Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

Question regarding spoofing

Name: Anonymous 2008-05-26 11:27

There exists programs such as synner.pl or Xxpoof where one can send spoofed source packets to a target IP address. However, this is only limited to IP addresses. Is there any such way to do the same thing, but to a certain URL, rather than IP?

Say, for example, that example1.com and example2.com share the same IP address, but you only want to spoof an IP packet for example1.com, not example2.com. Would this be at all feasible?

Name: Anonymous 2008-05-26 11:29

Why, yes. Yes it would.
Use HTTP Host header.

Oh, and stop playing browser games, Christopher.

Name: Anonymous 2008-05-26 11:30

what the hell are you talking about?

Name: Anonymous 2008-05-26 11:35

>>2
When I use the HTTP Host header, nothing changes.

Name: Anonymous 2008-05-26 11:54

Disregard that, I suck cocks.

Also, thanks for the help.

Name: Anonymous 2008-05-26 12:14

hello im fairX the haxxor join my community of hackers if you payme enough i will give you access to a private area of haxx ;)

Name: Anonymous 2008-05-26 12:21

hello m gay faggerton the faggot join my community of gay if you payme enough i will give you access to my penis and ass

Name: Anonymous 2008-05-26 12:23

Hello i'm Ben Bitdiddle the schemer, join my community of EXPERT PROGRAMMERS if you pay me enough i will give you access to a private area of LISP ;)

Name: Anonymous 2008-05-26 12:43

>>4
Well, maybe because simply sending same packets is a bad idea? Because the problem is not with virtual hosts? Did you think about that, Christopher?

Name: Anonymous 2008-05-26 14:16

PROTIP: TCP Sequence Prediction Attack

Name: Anonymous 2008-05-26 14:20

>>9
Elaborate

Name: @FULLFORCE 2008-05-26 14:24

>>10
/thread

SAGE

Name: Anonymous 2008-05-26 14:32

>>11
Get wireshark, start capturing, login to your game, do some action, logout. Then login again, do same action, logout. Notice that packets for same action are different. Sending same packets won't give you the result you're expecting. Didn't fairX tell you that?

Name: Anonymous 2008-05-26 14:34

>>10,12
Is this somehow related to this thread, or is this just your way of saying "IVE READ TCP"?

Name: Anonymous 2008-05-26 14:39

>>13
What? I'm assuming the suggestion >>2 was making was to incorporate the HTTP Host header into the constructed packet with the spoofed IP address so that the request is sent to example2.com, rather than example1.com (as they would both share the same IP address).

Name: Anonymous 2008-05-26 15:41

>>2
How would one go about doing such a thing?

Name: Anonymous 2008-05-26 16:40

>>16
Terrible!

Name: Anonymous 2008-05-26 21:28

$packet->set(
    {
       ip => { saddr => $ip,
           daddr => $ipdest
           },
          
       tcp => { source => $tmpport,
            dest => $destport,
            psh => 1,
            ack => 0,
            syn => 1,
            data => '31337'
           }
    }
);

Assuming the Net::RawIP Perl module is being used, would the HTTP headers go into the "data" variable? And if so, how would it be properly formatted?

Name: Anonymous 2008-05-26 22:56

Op, please stop complimenting yourself on this horrible, horrible, horrible picture you produced.

Name: Anonymous 2008-05-26 23:46

>>18
http://www.ietf.org/rfc/rfc2616.txt

>>15
That packet is spoofed; It already has Host header. Why did you not read the data you spoofed? It's in human-readable form (unlike xml), go ahead and open it in notepad.

Name: Anonymous 2008-05-26 23:58

One word, use scapy. Thread over

Name: Anonymous 2008-05-27 1:28

One word, scabies. Thread over

Name: Anonymous 2008-05-27 7:43

>>20
tl;dr

A simple yes or no?

Name: Anonymous 2008-05-27 7:54

>>23
tl;dr

You're a faggot.

Name: Anonymous 2008-05-27 8:01

>>23
tl;dr

wtf are you even asking.  >>1 is nonsense.  ip has no concept of urls or even domains.

