| ▲ | digitalPhonix 4 hours ago | |
Did you read the things you're linking? > https://owasp.org/www-community/pages/attacks/ip_spoofing_vi... Isn't an actual technique, it's describing the observed result if the server were to blindly trust some HTTP headers which is just the application payload in a TCP stream. It's not spoofing the IP at any network layer. > https://github.com/ParsaKSH/spoof-tunnel Requires mutually agreed spoofing on both sides... at which point it's not really spoofing and also clearly not applicable because Wikipedia will not agree to it. (It is useful in the context that they're using it, just not at all what you're talking about) Without controling a router that's on the path or being able to publish a route that contains the IP address you're trying to spoof, there is no way to spoof an IP address in bidirectional communication. | ||
| ▲ | rolph 4 hours ago | parent [-] | |
"blindly trust some HTTP headers" "Without controling a router" "Requires mutually agreed spoofing on both sides" you understand the concepts, and the requirements for POC, but you are not the only one. and for those who want a working weapon,they will have to identify ALL the requirements and implement it themselves. im not about to leave the weapon loaded and fully assembled in a public place. it sounds like you are fully capable of manufacturing that weapon if you really wanted to. also people really are soft, it starts with soc eng, and goes from there. | ||