Grabbing JPJ latest Plate No

Unlike many of Malaysia government website, JPJ is serious about protecting their latest car plate info found in their website. The plate info can be found at url http://www.jpj.gov.my/transaksi-percuma-no.-pendaftaran-terkini

Portal Rasmi Jabatan Pengangkutan Jalan Malaysia

If you look into the source code, you would find that this info is actually in an external page included thru iframe. The exact url would be: http://blacklist.jpj.gov.my/malay/plateno.shtml Which will give you this error page when u try to open it separately in browser,

Error

I figured out the protection method should be simple, most probably using http referrer checking. so by using a simple code as below, i can bypass the simple security checking easily and acquired the real content. Note: this piece of code is just a snapshot part of the complete one. So, checking http referrer is a very simple protection method that will not works against advance grabbing technique where the referrer url can be fake.