Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need to spoof HTTP_REFERER via a link from an asp page

Posted on 2006-06-12
8
Medium Priority
?
715 Views
Last Modified: 2008-01-09
I have a need to have a link to another site, however I do not want that site to know I am refering traffic to them.  My site is based on native .asp pages, I have looked and the only way I have seen to really do this is based on an article I found here on EE; (http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_21793985.html).  But it was not detailed enough, it appears to be in Java but it does not give a complete example.

Ideally here is what I want to happen is;
* Create a clickable Link from from my server using an asp page with 1 dynamic vairable
* Open the link in a new window when clicked
* Mask or remove the HTTP_REFERER (Webiste1 (origin) Website2 (desitnation) I do not want Website2 know that the user came from Website1)
* reusable for several different links on the same page (ie the dymanic variable will change several times in a for/next type loop on the .asp page)
* Not using .NET, only traditional .asp

Here is the way I do it now but it does not spoof the referer (the "#" is to hide the URL from the user, not a requirement, just a bonus);
<a href="#" onClick="window.open('http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

What I need is a real world example of the whole working solution.  I am not opposed to using Java or cgi, just need something that 'integrates' well with .asp.
0
Comment
Question by:jloberg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 25

Expert Comment

by:kevp75
ID: 16888953
unless you can get your server to forgo the referrer header you may be sol, as it cannot be done with any code.

i am unsure how do this with IIS, but I am sure it is possible if your host uses Apache
0
 

Author Comment

by:jloberg
ID: 16888986
We are on IIS...  If there are any other ideas please chime in!!

Thanks all!
Jerry
0
 

Author Comment

by:jloberg
ID: 16889690
Here is another link that maybe helpful IF this is possible.  This was done in .NET, but I do not know of a way to do it via .asp.  If someone can find a way to send a link from .asp to .NET and have the .NET do what is needed I am not opposed to that process either.  I am willing to do what ever is needed even if it requires some extra steps on the server side.  Just not willing to make the users do anything extra.

http://www.developerfusion.co.uk/show/4672/
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:yourbudweiser
ID: 16905726
found this on a another site, credit to original poster:

http://www.developerfusion.co.uk/show/4672/

I noticed the article the other day on your website about "Spoofing the Referer During a Web Request" Immediately after reading it I was wondering if you can do this using ASP.NET, the answer is a resounding "YES, of course!". This works because the http standards allow the client to actually dictate the HTTP_Referer variable.

Here is the code:

 Function FetchURL(SomeURL as String, Referer As String) as String
    Dim WebResp as HTTPWebResponse
    Dim HTTPGetRequest as HttpWebRequest
    Dim sr As StreamReader
    dim myString as String
    HTTPGetRequest = DirectCast(WebRequest.Create(SomeURL),HttpWebRequest)
    HTTPGetRequest.KeepAlive = false
    HTTPGetRequest.Referer = Referer
    WebResp = HTTPGetRequest.GetResponse()
    sr = new StreamReader(WebResp.GetResponseStream(), Encoding.ASCII)
    myString = sr.ReadToEnd()
    Return myString
End Function

You can then call this using the following:
Dim PageString As String
PageString = FetchURL("http://www.google.com/","http://www.microsoft.com")
0
 

Author Comment

by:jloberg
ID: 16906060
Problem I am running into is that the page that has the link on it (the one I need to spoof) is a classic ASP page, the code above is ASP.NET.  I would need to find a way to transfer data to the ASP.NET page and then have the ASP.NET page spoof and redirect.  If anyone can help do that it would work.
Jerry
0
 
LVL 25

Expert Comment

by:kevp75
ID: 16906258
please see this link:
http://www.w3schools.com/asp/met_addheader.asp

you may be able to do
<%Response.AddHeader "HTTP_REFERRER","http://www.thesite.com"%>
0
 

Accepted Solution

by:
tvtimes earned 400 total points
ID: 16906266
Not sure if this will help but here is a way to link anonymously (remove) - Can't rename who your referer is but you can 'remove' it.  It can be done via a cgi script found here;
http://watson-net.com/download/download.asp?name=Redirector&file=redir.zip

And then test the syntax based on the following to a site that verifies if you are 'refered';

<a href="http://www.inet-police.com/cgi-bin/env.cgi"> Traditional Link</a>

<a href="/cgi-bin/redir.pl?url=http://www.inet-police.com/cgi-bin/env.cgi">Anonymous Link</a>

Because it is a standard "a href", you should be able to use the window.open command to open the link in a new window and imbed the asp.  Using your example above here would be your new code if you saved the redire.pl file in the /cgi-bin;
<a href="#" onClick="window.open('/cgi-bin/redir.pl?url=http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

Good Luck and hope this meets enough of your requirements and that you have CGI on your machine.
0
 

Author Comment

by:jloberg
ID: 16912289
kevp75 - I tried your proposed ideas...  The first there is a comment on w3schools that says the name can not contain underscores.  So that will not work for an HTTP_REFERER statement.  Great idea if the underscores worked....  The second, when I tested it it still showed the website the link came from as the referer...

tvtimes - Fortunately I am able to run cgi-scripts (had to test it first) with my web host.  It seems to work, the referer is not showing after I click on the link, so it appears to 'remove' the referer.  Even though I never thought about using CGI this does solve my problem and it works with classic .asp.

Thanks all.
Jerry
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question