Hello:
Can someone illustrate a PHP example of a series of PHP Header() calls that constructs an HTTP request to (a) navigate to some destination, say http://www.google.com BUT (b) mask the HTTP referrer contents so the access logs of the destination sees another IP address or domain? For instance, if my script TEST.PHP is running from http://www.abc.com, I'd like TEST.PHP to navigate to the URL http://www.xyz.com. But in doing so, I want the site http://www.xyz.com to see TEST.PHP coming from a manufactured domain such as http://www.abc-spoof.com.
..........
On another note, using the example above, if the site http://www.xyz.com forwards the request to another destination by way of a series of PHP Header() calls, will the HTTP field X-Forwarded-For need to be used? Can that be spoofed as well?
Thanks for your help. I'm trying to understand the mechanics of customizing an HTTP request that spoofs the referrer and possibly the X-Forwarded-For fields so I can implement measures to prevent it on my site.
Thanks
Techlinks
