Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spoofing the origination IP address of an HTTP request

Tags:

python

http

networking

sockets

urllib2

This only needs to work on a single subnet and is not for malicious use.

I have a load testing tool written in Python that basically blasts HTTP requests at a URL. I need to run performance tests against an IP-based load balancer, so the requests must come from a range of IP's. Most commercial performance tools provide this functionality, but I want to build it into my own.

The tool uses Python's urllib2 for transport. Is it possible to send HTTP requests with spoofed IP addresses for the packets making up the request?

like image 721
Corey Goldberg Avatar asked Jul 25 '09 01:07

Corey Goldberg

People also ask

Can you spoof IP address in HTTP request?

No you can't. HTTP is a protocol on top of TCP and doing IP spoofing with TCP is nearly impossible due to the internals of the protocol.

What is spoofing an IP address?

Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from. The attacker creates packets, changing the source IP address to impersonate a different computer system, disguise the sender's identity or both.

Can HTTP be spoofed?

Just about anything in HTTP can be spoofed. The level of 'spoofability' is hard to determine. It's fairly trivial to craft a request with any header value I desire.

Can hackers spoof IP addresses?

In a DDoS attack, hackers use spoofed IP addresses to overwhelm computer servers with packets of data. This allows them to slow down or crash a website or network with large volumes of internet traffic while concealing their identity. IP spoofing can be used to obtain access to computers by masking botnets.

1 Answers

This is a misunderstanding of HTTP. The HTTP protocol is based on top of TCP. The TCP protocol relies on a 3 way handshake to initialize requests.

alt text http://upload.wikimedia.org/wikipedia/commons/archive/c/c7/20051221162333!300px-Tcp-handshake.png

Needless to say, if you spoof your originating IP address, you will never get past the synchronization stage and no HTTP information will be sent (the server can't send it to a legal host).

If you need to test an IP load balancer, this is not the way to do it.

like image 91
Unknown Avatar answered Oct 02 '22 22:10

Unknown
Sign in to Comment

Related questions

Different behavior between re.finditer and re.findall
How can I make a deepcopy of a function in Python?
Match a line with multiple regex using Python
Find all upper, lower and mixed case combinations of a string
What is the underscore prefix for python file name?
Python class member lazy initialization
Standalone colorbar (matplotlib)
Error Pickling in Python: io.UnsupportedOperation: read
XLRD/Python: Reading Excel file into dict with for-loops
Python can't find module NLTK
Losslessly compressing images on django
Strip timezone info in pandas
Changing pixel color value in PIL
cqlsh connection error: 'ref() does not take keyword arguments'
Pandas(Python) : Fill empty cells with with previous row value?
select columns based on columns names containing a specific string in pandas
Repeat rows in a pandas DataFrame based on column value
print() method to print passed expression literally along with computed output for quick debugging
Pytorch RuntimeError: The size of tensor a (4) must match the size of tensor b (3) at non-singleton dimension 0
Django: ModelMultipleChoiceField doesn't select initial choices

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!