Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spoofing HTTP Referrer data using ASP.NET

Answers on here and various other sites are often full of warnings not to trust HTTP Referrer headers because they are 'so easily' spoofed or faked.

Before I go any further - no, I'm not up to no good - but I do want to run some referrer-dependant tests.

Whilst I don't doubt that the warnings about fake referrers are true, I can't really find much detailed info on how they can be manipulated. Even the Wikipedia article only talks about it in general terms.

I'm about to play with the RefControl addin for FireFox.

Programatically (in ASP.NET specifically) the UrlReferrer is a read-only property, so I don't see how I can fire off requests with fake referrer data if I can't set it? Do I really have to do it manually?

How would I use ASP.NET to send a request to my site with a user-supplied variable to populate the referrer header?

EDIT : As per my comment below, I ideally want to take an incoming request, manupulate the referrer data and then pass the request on to another page, intact. If I can make it appear intact by building a new one from scratch and copying the original properties, then that is fine too.

like image 323
Widor Avatar asked Oct 04 '11 15:10

Widor


People also ask

Can you spoof http referer?

In HTTP networking, typically on the World Wide Web, referer spoofing (based on a canonised misspelling of "referrer") sends incorrect referer information in an HTTP request in order to prevent a website from obtaining accurate data on the identity of the web page previously visited by the user.

How do I change http referer?

If you want to change the referer (url) header that will be sent to the server when a user clicks an anchor or iframe is opened, you can do it without any hacks. Simply do history. replaceState, you will change the url as it will appear in the browser bar and also the referer that will be send to the server.

How do I turn off referer spoofing?

Can be disabled via menu Tools > Preferences > Advanced > Network, and uncheck "Send referrer information".


2 Answers

I don't know if this exactly what you want, but in general, you should be able to spoof the value of the UrlReferer property (even if it's read-only) in HttpContext.Current.Request by using a bit of reflection.

For example:

FieldInfo fi = HttpContext.Current.Request.GetType().GetField("_referrer", BindingFlags.NonPublic | BindingFlags.Instance);

string initialReferer = HttpContext.Current.Request.UrlReferrer.ToString();
if (fi != null)
    fi.SetValue(HttpContext.Current.Request, new Uri("http://example.com"));
string fakedReferer = HttpContext.Current.Request.UrlReferrer.ToString();

On VS; these are the values before and after changing the UrlReferrer:

initialReferer
"http://localhost/Test/Default.aspx"
fakedReferer
"http://example.com/"

If you open the System.Web assembly using ILSpy you'll notice that the UrlReferrer property looks something like this:

public Uri UrlReferrer
{
    get
    {
        if (this._referrer == null && this._wr != null)
        {
            string knownRequestHeader = this._wr.GetKnownRequestHeader(36);
            if (!string.IsNullOrEmpty(knownRequestHeader))
            {
                try
                {
                    if (knownRequestHeader.IndexOf("://", StringComparison.Ordinal) >= 0)
                    {
                        this._referrer = new Uri(knownRequestHeader);
                    }
                    else
                    {
                        this._referrer = new Uri(this.Url, knownRequestHeader);
                    }
                }
                catch (HttpException)
                {
                    this._referrer = null;
                }
            }
        }
        return this._referrer;
    }
}
like image 99
Icarus Avatar answered Nov 15 '22 08:11

Icarus


This likely isn't going to get you what you want. But you can edit the Referror of an HttpWebRequest. I don't think there is a way of editing the referrer of your request in context.

using System.Net;

HttpWebRequest Req= (HttpWebRequest)System.Net.HttpWebRequest.Create("http://somewhere.com/");
Req.Referer = "http://www.fakesite.com";
like image 20
Doozer Blake Avatar answered Nov 15 '22 10:11

Doozer Blake