Penetration Testing mailing list archives

Re: Strange server test tool

From: Christophe Vandeplas <christophe () vandeplas com>
Date: Sun, 19 Feb 2006 08:43:00 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Luchino - Samel wrote:

Hi all,
i'm new to the list and i need a tool to test some web server.
The tool i'm watching for have to send a raw http packet with a http
request for a page from a specified IP
--
GET http://www.the_host_to_test.kind/dir/page.asp?var=value
from a specified IP [Not my because i've to test how the server react
for different host]
--
I don't mind the result of the request, i've only to watch the server
[obviously].
Someone know a tool that can do that?


Do you mean you want a tool that performs the HTTP GET operation using a
spoofed IP?

That is not possible as there is the usual 3-way handshake. (SYN,
SYN/ACK, ACK)
The only way (to my knownledge) is to spoof all packets.
This means that you need a pentesting-computer located in the same
network as the IP you want to spoof.
The application you are looking for needs to sniff the network and get
the ID's of the SYN/ACK reply to it's able to send the final ACK.

I'm sorry but I don't really know a tool that does all this for you.
(but should be possible using self-written-scripts and output from tcpdump)

Good luck with your search.

- --
Christophe  Vandeplas - Belgium
mailto:christophe () vandeplas com
http://christophe.vandeplas.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1-ecc0.1.6 (GNU/Linux)

iD8DBQFD+CGEOyvlYhSROJcRAr1bAJ9fFJ112s90eWWylOaMx6prp327WwCeOd+o
+Yb6LB4okus4hAE+2ObR8+E=
=wMsm
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Strange server test tool Luchino - Samel (Feb 18)
- Re: Strange server test tool Christophe Vandeplas (Feb 19)
- Re: Strange server test tool pagvac (Feb 19)
- Re: Strange server test tool Zlotan (Feb 19)
- Re: Strange server test tool Fabien Degouet (Feb 19)
- Re: Strange server test tool Volker Tanger (Feb 19)
- <Possible follow-ups>
- Strange server test tool Luchino - Samel (Feb 19)
  - RE: Strange server test tool Debasis Mohanty (Feb 20)
  - Re: Strange server test tool Xman Security (Feb 22)
- RE: Strange server test tool Anders Thulin (Feb 20)
  - Re: Strange server test tool Hariharan (Feb 21)
- Re: Re: Strange server test tool cswift300 (Feb 21)