17

I have asp.net website hosted and I am making WebRequest to post data and get response. The website is having IP filtering. I want to spoof sender IP address for testing purpose. Is it possible to do it programmatically or I have to use any tool.

public string GetResponse(string request)
{  
    lock (Obj)  
    {  
        request = request + _dataControlInfo.SendEndingWith;  
        Logger.Info(request);  
        var req = (HttpWebRequest)WebRequest.Create(_serviceUrl);  
        req.Headers.Add("SOAPAction", "\"\"");  
        req.ContentType = "text/xml;charset=\"utf-8\"";  
        req.Accept = "text/xml";  
        req.Method = "POST";  
        var stm = req.GetRequestStream();  
        var bytes = UtfEncoding.StringToUtf8ByteArray(request);  
        stm.Write(bytes, 0, bytes.Length);  
        stm.Close();  
        var resp = req.GetResponse();  
        var stmr = new StreamReader(resp.GetResponseStream());  
        var strResponseXml = stmr.ReadToEnd();  
        Logger.Info(strResponseXml);  
        return strResponseXml;  
    }  
}

Please specify any possibilities.

John Saunders
  • 160,644
  • 26
  • 247
  • 397
Sunny Rajwadi
  • 322
  • 1
  • 4
  • 12
  • 1
    A dangerous prospect. IP filtering exists for a reason. I question whether this is the place for asking advice on how to circumvent security measures on remote web sites ... even if your intentions are good. – Matthew Cox Mar 15 '11 at 20:20
  • 4
    @Matthew Cox, where do you suggest he asks these kinds of questions :) – The Muffin Man Mar 15 '11 at 20:43
  • 1
    I am trying to check security for my own hosting server. Without testing proper security from development environment, I can not go with production. I think according to Matthew Cox this site is not for questions related to security :-D – Sunny Rajwadi Mar 15 '11 at 21:06

6 Answers6

17

What your looking for is SharpPCap which is a .NET port of WinPCap.. it allows you to do IP Spoofing, which is what your talking about. The only problem with your idea is that you wont be able to get a response back. You can send requests out, but if you dont have a proper return address then the request will be lost in the interwebs.

Edit

To do this yoruself w/out the help of a library you will need to construct the raw packets yourself. This has been answered here.

Community
  • 1
  • 1
Evan Larsen
  • 9,935
  • 4
  • 46
  • 60
  • Sorry for very late comment. I want to do this by c# code only. If you know anything then let me know. – Sunny Rajwadi Jan 25 '13 at 12:38
  • You cannot do this w/ just c# code because the .net library will not allow this level of granularity. You will need to use an unmanaged library to accomplish this, and then you can use .net interop to interact with the unmanaged library. – Evan Larsen Dec 16 '13 at 19:05
2

If you're expecting to get a response, then no. Without the correct IP address, the server won't send the response to the correct destination.

If you insist on trying anyway, see this article for programmatically setting the client's IP address.

Chris Wenham
  • 23,679
  • 13
  • 59
  • 69
1

Or you can use Web Performance Tests and a load test with IP Switching enabled

siva.k
  • 1,344
  • 14
  • 24
Mauricio Aviles
  • 1,074
  • 9
  • 24
0

Some servers can also consider X-Forwarded-For and X-Real-IP headers. So if server checks for these headers you can add them to your Web request. But it depends on server implementation.

Nazar Grynko
  • 561
  • 1
  • 5
  • 26
0

You can try to use a proxy, as documented here. ( http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.proxy.aspx ).

Setting up a proxy on a different computer, then configuring that computer as your requests proxy server should make the request appear as if it came from the proxy's IP, not yours.

RichardTheKiwi
  • 105,798
  • 26
  • 196
  • 262
Jon
  • 969
  • 4
  • 9
-1

Use the Spoof class found in the System.Security namespace...

Jonathan Hart
  • 29
  • 3