开发者

Spoofing HTTP Referrer data using ASP.NET

问答 作者:

Answers on here and various other sites are often full of warnings not to trust HTTP Referrer headers because they are 'so easily' spoofed or faked.

Before I go any furth开发者_如何学Pythoner - no, I'm not up to no good - but I do want to run some referrer-dependant tests.

Whilst I don't doubt that the warnings about fake referrers are true, I can't really find much detailed info on how they can be manipulated. Even the Wikipedia article only talks about it in general terms.

I'm about to play with the RefControl addin for FireFox.

Programatically (in ASP.NET specifically) the UrlReferrer is a read-only property, so I don't see how I can fire off requests with fake referrer data if I can't set it? Do I really have to do it manually?

How would I use ASP.NET to send a request to my site with a user-supplied variable to populate the referrer header?

EDIT : As per my comment below, I ideally want to take an incoming request, manupulate the referrer data and then pass the request on to another page, intact. If I can make it appear intact by building a new one from scratch and copying the original properties, then that is fine too.

I don't know if this exactly what you want, but in general, you should be able to spoof the value of the UrlReferer property (even if it's read-only) in HttpContext.Current.Request by using a bit of reflection.

For example:

FieldInfo fi = HttpContext.Current.Request.GetType().GetField("_referrer", BindingFlags.NonPublic | BindingFlags.Instance);

string initialReferer = HttpContext.Current.Request.UrlReferrer.ToString();
if (fi != null)
    fi.SetValue(HttpContext.Current.Request, new Uri("http://example.com"));
string fakedReferer = HttpContext.Current.Request.UrlReferrer.ToString();

On VS; these are the values before and after changing the UrlReferrer:

initialReferer
"http://localhost/Test/Default.aspx"
fakedReferer
"http://example.com/"

If you open the System.Web assembly using ILSpy you'll notice that the UrlReferrer property looks something like this:

public Uri UrlReferrer
{
    get
    {
        if (this._referrer == null && this._wr != null)
        {
            string knownRequestHeader = this._wr.GetKnownRequestHeader(36);
            if (!string.IsNullOrEmpty(knownRequestHeader))
            {
                try
                {
                    if (knownRequestHeader.IndexOf("://", StringComparison.Ordinal) >= 0)
                    {
                        this._referrer = new Uri(knownRequestHeader);
                    }
                    else
                    {
                        this._referrer = new Uri(this.Url, knownRequestHeader);
                    }
                }
                catch (HttpException)
                {
                    this._referrer = null;
                }
            }
        }
        return this._referrer;
    }
}

This likely isn't going to get you what you want. But you can edit the Referror of an HttpWebRequest. I don't think there is a way of editing the referrer of your request in context.

using System.Net;

HttpWebRequest Req= (HttpWebRequest)System.Net.HttpWebRequest.Create("http://somewhere.com/");
Req.Referer = "http://www.fakesite.com";

继续阅读:asp.netreferrerspoofing

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9