发表新帖
发表新帖

Fake HTTP Get Requests

前端 未结
关注
7 1173
小蘑菇
小蘑菇 2020-12-31 21:07

i have noticed certain sites which allows limited hit per IP so can i programatically make them feel that requests are not coming from the same IP ,

well i am not

相关标签:
7条回答
  • 梦毁少年i
    2020-12-31 21:41

    No, sites that perform rate control based on source IP would be very naive if they implemented it using spoofable headers.

    0 讨论(0)
  • 佛祖请我去吃肉
    2020-12-31 21:45

    No, it isn't possible to fool such systems using just Http header change. A possible way to achieve your goal would be using Tor network.

    0 讨论(0)
  • 青春惊慌失措
    2020-12-31 21:52

    Firstly, I'd hope that any sites which are trying to do source throttling aren't going to trust some arbitrary header. The packet says where the response has to go back to - I'd hope that they'd throttle based on that.

    Secondly, if a site doesn't want you to hit them repeatedly, don't you think it's rude of you to try to circumvent that? If I were a site owner and I noticed someone trying to do that, I'd probably blanket ban them if at all possible.

    0 讨论(0)
  • 失恋的感觉
    2020-12-31 21:53

    I am guessing the filter is being applied at the IP packet level rather than at the higher level HTTP level. In this case Yes and No.

    Yes - it is technically possible to spoof your IP address so the IP packets look like they've come from elsewhere.

    No - in that it is unlikely to be useful. If you spoof the "from" address on the TCP packets, then any replies from the machine you are connecting to will be lost as they try to route to the spoofed IP address. You'll get nothing back.

    That is, you won't even be able to complete the TCP Three-Way-Handshake. Until that process is completed, you cannot even send anything down the connection - because there isn't even a connection, to begin with. HTTP runs over TCP, so unless you complete the handshake (which requires a valid 'from' IP address), you can't make any use of this.

    An old trick was to use something called "Source Routing"; where TCP packets included information on how to route the information. This was for diagnostic use way back "in the day". You could put yourself in the designated route, and then just stop the packets when they reach you and reply to them, again with the source-routing information.

    But this technique does not work at all anymore, because almost every single router on the Internet these days simply drops source-routed packets, as there is no legitimate need for them - and lots of potential havoc to be wreaked.

    0 讨论(0)
  • 轻奢々
    2020-12-31 21:57

    The "proper" way, if I can use that term for something unwholesome, to make sites think a different IP has made a request is to use a proxied connection. The site is probably actually checking the source IP address, which is not a property of the HTTP request. So, the response will be delivered to your "other" IP. You should look at ssh -D, or privoxy, or another piece of software to funnel all your traffic with the site through a remote intermediary.

    0 讨论(0)
  • 栀梦
    2020-12-31 22:00

    No, you can't do it progmatically, unless you are using some kind of proxy.

    Normally the IP detection comes from the IP level, not from the HTTP header. If someone is detecting IP's through the header, well...it's wrong.

    0 讨论(0)
 看不清?
提交回复
热议问题