Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 750
  • Last Modified:

Need to spoof HTTP_REFERER via a link from an asp page

I have a need to have a link to another site, however I do not want that site to know I am refering traffic to them.  My site is based on native .asp pages, I have looked and the only way I have seen to really do this is based on an article I found here on EE; (http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_21793985.html).  But it was not detailed enough, it appears to be in Java but it does not give a complete example.

Ideally here is what I want to happen is;
* Create a clickable Link from from my server using an asp page with 1 dynamic vairable
* Open the link in a new window when clicked
* Mask or remove the HTTP_REFERER (Webiste1 (origin) Website2 (desitnation) I do not want Website2 know that the user came from Website1)
* reusable for several different links on the same page (ie the dymanic variable will change several times in a for/next type loop on the .asp page)
* Not using .NET, only traditional .asp

Here is the way I do it now but it does not spoof the referer (the "#" is to hide the URL from the user, not a requirement, just a bonus);
<a href="#" onClick="window.open('http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

What I need is a real world example of the whole working solution.  I am not opposed to using Java or cgi, just need something that 'integrates' well with .asp.
0
jloberg
Asked:
jloberg
1 Solution
 
kevp75Commented:
unless you can get your server to forgo the referrer header you may be sol, as it cannot be done with any code.

i am unsure how do this with IIS, but I am sure it is possible if your host uses Apache
0
 
jlobergAuthor Commented:
We are on IIS...  If there are any other ideas please chime in!!

Thanks all!
Jerry
0
 
jlobergAuthor Commented:
Here is another link that maybe helpful IF this is possible.  This was done in .NET, but I do not know of a way to do it via .asp.  If someone can find a way to send a link from .asp to .NET and have the .NET do what is needed I am not opposed to that process either.  I am willing to do what ever is needed even if it requires some extra steps on the server side.  Just not willing to make the users do anything extra.

http://www.developerfusion.co.uk/show/4672/
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
yourbudweiserCommented:
found this on a another site, credit to original poster:

http://www.developerfusion.co.uk/show/4672/

I noticed the article the other day on your website about "Spoofing the Referer During a Web Request" Immediately after reading it I was wondering if you can do this using ASP.NET, the answer is a resounding "YES, of course!". This works because the http standards allow the client to actually dictate the HTTP_Referer variable.

Here is the code:

 Function FetchURL(SomeURL as String, Referer As String) as String
    Dim WebResp as HTTPWebResponse
    Dim HTTPGetRequest as HttpWebRequest
    Dim sr As StreamReader
    dim myString as String
    HTTPGetRequest = DirectCast(WebRequest.Create(SomeURL),HttpWebRequest)
    HTTPGetRequest.KeepAlive = false
    HTTPGetRequest.Referer = Referer
    WebResp = HTTPGetRequest.GetResponse()
    sr = new StreamReader(WebResp.GetResponseStream(), Encoding.ASCII)
    myString = sr.ReadToEnd()
    Return myString
End Function

You can then call this using the following:
Dim PageString As String
PageString = FetchURL("http://www.google.com/","http://www.microsoft.com")
0
 
jlobergAuthor Commented:
Problem I am running into is that the page that has the link on it (the one I need to spoof) is a classic ASP page, the code above is ASP.NET.  I would need to find a way to transfer data to the ASP.NET page and then have the ASP.NET page spoof and redirect.  If anyone can help do that it would work.
Jerry
0
 
kevp75Commented:
please see this link:
http://www.w3schools.com/asp/met_addheader.asp

you may be able to do
<%Response.AddHeader "HTTP_REFERRER","http://www.thesite.com"%>
0
 
tvtimesCommented:
Not sure if this will help but here is a way to link anonymously (remove) - Can't rename who your referer is but you can 'remove' it.  It can be done via a cgi script found here;
http://watson-net.com/download/download.asp?name=Redirector&file=redir.zip

And then test the syntax based on the following to a site that verifies if you are 'refered';

<a href="http://www.inet-police.com/cgi-bin/env.cgi"> Traditional Link</a>

<a href="/cgi-bin/redir.pl?url=http://www.inet-police.com/cgi-bin/env.cgi">Anonymous Link</a>

Because it is a standard "a href", you should be able to use the window.open command to open the link in a new window and imbed the asp.  Using your example above here would be your new code if you saved the redire.pl file in the /cgi-bin;
<a href="#" onClick="window.open('/cgi-bin/redir.pl?url=http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

Good Luck and hope this meets enough of your requirements and that you have CGI on your machine.
0
 
jlobergAuthor Commented:
kevp75 - I tried your proposed ideas...  The first there is a comment on w3schools that says the name can not contain underscores.  So that will not work for an HTTP_REFERER statement.  Great idea if the underscores worked....  The second, when I tested it it still showed the website the link came from as the referer...

tvtimes - Fortunately I am able to run cgi-scripts (had to test it first) with my web host.  It seems to work, the referer is not showing after I click on the link, so it appears to 'remove' the referer.  Even though I never thought about using CGI this does solve my problem and it works with classic .asp.

Thanks all.
Jerry
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now