RSS
You are here: Home » Ant's Highlights » HTTP Referral Spoofing with PHP and cURL

HTTP Referral Spoofing with PHP and cURL

Wed, Aug 27, 2008

Ant's Highlights, Internet, PHP

HTTP Referral Spoofing with PHP and cURL

Well I’m feeling much better, so the other day I was reading a thread on Digital Point, this guy was charging a sh*t load to basically send a shit load of spoofed visitors with a fake Referral header. Therefore I’ve written a very basic one which you could in theory leave running all night. Unlike this other site I will just release the source code and hopefully cause havok.

All you need is a computer running and a list of proxies in the file “good-list.txt”. Put it in a directory (I would keep it private). The source code is as follows:

The code:

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd“>
<html xmlns=”http://www.w3.org/1999/xhtml” lang=”en”>
<head>
<title>HTTP Referrer Spoofing</title>
</head>
<body>
<h1>HTTP Referrer Spoofing</h1>
<p>This will spoof referals in the logs meaning your website will show up as a referrer in the target website statistics.
   It does by using random proxies from a supplied list, to ensure each request is unique.
</p><p>
   To allow for large requests (in the thousands) I’ve added the “Amount before refresh” option, this will meta refresh the page ensuring
   the tool does not timeout.</p>
 
</p>
<form method=”post” action=”index.php”>
 <fieldset>
  <label>Website to appear as referrer:</label>
   <input type=”text” name=”yoursite” value=”<? echo $_REQUEST['yoursite']; ?>”/>
  <label>Target Website:</label>
   <input type=”text” name=”target” value=”<? echo $_REQUEST['target']; ?>”/>
  <label>Times to Refer</label>
   <input type=”text” name=”amount” value=”<? echo $_REQUEST['amount']; ?>”/>
  <label>Amount before refresh</label>
   <?php
   if(empty($_REQUEST['refresh']))
   {
    $refresh = 10;
   }
   ?>
   <input type=”text” name=”refresh” value=”<? echo $refresh; ?>”/>
 </fieldset>
 <input type=”Submit” name=”Submit” value=”Submit”/>
</form>

 <?php
 /*
 
  Random Proxy Selector
 
 */
  function pc_randomint($max = 1)
  { 
   $m = 1000000;
  
  return ((mt_rand(1,$m * $max)-1)/$m);
  }
  function random_proxy()
  {
   $line_number = 0;

   $fh = fopen(’good-list.txt’,'r’) or die($php_errormsg);
   while (! feof($fh))
   {
    if ($s = fgets($fh,1048576))
    {
     $line_number++;
     if (pc_randomint($line_number) < 1)
     {
        
      $line = $s;
     
     }
    }  
   }
 
   fclose($fh) or die($php_errormsg);
  
   return $line;
  
  }
  
  /*
  
   The fake referral.
  
  */
  function do_fake_referer($yoursite,$target,$amount,$refresh,$done)
  {
   // The site to appear in the stats is $yoursite
   // The target site is $target
   // Amount is the total times the referral should be carried out
   // How often to refresh
   // How many have been done
   echo “<ol>”;
   $counter_refresh = 0;
   while($refresh > $counter_refresh)
   {
    $counter_refresh++;
    $random_proxy = random_proxy();
    
    // create a new cURL resource
    $ch = curl_init();

    // set URL and other appropriate options
    curl_setopt($ch, CURLOPT_URL, $target);
    curl_setopt($ch, CURLOPT_AUTOREFERER, false);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,7);
    curl_setopt($ch, CURLOPT_REFERER, $yoursite);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
    curl_setopt($ch, CURLOPT_PROXY, $random_proxy);
    
    $data = curl_exec($ch);

    curl_close($ch);
    
    if(empty($data))
    {

     print “<li>Error, didn’t work this time. Using proxy “.$random_proxy.”.</li>”;
    
     flush();

     
    } else {
     $done++;
     print “<li>Referred “.$done.” times. Using “.$random_proxy.”.</li>”;
     flush();
    }
   }
   echo “</ol>”;
   if($amount > $done)
   {
   echo “<meta http-equiv=\”refresh\” content=\”5;url=index.php?yoursite=”.$yoursite.”&target=”.$target.”&amount=”.$amount.”&refresh=”.$refresh.”&done=”.$done.”&Submit=Submit\”/>”;
   echo “<p>Refreshing in 5 Seconds</p>”; 
   }
   else
   {
   echo “<p>Completed “.$done.” spoofs made.”;
   }
  }
  if($_REQUEST['Submit'])
  {
   if($amount > $done)
   {
    do_fake_referer($_REQUEST['yoursite'],$_REQUEST['target'],$_REQUEST['amount'],$_REQUEST['refresh'],$_REQUEST['done']);
   }
  }
?>
</body>
</html>

Hope this helps, no complaining please.

This post was written by:

Anthony - who has written 137 posts on Anthony Shapley.


Contact the author

6 Comments For This Post

  1. Ausome1 Says:
    August 27th, 2008 at 7:56 pm

    You might want to look into adding curl_multi_init() for this script. Send multiple cURL handles in parallel to speed up the script.

  2. Anthony Says:
    August 27th, 2008 at 8:13 pm

    Thanks for the tip, I will look at doing that in the future and maybe release a newer version!

  3. booty Says:
    October 5th, 2008 at 4:15 am

    Hey great looking script…however is there anyway you can put this in a downloadable file? Cutting and pasting from here put quite a few odd characters in the code.

    Thanks again for the great code!

  4. Anthony Says:
    October 5th, 2008 at 6:26 am

    Thanks for your feedback, it would be my pleasure:
    http://www.anthonyshapley.co.uk/wp-content/referrer.zip
    Hope this helps.

  5. Malcolm Says:
    October 13th, 2008 at 8:49 pm

    I seem to have a problem running this. Basically nothing happens and I suspect its because $done never gets an initial value?

    Thanks

  6. Ross Says:
    October 22nd, 2008 at 3:03 pm

    Malcolm, the line near the bottom that states:

    if($amount > $done)

    change it to:

    if($_REQUEST['amount'] > $done)

    As you’ll see, $amount is not set anywhere globally and is only useable within the do_fake_referrer() function.

Leave a Reply