xff_referer
[principle]
Will be added to the short time XFF head, it represents a client-side HTTP request that is true IP, only through the HTTP proxy or load balancing servers: X-Forwarded-For
Is part of the HTTP Referer header when the browser sends a request to the web server, usually bring Referer, I tell the server which page the link is coming from
[purpose]
Knowledge about X-Forwarded-For and the Referer
[surroundings]
windows
[tool]
firefox、burpsuite
[step]
1. Open firefox and burp, burp used to intercept firefox proxy, added in the request header X-Forwarded-For: 123.123.123.123
, and then put the package
2. Add then continues in the request header Referer: https://www.google.com
, flag obtained