Spoof POST data?

JD · **Joined:** 08 Jun 2008 07:17 **Posts:** 92

Is it possible to spoof this data?

I haven't figured out how to capture it but tamper data addon can some what show me.

Here is a picture below

Can someone explain how I would go about capture this one packet and change some info in it, then send it spoofed. I don't need a response back from the POST/GET I just want to send one spoofed packet to see what happens.

Any help would be great.

EDIT: I saved a webform and just edited the login info like above picture, I want to send this info spoofed with another live IP(my friends)

so lets say my friends IP is 222.222.222.222 and mine is 111.111.111.111

Is it possible to send a spoofed POST (with the IP 222.222.222.222)?
Would their connection get the rest of the packets,would the POST even get to the server?

SomaFM · **Joined:** 16 Aug 2007 06:25 **Posts:** 367

If the connection is TCP (which is the case with HTTP)... the client must first establish a TCP session using the 3-way handshake before data can be sent/received. Otherwise, the server will most likely reply with a RST reset packet. 3-way handshake is like so:

1) client -> server: SYN
2) server -> client: ACK
3) client -> server: SYN/ACK
4) ...data can now be sent/received

So if you establish the connection on 111.111.111.111 and then try to send data from 222.222.222.222 the server will send a RST packet to 222.222.222.222 because the handshake was never performed via 222.222.222.222.

UDP packets are another story since UDP is 'connectionless' (no handshake needed)... but HTTP doesn't use UDP so that's no good. Though it's good to know information.

JD · **Joined:** 08 Jun 2008 07:17 **Posts:** 92

So I was reading http://en.wikipedia.org/wiki/TCP_sequence_prediction_attack

I just can't figure some things out, how long is the sequence key?

Is it just number?, if so how long?

Last can't I build something to brute force or send my data with a new sequence key that goes up by 1 each time?(if its a numerical key)

Lets say

I sent 1million packets with the same data but each got a different sequence key, one of those might have the right key?

I just want to make sure my packet can get their, I don't need a response(I hope that's the word) packet back.

Sethioz · **Posted:** 19 Jul 2009 18:14

it is impossible to send data with somebody elses IP. only way is to use proxy server.
unless the specific site, forum, chat or whatever there is has a specific exploit which allows that. otherwise they always see the source of the packet, which would be your IP or proxy.

maybe it is possible in some way if you have a satellite uplink and you directly intercept the data from the ISP which your 'friend' is using. in any other case ... destination always sees the source IP where it was sent, no matter how much data you change.
also do not mistake it with some basic chatrooms or some php based site systems, which could be fooled easily. here's an example:
i have exploited flashchat (a flash based chatroom) and there if you enter with a proxy (or in theory spoof ip) and then turn the proxy off and admin or moderator does "whois" on you, then they still see the IP you had upon join, BUT if site admin would check the log files, then he would still see your real IP (or proxy if you keep it on).

aluigi · **Posted:** 19 Jul 2009 18:59

forgive to catch the correct syn for tons of reasons.
if you have a windows 98 or an old windows NT you can try the tcp spoofing thing which affected these systems where the syn was time based and so completely predictible:

http://aluigi.org/mytoolz/tcps.zip

Luigi Auriemma

Spoof POST data?