http referer

**smooth_operator** · August 31st, 2004, 09:40 PM

i was wondering how it works exactly and the concept behind it. i was at the ngsec website and i saw their game so i decided to take a look at it, and in the second level it talks about spoofing the http referer. i dont need to know about the spoofing part, just the http referer because ive never heard of it before. (although im sure its everywhere)

***Tiger Shark*** · August 31st, 2004, 09:54 PM

When you are on the front page of AO for example and you click a link to a site in the ads at the top of the page your browser remembers that you were at AO and passes this nformation to the new web site you linked to. That's the http referrer.

What the game is 'referring' to, (pun intended

), is that one way of making sure that only certain people can see certain pages for example is for the request to be checked for the http referrer. If the http referrer doesn't match the parameters set by the new page it won't load. What you have to do is determine what the http referrer should be, and find out a way to spoof the http referrer to make it look like you came from the appropriate place.

***Tedob1*** · September 1st, 2004, 04:51 AM

for a better understanding of the http protocol try reading the RFC. this part deals with what your asking:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

RFC 2616 Fielding, et al.

14. Header Field Definitions

after reading this it will help to crysalize what you've learned by seeing the protocol in action. a good tool for doing this is achillies:

http://www.mavensecurity.com/achilles

insecure.org describes achillies as:

"A Windows web attack proxy
Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. "

***hypronix*** · September 1st, 2004, 08:38 AM

Although maybe Achilles has some distinctive features that make it a good software, I like tools that manage to teach me more about some specific thing. So in your case I can tell you the magic word that will help out a million times in wargames from now on:

telnet

Oh yes, you can do it. Referrer, user agent, posting variables and anything in between, what your browser can do telnet can do as well. It takes a while [I'm still working with it and learning telnet itself] but it's not going to be the hardest thing you need to learn. I recommend using a sniffer in addition, so you can see how requests are made and so you can make a more particular request yourself. But I've given you more information then I should've, so go wargame on your own now

[and good luck!]

**smooth_operator** · September 1st, 2004, 06:43 PM

is this something that i can do in the browser window, or will i have to use telnet. im tryin to stay away from progs because i know i wont learn the concept and how to prevent it. are there any good white papers on telnet that you know of? also, i was trying to set up a lab (totally different question but i thought it would be a good idea to use the same post instead of make a new one) can i run an http server on linux and network a windows xp computer to it and have it be like a regular web page or server just used for these two computers? i dont know if that makes sense or not.

**|gridley|** · September 1st, 2004, 06:54 PM

Here is some perl code that will let you 'set' the referer (and other header information)
I did not write it, credits are in the textfile.

can i run an http server on linux and network a windows xp computer to it and have it be like a regular web page or server just used for these two computers?

Yes you can, most linux-distros come with apache web(http) server.

***nebulus200*** · September 1st, 2004, 07:27 PM

Originally posted here by hypronix
Although maybe Achilles has some distinctive features that make it a good software, I like tools that manage to teach me more about some specific thing. So in your case I can tell you the magic word that will help out a million times in wargames from now on:

telnet

Oh yes, you can do it. Referrer, user agent, posting variables and anything in between, what your browser can do telnet can do as well. It takes a while [I'm still working with it and learning telnet itself] but it's not going to be the hardest thing you need to learn. I recommend using a sniffer in addition, so you can see how requests are made and so you can make a more particular request yourself. But I've given you more information then I should've, so go wargame on your own now [and good luck!]

While telnet works quite well in a pinch, if you are going to be doing this regularly, I recommend using netcat. It doesn't pass on some other gibberish like telnet does and operates purely on a socket level.

**smooth_operator** · September 1st, 2004, 07:37 PM

ok has anyone tried or completed this particular war game?

***Tedob1*** · September 1st, 2004, 08:05 PM

ive not tried that game but the same referer spoofing is pretty standard and 'nc <info.txt' is pretty much the best way to do it. but if you want to really learn whats going on and not waste allot of time cutting and pasting to make the changes you need:

Thread: http referer

Thread Tools

Display

http referer

mmkay

Posting Permissions