One of the most important things can a blackhat should be able to do is spoof (hide or fake) the referrer of his traffic sources. What does this mean?
If you buy traffic from Google, Bing or even Facebook, usually the referrer will be Google, Bing or Facebook. But, what if you get traffic from Craigslist or you buy very cheap porn traffic, do you really want any advertisers on your sites to know that the traffic came from Craigslist or porn sites? Here’s some info from Wiki about referrer spoofing.
Referer spoofing is typically done for data privacy reasons, in testing, or in order to request information which some web servers may only supply in response to requests with specific HTTP referers.
To improve their privacy, individual browser users may replace accurate referrer data with inaccurate data, though many simply suppress their browser’s sending of any referer data. Sending no referrer information is not technically spoofing, though sometimes also described as such. Users may also modify other HTTP headers.
In software, systems and networks testing, referrer spoofing is often just part of a larger procedure of transmitting both accurate and inaccurate and both expected and unexpected input to the HTTPD system being tested and observing the results.
While many web sites are configured to gather referer information and serve different content depending on the referer information obtained, exclusively relying on HTTP referer information for authentication and authorization purposes is not a genuine state of the art computer security measure, and has been described as snake oil security. HTTP referer information is freely alterable and interceptable, and is not a password, though some poorly configured systems treat it as such. Nevertheless, it is sometimes contended[by whom?] that referer spoofing was not legitimate and/or constituted unauthorized access. As a vast majority of users don’t change defaults, referer protection is useful regardless of the few (rebellious) who have the knowledge of how to break it.
Some websites, especially many image hosting sites, utilise referer information to secure their materials: only browsers arriving from their web pages are served images. Additionally a site may want users to click through pages with advertising content before directly being able to access a downloadable file — using the referring page or referring site information can help a site redirect unauthorized users to the landing page the site would like to use.
If attackers acquire knowledge of these approved referrers, which is often trivial because many sites follow a common template, they can use that information combined with this exploit to gain free access to the materials.
Spoofing often allows access to a site’s content where the site’s web server is configured to block browsers that do not send referer headers. Website owners may do this to disallow hotlinking.
It can also be used to defeat referrer checking controls that are used to mitigate Cross-Site Request Forgery attacks.
Several software tools exist to facilitate referrer spoofing in web browsers. Some are extensions to popular browsers such as Mozilla Firefox or Internet Explorer, which may provide facilities to customise and manage referrer URLs for each website the user visits.
Other tools include proxy servers, to which an individual configures their browser to send all HTTP requests. The proxy then forwards different headers to the intended website, usually removing or modifying the referer header. Such proxies may also present privacy issues for users, as they may log the user’s activity.
So, what’s the best and most reliable way to spoof/fake/hide/fake traffic referrers? In the nest series of posts I will cover different ways how to do this and even share the tools!! But there is only two things you can do to the referrer: blank it or spoof/fake it! Almost all affiliate companies will terminate your accounts if you blank all your traffic referrers because it’s simply not natural! Amazon, with one of the biggest affiliate programs, are routinely terminating accounts which completely blank all referrers – so be be warned! Spoofing or faking the referrer is the way to GO!
You’re probably thinking, Whitehats don’t need to do this? Let me tell you all the top-earners dabble in the dark side to boost there earnings – they just don’t brag about it! There are many, many sources of very, very cheap or free traffic that can be used to boost profits and spoofing the referrer (even from Google ;-)) lets you do this – EASILY! Watch out for the next few posts!