Dale_G Posted October 14, 2008 Share Posted October 14, 2008 Hey there. I'm using cURL to retrieve the contents of a page, this page, happens to echo out the IP Address, via echo '<b>IP:</b> '.$_SERVER['REMOTE_ADDR']; Now, I was able to successfully change, and set both the referer AND the user agent, to anything. Is this possible with the IP Address as well? Basically, how can I have it so when I try to request the page that echos out the IP address, it echos out something I, not the server, designates, such as '11.111.111.111' for example, if it's even possible. Thanks! Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 14, 2008 Share Posted October 14, 2008 You could but the returned data wouldn't go to you.. it would go to the other IP.. you could use a Proxy Server Quote Link to comment Share on other sites More sharing options...
Orio Posted October 14, 2008 Share Posted October 14, 2008 tbh, I once also looked for a solution to the same problem, but I came up with nothing. Would be happy to hear an answer here. Orio. Quote Link to comment Share on other sites More sharing options...
Dale_G Posted October 14, 2008 Author Share Posted October 14, 2008 You could but the returned data wouldn't go to you.. it would go to the other IP.. you could use a Proxy Server Any advice on how I would go about doing that maybe? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted October 14, 2008 Share Posted October 14, 2008 You can't, because the IP address comes from the TCP/IP data packet and the source IP address in the data packet is where the server will send the response back to. So, even if you could form a TCP/IP data packet with any source IP address in it, the response from the server would not be sent back to you, it would be sent back to that IP address. And since your router will not pass any data packet that does not match the IP of the port you are connected to, if you could form your own data packet, it would not make it past your router. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 14, 2008 Share Posted October 14, 2008 Okay, one of the reasons as to why IP Spoofing is considered so much tough to perform is the fact that it is blind attack. What this means is that, you do not get any data back, When you perform any transaction via a Spoofed IP, there is no mechanism which tells you, whether he has been successful or not. So to sum up you could just say submit a entry to a form via a spoofed IP but if you had to enter an image verifcation code you would fail as you can't see that info.. AKA blind hope that helps EDIT: i Also agree with PFMaBiSmAd Quote Link to comment Share on other sites More sharing options...
Dale_G Posted October 14, 2008 Author Share Posted October 14, 2008 Okay, one of the reasons as to why IP Spoofing is considered so much tough to perform is the fact that it is blind attack. What this means is that, you do not get any data back, When you perform any transaction via a Spoofed IP, there is no mechanism which tells you, whether he has been successful or not. So to sum up you could just say submit a entry to a form via a spoofed IP but if you had to enter an image verifcation code you would fail as you can't see that info.. AKA blind hope that helps EDIT: i Also agree with PFMaBiSmAd You know that made ALOT of sense, thank you. Oh but, as far as that proxy method goes, still possible right? If so, how? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 14, 2008 Share Posted October 14, 2008 Any advice on how I would go about doing that maybe? Read up on connecting sockets to web proxies.. then find some free web proxies (test it works, in IE for example) then send the data via that proxy Quote Link to comment Share on other sites More sharing options...
Orio Posted October 14, 2008 Share Posted October 14, 2008 But if, let's say, I don't care what the response is.. Say I only want to send data, it should be possible, right? Orio. Quote Link to comment Share on other sites More sharing options...
Dale_G Posted October 14, 2008 Author Share Posted October 14, 2008 Awesome, I'll get right on that! Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted October 14, 2008 Share Posted October 14, 2008 If the owner of the site you are automatically posting to/grabbing content from did not mind bot scripts doing those things, he would not be banning the static IP address of the server(s) doing it. If you have a legitimate reason for doing whatever it is you are doing, contact the site's owner and have your IP address put onto a "white" list of servers that are permitted to automatically connect to the site. Quote Link to comment Share on other sites More sharing options...
Orio Posted October 14, 2008 Share Posted October 14, 2008 It was never something specific I wanted to do, I just once tried to find out if that was possible, and I never found a solution. I'm just stubborn Orio. Quote Link to comment Share on other sites More sharing options...
MexiTek Posted June 20, 2009 Share Posted June 20, 2009 Though this technique does not make much sense. It can be useful when you are trying to spoof a voting system that takes it's params via post or uri. They limit voting to 1 per IP per day, but if you could make a script that has a list of many proxies. Then you can vote many times per day. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted June 20, 2009 Share Posted June 20, 2009 Captcha will stop Blind IP Spoofs, as for rigging a poll, well you could just require membership maybe even require a minimum of 10 posts and and unique email.. yes they could still do it but it takes longer in any case this is an old solved thread.. so their probably not much point making suggestions now Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.