Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Strange server test tool

from [Christophe Vandeplas] Network Security [Permanent Link]
Subject: Re: Strange server test tool
Date: Sun, 19 Feb 2006 08:43:00 +0100 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Luchino - Samel wrote:

Hi all,
i'm new to the list and i need a tool to test some web server.
The tool i'm watching for have to send a raw http packet with a http
request for a page from a specified IP
--
GET http://www.the_host_to_test.kind/dir/page.asp?var=value
from a specified IP [Not my because i've to test how the server react
for different host]
--
I don't mind the result of the request, i've only to watch the server
[obviously].
Someone know a tool that can do that?


Do you mean you want a tool that performs the HTTP GET operation using a
spoofed IP?

That is not possible as there is the usual 3-way handshake. (SYN,
SYN/ACK, ACK)
The only way (to my knownledge) is to spoof all packets.
This means that you need a pentesting-computer located in the same
network as the IP you want to spoof.
The application you are looking for needs to sniff the network and get
the ID's of the SYN/ACK reply to it's able to send the final ACK.

I'm sorry but I don't really know a tool that does all this for you.
(but should be possible using self-written-scripts and output from tcpdump)

Good luck with your search.

- --
Christophe  Vandeplas - Belgium
mailto:christophe@vandeplas.com
http://christophe.vandeplas.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1-ecc0.1.6 (GNU/Linux)

iD8DBQFD+CGEOyvlYhSROJcRAr1bAJ9fFJ112s90eWWylOaMx6prp327WwCeOd+o
+Yb6LB4okus4hAE+2ObR8+E=
=wMsm
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Strange server test tool, pagvac
Next by Date:  Strange server test tool, Luchino - Samel
Previous by Thread:  Re: Strange server test tool, pagvac
Next by Thread:  Re: Strange server test tool, Zlotan
Indexes:  [Date] [Thread] [Top] [All Lists]