Web Design & Development Guide
computer security, referer spoofing or ref tar spoofing
is the sending of incorrect
referer information along with an HTTP request, with the aim of gaining unauthorized access to a
Some subscription sites, especially many
pornographic paysites, utilize referer information to secure their materials: only
browsers arriving from a small set of approved (login-) pages are given access;
this facilitates the sharing of materials among a group of cooperating paysites.
If attackers acquire knowledge of these approved referers (which is often
trivial because many sites follow a common template), they can then gain free
access to the materials.
Several software tools exist to facilitate referrer spoofing:
- Proxomitron offeres the capability of referrer spoofing at
- Here is an open source project at
http://livehttpheaders.mozdev.org/ where there is a feature called
Mozilla Firefox extension refspoof allows to use a custom referer URL
for any site one visits, and provides a mechanism to manage a bookmark list
of such referer/site pairs.
- A similar
Mozilla Firefox extension is spooFXplorer (not compatible with the most
recent version of Firefox).
QuickSpoof and Spooph provide the same functionality for the Internet
SuperMegaSpoof is a Windows application that supports both browsers and
allows users to exchange and rate referer spoofs; it displays advertisements
while it is running.
SpoofForge is similar to SuperMegaSpoof with the exception that spoofs are displayed on a web
site, and so there is no software to install.
Cross-site request forgery
Evil twin (wireless networks)
HTTP response splitting
IDN homograph attack