Spoof source address in a UDP packet (fsockopen)

[soadlink]

What would be the easiest/quickest way to spoof the source address of a UDP packet so it appears to be coming from somewhere else? Or if it was just possible to have an optional field for it like so:

 

$socket = fsockopen("udp://" . 'destinationip', 'destinationport', 'sourceip', 'sourceport', $err, $str, 10);

 

Probably wont be easy, but I just thought I'd ask to see if anyone knows a way if it's even feasible.

 

Also, I already tried posting in the core php hacking since I didn't find a way to do this with normal functions, but I was told it's the wrong thread, so here I am.

[printf]

You can't without changing the PHP core and the OS core, because the SYN flag can't be set by PHP, it's done internally. It's a security feature.

[soadlink]

For the UDP protocol? I didn't think it used SYNs because it doesn't care about arrival, ordering, etc. It just sends it out (connectionless).

[ShogunWarrior]

AFAIK the address is handled by the network layer. In PHP you are generally working at application level, transport level at best. You could go through a proxy but I don't think it's possible to make up your address, but if it is I'll be surprised.

[Azu]

You can't without changing the PHP core and the OS core, because the SYN flag can't be set by PHP, it's done internally. It's a security feature.

I think it's TCP that uses SYN not UDP. I'm pretty sure UDP is stateless.

 

 

Anyways if it can't be done by default in PHP, you could probably make an extension that will let you do that.

[btherl]

Just to clarify a few things

 

- Yes, SYN is part of TCP.  UDP is stateless

- To forge your ip address you need root access

 

I don't think there's any existing API in php for doing this.  At the C level, you need to use a raw socket to construct your UDP packet with a fake source address.

[Azu]

But can't PHP extensions (written in C) do anything that can be done in C..?

[btherl]

Yep, definitely.  You could write a C extension to use raw sockets and construct whatever packets you wanted.  I was interpreting the original post as asking if there was already an extension to do it.  Though now that I read again, I think he was asking for ANY way.

 

While looking on google I noticed that perl has an extension for raw sockets, using the C functions.  Actually it's relevant here whether it's windows or linux .. given that this post is from february, i'm not expecting clarification from the original poster all that soon

[devreflex2004]

SOme cool and useful responses here, thanks a lot