Menu
I'm working on a website testing framework, and I'd like to be able to spoof the user ip. I've read, that software like Loadrunner can do this, and I'd like to be able to do this as well.
A tutorial on how to use a socket normally can be found here, but I if I want to spoof the ip, I'll have to somehow edit ip header. Is this done on socket level, or is there an other, deeper level in .Net, which would let me do this?
666
IP spoofing enables an attacker to replace a packet header's source IP address with a fake, or spoofed IP address. The attacker does this by intercepting an IP packet and modifying it, before sending it on to its destination.
IP spoofing is a method in which TCP/IP or UDP/IP data packets are sent with a fake sender address. The attacker uses the address of an authorized, trustworthy system. In this way, it can inject its own packets into the foreign system that would otherwise be blocked by a filter system.
Yes, it's quite easy to spoof an IP address in a local network. For example, you can send packets to your WiFi router and spoof the IP of your housemate, so that the router thinks the packets are coming from his computer, and there's pretty much nothing to stop you from doing that.
You can't anymore, as access to raw sockets has been restricted in the desktop versions of Windows:
On Windows 7, Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows XP with Service Pack 3 (SP3), the ability to send traffic over raw sockets has been restricted in several ways:
- TCP data cannot be sent over raw sockets.
- UDP datagrams with an invalid source address cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped. This change was made to limit the ability of malicious code to create distributed denial-of-service attacks and limits the ability to send spoofed packets (TCP/IP packets with a forged source IP address).
- A call to the
bindfunction with a raw socket for theIPPROTO_TCPprotocol is not allowed.
Note Thebindfunction with a raw socket is allowed for other protocols (IPPROTO_IP,IPPROTO_UDP, orIPPROTO_SCTP, for example).
(From Dev Center - Desktop - TCP/IP Raw Sockets)
You can create a raw socket fairly easily:
Socket s = new Socket(ip.AddressFamily, SocketType.Raw, ProtocolType.Ip);
At which point its on you to construct the appropriate datagram (which would be a separate question if you don't have the documentation on how to do this to hand)
109
LoadRunner can spoof IP addresses only when the actual IP address exists on the Load Generator. So, if I have 200 IP addresses assigned to my host then I can distribute my load across these IP addresses instead of having least cost routing or primary vs secondary network interfaces come into play in the operating system. This is true not only of LoadRunner but other application performance testing tools that spoof, the address needs to be assigned to the host generating the load.
If you are looking for raw spoofing solutions where the IP address need not be assigned to the host for testing purposes then you might consider network performance testing tools, particularly the chassis-based solutions, from companies such as Spirent and Ixia. These network solutions can also generate tens of thousands of unique bogus MAC addresses to go with the bogus IP addresses if needed.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
