July 22nd, 2004, 07:19 PM
I am preparing a technical paper presentation on web attacks which includes almost everything about web attacks firewall bypassing process injection and so on.
But have some problems in understanding HTTP_REFERER spoofing techniques i tried searching google but can't find much of interest there and RFC 2616 isn't helping me at all.
i will appriciate any help or link.
July 22nd, 2004, 07:41 PM
well, its so easy, get a tool like burpproxy at www.portswigger.net and see what is sent to the server when you request for a webpage, on of the things is the referer (the page you came from before you entered this page), now with referer spoofing it is like changing that page to the one desired by that application in order to get access to something. that's all...
here is an example:
connect to www.antionline.com via telnet or via the burpproxy...
this is what something like what you should see with burpproxy, or what you'd have to type with telnet:
GET /showthread.php?s=&threadid=260086 HTTP/1.0
User-Agent: mozilla/4.0(compatible MSIE6.0; Windows NT5.1;Linux)
and a lot more, but the point is the referer string, with a tool like burpproxy you can change it before it is sent to the server...
hope this clears things...
July 22nd, 2004, 08:14 PM
to put it in other words and other tools for that matter
there's still a few sites that still assume that you,ve been authenticated if your header lists their site as the referer. the logic being if you've got the referer tag fom a page you need authentication to view you must be authenticated. catching your outgoing header before its sent, with something like achellies allows you to make these changes and then send the request with the altered data. hope that helps
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
July 22nd, 2004, 09:05 PM
Oh yes i get it now.i think i can make my way from here.thanks guys