在Javascript中推荐人欺骗? [英] Referrer Spoofing in Javascript?
问题描述
嘿大家,
有没有人知道是否有可能使用Javascript欺骗推荐 - 当我从网上出发时,它是b / b
网站A到网站B,如果B使用php或javascript或
的东西来看引用网站,而不是网站A他们看到网站C,
哪个A做了什么让B看到?
我正在尝试为某个网站编写一个脚本,允许有人向我的脚本发送一个
GET请求将它转换为另一个
站点的POST(以便您可以使用POST为站点添加书签)。使用PHP生成的Javascript,它的工作原理很好,但是问题是一个特定的
网站,我想检查以确保引用网站是它自己的,制作
在这种情况下不可能将我的脚本用于其预期目的。
我希望我可以用javascript做一些事来欺骗网站进入
以为我来自正确的页面。
引荐来源存储在浏览器中,所以我想必须有一些
方式使用javascript来欺骗引用者。任何想法?
Rod Hilton说:
引荐来源存储在浏览器中,所以我想象一下,必须有一些方法来使用javascript来欺骗引用者。任何想法?
这是一个奇怪的想象。浏览器中存储的内容远远超过
可用的内容。
作者在大多数情况下,流行的浏览器都是智能和诚实的,并试图避免让人们轻松搞定这种欺骗行为。
系统的任何功能(如HTTP-REFERRER)都完全无用。
Lee< RE ************** @ cox.net>在新闻中写道:ck ********* @ drn.newsguy.com:
罗德希尔顿说:
referrer存储在浏览器中,所以我想有一些方法可以使用javascript来欺骗引用者。有什么想法?
这是一个奇怪的想象。存储在浏览器中的内容远远多于可用于脚本的内容。
流行浏览器的作者大多数情况下都是
聪明而诚实,并尽量避免让人们轻易摆脱那种会使系统的任何功能(如HTTP-REFERRER)完全消除的欺骗行为。 >没用。
好吧,我大部分都在想象它,因为我想这么做。 ;)
我会把这个答案当作不,那么?这是令人失望的 - 搜索
使用POST使我无法使用我的网页浏览器书签/昵称
功能。
$ b $嗯好吧。谢谢
Rod Hilton< ro*@NOSPAMair0day.com>写在
新闻:Xn ********************************* @ 216.196.9 7.136:
系统的任何功能(如HTTP-REFERRER)都完全没用。
referer,因为浏览器发送的所有其他标头都很容易被欺骗。一个依赖于它们的
网站首先被打破了。
好吧,我大部分时间都想象它,因为我想这么做。 ;)
然后使用Perl,PHP或其他一些服务器端技巧。
-
John MexIT: http://johnbokma.com/mexit/
个人页面: http://johnbokma.com/
经验丰富的程序员: http://castleamber.com/
快乐客户: http://castleamber.com/testimonials.html
Hey everyone,
Does anyone know if it''s possible to spoof a referral using Javascript - as
in, when I go from web site A to web site B, if B uses php or javascript or
something to see the referring site, instead of site A they see site C,
which A does something to make B see?
I''m trying to write a script for a site that will allow someone to send a
GET request to my script and have it be converted to a POST for another
site (so that you can bookmark searches for sites using POST). It works
fine, using PHP-generated Javascript, but the problem is that one specific
site, I think checks to make sure the referring site was it''s own, making
it impossible to use my script for its intended purpose in this instance.
I was hoping I could do something in javascript to fool the site into
thinking I came from the "right" page.
The referrer is stored in the browser, so I imagine there has to be some
way to spoof a referrer using javascript. Any ideas?
Rod Hilton said:
The referrer is stored in the browser, so I imagine there has to be some
way to spoof a referrer using javascript. Any ideas?
That''s an odd thing to imagine. There are far more things
stored in the browser that are not available to script than
are available.
The authors of the popular browsers are, for the most part,
intelligent and honest, and try to avoid making it easy for
people to get away with the sort of spoofing that would make
any feature of the system (such as HTTP-REFERRER) completely
useless.
Lee <RE**************@cox.net> wrote in news:ck*********@drn.newsguy.com:
Rod Hilton said:The referrer is stored in the browser, so I imagine there has to be some
way to spoof a referrer using javascript. Any ideas?
That''s an odd thing to imagine. There are far more things
stored in the browser that are not available to script than
are available.
The authors of the popular browsers are, for the most part,
intelligent and honest, and try to avoid making it easy for
people to get away with the sort of spoofing that would make
any feature of the system (such as HTTP-REFERRER) completely
useless.
Well, I''m mostly imagining it because I want to do it so badly. ;)
I''ll take this answer as a no, then? That''s disappointing - searches that
use POST make it impossible to use my web browsers bookmark/nickname
feature.
Ah well. Thanks
Rod Hilton <ro*@NOSPAMair0day.com> wrote in
news:Xn*********************************@216.196.9 7.136:
any feature of the system (such as HTTP-REFERRER) completely
useless.
referer, as all other headers the browser sends can be easily spoofed. A
site relying on those is broken in the first place.
Well, I''m mostly imagining it because I want to do it so badly. ;)
Then use Perl, PHP or some other server-side trick.
--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
这篇关于在Javascript中推荐人欺骗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
