Jump to content

Archived

This topic is now archived and is closed to further replies.

Dale_G

[SOLVED] Set custom IP address using cURL "CURLOPT_INTERFACE", is it possible?

Recommended Posts

Hey there.

 

I'm using cURL to retrieve the contents of a page, this page, happens to echo out the IP Address, via

 

echo '<b>IP:</b> '.$_SERVER['REMOTE_ADDR'];

 

Now, I was able to successfully change, and set both the referer AND the user agent, to anything. Is this possible with the IP Address as well?

 

Basically, how can I have it so when I try to request the page that echos out the IP address, it echos out something I, not the server, designates, such as '11.111.111.111' for example, if it's even possible.

 

Thanks!

Share this post


Link to post
Share on other sites

You could but the returned data wouldn't go to you.. it would go to the other IP..

you could use a Proxy Server

Share this post


Link to post
Share on other sites

tbh, I once also looked for a solution to the same problem, but I came up with nothing. Would be happy to hear an answer here.

 

Orio.

Share this post


Link to post
Share on other sites

You could but the returned data wouldn't go to you.. it would go to the other IP..

you could use a Proxy Server

 

Any advice on how I would go about doing that maybe? :D

Share this post


Link to post
Share on other sites

You can't, because the IP address comes from the TCP/IP data packet and the source IP address in the data packet is where the server will send the response back to. So, even if you could form a TCP/IP data packet with any source IP address in it, the response from the server would not be sent back to you, it would be sent back to that IP address. And since your router will not pass any data packet that does not match the IP of the port you are connected to, if you could form your own data packet, it would not make it past your router.

Share this post


Link to post
Share on other sites

Okay, one of the reasons as to why IP Spoofing is considered so much tough to perform is the fact that it is blind attack. What this means is that, you do not get any data back, When you perform any transaction via a Spoofed IP, there is no mechanism which tells you, whether he has been successful or not.

 

So to sum up you could just say submit a entry to a form via a spoofed IP but if you had to enter an image verifcation code you would fail as you can't see that info.. AKA blind

 

hope that helps

 

EDIT: i Also agree with PFMaBiSmAd

Share this post


Link to post
Share on other sites

Okay, one of the reasons as to why IP Spoofing is considered so much tough to perform is the fact that it is blind attack. What this means is that, you do not get any data back, When you perform any transaction via a Spoofed IP, there is no mechanism which tells you, whether he has been successful or not.

 

So to sum up you could just say submit a entry to a form via a spoofed IP but if you had to enter an image verifcation code you would fail as you can't see that info.. AKA blind

 

hope that helps

 

EDIT: i Also agree with PFMaBiSmAd

 

You know that made ALOT of sense, thank you. :)

 

Oh but, as far as that proxy method goes, still possible right? If so, how?

Share this post


Link to post
Share on other sites

Any advice on how I would go about doing that maybe? :D

 

Read up on connecting sockets to web proxies.. then find some free web proxies (test it works, in IE for example) then send the data via that proxy

Share this post


Link to post
Share on other sites

But if, let's say, I don't care what the response is.. Say I only want to send data, it should be possible, right?

 

Orio.

Share this post


Link to post
Share on other sites

If the owner of the site you are automatically posting to/grabbing content from did not mind bot scripts doing those things, he would not be banning the static IP address of the server(s) doing it.

 

If you have a legitimate reason for doing whatever it is you are doing, contact the site's owner and have your IP address put onto a "white" list of servers that are permitted to automatically connect to the site.

Share this post


Link to post
Share on other sites

It was never something specific I wanted to do, I just once tried to find out if that was possible, and I never found a solution. I'm just stubborn :)

 

Orio.

Share this post


Link to post
Share on other sites

Though this technique does not make much sense.  It can be useful when you are trying to spoof a voting system that takes it's params via post or uri.  They limit voting to 1 per IP per day, but if you could make a script that has a list of many proxies.  Then you can vote many times per day.

Share this post


Link to post
Share on other sites

Captcha will stop Blind IP Spoofs, as for rigging a poll, well you could just require membership maybe even require a minimum of 10 posts and  and unique email.. yes they could still do it but it takes longer ;)

 

in any case this is an old solved thread.. so their probably not much point making suggestions now

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.