Referer spoofing
From Wikipedia, the free encyclopedia
In computer security, referer spoofing or ref tar spoofing is the sending of incorrect referer information along with an HTTP request, with the aim of gaining unauthorized access to a web site.
Contents |
[edit] Application
Many pornographic paysites utilize referer information to secure their materials: only browsers arriving from a small set of approved (login-) pages are given access; this facilitates the sharing of materials among a group of cooperating paysites. If attackers acquire knowledge of these approved referers (which is often trivial because many sites follow a common template), they can then gain free access to the materials.
[edit] Tools
Several software tools exist to facilitate referer spoofing. The Mozilla Firefox extension refspoof allows to use a custom referer URL for any site one visits, and provides a mechanism to manage a bookmark list of such referer/site pairs. A similar, more comfortable plugin is spooFXplorer (not compatible with the most recent version of Firefox). QuickSpoof and Spooph provide the same functionality for the Internet Explorer browser. SuperMegaSpoof is a Windows application that supports both browsers and allows users to exchange and rate referer spoofs; it displays advertisements while it is running.
[edit] See also
- Referer spam, providing fake referer information in order to popularize a spammer's website.
[edit] External links
- Refspoof plugin
- QuickSpoof
- SuperMegaSpoof
- Shitforbrains.org, discussion forum for spoofs, download links for spoofXporer and Spooph
