Spoofing the origination IP address of an HTTP request

views:

2109

answers:

+5 Q:

Spoofing the origination IP address of an HTTP request

This only needs to work on a single subnet and is not for malicious use.

I have a load testing tool written in Python that basically blasts HTTP requests at a URL. I need to run performance tests against an IP-based load balancer, so the requests must come from a range of IP's. Most commercial performance tools provide this functionality, but I want to build it into my own.

The tool uses Python's urllib2 for transport. Is it possible to send HTTP requests with spoofed IP addresses for the packets making up the request?

+2 A:

You want to set the source address used for the connection. Googling "urllib2 source address" gives http://bugs.python.org/file9988/urllib2_util.py. I havn't tried it.

The system you're running on needs to be configured with the IPs you're testing from.

Glenn Maynard 2009-07-25 01:15:44

This is the right approach - give your testing box many IPs and make the testing app cycle through them as it makes the connections.

caf 2009-07-29 02:02:05

+2 A:

Quick note, as I just learned this yesterday:

I think you've implied you know this already, but any responses to an HTTP request go to the IP address that shows up in the header. So if you are wanting to see those responses, you need to have control of the router and have it set up so that the spoofed IPs are all routed back to the IP you are using to view the responses.

Anthony 2009-07-25 01:27:55

+9 A:

Unknown 2009-07-25 01:46:29

good point. no clue how a tcp handshake would occur if packets making up those tcp segments had fake ip headers. getting off-topic, but how would you implement a network/program to test and IP LB? and how do tools like LoadRunner do this?

Corey Goldberg 2009-07-25 02:54:28

I have no idea what LoadRunner is, but my guess is that they use a NAT which requires low level access to raw packets which rewrites incoming source packets and outbound destination packets on the fly. To do this, you may have to install PCAP http://en.wikipedia.org/wiki/Pcap. But I warn you, it is not as easy as using urllib2. On a side note, its also funny to see how many people here have no clue what they are talking about and I have been downvoted twice.

Unknown 2009-07-25 03:13:18

I guess that many programmers have no clue how networking works on a lower level, don't worry about it.

Gert 2009-07-25 11:15:36

I upvoted your comment and post.

Gert 2009-07-25 11:17:18

+1 A:

You could just use ip aliasing on a linux box and set up as many IP addresses as you want. Catch is you can't predict was IP will get stamped in the the IP header unless you set it to another network and set an explicit route for that network. i.e. -

current client address on eth0 = 192.168.1.10/24

server-side: ifconfig eth0:1 172.16.1.1 netmask 255.255.255.0

client-side: ifconfig eth0:1 172.16.1.2 netmask 255.255.255.0 route add -net 172.16.1.0/24 gw 172.16.1.1 metric 0

repeat for as many subnets as you want. Restart apache to set listeners on all the new alias interfaces and you're off and running

2009-07-25 02:50:19

+1 A:

I suggest seeing if you can configure your load balancer to make it's decision based on the X-Forwarded-For header, rather than the source IP of the packet containing the HTTP request. I know that most of the significant commercial load balancers have this capability.

If you can't do that, then I suggest that you probably need to configure a linux box with a whole heap of secondary IP's - don't bother configuring static routes on the LB, just make your linux box the default gateway of the LB device.

Rob Carr 2009-07-27 01:46:10

ansaurus

tags:

views:

answers:

Spoofing the origination IP address of an HTTP request

related questions