR a...

Traffic Exchange With Hidden Referrer - Free

Do you want to SAVE those $10-$20 or $30 which you pay simply so that you can hide your website traffic's referrer? Do you want to show that you get traffic ...

HTTP Referer Primer

The HTTP referer (aka referer) is the address (or URL) of the referring webpage that is sent to a target web site. The URL is transmitted to the target web s...

Curl ile Referer Bilgisi Göndermek (Ders 3)

Bu ders Tayfun Erbilen tarafından hazırlanmıştır. - Erbilen.NET - Prototurk.Com - UzmanVideo.Org.

237 videos foundNext > 

1 news items

 
Naked Security
Mon, 29 Jul 2013 03:35:51 -0700

Unfortunately (or fortunately, if you're talking about maintaining your privacy or testing code), "referer spoofing" is a trivial thing for coders. Somebody with malicious intent could log into LinkedIn and then hop over to a malicious page that's ...
Loading

Oops, we seem to be having trouble contacting Twitter

Support Wikipedia

A portion of the proceeds from advertising on Digplanet goes to supporting Wikipedia. Please add your support for Wikipedia!

Searchlight Group

Digplanet also receives support from Searchlight Group. Visit Searchlight