?
Solved

Need to spoof HTTP_REFERER via a link from an asp page

Posted on 2006-06-12
8
Medium Priority
?
703 Views
Last Modified: 2008-01-09
I have a need to have a link to another site, however I do not want that site to know I am refering traffic to them.  My site is based on native .asp pages, I have looked and the only way I have seen to really do this is based on an article I found here on EE; (http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_21793985.html).  But it was not detailed enough, it appears to be in Java but it does not give a complete example.

Ideally here is what I want to happen is;
* Create a clickable Link from from my server using an asp page with 1 dynamic vairable
* Open the link in a new window when clicked
* Mask or remove the HTTP_REFERER (Webiste1 (origin) Website2 (desitnation) I do not want Website2 know that the user came from Website1)
* reusable for several different links on the same page (ie the dymanic variable will change several times in a for/next type loop on the .asp page)
* Not using .NET, only traditional .asp

Here is the way I do it now but it does not spoof the referer (the "#" is to hide the URL from the user, not a requirement, just a bonus);
<a href="#" onClick="window.open('http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

What I need is a real world example of the whole working solution.  I am not opposed to using Java or cgi, just need something that 'integrates' well with .asp.
0
Comment
Question by:jloberg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 25

Expert Comment

by:kevp75
ID: 16888953
unless you can get your server to forgo the referrer header you may be sol, as it cannot be done with any code.

i am unsure how do this with IIS, but I am sure it is possible if your host uses Apache
0
 

Author Comment

by:jloberg
ID: 16888986
We are on IIS...  If there are any other ideas please chime in!!

Thanks all!
Jerry
0
 

Author Comment

by:jloberg
ID: 16889690
Here is another link that maybe helpful IF this is possible.  This was done in .NET, but I do not know of a way to do it via .asp.  If someone can find a way to send a link from .asp to .NET and have the .NET do what is needed I am not opposed to that process either.  I am willing to do what ever is needed even if it requires some extra steps on the server side.  Just not willing to make the users do anything extra.

http://www.developerfusion.co.uk/show/4672/
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:yourbudweiser
ID: 16905726
found this on a another site, credit to original poster:

http://www.developerfusion.co.uk/show/4672/

I noticed the article the other day on your website about "Spoofing the Referer During a Web Request" Immediately after reading it I was wondering if you can do this using ASP.NET, the answer is a resounding "YES, of course!". This works because the http standards allow the client to actually dictate the HTTP_Referer variable.

Here is the code:

 Function FetchURL(SomeURL as String, Referer As String) as String
    Dim WebResp as HTTPWebResponse
    Dim HTTPGetRequest as HttpWebRequest
    Dim sr As StreamReader
    dim myString as String
    HTTPGetRequest = DirectCast(WebRequest.Create(SomeURL),HttpWebRequest)
    HTTPGetRequest.KeepAlive = false
    HTTPGetRequest.Referer = Referer
    WebResp = HTTPGetRequest.GetResponse()
    sr = new StreamReader(WebResp.GetResponseStream(), Encoding.ASCII)
    myString = sr.ReadToEnd()
    Return myString
End Function

You can then call this using the following:
Dim PageString As String
PageString = FetchURL("http://www.google.com/","http://www.microsoft.com")
0
 

Author Comment

by:jloberg
ID: 16906060
Problem I am running into is that the page that has the link on it (the one I need to spoof) is a classic ASP page, the code above is ASP.NET.  I would need to find a way to transfer data to the ASP.NET page and then have the ASP.NET page spoof and redirect.  If anyone can help do that it would work.
Jerry
0
 
LVL 25

Expert Comment

by:kevp75
ID: 16906258
please see this link:
http://www.w3schools.com/asp/met_addheader.asp

you may be able to do
<%Response.AddHeader "HTTP_REFERRER","http://www.thesite.com"%>
0
 

Accepted Solution

by:
tvtimes earned 400 total points
ID: 16906266
Not sure if this will help but here is a way to link anonymously (remove) - Can't rename who your referer is but you can 'remove' it.  It can be done via a cgi script found here;
http://watson-net.com/download/download.asp?name=Redirector&file=redir.zip

And then test the syntax based on the following to a site that verifies if you are 'refered';

<a href="http://www.inet-police.com/cgi-bin/env.cgi"> Traditional Link</a>

<a href="/cgi-bin/redir.pl?url=http://www.inet-police.com/cgi-bin/env.cgi">Anonymous Link</a>

Because it is a standard "a href", you should be able to use the window.open command to open the link in a new window and imbed the asp.  Using your example above here would be your new code if you saved the redire.pl file in the /cgi-bin;
<a href="#" onClick="window.open('/cgi-bin/redir.pl?url=http://www.somesite.com/testing/topic.asp?SID=<%=Cstr(fp_rs("Topic"))%','_blank','width=750,height=420,resizable=1,scrollbars=1')">Link me</a>

Good Luck and hope this meets enough of your requirements and that you have CGI on your machine.
0
 

Author Comment

by:jloberg
ID: 16912289
kevp75 - I tried your proposed ideas...  The first there is a comment on w3schools that says the name can not contain underscores.  So that will not work for an HTTP_REFERER statement.  Great idea if the underscores worked....  The second, when I tested it it still showed the website the link came from as the referer...

tvtimes - Fortunately I am able to run cgi-scripts (had to test it first) with my web host.  It seems to work, the referer is not showing after I click on the link, so it appears to 'remove' the referer.  Even though I never thought about using CGI this does solve my problem and it works with classic .asp.

Thanks all.
Jerry
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question