Jump to content

[SOLVED] Set custom IP address using cURL "CURLOPT_INTERFACE", is it possible?


Dale_G

Recommended Posts

Hey there.

 

I'm using cURL to retrieve the contents of a page, this page, happens to echo out the IP Address, via

 

echo '<b>IP:</b> '.$_SERVER['REMOTE_ADDR'];

 

Now, I was able to successfully change, and set both the referer AND the user agent, to anything. Is this possible with the IP Address as well?

 

Basically, how can I have it so when I try to request the page that echos out the IP address, it echos out something I, not the server, designates, such as '11.111.111.111' for example, if it's even possible.

 

Thanks!

Link to comment
Share on other sites

You can't, because the IP address comes from the TCP/IP data packet and the source IP address in the data packet is where the server will send the response back to. So, even if you could form a TCP/IP data packet with any source IP address in it, the response from the server would not be sent back to you, it would be sent back to that IP address. And since your router will not pass any data packet that does not match the IP of the port you are connected to, if you could form your own data packet, it would not make it past your router.

Link to comment
Share on other sites

Okay, one of the reasons as to why IP Spoofing is considered so much tough to perform is the fact that it is blind attack. What this means is that, you do not get any data back, When you perform any transaction via a Spoofed IP, there is no mechanism which tells you, whether he has been successful or not.

 

So to sum up you could just say submit a entry to a form via a spoofed IP but if you had to enter an image verifcation code you would fail as you can't see that info.. AKA blind

 

hope that helps

 

EDIT: i Also agree with PFMaBiSmAd

Link to comment
Share on other sites

Okay, one of the reasons as to why IP Spoofing is considered so much tough to perform is the fact that it is blind attack. What this means is that, you do not get any data back, When you perform any transaction via a Spoofed IP, there is no mechanism which tells you, whether he has been successful or not.

 

So to sum up you could just say submit a entry to a form via a spoofed IP but if you had to enter an image verifcation code you would fail as you can't see that info.. AKA blind

 

hope that helps

 

EDIT: i Also agree with PFMaBiSmAd

 

You know that made ALOT of sense, thank you. :)

 

Oh but, as far as that proxy method goes, still possible right? If so, how?

Link to comment
Share on other sites

If the owner of the site you are automatically posting to/grabbing content from did not mind bot scripts doing those things, he would not be banning the static IP address of the server(s) doing it.

 

If you have a legitimate reason for doing whatever it is you are doing, contact the site's owner and have your IP address put onto a "white" list of servers that are permitted to automatically connect to the site.

Link to comment
Share on other sites

  • 8 months later...

Though this technique does not make much sense.  It can be useful when you are trying to spoof a voting system that takes it's params via post or uri.  They limit voting to 1 per IP per day, but if you could make a script that has a list of many proxies.  Then you can vote many times per day.

Link to comment
Share on other sites

Captcha will stop Blind IP Spoofs, as for rigging a poll, well you could just require membership maybe even require a minimum of 10 posts and  and unique email.. yes they could still do it but it takes longer ;)

 

in any case this is an old solved thread.. so their probably not much point making suggestions now

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.