PHP HeaderSpoof

/************************************************************\ * * headerSpoof Copyright 2005 Howard Yeend * www.puremango.co.uk * * This file is part of headerSpoof. * * headerSpoof is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * headerSpoof is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with headerSpoof; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * \************************************************************/ PHP HeaderSpoof

Sorry, SSL support still in dev...
"; $fsock = @fsockopen("ssl://".$_POST["address"], 443,$errno, $errstr); } else { // HTTP // works fine // timeout set at 10 seconds. $fsock = @fsockopen($_POST["address"], $_POST["port"],$errno, $errstr,10); } if(!$fsock) { echo "ERROR
Could not open connection, are you sure a service is running on that port on that host? Is the host down?

"; //echo "$errstr ($errno)
"; } else { // prepare headers to send // replace spaces with url encoded equivalent in filename (otherwise it screws the GET request) $out = $_POST['method']." ".stripslashes(str_replace(" ","%20",$_POST["file"]))." HTTP/".$_POST['version']."\r\n"; // ask server to return data in plain ascii if($_POST['version']=="1.0") { $out .= "Accept-Encoding: \r\n"; } else { $out .= "Accept: */*\r\n"; $out .= "Accept-Encoding: \r\n"; } if(!empty($_POST["hostname"])) { $out .= "Host: ".stripslashes($_POST["hostname"])."\r\n"; } if(!empty($_POST["referer"])) { $out .= "Referer: ".stripslashes($_POST["referer"])."\r\n"; } if(!empty($_POST["cookie"])) { $out .= "Cookie: ".stripslashes($_POST['cookie'])."\r\n"; } if(!empty($_POST["user_agent"])) { $out .= "User-Agent: ".stripslashes($_POST['user_agent'])."\r\n"; } if(!empty($_POST["auth_string"])) { $out .= "Authorization: Basic ".base64_encode($_POST['auth_string'])."\r\n"; } if(!empty($_POST["range"])) { $out .= "Range: bytes=".stripslashes($_POST['range'])."\r\n"; } if(!empty($_POST["other_headers"])) { // anything I forgot? $out .= stripslashes($_POST['other_headers'])."\r\n"; } $out .= "Connection: close\r\n"; if($_POST['method']=="POST" && !empty($_POST["post_data"])) { if(!empty($_POST['content_type'])) { // add content type header $out .= "Content-Type: ".stripslashes($_POST['content_type'])."\r\n"; } else { // the moronic user doesn't understand that you need a content-type. $out .= "Content-Type: application/x-www-form-urlencoded\r\n"; } // add length header $out .= "Content-Length: ".strlen(stripslashes(str_replace("\r\n","",$_POST['post_data'])))."\r\n\r\n"; // add post data $out .= stripslashes($_POST['post_data'])."\r\n"; } // terminate headers $out .= "\r\n"; // send headers to server fputs($fsock, $out); // find hostname $hostname = @getHostByAddr($_POST["address"]); if(!$hostname) { // we were given the hostname $hostname = htmlspecialchars($_POST["address"]); } // find IP $hostip = @getHostByName($_POST["address"]); if(!$hostip) { // we were given the IP $hostip = htmlspecialchars($_POST["address"]); } // print to screen echo "Sent headers to ".$hostname." (".$hostip."):
"; echo "

";
		echo htmlspecialchars($out)."";
		echo "

"; // display output echo "Received headers:
"; echo "

";
		while(!feof($fsock))
		{
			// grab data
			$returned_data = fgets($fsock, 128);

			// is it the first blank line we've received?
			// (if so, that's the end of the returned headers)
			if($headersEnded == 0 && $returned_data=="\r\n")
			{
				if($_POST['return']=="headers")
				{
					// user only wanted headers, so end here
					break;
				} else {
					// tell user that's the end of headers
					echo "
Received Output:
";
					// remember that the headers have ended so we don't do this more than once
					$headersEnded = 1;
				}
			} else {
				// display output
				if($_POST['process']!="none")
				{
					$process_data .= $returned_data;
				}

				if($_POST['return']=="nohtml")
				{
					if($headersEnded)
					{
						// store returned data as one string, for later output
						$nohtml_data .= $returned_data;
					} else {
						echo htmlspecialchars($returned_data);
					}
				} else {
					echo htmlspecialchars($returned_data);
				}
			}
		}
		if($_POST['return']=="nohtml")
		{
			echo strip_tags($nohtml_data);
		}
		echo "

"; // close connection fclose($fsock); if($_POST['process']!="none") { echo "

Post-Processing still in development - should be usable, though.
"; } // search for form fields if($_POST['process']=="form") { echo "

Lines containing form data:
"; echo "

";

			// make array of lines
			$process_data = explode("\r\n",$process_data);

			foreach($process_data as $data)
			{
				$input_pos = strpos($data,"";
				}
			}
			echo "

"; } // search for linked files if($_POST['process']=="file") { echo "

Lines containing filenames:
"; echo "

";

			// make array of lines
			$process_data = explode("\r\n",$process_data);

			foreach($process_data as $data)
			{
				$href_pos = strpos($data," href");
				$src_pos = strpos($data," src");
				$action_pos = strpos($data," action");

				if($href_pos!==false || $src_pos!==false || $action_pos!==false)
				{
					echo htmlspecialchars($data)."
";
				}
			}
			echo "

"; } } } ?>

HeaderSpoof, by User24. Required fields are address, file and port.
Address: eg; www.google.com or 216.239.39.99
Protocol:
Version:
Return:
Method:
Hostname: eg; www.google.com
Port #: eg; 80
File to request: eg; /index.html
Referer: eg; http://www.google.com/
Cookie(s): eg; name=value; name2=val2
User Agent: eg; Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Auth-String (basic): eg; username:password - base64 encoded automatically
Byte Range: eg; 1-200
Additional Headers:	<?=htmlspecialchars($_POST['other_headers'])?>
Content-Type: eg; application/x-www-form-urlencoded Required only when POST data below is not empty
POST Data: eg; field1=val1&field2=val2 Content Length automatically calculated. Only sent if Request Method is POST	<?=htmlspecialchars($_POST['post_data'])?>
Post-Processing?

This script allows easy manipulation of header information. If any non-required fields are left empty, those headers will not be sent. See http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html for more info regarding HTTP headers.