paperlined.org
apps > .porn > project_proposals

document updated 17 years ago, on Jul 7, 2008

There are Firefox plugins that exist to allow individual users to do some referer spoofing. However, while some of them do get fairly complicated (supermegaspoof.com), ALL of them are currently setup such that the fake-referer data comes from somewhere OTHER than the fusker site.

Having the end-user handle all the complexity isn't the best way.
Having one central server handle all the complexity isn't the best way.

The web handles complexity in a distributed fashion. It should be possible for EACH SITE that wishes to hotlink, to be able to individually specify what the referer should be, like so:

<a href="http://some.pornsite.com/deeplink.mpg" referer="http://some.pornsite.com/deeplink.html">link text</a>

<img src="http://some.pornsite.com/deeplink.jpg" referer="http://some.pornsite.com/deeplink.html">

Existing tools

Firefox
- refcontrol
- refspoof
  - SuperMegaSpoof, a centralized database that uses refspoof to make its changes
- sendreferer
- Adaptive Referer Remover
- spooFXplorer
MSIE
- see here

Bugs that have sometimes enabled broad-scale referer spoofing

spoofing bug with Flash
- Mozilla bug, and working demo
- securityfocus
spoofing bug with XmlHttpRequest
- securityfocus
others

Technical

The way the extensions above work:

The REAL trick though is finding the image that requested it... see below.

Countermeasures

- detecting the script by adding referer=".." against something on their own site, and seeing if
  they detect a change, and if so, blacklisting that IP for a short time
        - therefore, we have to have a user-preference setting that specifies which domains are able
          to use it  (and it'll have a drop-down similar to the ad-blocking or XPI-installing one)

- making sure the user loads the text/html BEFORE they load the image/jpeg  (something they have to do with videos anyway)
                http://www.trafficguardian.com/
                http://www.antihotlinking.com/
                http://www.axscripts.com/mod_antihotlink
        - though, it's not overly difficult to XMLHttpRequest the HTML (and throw it away) before
          causing the images to load

- setting a session cookie with the FHG page, and requiring that the cookie be present before a .jpg
  can be loaded
        - if it's in the HTTP response header, then XMLHttpRequest will get around this.  If it's in
          the HTML content (javascript), then you can still get around it by embedding it inside a
          nearly invisible frame.

- the ultimate solution seems to be to frequently rotate the actual URL the content resides on, since
  webmasters only want to attract long-term links to the HTML (which can remain at the same place)
  but not the images (which will move constantly)

        - manually:     http://bbs.adultwebmasterinfo.com/showthread.php?t=85278#post607472
        - automatic:    http://www.greenguyandjim.com/board/showthread.php?p=323803#post323803

            - but then people will write AJAX code that loads the HTML, parses out the image URLs at
              that instant, and then displays them on their own

Connecting Necko and Gecko

Trying to connect the DOM to the HTTP request seems like it'll take some digging.       [... okay, a lot of digging]

        google for:  {nsIDOMWindow http-on-modify-request}

        http://forums.mozillazine.org/viewtopic.php?p=2774976

        getTabIdForHttpChannel() here 
                http://code.google.com/p/fbug/source/browse/branches/firebug1.2/content/firebug/net.js?r=336
        and getRequestElement() here
            http://code.google.com/p/fbug/source/browse/trunk/content/firebug/net.js?r=366

                (WORST case, is it possible to have some extra bits of javascript code run that specifies the referer mapping?)

            
        http://forum.mozilla-russia.org/viewtopic.php?pid=234018#p234018
                best I've seen so far



nsIChannel
    nsIHttpChannel

imgIDecoderObserver             http://lxr.mozilla.org/seamonkey/source/modules/libpr0n/public/imgIDecoderObserver.idl
    imgIDecoder
    imgIRequest[nsIRequest]     http://lxr.mozilla.org/seamonkey/source/modules/libpr0n/public/imgIRequest.idl

imgIContainer                   http://lxr.mozilla.org/seamonkey/source/modules/libpr0n/public/imgIContainer.idl
    gfxIImageFrame              http://lxr.mozilla.org/seamonkey/source/gfx/idl/gfxIImageFrame.idl

nsIImageLoadingContent          http://lxr.mozilla.org/seamonkey/source/content/base/public/nsIImageLoadingContent.idl

nsHTMLImageElement[nsImageLoadingContent]
    nsIDOMHTMLImageElement
    nsIDOMNSHTMLImageElement



http://lxr.mozilla.org/seamonkey/source/modules/libpr0n/src/        (despite the name, it's actually just the general-purpose Mozilla image decorder)
    imgRequest.cpp
         imgRequest::OnStartRequest



imgIDecoderObserver -> imgRequest::OnStartRequest -> imgIContainer -> 




http://developer.mozilla.org/en/docs/Interfaces
    imgICache
    imgIContainer
    imgIContainerObserver
    imgIDecoder
    imgIDecoderObserver
    imgILoad
    imgILoader
    imgIRequest
    gfxIImageFrame
    nsIDOMHTMLImageElement
    nsIDOMNSHTMLImageElement
    nsIImageDocument
    nsIImageLoadingContent
    nsISelectionImageService