Last active
September 26, 2023 01:38
-
-
Save Dan-Q/ffb0151dfaff531cd92b03a786a09f5c to your computer and use it in GitHub Desktop.
This PHP script can be used to "proxy" content from third-party sites that block or modify their responses based on the Referer: header.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('SECRET_PASSWORD', 'YOUR-SECRET-PASSWORD-GOES-HERE'); | |
| if($_GET['pw'] != SECRET_PASSWORD) http_response_code(403) && die(); | |
| $ch = curl_init(); | |
| curl_setopt($ch, CURLOPT_URL, $_GET['url']); | |
| curl_setopt($ch, CURLOPT_HEADER, 0); | |
| curl_setopt($ch, CURLOPT_REFERER, $_GET['referer']); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1); | |
| $return = curl_exec($ch); | |
| curl_close($ch); | |
| echo $return; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Call it with e.g.
/referer-faker.php?pw=YOUR-SECRET-PASSWORD-GOES-HERE&referer=https://example.com/the-page-youre-pretending-to-be-on&url=https://example.com/the-url-you-want-to-get.jpg.For more details, see https://danq.me/far-side-freshrss-xpath.
Note that headers including Content-Type are not preserved. If you need those headers, including them is left as an exercise for the reader. For hints at a lazy solution, consider https://github.com/thewisenerd/spoof_referer-php/blob/master/index.php.