NewEraCracker / LOIC

Deprecated - Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox's LOIC project. USE ON YOUR OWN RISK. WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. IF YOU GET V& IT IS YOUR FAULT.
https://github.com/NewEraCracker/LOIC/
Other
2.66k stars 650 forks source link

Use fake proxy to "spoof" IP in logfiles #29

Closed HenkB closed 13 years ago

HenkB commented 13 years ago

When using HTTP in a "test" of a webserver the IP of the PC running LOIC is logged in the logfiles of the webserver. However, by inserting an extra header in the GET request the server can be tricked into thinking the request came through a proxy (the PC running LOIC) and instead of this IP it will log the IP of the "original" requestor.

For example: when adding the following header:

X-Forwarded-For: 70.106.34.24

This IP will be stored in the logfiles.

Perhaps LOIC could add this functionality? A checkbox saying "Fake proxy server" and a freeform field for an IP, or even perhaps have LOIC generate a different IP for every request sent.

CorporateCog commented 13 years ago

The elephant in the room related to https://github.com/NewEraCracker/LOIC/issues#issue/26

Is adding "X-Forwarded-For: $random" sufficient? It would seem to be better to remove the source IP address - how to do that?

CorporateCog commented 13 years ago

My last 2 commits implement the X-Forwarded-For header. Still needs testing, both as a valid http request, and as how effective it is at spoofing.

https://github.com/particleSwarm/LOIC/commit/e0f960b464d4b7c3e7af0e646584e619f15d159b

https://github.com/particleSwarm/LOIC/commit/4adf1993cbb1f87a92867624c1d1dccc15c36c0b

NewEraCracker commented 13 years ago

hmm... wonder why that project no longer exists...

Closed.