Jump to content


Photo
- - - - -

Packet Crafting ... Is This Possible?


  • Please log in to reply
1 reply to this topic

#1 GeeVee

GeeVee

    Will I break 10 posts?

  • Members
  • 4 posts
  • Gender:Male

Posted 11 December 2011 - 11:49 AM

I've found a website were anonymous votes can be cast. The votes are cast via a simple GET request:

/cast_vote.php?t={TIMESTAMP HERE}

There is a response, but it's a blank response. It's one vote per IP address. Only IP's from within the UK can vote, other votes are ignored.

So, I thought about packet crafting. If I was to use a tool such as scapy, would it be possible to alter the source address to a random IP within a UK IP class (such as a mobile network provider, or ISP) and send multiple GET requests?

I understand I wouldn't get a response, the response is not important. But I have a couple of questions ...

1. By altering the source addresses from my computer, would it go through my router, and ISP, with the same source address and reach the destination?
2. Would the response get sent to the IP addresses I've effectively spoofed? And if not, would this effect the voting if the server can't send a response?

Thanks for any advice in advanced.

#2 jfalcon

jfalcon

    Hakker addict

  • Agents of the Revolution
  • 593 posts
  • Location:Living within the ether

Posted 15 December 2011 - 05:04 PM

I've found a website were anonymous votes can be cast. The votes are cast via a simple GET request:

/cast_vote.php?t={TIMESTAMP HERE}

There is a response, but it's a blank response. It's one vote per IP address. Only IP's from within the UK can vote, other votes are ignored.

So, I thought about packet crafting. If I was to use a tool such as scapy, would it be possible to alter the source address to a random IP within a UK IP class (such as a mobile network provider, or ISP) and send multiple GET requests?

I understand I wouldn't get a response, the response is not important. But I have a couple of questions ...

1. By altering the source addresses from my computer, would it go through my router, and ISP, with the same source address and reach the destination?
2. Would the response get sent to the IP addresses I've effectively spoofed? And if not, would this effect the voting if the server can't send a response?

Thanks for any advice in advanced.


Many of your questions shall be answered here:
http://www.iss.net/s...ing/default.htm




BinRev is hosted by the great people at Lunarpages!