SoFunction
Updated on 2025-03-07

How to identify C#: Forged referer in WebBrowser

Methods to fake referer using webbrowser: (url, "_self", null, "Referer:")

During this period, I have been studying how to set the referer route in webbrowser to fake the route and brush traffic. However, after half a month of research, I finally failed. Because the current statistical code is more practical, the statistics are the statistics provided by Google Adsense. Their statistics are all counted through JS files, which leads to the unsuccessful failure of the source. Let the article below explain why it is not successful!

As we all know, the referer origin of the server-side referer can be forged. Whether it is ASP, PHP or other scripts, it can be forged referer. Some download software even fakes referer vividly, and using the webbrowser control can conveniently forge the origin. So, as a gatekeeper to protecting websites, how can it prevent these fake referers?

Here, Javascript is used.

The methods of forgery referer mentioned above are implemented through server-side scripts, but they cannot deceive the client. JS is executed on the client side, and it does not pay attention to the headers information on the server side. Therefore, using the js method can accurately determine the true origin of the web page.

Almost all third-party statistics have adopted the same method to determine where they are. Why? It is precisely the referer origin based on js that cannot be forged. Even if the referer web script is successfully forged on the server side, it cannot be counted in third-party statistics. The reason is that these three-party statistics use to determine the true origin.

Therefore, in order to fight against false referer forged information, the statistical code needs to use js to distinguish it, so that the forged information can be kept out.

As far as we know, so far, referer cannot be forged under js.

So someone asked, if the client closes JAVASCRIPT footsteps or even cookies, how else do you judge this referer? In fact, the answer is also very simple. It is to use the intermediate bridge between js and asp/php scripts to operate cookies. In js, the referer is written to cookies, and asp/php reads the cookies. If the cookies cannot be read, it is determined that it is not the origin of this site.