Re: Strange server test tool

From: Christophe Vandeplas (christophe@vandeplas.com)
Date: Sun Feb 19 2006 - 02:43:00 EST

• Next message: pagvac: "Re: Strange server test tool"
• Previous message: Donald: "DÍSCOUNTED VÍAGRA"
• In reply to: Luchino - Samel: "Strange server test tool"
• Next in thread: pagvac: "Re: Strange server test tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Luchino - Samel wrote:
> Hi all,
> i'm new to the list and i need a tool to test some web server.
> The tool i'm watching for have to send a raw http packet with a http
> request for a page from a specified IP
> --
> GET http://www.the_host_to_test.kind/dir/page.asp?var=value
> from a specified IP [Not my because i've to test how the server react
> for different host]
> --
> I don't mind the result of the request, i've only to watch the server
> [obviously].
> Someone know a tool that can do that?

Do you mean you want a tool that performs the HTTP GET operation using a
spoofed IP?

That is not possible as there is the usual 3-way handshake. (SYN,
SYN/ACK, ACK)
The only way (to my knownledge) is to spoof all packets.
This means that you need a pentesting-computer located in the same
network as the IP you want to spoof.
The application you are looking for needs to sniff the network and get
the ID's of the SYN/ACK reply to it's able to send the final ACK.

I'm sorry but I don't really know a tool that does all this for you.
(but should be possible using self-written-scripts and output from tcpdump)

Good luck with your search.

- --
Christophe Vandeplas - Belgium
mailto:christophe@vandeplas.com
http://christophe.vandeplas.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1-ecc0.1.6 (GNU/Linux)

iD8DBQFD+CGEOyvlYhSROJcRAr1bAJ9fFJ112s90eWWylOaMx6prp327WwCeOd+o
+Yb6LB4okus4hAE+2ObR8+E=
=wMsm
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: pagvac: "Re: Strange server test tool"
• Previous message: Donald: "DÍSCOUNTED VÍAGRA"
• In reply to: Luchino - Samel: "Strange server test tool"
• Next in thread: pagvac: "Re: Strange server test tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:32 EDT