tags:

views:

598

answers:

2
Q: 

xmlhttprequest to spoof referer then redirect to another page?

Hello,

I've created some code using curl (PHP) which allows me to spoof the referrer or blank the referer then direct the user to another page with an spoofed referrer.

However the drawback to this is the IP address in the headers will always be the IP of my server, which isn't a valid solution.

The question;

Is it possible using client side scripting i.e. (xmlhttprequest) to "change" the referrer then direct the user to a new page?

Thus keeping the users IP address intact but spoofing the referrer.

If yes, any help would be much appreciated.

Thanks!

+1  A: 

not from javascript.

No Refunds No Returns  2010-02-26 14:57:22
Okay Thank you!
cocacola09  2010-02-26 15:06:19
That would be a security hole in any browser that allowed it.
EricLaw -MSFT-  2010-02-26 15:13:29
Ok thank you for your help EricLaw
cocacola09  2010-02-26 15:31:31
gotta love the anonymous downvotes.
No Refunds No Returns  2010-02-26 16:11:49
A: 

This appears to work in the Firefox Javascript console:

var xhr = new XMLHttpRequest; 
xhr.open("get", "http://www.example.com/", true); 
xhr.setRequestHeader( 'Referer', 'http://www.fake.com/' ); 
xhr.send();

In my server log I see:

referer: http://www.fake.com/
friedo  2010-02-26 15:06:51
The console has a higher privilege XHR.
EricLaw -MSFT-  2010-02-26 15:12:06
Thank you for your help, I looked at this you need to request a function called netscape.security.PrivilegeManager() which will throw a permisisons dialog box up. Which is no good unfortunately.
cocacola09  2010-02-26 15:24:20
Thanks for your help friedo.
cocacola09  2010-02-26 15:31:52
I'm simply thanking him for the reply and attempt at a solution.
cocacola09  2010-02-26 16:27:53

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript