同时重定向和伪造引用者 [英] redirect and fake the referer at the sametime
问题描述
有没有办法将用户重定向到另一个站点并同时伪造推荐人.?用我的代码试过这个,我知道它错了,但这只是我能走多远.
Is there a way to redirect the user to another site and fake the referrer at the same time.? Tried this with my code, i know its wrong but thats only how far i can get.
<?php
$page1 = "http://google.com"; $page2 = "http://yahoo.com/";
$mypages = array($page1,$page2);
$myrandompage = $mypages[mt_rand(0, count($mypages) -1)];
$sites = array_map("trim", file("links.txt"));
$referer = $sites[array_rand($sites)];
function fake_it($url, $ref, $agent)
{
$curl = curl_init();
$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Keep-Alive: 300";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
$header[] = "Pragma: "; // browsers keep this blank.
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_USERAGENT, $agent);
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_REFERER, $ref);
curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($curl, CURLOPT_AUTOREFERER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_TIMEOUT, 5000);
$html = curl_exec($curl);
curl_close($curl);
// returns the content provided by the site
return $html;
}
//Below would send a request to the url, with the second parameter as the referrer
echo fake_it($myrandompage, $referer,$_SERVER['HTTP_USER_AGENT']);
?>
我想要的是从refer.php -> google.com(referer = 其他一些网址)..
what i want is to go from refer.php -> google.com(referer = some other url)..
推荐答案
您可以做的是将用户重定向到 https 站点,例如 damianb 描述了 + 对您的 redirect.php 脚本进行元刷新:
What you can do is to redirect a user to a https site, like damianb described + do a meta refresh on your redirect.php script:
redirect.php:(例如 https://www.myurl.com/redirect.php?url=http://www.someotherurl.com)
<?php $destination = $_GET['url']; ?>
<html><head><meta http-equiv="refresh" content="0;url=<?php echo $destination; ?>/"></head><body></body></html>
现在您使用 2 种武器进行战斗(https,对于仍然发送引用的浏览器:刷新标签).
Now you fight with 2 weapons (https, and for browsers that still send the referer: a refresh tag).
在 RFC 2616 中它说:
In RFC 2616 it says:
1.如果从 HTTP 安全 (HTTPS) 连接访问网站,并且链接指向除另一个安全位置以外的任何位置,则不会发送引用字段"
但由于这并不完全正确..不幸的是,您也可以考虑一下:
But since this is not fully true.. unfortunately, you can consider this too:
2.当指示使用刷新"字段重定向时,大多数 Web 浏览器不会发送引用字段.这不包括某些版本的 Opera 和许多移动 Web 浏览器.但是,万维网不鼓励这种重定向方法联盟 (W3C).[7]"
http://en.wikipedia.org/wiki/HTTP_referrer#Referer_hiding
已使用 Chrome 和 Firefox 进行测试.祝你好运!
Tested with Chrome and Firefox. Good luck!
这篇关于同时重定向和伪造引用者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!