假HTTP获取请求 [英] Fake HTTP Get Requests
问题描述
我注意到某些网站允许每个IP
限制一次,所以我可以编程方式让他们觉得请求不是来自同一个IP,
好吧,我不太确定abot HTTP数据包,但是我们可以在标题或某个地方指定它以使它们变得傻瓜
这里是GET请求的代码
public static String sendGetRequest(String endpoint,String requestParameters){
String result = null;
if(endpoint.startsWith(http://)){
//向servlet发送GET请求
try {
//构造数据
StringBuffer data = new StringBuffer();
//发送数据
String urlStr = endpoint;
if(requestParameters!= null&& requestParameters.length()> 0){
urlStr + =? + requestParameters;
}
网址url =新网址(urlStr);
URLConnection conn = url.openConnection();
//获取响应
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
StringBuffer sb = new StringBuffer();
字符串行;
while((line = rd.readLine())!= null){
sb.append(line);
}
rd.close();
result = sb.toString();
} catch(例外e){
e.printStackTrace();
}
}
返回结果;
}
我猜过滤器是应用于IP数据包级别而不是更高级别的HTTP级别。在这种情况下,是和否。
是的 - 技术上可以欺骗您的IP地址,以便IP数据包看起来像是他们来的来自其他地方。
否 - 因为它不太可能有用。如果您欺骗TCP数据包上的发件人地址,那么您连接到的计算机的任何回复都将在尝试路由到欺骗性IP地址时丢失。你什么也得不回来。
也就是说,你甚至无法完成 TCP三向握手。在该过程完成之前,您甚至无法发送任何连接 - 因为甚至没有连接,开始。 HTTP通过TCP运行,因此除非您完成握手(需要有效的'来自'IP地址),否则您无法使用它。
一个老技巧是使用一种叫做源路由的东西;其中TCP数据包包含有关如何路由信息的信息。这是用于在白天的诊断用途。您可以将自己置于指定的路径中,然后只需在数据包到达您的情况下就将其停止并再次使用源路由信息进行回复。
但是这种技术根本不起作用,因为现在几乎互联网上的每一个路由器都只丢弃了源路由数据包,因为没有合法的需求 - 并且会造成很多潜在的破坏。 / p> i have noticed certain sites which allows limited hit per IP
so can i programatically make them feel that requests are not coming from the same IP , well i am not much sure abot HTTP packet, but can we specify it in header or somewhere to make them fool here is the code for GET Request
I am guessing the filter is being applied at the IP packet level rather than at the higher level HTTP level. In this case Yes and No. Yes - it is technically possible to spoof your IP address so the IP packets look like they've come from elsewhere. No - in that it is unlikely to be useful. If you spoof the "from" address on the TCP packets, then any replies from the machine you are connecting to will be lost as they try to route to the spoofed IP address. You'll get nothing back. That is, you won't even be able to complete the TCP Three-Way-Handshake. Until that process is completed, you cannot even send anything down the connection - because there isn't even a connection, to begin with. HTTP runs over TCP, so unless you complete the handshake (which requires a valid 'from' IP address), you can't make any use of this. An old trick was to use something called "Source Routing"; where TCP packets included information on how to route the information. This was for diagnostic use way back "in the day". You could put yourself in the designated route, and then just stop the packets when they reach you and reply to them, again with the source-routing information. But this technique does not work at all anymore, because almost every single router on the Internet these days simply drops source-routed packets, as there is no legitimate need for them - and lots of potential havoc to be wreaked. 这篇关于假HTTP获取请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!public static String sendGetRequest(String endpoint, String requestParameters) {
String result = null;
if (endpoint.startsWith("http://")) {
// Send a GET request to the servlet
try {
// Construct data
StringBuffer data = new StringBuffer();
// Send data
String urlStr = endpoint;
if (requestParameters != null && requestParameters.length() > 0) {
urlStr += "?" + requestParameters;
}
URL url = new URL(urlStr);
URLConnection conn = url.openConnection();
// Get the response
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
StringBuffer sb = new StringBuffer();
String line;
while ((line = rd.readLine()) != null) {
sb.append(line);
}
rd.close();
result = sb.toString();
} catch (Exception e) {
e.printStackTrace();
}
}
return result;
}
