How to camouflage a page link

Question

How to camouflage a page link

Navigation

#1 by (3 votes)
#2 by (2 votes)

2

example I see many pages creating an m3u file and hosting but if you try to paste address in the browser to download the file the page redirects without downloading or showing the file to another page. this is done in php pages

php link

asked by anonymous 25.06.2015 / 00:11

2 answers

Do the INSERT of an Array, regardless of the amount of $ _POST Command for combining integers. C ++

score 3 · Answer 1

What happens is that the call checks the REFERER , according to wikipedia:

  The referer, or HTTP referer (erroneously written as a referer in the official HTTP specifications and standardized so since1), is an HTTP header field that identifies the web page address (ie the URI or IRI) that links to the resource being requested. By checking the referer, the new web page can see where the request originated. (In short: knowing where the user came from, ie what page he was that sent to his site).

In the most common situation, this means that when a user clicks a hyperlink in a web browser, the browser sends a request to the server that stores the destination web page. The request includes the referer field, which indicates the last page the user was on (the one he clicked on the link).

Referer logging is used to allow web sites and web servers to identify where people are visiting for promotional or statistical purposes.

This means that when a user clicks on a link, from a web browser, the browser sends a request to the server that contains the landing page. The request includes the referrer information, informing the page that the user was previously.

Understanding REFERER (http)

For detail, suppose you have a page / site called http://exemplo.com/pagina.html and on this page there is a player:

<object classid="CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95"
codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701"
type="application/x-oleobject">
    <param name="fileName" value="musicas.m3u">
    <embed type="application/x-mplayer2"
     pluginspage="http://www.microsoft.com/Windows/MediaPlayer/"
     src="musicas.m3u">
</object>

When the player calls the file musicas.m3u , this request will receive something like:

GET /musicas.m3u HTTP/1.1
Host: exemplo.com
Connection: keep-alive
Cache-Control: max-age=0
Referer: exemplo.com/pagina.html

See Referer: exemplo.com/pagina.html detects that the call came from exemplo.com/pagina.html .

But if you copy the playlist address and try to open http://exemplo.com/musicas.m3u directly, the browser will send the request in this way:

GET /musicas.m3u HTTP/1.1
Host: exemplo.com
Connection: keep-alive
Cache-Control: max-age=0

See that we do not have REFERER now.

How to use REFERER

You can use PHP, but if your files are static (they are not generated by .php pages, they are real files called .m3u ) you can use .htaccess to prevent access from failing to have REFERER (this is called direct), this will also prevent other sites from using your .m3u on external pages, saving traffic from your site, this technique is called prevent hotlink or stop hotlink .

Create a file in the root folder (if using Apache) and add this (you also need to prevent caching):

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?exemplo.com [NC]
RewriteRule \.m3u$ - [NC,F,L] #NC é para case-insensitive 

<FilesMatch "\.(?i:m3u)$">
  FileETag None
  <IfModule mod_headers.c>
     Header unset ETag
     Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
     Header set Pragma "no-cache"
     Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
  </IfModule>
</FilesMatch>

If you call any file .m3u through the url of the browser or another site it will block the access, showing the error 403 , if opened by the player it will open the file normally.

But if your .m3u file is actually a .php file, create a file named playlist.php and add this:

<?php
$g = gmdate('D, d M Y H:i:s');
header('Expires: ' . $g . ' GMT');
header('Last-Modified: ' . $g . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');

$parsed = empty($_SERVER['HTTP_REFERER']) ? false : parse_url($_SERVER['HTTP_REFERER']);

if (false === empty($parsed['host']) && $parsed['host'] !== 'exemplo.com') {
    header('Content-Type: audio/x-mpegurl'); //Aplica o mimetype necessário para o player reconhecer o arquivo que é gerado dinamicamente
    echo file_get_contents('arquivo.m3u');//Lê o seu arquivo
} else {
    echo 'Hot link';
}

And you should call it like this:

<object classid="CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95"
codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701"
type="application/x-oleobject">
    <param name="fileName" value="playlist.php">
    <embed type="application/x-mplayer2"
     pluginspage="http://www.microsoft.com/Windows/MediaPlayer/"
     src="playlist.php">
</object>

If called by the player the file .php generates the playlist used file_get_contents , if it is called by the browser url or another site it will show the following error Hot link .

Controversies

Although this technique helps to protect, everything can be circumvented and really this is only a prevention, but it is not 100% safe, a simple way to circumvent is to inject the .m3u link in the site page using javascript browser console) and clicking the link is likely to be able to download.

score 2 · Answer 2

If you are using Apache server, you can restrict file access to a DOMAIN or IP by creating a .htaccess file:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?seudominio [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?seudominio.*$ [NC] 
RewriteRule \.(m3u|mp3)$ - [F]