tags:

views:

41

answers:

2
Q: 

How does client-machine/browser handle unrequested HTTP response?

Imagine the following:

  • User goes to script (http://sample.org/test.php),

  • Script sends an HTTP request to some other page (http://google.com/). For this example, we'll say using curl.

  • The script sets the IP address of the request to the user's IP, via CURLOPT_INTERFACE.

I know already that the requesting script will not receive the response, as the remote-host will send any responses to the IP address given in the request.

What I am wondering is what happens to this response? Assuming the client is on a LAN that has one external address and that all traffic sent to that IP is handled by a router acting as a DHCP server, will the response even get back to the user's machine? If it did, would there be any way to ensure that it was handled by the user's browser? And if so, how would the browser handle this, typically? Would it open a new window with Google in it?

I definitely have a follow up to this question, but I am very curious what goes on at this level, before I experiment further.

+4  A: 
  • The script sets the IP address of the request to the user's IP, via CURLOPT_INTERFACE.

Usually, this won't work. Your ISP knows which IP address you are supposed to have and will not forward traffic coming from "fake" IP addresses.

In particular, since you can only communicate one-way with a fake IP (since the answer won't reach you), you would not be able to establish a working TCP connection, since TCP requires a three-way handshake. Thus, you wouldn't be able to submit your web request.

What I am wondering is what happens to this response? Assuming the client is on a LAN that has one external address and that all traffic sent to that IP is handled by a router acting as a DHCP server, will the response even get back to the user's machine?

If the user's PC has an internal IP address and uses NAT, the router will not know which LAN machine to forward the packet to (since it did not see any outgoing request to which it could match that response). Therefore, the answer would be dropped.

Even if you could get the response to reach the client:

If it did, would there be any way to ensure that it was handled by the user's browser?

No. As stated above, a TCP request consists of a three-way handshake. This handshake has not been completed, so the operating system would just drop the packet.

Heinzi  2010-01-17 23:00:41
+2  A: 

CURLOPT_INTERFACE is for use on computers that have multiple IP addresses assigned to them, to specify which of those addresses should be used as the source IP for the connection. You can't use it to spoof some other computer's IP address. Most likely you'll either get an error, or the option will be ignored and the OS will choose a source interface automatically (the default behavior).

The response will be returned on the same TCP connection as the request.

Wyzard  2010-01-17 23:32:03
what makes you think you can't create an interface that uses another machine's IP on the LAN?
jspcal  2010-01-18 05:32:17
The question was about a PHP script trying to spoof arbitrary clients' IPs when making new outgoing connections, so that the remote end sends packets directly back to the original client rather than to the host where the PHP script is running. It'd be possible to make that happen in a contrived scenario involving duplicated IPs on a LAN, but in real-world use-cases it will not work.
Wyzard  2010-01-18 07:48:16

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.