Referer spoofing

Referer spoofing

In computer security, referer spoofing or ref tar spoofing is the sending of incorrect referer information along with an HTTP request, sometimes with the aim of gaining unauthorized access to a web site. It can also be used because of privacy concerns, as an alternative to sending no referer at all.

Application

Some subscription sites, especially many pornographic paysites, utilize referer information to secure their materials: only browsers arriving from a small set of approved (login-) pages are given access; this facilitates the sharing of materials among a group of cooperating paysites.If attackers acquire knowledge of these approved referers (which is often trivial because many sites follow a common template), they can then gain free access to the materials.

Spoofing often allows legitimate access to a site's content where the site's web server is configured to block browsers not sending referer headers. Web site owners may do this to disallow hotlinking.

It can be also used to defeat referer checking controls that are used to mitigate Cross-Site Request Forgery attacks.

Tools

Several software tools exist to facilitate referer spoofing:
* Proxomitron is a proxy capable of referer spoofing.
* The Mozilla Firefox extension refspoof [http://refspoof.mozdev.org/] allows to use a custom referer URL for any site one visits, and provides a mechanism to manage a bookmark list of such referer/site pairs.
* QuickSpoof and Spooph provide the same functionality for the Internet Explorer browser.
* SuperMegaSpoof [http://www.supermegaspoof.com/] is a Windows application that supports both browsers and allows users to exchange and rate referer spoofs; it displays advertisements while it is running.

See also

* Referer spam


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Referer spam — is a kind of spamdexing (spamming aimed at search engines). The technique involves making repeated web site requests using a fake referer url that points to the site the spammer wishes to advertise. Sites that publicize their access logs,… …   Wikipedia

  • Spoofing attack — In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. Man in the middle attack and internet… …   Wikipedia

  • Referer — Ein Referrer ist die Internetadresse der Webseite, von der der Benutzer durch Anklicken eines Links zu der aktuellen Seite gekommen ist (engl. to refer „verweisen“). Der Referrer ist ein Teil der an den Webserver geschickten HTTP Anfrage. Das RFC …   Deutsch Wikipedia

  • HTTP referer — The referer, or HTTP referer, identifies, from the point of view of an internet webpage or resource, the address of the webpage (commonly the URL, the more generic URI or the i18n updated IRI) of the resource which links to it. By checking the… …   Wikipedia

  • Referrer-Spoofing — Ein Referrer ist die Internetadresse der Webseite, von der der Benutzer durch Anklicken eines Links zu der aktuellen Seite gekommen ist (engl. to refer „verweisen“). Der Referrer ist ein Teil der an den Webserver geschickten HTTP Anfrage. Das RFC …   Deutsch Wikipedia

  • Spoof — Spoof, spooves, spoofer or spoofing can refer to: *Parody by imitation *Forgery of goods or documents *Spoofing attack, a computer security term *Referer spoofing, a type of spoofing attack *Protocol spoofing, a technique to increase performance… …   Wikipedia

  • List of confidence tricks — This list of confidence tricks and scams should not be considered complete, but covers the most common examples. Confidence tricks and scams are difficult to classify, because they change often and often contain elements of more than one type.… …   Wikipedia

  • Advance-fee fraud — African sting An advance fee fraud is a confidence trick in which the target is persuaded to advance sums of money in the hope of realizing a significantly larger gain.[1] Among the variations on this type of scam are the Nigerian Letter (also… …   Wikipedia

  • Pyramid scheme — The unsustainable exponential progression of a classic pyramid scheme A pyramid scheme is a non sustainable business model that involves promising participants payment or services, primarily for enrolling other people into the scheme, rather than …   Wikipedia

  • Confidence trick — Con games redirects here. For the film, see Con Games (film). Scam redirects here. For other uses, see Scam (disambiguation). For the short story by John Wyndham, see Jizzle. A confidence trick is an attempt to defraud a person or group by… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”