IP Address Spoofing

I’ve been thinking on the subject of IP address spoofing lately and how easy this could be to carry out. While email header spoofing is both widespread and easy (you don’t even need any paid software or much knowledge) Two IT experts have argued that you can’t really spoof IP addresses elsewhere.

On a networking level of course it would be difficult, at least bi-directionally. You can send a spoof IP to a server or network device just by using something like Nmap on a windows machine but that device would then return data to the owner of the real IP address you’d spoofed so you’d never see anything return. Bi-directional spoofing on a network level is possible but likely a real headache even for someone with a great deal of knowledge.

It is however remarkably easy to spoof HTTP header data and in turn any website or webmail client that uses the HTTP header data to record access. A 5 second search on Google with the phrase “firefox plugin to spoof IP” brought up loads of examples and Firefox Plugins.

To test this I chose the firefox plugin “Modify Headers” by Gareth Hunt which allows you to specify what header data you actually wish to spoof. Its simply a matter of installing the add-on, restarting firefox and then adding the data you wish use.

No expertise needed. The websites I found using the search mentioned above included step by step instructions even the most phobic of technophobes could follow.

Of course this method does have its limitations. Some server logs won’t be fooled, as some store the IP Address (although even grabbing data such as $_SERVER['REMOTE_ADDR'] isn’t always accurate) however many browser based apps, websites and webmail clients will be spoofed using this one simple firefox plugin.