How to bypass referer checking of website with NodeJS

Question

There is a way to bypass the referrer checking of a website? With nodeJS like a proxy or something like this?

For info, I must play some media on a server but this server check the referrer for a specific value, if the value is not here, it redirect me on a 404.

For my personal learning, I would like find a solution with nodeJS without installing a plugin on the browser. I already done that on developing an extension (WebExtension API) to rewrite the request headers and add referrer value.

Thanks

UPDATE Here is an example code of what I doing now. The console.log show me the added request but not Chrome inspector.

var http = require('http');
var httpProxy = require('http-proxy');
var express = require('express');
var app = express();

var url = "http://localhost:3001"; // create target server for testing

var proxy = httpProxy.createProxyServer();

// simple url
app.all("/radio/*", function(req, res) {

    req.headers['referer'] = 'http://new-referer-url';

    proxy.web(req, res, {
        target: url,
        headers: req.headers
    });

    console.log(req.headers); // the request is passed here but not in Chrome inspector


});

app.listen(3000);

What do you mean "not in Chrome inspector"? You're making a query from a Node process to a server. Chrome isn't involved. — T.J. Crowder, Jul 19 '17 at 10:32
Do you have documentation to suggest that `req.headers['referer'] = value` works? As opposed to creating your **own** request over which you have control, and in which you can specify headers in either of the ways I show in my asnwer? — T.J. Crowder, Jul 19 '17 at 10:33
You’re right. It’s a lack of understanding on my side. The goal for me was to : - create a proxy that get an url (url of media). - This proxy would do the modifications of headers request to add new referrer. Like that the client (browser) wouldn't communicate directly with the url of media and expose their default referer. — Burolisan, Jul 19 '17 at 11:38

score 0 · Answer 1 · answered Jul 19 '17 at 07:10

0

Spoofing referer (sic) is famously trivial: Just add the header to your request:

yourRequest.setHeader("Referer", "the value");

Or when you're creating the request:

var yourRequest = http.request({
    /* ...other options here, host, protocol, etc... */,
    headers: {
        Referer: "the value"
    }
});

Note that referer only has three rs, not four as it would if it were spelled correctly. It's just one of those things.

answered Jul 19 '17 at 07:10

T.J. Crowder

1,031,962
187
1,923
1,875

Thanks for you response. I added an code to you explain what I am doing. – Burolisan Jul 19 '17 at 09:50

How to bypass referer checking of website with NodeJS

1 Answers1