User Tools

(aka 'the best point military institute')

Site Tools

diy:referrer-spoofing

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
diy:referrer-spoofing [2025/09/10 17:46] – [Brave & Chrome] Humphrey Boa-Gartdiy:referrer-spoofing [2025/10/11 12:05] (current) Humphrey Boa-Gart
Line 1: Line 1:
-====== Referrer Spoofing ====== +#redirect diy:referer-spoofing
- +
-When a browser or bot requests a webpage, it sends a "Referer" [[tools:http-header|HTTP header]] containing a URL of the page that they were previously at, if they followed a link there. It is based on a canonized misspelling of the word //"referrer"//+
- +
-So, if you are on //website1.com//, and you follow a link from there to //website2.com//, the administrators of //website2.com// will be able to see you came there from //website1.com// based on the string that was passed in the Referer header. +
- +
-To prevent this from happening, you can just configure your browser to send a different Referer, or even no Referer at all! +
- +
- +
-===== Why It's Important ===== +
- +
-{{wst>expand}} +
- +
- +
-===== Application-Specific Instructions ===== +
- +
-Since Referer strings are set on the application level, how to spoof it depends on the type of software you are using. If you have multiple programs, you will have to spoof them all individually: +
- +
- +
-==== Web Browsers ==== +
- +
-While by no means an exhaustive list, the following **browser extensions** have referer spoofing and/or cloaking capabilities: +
- +
- +
-=== Firefox === +
- +
-  * [[https://addons.mozilla.org/en-US/firefox/addon/referercontrol/]] +
-  * [[https://addons.mozilla.org/en-US/firefox/addon/referer-modifier/]] +
-  * [[https://addons.mozilla.org/en-US/firefox/addon/chameleon-ext/]] +
- +
- +
-=== Brave & Chrome === +
- +
-  * [[https://chromewebstore.google.com/detail/referer-spoofer/khejlgjhghlpadddldphknbnifkahghn]] +
-  * [[https://chromewebstore.google.com/detail/kill-the-referrer/bbanejjnomfdapclboglpaldknagccia]] +
- +
- +
-=== Edge === +
- +
-{{wst>expand}} +
- +
- +
-=== Safari === +
- +
-{{wst>expand}} +
- +
- +
-==== Terminal Utilities ==== +
- +
-=== cURL === +
- +
-Use the ''-e'' or ''--referer'' flag to directly set the Referer: +
- +
-  $ curl --referer "http://comes-from.example.com" https://www.example.com +
-  - or - +
-  $ curl -e "http://comes-from.example.com" https://www.example.com +
- +
-Since the Referer is passed as an [[tools:http-headers|HTTP header]], you can also change the Referer header by using the ''-H'' or ''--header'' flag, which lets you manipulate headers: +
- +
-  $ curl --header "Referer: http://comes-from.example.com" https://example.com +
-  - or -   +
-  $ curl -H "Referer: http://comes-from.example.com" https://example.com +
- +
-Since cURL does not set a Referer by default, there is no reason to make it pass a blank string, as the string is empty already. +
- +
- +
-=== Wget === +
- +
-To set a custom Referer header with Wget, use the ''--referer'' flag: +
- +
-  $ wget --referer="http://comes-from.example.com" https://example.com +
- +
-Since Wget does not set a Referer by default, there is no reason to make it pass a blank string, as the string is empty already. +
- +
-For more information on how to use ''wget'', read the [[tools:wget|Wget article]]. +
- +
- +
-{{tag>Tutorials Security}}+
diy/referrer-spoofing.1757526391.txt.gz · Last modified: (external edit)

Find this page online at: https://bestpoint.institute/diy/referrer-spoofing