Closed HenkB closed 13 years ago
The elephant in the room related to https://github.com/NewEraCracker/LOIC/issues#issue/26
Is adding "X-Forwarded-For: $random" sufficient? It would seem to be better to remove the source IP address - how to do that?
My last 2 commits implement the X-Forwarded-For header. Still needs testing, both as a valid http request, and as how effective it is at spoofing.
https://github.com/particleSwarm/LOIC/commit/e0f960b464d4b7c3e7af0e646584e619f15d159b
https://github.com/particleSwarm/LOIC/commit/4adf1993cbb1f87a92867624c1d1dccc15c36c0b
hmm... wonder why that project no longer exists...
Closed.
When using HTTP in a "test" of a webserver the IP of the PC running LOIC is logged in the logfiles of the webserver. However, by inserting an extra header in the GET request the server can be tricked into thinking the request came through a proxy (the PC running LOIC) and instead of this IP it will log the IP of the "original" requestor.
For example: when adding the following header:
X-Forwarded-For: 70.106.34.24
This IP will be stored in the logfiles.
Perhaps LOIC could add this functionality? A checkbox saying "Fake proxy server" and a freeform field for an IP, or even perhaps have LOIC generate a different IP for every request sent.