HTTP Referral Spoofing with PHP and cURL

Posted: Wednesday, August 27th, 2008 at 4:41 PM | By: Anthony

Well I’m feeling much better, so the other day I was reading a thread on Digital Point, this guy was charging a sh*t load to basically send a shit load of spoofed visitors with a fake Referral header. Therefore I’ve written a very basic one which you could in theory leave running all night. Unlike this other site I will just release the source code and hopefully cause havok.

All you need is a computer running and a list of proxies in the file “good-list.txt”. Put it in a directory (I would keep it private). The source code is as follows:

The code:

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd“>
<html xmlns=”http://www.w3.org/1999/xhtml” lang=”en”>
<head>
<title>HTTP Referrer Spoofing</title>
</head>
<body>
<h1>HTTP Referrer Spoofing</h1>
<p>This will spoof referals in the logs meaning your website will show up as a referrer in the target website statistics.
   It does by using random proxies from a supplied list, to ensure each request is unique.
</p><p>
   To allow for large requests (in the thousands) I’ve added the “Amount before refresh” option, this will meta refresh the page ensuring
   the tool does not timeout.</p>

</p>
<form method=”post” action=”index.php”>
<fieldset>
  <label>Website to appear as referrer:</label>
   <input type=”text” name=”yoursite” value=”<? echo $_REQUEST['yoursite']; ?>”/>
  <label>Target Website:</label>
   <input type=”text” name=”target” value=”<? echo $_REQUEST['target']; ?>”/>
  <label>Times to Refer</label>
   <input type=”text” name=”amount” value=”<? echo $_REQUEST['amount']; ?>”/>
  <label>Amount before refresh</label>
   <?php
   if(empty($_REQUEST['refresh']))
   {
    $refresh = 10;
   }
   ?>
   <input type=”text” name=”refresh” value=”<? echo $refresh; ?>”/>
</fieldset>
<input type=”Submit” name=”Submit” value=”Submit”/>
</form>

<?php
/*

  Random Proxy Selector

*/
  function pc_randomint($max = 1)
  {
   $m = 1000000;

  return ((mt_rand(1,$m * $max)-1)/$m);
  }
  function random_proxy()
  {
   $line_number = 0;

   $fh = fopen(‘good-list.txt’,'r’) or die($php_errormsg);
   while (! feof($fh))
   {
    if ($s = fgets($fh,1048576))
    {
     $line_number++;
     if (pc_randomint($line_number) < 1)
     {

      $line = $s;

     }
    }
   }

   fclose($fh) or die($php_errormsg);

   return $line;

  }

  /*

   The fake referral.

  */
  function do_fake_referer($yoursite,$target,$amount,$refresh,$done)
  {
   // The site to appear in the stats is $yoursite
   // The target site is $target
   // Amount is the total times the referral should be carried out
   // How often to refresh
   // How many have been done
   echo “<ol>”;
   $counter_refresh = 0;
   while($refresh > $counter_refresh)
   {
    $counter_refresh++;
    $random_proxy = random_proxy();

    // create a new cURL resource
    $ch = curl_init();

    // set URL and other appropriate options
    curl_setopt($ch, CURLOPT_URL, $target);
    curl_setopt($ch, CURLOPT_AUTOREFERER, false);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,7);
    curl_setopt($ch, CURLOPT_REFERER, $yoursite);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
    curl_setopt($ch, CURLOPT_PROXY, $random_proxy);

    $data = curl_exec($ch);

    curl_close($ch);

    if(empty($data))
    {

     print “<li>Error, didn’t work this time. Using proxy “.$random_proxy.”.</li>”;

     flush();

