Because HTTP headers can originate from a Web browser, an attacker can modify the headers (called HTTP header manipulation) to create an attack. Although Web browsers do not normally allow HTTP header modification, Web services are available that allow data from a browser to be modified. One type of HTTP header attack manipulates the Referer field. Follow the steps below to modify a Referer field.

Use your Web browser to go to www.httpdebugger.com/tools/ViewHttpHeaders.aspx to access the MadeForNet HTTP debugger.

For the HTTP(s) URL field, enter "http://www.course.com"

For the Content Type field, enter "text/html"

For the Referer field, enter "http://www.google.com". This will change the referer from this current site to another site.

Click Submit. Note that the Referer field has changed.

How could an attacker use this in an HTTP header attack? Write your response, in approximately 200 words, in the submission area below.