Penetration Testing mailing list archives
Re: Strange server test tool
From: Christophe Vandeplas <christophe () vandeplas com>
Date: Sun, 19 Feb 2006 08:43:00 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Luchino - Samel wrote:
Hi all, i'm new to the list and i need a tool to test some web server. The tool i'm watching for have to send a raw http packet with a http request for a page from a specified IP -- GET http://www.the_host_to_test.kind/dir/page.asp?var=value from a specified IP [Not my because i've to test how the server react for different host] -- I don't mind the result of the request, i've only to watch the server [obviously]. Someone know a tool that can do that?
Do you mean you want a tool that performs the HTTP GET operation using a spoofed IP? That is not possible as there is the usual 3-way handshake. (SYN, SYN/ACK, ACK) The only way (to my knownledge) is to spoof all packets. This means that you need a pentesting-computer located in the same network as the IP you want to spoof. The application you are looking for needs to sniff the network and get the ID's of the SYN/ACK reply to it's able to send the final ACK. I'm sorry but I don't really know a tool that does all this for you. (but should be possible using self-written-scripts and output from tcpdump) Good luck with your search. - -- Christophe Vandeplas - Belgium mailto:christophe () vandeplas com http://christophe.vandeplas.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1-ecc0.1.6 (GNU/Linux) iD8DBQFD+CGEOyvlYhSROJcRAr1bAJ9fFJ112s90eWWylOaMx6prp327WwCeOd+o +Yb6LB4okus4hAE+2ObR8+E= =wMsm -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Strange server test tool Luchino - Samel (Feb 18)
- Re: Strange server test tool Christophe Vandeplas (Feb 19)
- Re: Strange server test tool pagvac (Feb 19)
- Re: Strange server test tool Zlotan (Feb 19)
- Re: Strange server test tool Fabien Degouet (Feb 19)
- Re: Strange server test tool Volker Tanger (Feb 19)
- <Possible follow-ups>
- Strange server test tool Luchino - Samel (Feb 19)
- RE: Strange server test tool Debasis Mohanty (Feb 20)
- Re: Strange server test tool Xman Security (Feb 22)
- RE: Strange server test tool Anders Thulin (Feb 20)
- Re: Strange server test tool Hariharan (Feb 21)
- Re: Re: Strange server test tool cswift300 (Feb 21)