When testing websites it may be beneficial to spoof the referer URL. I have used these methods in the past to locate bugs in code or files that have been infected with forms of search engine click jacking. The two easiest methods that I have found are using the Google Chrome extension called Spoofy or just using curl from the Linux CLI. Typically using curl is the easiest but if you are not familiar with curl then Spoofy also provides similar results. Below I describe both methods in detail.

Spoof Referer URL Using Google Chrome Spoofy Extension:

The Spoofy extension for Google Chrome can definitely come in handy and is really easy to use. Click here to visit the Spoofy extensions page and if you decide to install you can simply click the Install button located on this page. Once installed you will see the Spoofy icon located in the Google chrome toolbar shown in the below example image.

Spoofy Extension Icon

Once installed visit the site you want to be the referer URL and then click the Spoofy icon as shown in the below example image.

Google Chrome Extension Spoofy Extension Example

As you can see in the above example image when you click the Spoofy icon it drops down a mini window that takes a URL as input. The link that you input in this window will be the site that you are going to visit and the page that the browser window is open to will be the site that displays as the referer to the site you are visiting. I have verified that this works perfectly.

Spoof Referer URL Using curl From Linux CLI:

If you are familiar with Linux then using curl is much easier than using Spoofy. Below is an example using curl to spoof the referer URL.

curl -v -e "http://louisville.edu" http://www.question-defense.com/

The above command will display the output of the index page from www.question-defense.com while showing a referer of louisville.edu to the web server that serves question-defense.com as shown in the below web logs. - - [13/Sep/2011:00:58:52 -0500] "GET / HTTP/1.1" 200 61093 "http://louisville.edu" "curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5"

As you can see in the above http logs the refer displays as louisville.edu even though I was using this command from a server that is not associated with that website.

New From: $48.62 USD In Stock
Used from: $39.42 USD In Stock

Metasploit: The Penetration Tester's Guide (Paperback)

By (author): David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharoni

List Price: $49.95 USD
New From: $26.90 USD In Stock
Used from: $26.85 USD In Stock


Tags: , , , , , , , , , , , ,
Leave a Reply

*Type the letter/number combination in the abvoe field before clicking submit.