Web Design & Development Guide

Referer spoofing

Home | Up

In computer security, referer spoofing or ref tar spoofing is the sending of incorrect referer information along with an HTTP request, with the aim of gaining unauthorized access to a web site.

Application

Some subscription sites, especially many pornographic paysites, utilize referer information to secure their materials: only browsers arriving from a small set of approved (login-) pages are given access; this facilitates the sharing of materials among a group of cooperating paysites. If attackers acquire knowledge of these approved referers (which is often trivial because many sites follow a common template), they can then gain free access to the materials.

Tools

Several software tools exist to facilitate referrer spoofing:

• Proxomitron offeres the capability of referrer spoofing at http://proxomitron.info
• Here is an open source project at http://livehttpheaders.mozdev.org/ where there is a feature called "replay headers".
• The Mozilla Firefox extension refspoof allows to use a custom referer URL for any site one visits, and provides a mechanism to manage a bookmark list of such referer/site pairs.
• A similar Mozilla Firefox extension is spooFXplorer (not compatible with the most recent version of Firefox).
• QuickSpoof and Spooph provide the same functionality for the Internet Explorer browser.
• SuperMegaSpoof is a Windows application that supports both browsers and allows users to exchange and rate referer spoofs; it displays advertisements while it is running.
• SpoofForge is similar to SuperMegaSpoof with the exception that spoofs are displayed on a web site, and so there is no software to install.

External links

• Refspoof plugin
• QuickSpoof
• SuperMegaSpoof
• Shitforbrains.org, discussion forum for spoofs, download links for spoofXporer and Spooph
• SpoofForge.com, Web wiki of ranked adult spoofs

Home | Up | Browser exploit | Cross-site cooking | Cross-site request forgery | Cross-site scripting | Cross-zone scripting | Directory traversal | Evil twin (wireless networks) | HTTP response splitting | IDN homograph attack | Referer spoofing | Session fixation | Session poisoning | Website spoofing

Web Design & Development Guide, made by MultiMedia | Websites for sale

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.