Solved

Need to spoof HTTP_REFERER via a link from an asp page

Posted on 2006-06-12
8
693 Views
Last Modified: 2008-01-09
I have a need to have a link to another site, however I do not want that site to know I am refering traffic to them.  My site is based on native .asp pages, I have looked and the only way I have seen to really do this is based on an article I found here on EE; (http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_21793985.html).  But it was not detailed enough, it appears to be in Java but it does not give a complete example.

Ideally here is what I want to happen is;
* Create a clickable Link from from my server using an asp page with 1 dynamic vairable
* Open the link in a new window when clicked
* Mask or remove the HTTP_REFERER (Webiste1 (origin) Website2 (desitnation) I do not want Website2 know that the user came from Website1)
* reusable for several different links on the same page (ie the dymanic variable will change several times in a for/next type loop on the .asp page)
* Not using .NET, only traditional .asp

Here is the way I do it now but it does not spoof the referer (the "#" is to hide the URL from the user, not a requirement, just a bonus);
<a href="#" onClick="window.open('http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

What I need is a real world example of the whole working solution.  I am not opposed to using Java or cgi, just need something that 'integrates' well with .asp.
0
Comment
Question by:jloberg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 25

Expert Comment

by:kevp75
ID: 16888953
unless you can get your server to forgo the referrer header you may be sol, as it cannot be done with any code.

i am unsure how do this with IIS, but I am sure it is possible if your host uses Apache
0
 

Author Comment

by:jloberg
ID: 16888986
We are on IIS...  If there are any other ideas please chime in!!

Thanks all!
Jerry
0
 

Author Comment

by:jloberg
ID: 16889690
Here is another link that maybe helpful IF this is possible.  This was done in .NET, but I do not know of a way to do it via .asp.  If someone can find a way to send a link from .asp to .NET and have the .NET do what is needed I am not opposed to that process either.  I am willing to do what ever is needed even if it requires some extra steps on the server side.  Just not willing to make the users do anything extra.

http://www.developerfusion.co.uk/show/4672/
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:yourbudweiser
ID: 16905726
found this on a another site, credit to original poster:

http://www.developerfusion.co.uk/show/4672/

I noticed the article the other day on your website about "Spoofing the Referer During a Web Request" Immediately after reading it I was wondering if you can do this using ASP.NET, the answer is a resounding "YES, of course!". This works because the http standards allow the client to actually dictate the HTTP_Referer variable.

Here is the code:

 Function FetchURL(SomeURL as String, Referer As String) as String
    Dim WebResp as HTTPWebResponse
    Dim HTTPGetRequest as HttpWebRequest
    Dim sr As StreamReader
    dim myString as String
    HTTPGetRequest = DirectCast(WebRequest.Create(SomeURL),HttpWebRequest)
    HTTPGetRequest.KeepAlive = false
    HTTPGetRequest.Referer = Referer
    WebResp = HTTPGetRequest.GetResponse()
    sr = new StreamReader(WebResp.GetResponseStream(), Encoding.ASCII)
    myString = sr.ReadToEnd()
    Return myString
End Function

You can then call this using the following:
Dim PageString As String
PageString = FetchURL("http://www.google.com/","http://www.microsoft.com")
0
 

Author Comment

by:jloberg
ID: 16906060
Problem I am running into is that the page that has the link on it (the one I need to spoof) is a classic ASP page, the code above is ASP.NET.  I would need to find a way to transfer data to the ASP.NET page and then have the ASP.NET page spoof and redirect.  If anyone can help do that it would work.
Jerry
0
 
LVL 25

Expert Comment

by:kevp75
ID: 16906258
please see this link:
http://www.w3schools.com/asp/met_addheader.asp

you may be able to do
<%Response.AddHeader "HTTP_REFERRER","http://www.thesite.com"%>
0
 

Accepted Solution

by:
tvtimes earned 100 total points
ID: 16906266
Not sure if this will help but here is a way to link anonymously (remove) - Can't rename who your referer is but you can 'remove' it.  It can be done via a cgi script found here;
http://watson-net.com/download/download.asp?name=Redirector&file=redir.zip

And then test the syntax based on the following to a site that verifies if you are 'refered';

<a href="http://www.inet-police.com/cgi-bin/env.cgi"> Traditional Link</a>

<a href="/cgi-bin/redir.pl?url=http://www.inet-police.com/cgi-bin/env.cgi">Anonymous Link</a>

Because it is a standard "a href", you should be able to use the window.open command to open the link in a new window and imbed the asp.  Using your example above here would be your new code if you saved the redire.pl file in the /cgi-bin;
<a href="#" onClick="window.open('/cgi-bin/redir.pl?url=http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

Good Luck and hope this meets enough of your requirements and that you have CGI on your machine.
0
 

Author Comment

by:jloberg
ID: 16912289
kevp75 - I tried your proposed ideas...  The first there is a comment on w3schools that says the name can not contain underscores.  So that will not work for an HTTP_REFERER statement.  Great idea if the underscores worked....  The second, when I tested it it still showed the website the link came from as the referer...

tvtimes - Fortunately I am able to run cgi-scripts (had to test it first) with my web host.  It seems to work, the referer is not showing after I click on the link, so it appears to 'remove' the referer.  Even though I never thought about using CGI this does solve my problem and it works with classic .asp.

Thanks all.
Jerry
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question