Well I’m feeling much better, so the other day I was reading a thread on Digital Point, this guy was charging a sh*t load to basically send a shit load of spoofed visitors with a fake Referral header. Therefore I’ve written a very basic one which you could in theory leave running all night. Unlike this other site I will just release the source code and hopefully cause havok.
All you need is a computer running and a list of proxies in the file “good-list.txt”. Put it in a directory (I would keep it private). The source code is as follows:
The code:
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd“>
<html xmlns=”http://www.w3.org/1999/xhtml” lang=”en”>
<head>
<title>HTTP Referrer Spoofing</title>
</head>
<body>
<h1>HTTP Referrer Spoofing</h1>
<p>This will spoof referals in the logs meaning your website will show up as a referrer in the target website statistics.
It does by using random proxies from a supplied list, to ensure each request is unique.
</p><p>
To allow for large requests (in the thousands) I’ve added the “Amount before refresh” option, this will meta refresh the page ensuring
the tool does not timeout.</p>
</p>
<form method=”post” action=”index.php”>
<fieldset>
<label>Website to appear as referrer:</label>
<input type=”text” name=”yoursite” value=”<? echo $_REQUEST['yoursite']; ?>”/>
<label>Target Website:</label>
<input type=”text” name=”target” value=”<? echo $_REQUEST['target']; ?>”/>
<label>Times to Refer</label>
<input type=”text” name=”amount” value=”<? echo $_REQUEST['amount']; ?>”/>
<label>Amount before refresh</label>
<?php
if(empty($_REQUEST['refresh']))
{
$refresh = 10;
}
?>
<input type=”text” name=”refresh” value=”<? echo $refresh; ?>”/>
</fieldset>
<input type=”Submit” name=”Submit” value=”Submit”/>
</form><?php
/*
Random Proxy Selector
*/
function pc_randomint($max = 1)
{
$m = 1000000;
return ((mt_rand(1,$m * $max)-1)/$m);
}
function random_proxy()
{
$line_number = 0;$fh = fopen(’good-list.txt’,'r’) or die($php_errormsg);
while (! feof($fh))
{
if ($s = fgets($fh,1048576))
{
$line_number++;
if (pc_randomint($line_number) < 1)
{
$line = $s;
}
}
}
fclose($fh) or die($php_errormsg);
return $line;
}
/*
The fake referral.
*/
function do_fake_referer($yoursite,$target,$amount,$refresh,$done)
{
// The site to appear in the stats is $yoursite
// The target site is $target
// Amount is the total times the referral should be carried out
// How often to refresh
// How many have been done
echo “<ol>”;
$counter_refresh = 0;
while($refresh > $counter_refresh)
{
$counter_refresh++;
$random_proxy = random_proxy();
// create a new cURL resource
$ch = curl_init();// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, $target);
curl_setopt($ch, CURLOPT_AUTOREFERER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,7);
curl_setopt($ch, CURLOPT_REFERER, $yoursite);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, $random_proxy);
$data = curl_exec($ch);curl_close($ch);
if(empty($data))
{print “<li>Error, didn’t work this time. Using proxy “.$random_proxy.”.</li>”;
flush();
} else {
$done++;
print “<li>Referred “.$done.” times. Using “.$random_proxy.”.</li>”;
flush();
}
}
echo “</ol>”;
if($amount > $done)
{
echo “<meta http-equiv=\”refresh\” content=\”5;url=index.php?yoursite=”.$yoursite.”&target=”.$target.”&amount=”.$amount.”&refresh=”.$refresh.”&done=”.$done.”&Submit=Submit\”/>”;
echo “<p>Refreshing in 5 Seconds</p>”;
}
else
{
echo “<p>Completed “.$done.” spoofs made.”;
}
}
if($_REQUEST['Submit'])
{
if($amount > $done)
{
do_fake_referer($_REQUEST['yoursite'],$_REQUEST['target'],$_REQUEST['amount'],$_REQUEST['refresh'],$_REQUEST['done']);
}
}
?>
</body>
</html>
Hope this helps, no complaining please.
August 27th, 2008 at 7:56 pm
You might want to look into adding curl_multi_init() for this script. Send multiple cURL handles in parallel to speed up the script.
August 27th, 2008 at 8:13 pm
Thanks for the tip, I will look at doing that in the future and maybe release a newer version!
October 5th, 2008 at 4:15 am
Hey great looking script…however is there anyway you can put this in a downloadable file? Cutting and pasting from here put quite a few odd characters in the code.
Thanks again for the great code!
October 5th, 2008 at 6:26 am
Thanks for your feedback, it would be my pleasure:
http://www.anthonyshapley.co.uk/wp-content/referrer.zip
Hope this helps.
October 13th, 2008 at 8:49 pm
I seem to have a problem running this. Basically nothing happens and I suspect its because $done never gets an initial value?
Thanks
October 22nd, 2008 at 3:03 pm
Malcolm, the line near the bottom that states:
if($amount > $done)
change it to:
if($_REQUEST['amount'] > $done)
As you’ll see, $amount is not set anywhere globally and is only useable within the do_fake_referrer() function.
January 21st, 2009 at 8:25 am
hey,i check on web statistic but
the referrer and proxy ip doesnt show.
May 30th, 2009 at 11:21 pm
Whoa… this site is pretty awesome
your layout is really well designed, and your blogs are (judging from what i’ve read) very interesting. heehee… consider yourself favorited. 