Penetration Testing mailing list archives

RE: RE: Session & IP Spoofing

From: "MARTIN M. Bénoni" <benoni_martin () hotmail com>
Date: Thu, 04 Dec 2003 17:15:01 +0000

I think you have at lesat the two following solutions:

- Two machines: the first one sends the real GET to the second one, whichforwards the request to the target after sooping the IP (with Hping2 forinstance).- Just a machine, a Windows one: a programm such as RafaleX should allowyou to send whatever you want, even spoofing the MAC source address. Nemesiscan create a custom packet (but i am not sure the payload can be an HTTPGET)


Hope these hints will help!

From: "pire pire" <pirepire69 () romandie com>
To: MThompson () brinkster com, <pen-test () securityfocus com>
Subject: RE: RE: Session & IP Spoofing
Date: Thu, 4 Dec 2003 10:54:18 +0100

No I don't care about the return traffic! All I
need is to sen I GET request with a spoofed IP!

Example:

GET /toto.php?sessionId=123456&transfer=1000
Host: www.toto.com

I just need to send this request to the server
with the ip adress belonging to the sessionID
I've got throuh my XSS!

So how do you do that?

Thanks for your help

---------------------------------------
You can spoof any IP. The question is do you
want the return traffic.

-----Original Message-----
 From: pire pire
[mailto:pirepire69 () romandie com]
Sent: Tuesday, December 02, 2003 5:02 PM
To: pen-test () securityfocus com
Subject: Session & IP Spoofing

Hi,

I've found a vulnerability in a Web App which
gave me via an XSS the sessionID token.

I would like to replay this token. But the
session ID manager (on the server) seems to
look
also to IP adresses.

So my question is: Is there a way to spoof my
ip
address in order to replay the sessionID??

Like:
http://www.tutu.com/toto.php?
sessionid=32443243
and some how spoof of my IP?!

If I replay the sessionid from my machine or an
other machine behind my NAT (same outside IP)
it
works!!

Thanks a lot for your help

_______________________________________________

La messagerie gratuite des romands : 10 MO !!!
Profitez-en ! >>> http://www.romandie.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------


_________________________________________________________________

Add photos to your e-mail with MSN 8. Get 2 months FREE*.http://join.msn.com/?page=features/featuredemail



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Session & IP Spoofing pire pire (Dec 03)
- Re: Session & IP Spoofing Stephen de Vries (Dec 03)
- <Possible follow-ups>
- RE: Session & IP Spoofing Micheal Thompson (Dec 03)
- RE: Session & IP Spoofing Scovetta, Michael V (Dec 03)
- RE: RE: Session & IP Spoofing pire pire (Dec 04)
  - Re: RE: Session & IP Spoofing Nexus (Dec 04)
    - Re: RE: Session & IP Spoofing Frank Knobbe (Dec 06)
  - RE: RE: Session & IP Spoofing Rob Shein (Dec 06)
- RE: RE: Session & IP Spoofing MARTIN M. Bénoni (Dec 04)
- RE: RE: Session & IP Spoofing Micheal Thompson (Dec 06)
- RE: RE: Session & IP Spoofing Scovetta, Michael V (Dec 06)