{"id":15451808,"url":"https://github.com/willscott/sp3","last_synced_at":"2025-05-07T11:16:11.844Z","repository":{"id":57535329,"uuid":"46476304","full_name":"willscott/sp3","owner":"willscott","description":"(SP)^3: A Simple, Practical, and Safe Packet Spoofing Protocol","archived":false,"fork":false,"pushed_at":"2017-03-13T00:59:40.000Z","size":66,"stargazers_count":13,"open_issues_count":1,"forks_count":5,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-05-07T11:15:36.311Z","etag":null,"topics":["spoofed-packets"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/willscott.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-11-19T07:45:36.000Z","updated_at":"2025-03-01T13:41:21.000Z","dependencies_parsed_at":"2022-08-29T00:30:19.796Z","dependency_job_id":null,"html_url":"https://github.com/willscott/sp3","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willscott%2Fsp3","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willscott%2Fsp3/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willscott%2Fsp3/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willscott%2Fsp3/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/willscott","download_url":"https://codeload.github.com/willscott/sp3/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252865593,"owners_count":21816309,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["spoofed-packets"],"created_at":"2024-10-01T21:39:45.422Z","updated_at":"2025-05-07T11:16:11.818Z","avatar_url":"https://github.com/willscott.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"(SP)^3: A Simple Practical \u0026 Safe Packet Spoofing Protocol\n======\n\nInstall an SP^3 Server: `go get github.com/willscott/sp3`\n\nSP3 provides a mechanism through which a server which has the capability to\nspoof packets can offer that capability in a limited capacity. In particular,\nthe protocol supports spoofing packets as long as the destination `client`\nconsents in advance to receive those communications.\n\nWhy?\n-----\n\nThere are several uses of SP^3 we've thought of, and we're sure there are many\nmore.\n\n* NAT hole-punching facilitation.\n    Currently, NAT holepunching only works for UDP, partially because even\n    when the clients are controlled, it generally requires root permissions\n    to send packets with a specific sequence number.  Having a source of\n    packet injection can provide a mechanism to synchronize sequence numbers\n    and create TCP connections between two NAT'ed machines.\n\n* Firewall characterization.\n    It's often difficult to test how your network will respond to packets sent\n    from black-holed or unadvertised prefixes. A source of packets can allow you\n    to validate firewall rules and routing policy.\n\n* Circumvention.\n    The ability to send packets from arbitrary sources can help to mask traffic\n    by adding a layer of cover trafic and IP diversity that makes surveilance\n    much more difficult.\n\nDesign\n-----\n\nThere are three participants in SP3: the `server`, `client`, and `sender`.\nThe server is the host which can send spoofed packets. It acts as a relay,\naccepting encapsulated IP packets from the sender and sending them to the client,\neven when their source address is spoofed.  The `client` is the destination that\nreceives the packets. The `sender` is the host that generates the packets.\n\nOne issue with packet spoofing is the number of attack vectors it opens. In order\nto provide a service that makes a reasonable trade-off between enabling valid use\ncases while not opening itself up to abuse and attacks, the `server` enforces\na policy on packets it is willing to send.  The primary property the `server`\nattempts to guarantee is that the `client` consents to receiving spoofed packets.\n\nThe server provides a number of mechanisms by which the client can provide this\nconsent. The simplest is that the client establishes a connection to the server,\nand directly tells the server it is wiling to receive traffic.  This\nis done with a web-socket based connection, and supports a `client` running in a\nweb browser. When the client cannot or is unwilling to establish a direct\nconnection to the server, it can generate a *proof-of-ownership* for the sender\nto prove its location and intent without direct communication to the server.\n\nServer\n------\n\nBuild:\n```bash\napt-get install libpcapdev\ncd server\ngo build\n```\n\nRun\n```bash\nsudo ./server [--port 8080]\n```\n\nSender\n------\n\nClient\n------\n\nA web based client is included in the `client` directory.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillscott%2Fsp3","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwillscott%2Fsp3","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillscott%2Fsp3/lists"}