    } else {
     $done++;
     print “<li>Referred “.$done.” times. Using “.$random_proxy.”.</li>”;
     flush();
    }
   }
   echo “</ol>”;
   if($amount > $done)
   {
   echo “<meta http-equiv=\”refresh\” content=\”5;url=index.php?yoursite=”.$yoursite.”&target=”.$target.”&amount=”.$amount.”&refresh=”.$refresh.”&done=”.$done.”&Submit=Submit\”/>”;
   echo “<p>Refreshing in 5 Seconds</p>”;
   }
   else
   {
   echo “<p>Completed “.$done.” spoofs made.”;
   }
  }
  if($_REQUEST['Submit'])
  {
   if($amount > $done)
   {
    do_fake_referer($_REQUEST['yoursite'],$_REQUEST['target'],$_REQUEST['amount'],$_REQUEST['refresh'],$_REQUEST['done']);
   }
  }
?>
</body>
</html>

Hope this helps, no complaining please.

Published in PHP

Link to this article:

Ausome1 Posted On: Aug 27th, 2008 at 7:56 pm

You might want to look into adding curl_multi_init() for this script. Send multiple cURL handles in parallel to speed up the script.
Anthony Posted On: Aug 27th, 2008 at 8:13 pm

Thanks for the tip, I will look at doing that in the future and maybe release a newer version!
booty Posted On: Oct 5th, 2008 at 4:15 am

Hey great looking script…however is there anyway you can put this in a downloadable file? Cutting and pasting from here put quite a few odd characters in the code.

Thanks again for the great code!
Anthony Posted On: Oct 5th, 2008 at 6:26 am

Thanks for your feedback, it would be my pleasure:
http://www.anthonyshapley.co.uk/wp-content/referrer.zip
Hope this helps.
Malcolm Posted On: Oct 13th, 2008 at 8:49 pm

I seem to have a problem running this. Basically nothing happens and I suspect its because $done never gets an initial value?

Thanks
Ross Posted On: Oct 22nd, 2008 at 3:03 pm

Malcolm, the line near the bottom that states:

if($amount > $done)

change it to:

if($_REQUEST['amount'] > $done)

As you’ll see, $amount is not set anywhere globally and is only useable within the do_fake_referrer() function.
eric Posted On: Jan 21st, 2009 at 8:25 am

hey,i check on web statistic but
the referrer and proxy ip doesnt show.
Justin Posted On: May 30th, 2009 at 11:21 pm

Whoa… this site is pretty awesome your layout is really well designed, and your blogs are (judging from what i’ve read) very interesting. heehee… consider yourself favorited.
Jeff Parker Posted On: Sep 3rd, 2009 at 10:01 pm

Hi Anthony,

I’ve taken the liberty of modifying your script a little bit – I couldn’t get yours to work correctly (I’m not very smart, so that’s probably why) and I needed some extra features.

Anyway, here it is, I hope it’s useful to someone…
http://www.smackblast.com/2009/09/php-curl-and-proxies-oh-my/
Clintos Posted On: Nov 27th, 2009 at 4:33 pm

I’ve got a script running on my home server which looks at the source code of other pages on the internet and re-writes the links on those pages in order to prevent me being redirected to random sites as I surf. I.E. the original links (look like this: http://www.source.com/out.php?id=001&url=http://www.linkdestination.com) with the plain link (which looks like this http://www.linkdestination.com).

The problem I’m running into is that some of the links are around images. These images display fine when you visit the site, but don’t show up when I try and access them from my server. I’m pretty sure that the sites are running .htaccess file to prevent bandwith from being stolen by external sites linking to their images.

Anyway, I’ve been looking into trying to spoof my HTTP_REFERER so that I can see the images on my home server but I cant find a way to do it. The only solution I have found so far is to use a plug-in in my browser (which works). The things is, I figured since I’m already running a .php script to rewrite the link urls it would be good if I could get that script to do the spoofing too.

Anyone got any ideas?

Thanks in advance.
Helen Neely Posted On: Feb 3rd, 2010 at 1:36 pm

Thanks for sharing this script. Now I see how this piece of tool can be written.

Thanks again