Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/stackoverflowexcept1on/ip-spoofing
Library to send fake IPv4 headers & UDP/TCP-SYN packets to perform L3/L4 attacks
https://github.com/stackoverflowexcept1on/ip-spoofing
fake-packets ip-spoofing network-programming rust
Last synced: about 1 month ago
JSON representation
Library to send fake IPv4 headers & UDP/TCP-SYN packets to perform L3/L4 attacks
- Host: GitHub
- URL: https://github.com/stackoverflowexcept1on/ip-spoofing
- Owner: StackOverflowExcept1on
- Created: 2022-09-19T13:19:06.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2024-09-08T22:06:22.000Z (3 months ago)
- Last Synced: 2024-09-08T23:19:58.349Z (3 months ago)
- Topics: fake-packets, ip-spoofing, network-programming, rust
- Language: Rust
- Homepage:
- Size: 32.2 KB
- Stars: 9
- Watchers: 2
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
### ip-spoofing
[](https://github.com/StackOverflowExcept1on/ip-spoofing/actions)
[](https://crates.io/crates/ip-spoofing)
[](https://docs.rs/ip-spoofing/)
[](https://asciinema.org/a/7jR9ycBIxIZkviA4sgm9niXbI)
Library to send fake IPv4 headers & UDP/TCP-SYN packets to perform L3/L4 attacks
In short, this library allows you to spoof your IP address on the network. For a better understanding, it is recommended
to read the article from cloudflare:
[The real cause of large DDoS - IP Spoofing](https://blog.cloudflare.com/the-root-cause-of-large-ddos-ip-spoofing/)
It can be done on the L3 (network layer) of the [OSI model](https://en.wikipedia.org/wiki/OSI_model#Layer_architecture)
Today, not all ISPs check the integrity of IPv4 headers.
Therefore, in a real network, there are 2 options for spoofing IP addresses:
1. network level IP spoofing
e.g. you have a server with the address `195.174.232.102`, and the provider owns the IP
range `195.174.224.0 - 195.174.239.255`, this means that you can use any address from the range
2. unlimited IP spoofing
this allows you to spoof any ip address, you can pretend you own the address `8.8.8.8` (Google Public DNS)
The only limitation of spoofing is that you can send packets, but you cannot receive a response from the server.
You can check if this library works on your local network.
To attack real networks, you need a specific provider that allows one of 2 spoofing options.
### Code samples
You can see other code samples in the [`examples/`](examples) directory.
```rust
use ip_spoofing::{self, RawSocket, ReusablePacketWriter};
/// This example shows how to generate fake UDP packet
/// that delivers `b"hey"` bytes from "8.8.8.8:1234" to "127.0.0.1:5678".
///
/// I.e. the attacker changes its IPv4 address to 8.8.8.8 (Google Public DNS)
fn main() -> ip_spoofing::Result<()> {
let socket = RawSocket::new()?;
let mut writer = ReusablePacketWriter::new();
socket.send_fake_udp_packet(
&mut writer,
[8, 8, 8, 8], //source IPv4 address
1234, //source port
[127, 0, 0, 1], //destination IPv4 address
5678, //destination port
b"hey", //data
64, //TTL on most Linux machines is 64
)?;
Ok(())
}
```
### Useful links
- [Internet Protocol version 4](https://en.wikipedia.org/wiki/Internet_Protocol_version_4) wikipedia article describing
the IPv4 header
- [rickettm/SendIP](https://github.com/rickettm/SendIP) repository provides command line tool to allow sending arbitrary
IP packets
useful code of the SendIP project written in C:
- [creating raw sockets](https://github.com/rickettm/SendIP/blob/aad12a001157489ab9053c8665e09aec24a2ff6d/sendip.c#L143)
- [IPv4 header structure](https://github.com/rickettm/SendIP/blob/aad12a001157489ab9053c8665e09aec24a2ff6d/ipv4.h)
- [IPv4 header checksum](https://github.com/rickettm/SendIP/blob/aad12a001157489ab9053c8665e09aec24a2ff6d/csum.c)