同时重定向和伪造引用者 [英] redirect and fake the referer at the sametime

问题描述

有没有办法将用户重定向到另一个站点并同时伪造推荐人.?用我的代码试过这个，我知道它错了，但这只是我能走多远.

Is there a way to redirect the user to another site and fake the referrer at the same time.? Tried this with my code, i know its wrong but thats only how far i can get.

<?php
    $page1 = "http://google.com"; $page2 = "http://yahoo.com/";
    $mypages = array($page1,$page2); 
    $myrandompage = $mypages[mt_rand(0, count($mypages) -1)];
    $sites = array_map("trim", file("links.txt"));
    $referer = $sites[array_rand($sites)];

function fake_it($url, $ref, $agent) 
{ 
  $curl = curl_init(); 
  $header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,"; 
  $header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"; 
  $header[] = "Cache-Control: max-age=0"; 
  $header[] = "Connection: keep-alive"; 
  $header[] = "Keep-Alive: 300"; 
  $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"; 
  $header[] = "Accept-Language: en-us,en;q=0.5"; 
  $header[] = "Pragma: "; // browsers keep this blank. 

  curl_setopt($curl, CURLOPT_URL, $url); 
  curl_setopt($curl, CURLOPT_USERAGENT, $agent); 
  curl_setopt($curl, CURLOPT_HTTPHEADER, $header); 
  curl_setopt($curl, CURLOPT_REFERER, $ref); 
  curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate'); 
  curl_setopt($curl, CURLOPT_AUTOREFERER, true); 
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); 
  curl_setopt($curl, CURLOPT_TIMEOUT, 5000); 

  $html = curl_exec($curl);
  curl_close($curl);

  // returns the content provided by the site
  return $html;
}

//Below would send a request to the url, with the second parameter as the referrer
echo fake_it($myrandompage, $referer,$_SERVER['HTTP_USER_AGENT']);

?>

我想要的是从refer.php -> google.com(referer = 其他一些网址)..

what i want is to go from refer.php -> google.com(referer = some other url)..

推荐答案

您可以做的是将用户重定向到 https 站点，例如 damianb 描述了 + 对您的 redirect.php 脚本进行元刷新:

What you can do is to redirect a user to a https site, like damianb described + do a meta refresh on your redirect.php script:

redirect.php:(例如 https://www.myurl.com/redirect.php?url=http://www.someotherurl.com)

<?php $destination = $_GET['url']; ?>
<html><head><meta http-equiv="refresh" content="0;url=<?php echo $destination; ?>/"></head><body></body></html>

现在您使用 2 种武器进行战斗(https，对于仍然发送引用的浏览器:刷新标签).

Now you fight with 2 weapons (https, and for browsers that still send the referer: a refresh tag).

在 RFC 2616 中它说:

In RFC 2616 it says:

1.如果从 HTTP 安全 (HTTPS) 连接访问网站，并且链接指向除另一个安全位置以外的任何位置，则不会发送引用字段"

但由于这并不完全正确..不幸的是，您也可以考虑一下:

But since this is not fully true.. unfortunately, you can consider this too:

2.当指示使用刷新"字段重定向时，大多数 Web 浏览器不会发送引用字段.这不包括某些版本的 Opera 和许多移动 Web 浏览器.但是，万维网不鼓励这种重定向方法联盟 (W3C).[7]"

http://en.wikipedia.org/wiki/HTTP_referrer#Referer_hiding

已使用 Chrome 和 Firefox 进行测试.祝你好运！

Tested with Chrome and Firefox. Good luck!

这篇关于同时重定向和伪造引用者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！