From: Debasis Mohanty (mail@hackingspirits.com)
Date: Sun Feb 19 2006 - 22:58:22 EST
Just to make life easy, try 'fiddler' or any MITM proxy and manipulate the
the "Host:" key in the request header with the IP address of your choice.
However, the "Host:" key modification method can only fool the webservers
and webapps but not the firewall or IDS.
Another thought - How about using open proxies??
- D
-----Original Message-----
From: Luchino - Samel [mailto:samelinux@gmail.com]
Sent: Monday, February 20, 2006 5:58 AM
To: pen-test@securityfocus.com
Subject: Strange server test tool
I think that Christophe Vandeplas have understand me ... and i agree with
him.
I need a test tool that request a web page with a spoofed ip and that's not
possible, but i'll look at the tool all of you have write about.
-- Samel alias Luca "Close the world,txen eht nepo!" "You will never break my mind!" http://s1.bitefight.it/c.php?uid=23270 LinuxUser:410006 eversor:316704 cortana:316705 PGP KeyID: B4234B4B FingerPrint: 46C477C939B3D0366275DB5EAFA77638B4234B4B ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:32 EDT