Forum Moderators: phranque
Since I couldn't find any good info on this phenomenon via google, etc. I'm posting my findings here.
For those not in the know, Norton Internet Security munges the HTTP_REFERER header as its default setting, changing it to HTTP_WEFERER and effectively anonymizing the location of the referring URL. They call it privacy, I call it a pain, and a loss of valuable information.
Since I'm a stats freak, I was *seriously* interested in decoding the HTTP_WEFERER header, so I put it through the paces, and came up with the following information that I thought some people might want to know.
Firstly, and most importantly, it is *NOT* reversible. It is not encryption, nor is it a clever algorithm.
The length of the referring url is the only information preserved.
The 'random' string is generated from one of 128 seed values, seemingly permuted using both the origination address and the destination address, but is useless. At least for determining where your traffic came from...
i.e.
http://www.domain.com/pagesthatsuck.htmland
http://www.domain.com/pagesthatrock.htmlboth create the same 'HTTP_WEFERER' strings. (out out of the possible 128 for that domain/domain combination)
For the truly hardcore, It *may* be possible to get the domain name out of the munge...
-flashback
---
$k= "0802020501020401054a2b020154212d01050c030d5230150d064c28190208060d";
@r=unpack('C*', pack('H*',$k)); for (1..shift(@r)){$n[$q+= shift(@r)]=1;}
for(@r){if($n[$t]){$_=-$_};$t++;print chr($o+=$_);}#sig-relation.04.20.02
[edited by: flashback at 11:51 pm (utc) on Nov. 12, 2003]
