I need to make a request with a spoofed IP address for testing purposes. What's the easiest way to do this?
Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from. The attacker creates packets, changing the source IP address to impersonate a different computer system, disguise the sender's identity or both.
To do this, we can use curl to query websites that are configured to do nothing more than return the IP address of whichever system is connecting to it. This is one of the quickest and easiest ways to get your public IP address on the Linux command line. Follow along with us below and we'll show you a few examples.
IP spoofing is a method in which TCP/IP or UDP/IP data packets are sent with a fake sender address. The attacker uses the address of an authorized, trustworthy system. In this way, it can inject its own packets into the foreign system that would otherwise be blocked by a filter system.
For my own purposes, changing the HTTP header was enough, via the following:
curl --header "X-Forwarded-For: 1.2.3.4" "http://www.foobar.com"
You can't.
In general, spoofing IP addresses for TCP is remarkably difficult. Unless you have control of a router quite near your target or near the IP you're spoofing, consider it impossible.
The reply packets need a path back to you in order to complete even the three-way handshake. The most reliable way to do this is to have control over a router in the most common pathway between your target and your spoofed IP address: this would let you capture packets between the target and the spoofed address and forward them on to you.
You could also try injecting bogus BGP route advertisements, but doing so would doubtless be noticed and cost you dearly when your peers drop you completely.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With