xmlhttprequest 欺骗引用然后重定向到另一个页面?
我使用curl(PHP)创建了一些代码,它允许我欺骗引荐来源网址或清空引荐来源网址,然后将用户引导到具有欺骗引荐来源网址的另一个页面。
然而,这样做的缺点是标头中的 IP 地址始终是我的服务器的 IP,这不是一个有效的解决方案。
问题;
是否可以使用客户端脚本即(xmlhttprequest)来“更改”引荐来源网址,然后将用户引导到新页面?
从而保持用户 IP 地址完整,但欺骗引用者。
如果是,任何帮助将不胜感激。
谢谢!
I've created some code using curl (PHP) which allows me to spoof the referrer or blank the referer then direct the user to another page with an spoofed referrer.
However the drawback to this is the IP address in the headers will always be the IP of my server, which isn't a valid solution.
The question;
Is it possible using client side scripting i.e. (xmlhttprequest) to "change" the referrer then direct the user to a new page?
Thus keeping the users IP address intact but spoofing the referrer.
If yes, any help would be much appreciated.
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
当页面呈现时,不是来自现代浏览器中的 javascript。
更新:
请参阅一些手动工具和其他基于 javascript 的平台的评论,您在技术上可以在这些平台上欺骗引荐来源网址。在 8 年前的原始问题似乎与发出网络请求有关的背景下,答案仍然普遍是“否”。
我不打算编辑我所有十年前的答案,尽管如此,反对者还是有的。对于没有正确预见未来并提供永恒的答案,我提前表示歉意。
not from javascript in a modern browser when the page is rendered.
Update:
See comments for some manual tools and other javascript-based platforms where you technically can spoof the referrer. In the context of the 8-year-old original question which seems to be related to make web requests, the answer is still generally "no."
I don't plan to edit all of my decade-old answers though so downvoters, have at `em. I apologize in advance for not correctly forseeing the future and providing an answer that will last for eternity.
这似乎在 Firefox Javascript 控制台中有效:
在我的服务器日志中我看到:
This appears to work in the Firefox Javascript console:
In my server log I see:
有点晚了,但自上次发布以来似乎发生了变化。
在 Chrome 中(可能是目前大多数现代浏览器)不再允许以编程方式更改“Referer”——它现在是静态的。
但是,它确实允许发送自定义标头。例如:
在 PHP 中,可以通过“HTTP_(大写标头)”读取标头:
这是我的项目的技巧...
对于我们许多人来说可能是常识,但对于一些人来说希望有帮助!
Little late to the table, but it seems there's been a change since last post.
In Chrome (probably most modern browsers at this time) are no longer allowing 'Referer' to be altered programmatically - it's now static-ish.
However, it does allow a custom header to be sent. E.g.:
In PHP that header can be read through "HTTP_(header in uppercase)":
That was the trick for my project...
For many of us probably common knowledge, but for some hopefully helpful!
您可以使用 Fetch API 部分修改
Referer标头。但是,我认为它仅在原始 Referer 标头和您想要的 Referer 标头位于同一域下时才有效。而且它似乎在 Safari 中不起作用。
允许修改
Referer标头是相当意外的,尽管这里有争论 无论如何还有其他技巧(例如pushState())可以做到这一点。You can use Fetch API to partially modify the
Refererheader.However, I think it only works when the original Referer header and your wanted Referer header are under the same domain. And it doesn't seem to work in Safari.
Allowing to modify
Refererheader is quite unexpected though it's argued here that there are other tricks (e.g.pushState()) to do this anyway.