RE: RE: Session & IP Spoofing

From: MARTIN M. Bénoni (benoni_martin@hotmail.com)
Date: Thu Dec 04 2003 - 12:15:01 EST

• Next message: Nexus: "Re: RE: Session & IP Spoofing"
• Previous message: Franck Veysset: "Re: RING Fingerprinting?"
• Maybe in reply to: Scovetta, Michael V: "RE: Session & IP Spoofing"
• Next in thread: Micheal Thompson: "RE: RE: Session & IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think you have at lesat the two following solutions:
- Two machines: the first one sends the real GET to the second one, which
forwards the request to the target after sooping the IP (with Hping2 for
instance).
- Just a machine, a Windows one: a programm such as RafaleX should allow
you to send whatever you want, even spoofing the MAC source address. Nemesis
can create a custom packet (but i am not sure the payload can be an HTTP
GET)

Hope these hints will help!

>From: "pire pire" <pirepire69@romandie.com>
>To: MThompson@brinkster.com, <pen-test@securityfocus.com>
>Subject: RE: RE: Session & IP Spoofing
>Date: Thu, 4 Dec 2003 10:54:18 +0100
>
>No I don't care about the return traffic! All I
>need is to sen I GET request with a spoofed IP!
>
>Example:
>
>GET /toto.php?sessionId=123456&transfer=1000
>Host: www.toto.com
>
>I just need to send this request to the server
>with the ip adress belonging to the sessionID
>I've got throuh my XSS!
>
>
>So how do you do that?
>
>
>Thanks for your help
>
>
>
>
>
>
>
>---------------------------------------
>You can spoof any IP. The question is do you
>want the return traffic.
>
>-----Original Message-----
> From: pire pire
>[mailto:pirepire69@romandie.com]
>Sent: Tuesday, December 02, 2003 5:02 PM
>To: pen-test@securityfocus.com
>Subject: Session & IP Spoofing
>
>Hi,
>
>I've found a vulnerability in a Web App which
>gave me via an XSS the sessionID token.
>
>I would like to replay this token. But the
>session ID manager (on the server) seems to
>look
>also to IP adresses.
>
>So my question is: Is there a way to spoof my
>ip
>address in order to replay the sessionID??
>
>Like:
>http://www.tutu.com/toto.php?
>sessionid=32443243
>and some how spoof of my IP?!
>
>If I replay the sessionid from my machine or an
>other machine behind my NAT (same outside IP)
>it
>works!!
>
>Thanks a lot for your help
>
>
>_______________________________________________
>
>La messagerie gratuite des romands : 10 MO !!!
>Profitez-en ! >>> http://www.romandie.com
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Nexus: "Re: RE: Session & IP Spoofing"
• Previous message: Franck Veysset: "Re: RING Fingerprinting?"
• Maybe in reply to: Scovetta, Michael V: "RE: Session & IP Spoofing"
• Next in thread: Micheal Thompson: "RE: RE: Session & IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT