Ways to forge Referer using WebBrowser: WebBrowser1.Navigate (URL, "_self", NULL, "referer:http://www.xxx.com")
This period of time has been studying how to set up Referer in WebBrowser to forge the route of the brush traffic, but the final study of half a month ended in failure, because the current statistical code, the more practical is cnzz.com and Google AdSense comes with statistics, their statistics are through the JS file statistics, so that the formation of false antecedents of the unsuccessful, specifically why not succeed let the following article explain it!
It is well known that the server side of the Referer can be forged, whether ASP, PHP or other scripts can be forged referer, some download software is to referer forged lifelike, the use of WebBrowser control can easily forge the route. So, as a gatekeeper to protect the site, how does it prevent these forged referer?
Here, use Javascript as a tool.
The methods mentioned above to forge Referer are implemented through server-side scripting, but they do not deceive the client. And JS is executed at the client, it does not care about server-side headers information, so, the use of JS Document.referer method can accurately determine the true origin of the Web page.
Almost all third-party statistics invariably use the document.referer to determine the origin of the route, why? It is the referer that is based on JS is not forged. Even if the server-side successfully forged Referer Web script, in the third-party statistics can not be counted, the reason is because these three-party statistics used Document.referer to determine the true antecedents.
Therefore, in order to counter false referer forgery information, statistical code needs to use JS Document.referer to distinguish, can be forged information to shut out.
As far as we know, so far, JS is not able to forge Referer.
Then someone asked, how do you judge this referer if the client has JavaScript footsteps or even cookies closed? In fact, the answer is also very simple, is the JS and asp/php script through the operation of the middle bridge between the cookies to achieve, JS to write this referer cookies,asp/php read this cookie, if not read this cookie, To judge the origin of the non-site.
Reprint: http://www.cnblogs.com/hackpig/archive/2010/02/14/1668236.html
Related articles
Brief analysis of Document.referrer
JS Document.referer have a way to forge the route?
C#:webbrowser forged Referer, why is the flow statistics invalid?