PHP - Referer redirect script

Question

Often, when searching for answers, I have found that certain websites will allow you to read the information they offer if the referer is, for example, google.com. Yet, if you link directly to the information, it will be unavailable.

What I am looking for is the smallest PHP script that will set a referer of my choice, and a destination, like so:

http://example.com/ref_red.php?referer=http://google.com/&end=http://example.net/

Notes:

• ref_red.php is the name of the script on my example.
• referer and end should accept http, https, ftp.
• referer and end can contain an URI of any type, as simple as http://end.com or as complicated as: http://example.com/some/rr/print.pl?document=rr, for example.

NOTE: As recommended on a reply, I am adding this. The script isn't a full proxy per se. Only initial HTTP request would be proxied (not subsequent requests like images,etc) for the sole purpose of setting the referer.

Answer 1

The referer is set by your browser, not by any server side mechanism. You could, I guess, construct a proxy in PHP that makes the request of the remote server and sets the referer header appropriately. It seems more useful to just use a Firefox plugin, e.g. http://www.stardrifter.org/refcontrol/.

Edit: I'd reword your question to make it clear you want to write a PHP proxy, with a custom referrer header. I'd probably just modify something like http://sourceforge.net/projects/poxy/ to take the referrer parameter and pass it on.

Edit again: You may be clear on what you're asking, but asking for the impossible doesn't make it possible. The browser is responsible for setting the referrer header; it uses the URI that caused it to redirect to a new resource. You're asking for a script that says "Please visit http://example.net, but pretend that I'm actually www.foo.com when you do so". There is no mechanism for the server to instruct the browser to "lie" about where it came from.

I suppose it may be possible via some convoluted JavaScript hacking, but it would be hacking in the black hat sense - a web site being able to force a browser to spoof the referrer would be a real security hole.

Answer 2

You can use one of the services available on Internet which allow hiding referrers (by setting their address), but you cannot impose a specific referrer that ain't the actual referrer. The user must actually be redirected to that website (which will appear as a referrer) before he is redirected to the target website.

One of such services: http://linkanon.com

edit:

Since you changed your question now, my comment about writing a user agent in PHP which acts like a proxy, applies, but then this gets close to a criminal activity, because you will be displaying a third party website to a user who might think that she is in the actual website, while in fact she will have loaded your content (the content you have passed on). To perform this close-to-criminal activity (you are one step away from trying to read a username and password), you load the third party's website content with PHP by using your own written user agent which specifies the fake referrer and simply passes the output to visitor of your website. The function in PHP which lets one send HTTP headers, is header($header):

header("Referer: http://example.org");

Instead of shouting at people who try to help, you could try to read HTTP (that's the protocol according to which the world turns around) specification regarding Referer header: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html (See Section 14.36).

You also might want to read http://en.wikipedia.org/wiki/Referrer_spoofing where you can see that it's all about client side. PHP is server side. All you can do is try to write a client code (Javascript) generated by PHP, but if you have any luck, then you're breaking into user's world.

Answer 3

this function should give you a starting point it will fetch any http url with the specified referrer

handling the query parms should be pretty trivial, so i will leave that part for you to do

<?php

    echo geturl('http://some-url', 'http://referring-url');

    function geturl($url, $referer) { 

     $headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg'; 
     $headers[] = 'Connection: Keep-Alive'; 
     $headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; 
     $user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)'; 

     $process = curl_init($url); 
     curl_setopt($process, CURLOPT_HTTPHEADER, $headers); 
     curl_setopt($process, CURLOPT_HEADER, 0); 
     curl_setopt($process, CURLOPT_USERAGENT, $useragent);
     curl_setopt($process, CURLOPT_REFERER, $referer);
     curl_setopt($process, CURLOPT_TIMEOUT, 30); 
     curl_setopt($process, CURLOPT_RETURNTRANSFER, 1); 
     curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1); 

     $return = curl_exec($process); 
     curl_close($process); 

     return $return; 
    } 

?>

Answer 4

You might also find this thread useful if you wish to learn how to fake the referer with php.