Name: Anonymous 2008-05-27 8:21

>>25
"data" is part of the TCP header, not the IP header.

Name: Anonymous 2008-05-27 9:06

>>26
data ∉ header, tcp doesn't have those things either, spoofing a tcp packet is pretty much pointless since it won't get you a connection, and how is this relevant

Name: Anonymous 2008-05-27 9:31

>>27
rfc 793, 3.1:


  TCP Header Format

    0                   1                   2                   3  
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          Source Port          |       Destination Port        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Sequence Number                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Acknowledgment Number                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Data |           |U|A|P|R|S|F|                               |
   | Offset| Reserved  |R|C|S|S|Y|I|            Window             |
   |       |           |G|K|H|T|N|N|                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Checksum            |         Urgent Pointer        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Options                    |    Padding    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             data                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                            TCP Header Format
Tl;dr You're full of bullshit.

Name: Anonymous 2008-05-27 11:39

>>28
Not >>27, but awesome, the only thing you can do is spoof SYNs. Nothing else.

What's the point?

Name: Anonymous 2008-05-27 12:13

I am not OP, but the point is: capture data marked data in >>28's nice diagram and order in which this data was transferred. Then at any time establish new connection and send this data again, with different sequence numbers and all other tcp shit.

But this won't work, because OP's browser game has something they call session, and after logging in you get new session id, and you must include it your packets, so sending same packets won't work.

Name: Anonymous 2008-05-27 12:20

With that in mind, would I need to develop a separate HTTP packet using an HTTP Perl package? I can develop a spoofed packet with Net::RawIP, but sending HTTP headers is another story. I was thinking of using the HTTP::Headers module to send HTTP headers following the IP packet if that's a possibility, hence I was asking about the "data" header.

Name: Anonymous 2008-05-27 12:22

>>31
oh common, libwwwperl. LWP. It does everything for you. How could you have missed it? Stop thinking, you're no good at this, and start using LWP.

Name: Anonymous 2008-05-27 12:27

>>30
OP here, I never mentioned a game. I'm simply trying to send it to a specific domain that's using a shared IP address.

Say example1.com and example2.com have the IP of 127.0.0.1 (local IP, I know). If you send a spoofed packet, it gets sent to 127.0.0.1, but say I want to send it specifically to example1.com so that it would show up in the logs of example1.com and not example2.com. According to >>2 I would need to utilize the HTTP Host header. My question is where in the code of >>18 would the headers be placed?

Name: Anonymous 2008-05-27 12:37

>>32
I know of LWP. I'm using it for the Net::HTTP module. My question is how would I incorporate it into the spoofed IP packet? As in, how would the HTTP packet appear as if it's coming from the spoofed IP?

Name: Anonymous 2008-05-27 12:40

Then stop pretending to know shit already; it should be a trivial matter if you have an existing script to add in the HTTP header necessary to select the proper host
Oh noes I almost helped him

Name: Anonymous 2008-05-27 12:44

>>34
Post spoofed packet here, and then we're talking.
If you really did spoof it, it already has Host.

Name: Anonymous 2008-05-27 12:45

>>35
Cancer killing /prog/. Also: hax my anus!

Name: Anonymous 2008-05-27 12:51

>>36
That's where my problem lies, though; in my script, it's only sending IP packets without HTTP packets. I'm at a loss as to where I would put the HTTP packets into the code. A snippet of the code is in >>18

Also, I'm not pretending that I know shit. If I knew exactly what to do, I wouldn't be asking for help.

Name: Anonymous 2008-05-27 12:57

>>38
USE LWP YOU DUMB FUCK!

Here: http://search.cpan.org/~gaas/libwww-perl-5.812/lib/LWP/UserAgent.pm
Here: http://search.cpan.org/~gaas/libwww-perl-5.812/lib/HTTP/Request/Common.pm

You don't need anything else, no low-level Net modules.
If you're really interested where http goes, install normal packet spoofer, like wireshark, and open few sites with browser.

Name: Anonymous 2008-05-27 13:00

>>38
http uses TCP to communicate and TCP uses IP to implement data streams.
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -