HTTP-REFERER this variable has become increasingly unreliable, completely can be forged out of the east.
Here are the forgery methods:
ASP/Visual Basic Code
PHP (provided that curl is installed ):
The following is a code snippet:
Dim http
Set http = server. createobject ("MSXML2.XMLHTTP") // MSXML2.serverXMLHTTP can also
Http. open "GET", url, false
Http. setRequestHeader "Referer", "http://www.dc9.cn /"
Http. send ()
PHP code
PHP (use sock instead of curl)
The following is a code snippet:
$ Ch = curl_init ();
Curl_setopt ($ ch, CURLOPT_URL, "asp"> http://www.dc9.cn/xxx.asp ");
Curl_setopt ($ ch, CURLOPT_REFERER, "http://www.dc9.cn /");
Curl_exec ($ ch );
Curl_close ($ ch );
PHP code
The following is a code snippet:
$ Server = www.dc9.cn;
$ Host = www.dc9.cn;
$ Target =/xxx. asp;
$ Referer = http://www.dc9.cn // Referer
$ Port = 80;
$ Fp = fsockopen ($ server, $ port, $ errno, $ errstr, 30 );
If (! $ Fp)
{
Echo "$ errstr ($ errno) <br/> ";
}
Else
{
$ Out = "GET $ target HTTP/1.1 ";
$ Out. = "Host: $ host ";
$ Out. = "Cookie: ASPSESSIONIDSQTBQSDA = DFCAPKLBBFICDAFMHNKIGKEG ";
$ Out. = "Referer: $ referer ";
$ Out. = "Connection: Close ";
Fwrite ($ fp, $ out );
While (! Feof ($ fp ))
{
Echo fgets ($ fp, 128 );
}
Fclose ($ fp );
}
VB. NET/C #. NET
C # code
The following is a code snippet:
Dim oXMLHttp As MSXML2.XMLHTTP30 = New MSXML2.XMLHTTP30 ()
Or
MSXML2.XMLHTTP30 oXMLHttp = new MSXML2.XMLHTTP30 ();
OXMLHttp. open (....
OXMLHttp. setRequestHeader (...
OXMLHttp. send (..
Javascript
JavaScript code
XmlHttp. setRequestHeader ("Referer", "http: // URL ");//??? Haha ~ Fake ~
JS does not support ipv_^
The principle is that sock constructs an http header to senddata. Other languages, such as perl, can also be used,
Currently, the simple method to defend against referer forgery is to use a verification code (Session ).
Some commercial companies that can use anti-leech software, such as UUDOG, linkgate, and VirtualWall, are all developed to apply the dll on IIS.
Some use cookies for verification and thread control, and some can randomly generate file names and then rewrite URLs. Some methods can indeed achieve good results.
However, the magic of these artifact will eventually be cracked.