Spooftest by SCRAMBLR is a small toolkit that can check IP Spoofing IPHM Capabilities of your servers WITHOUT HAVING TO SNITCH ON YOURSELF BY USING CAIDA TOOLS!
June 7 2024:
- Added spooftest.py testing tool
- Updated documentation
Follow these simple instructions to test any server for IP Spoofing (IPHM IP Header Modification) capabilities instead of using the tool by CAIDA which WILL ALMOST ALWAYS CAUSE YOUR PROVIDER TO BE HARASSED UNTIL THEY SHUT SPOOFING DOWN! Don't be dumb! Use these instructions!
Last Update: JUNE 06 2024 Created By: SCRAMBLR (P4CK3T H4NDL3R)
*Does not need to be able to spoof.
Have "scapy" or "python-scapy" installed on it.
----[ Setup Instructions For Both Machines ]----
On DEBIAN, UBUNTU, OR ANY APTITUDE BASED *NIX MACHINES:
apt-get update
apt-get install net-tools bind9-dnsutils inetutils-tools tcpdump graphviz python3-scapy -y
apt-get install python3-scapy -y
CENTOS, FEDORA, OR OTHER YUM BASED MACHINES:
yum update
yum install tcpdump net-tools bind-utils python-pip -y
easy_install pip # dont worry if this one doesn't work.
pip install scapy _or_ pip3 install scapy
RUNNING SOME OTHER WEIRD DISTRO, OR WANT TO INSTALL EVERYTHING VIA SOURCE? OK, HAVE FUN!
# ----[ End Install Instructions ]----
Open an SSH/Terminal session to the host #1 (The tcpdump server) and begin running tcpdump by using the following command.
====[ SERVER ONE ]====
server1$ sudo su - (You will need to run tcpdump as root.)
server1# tcpdump -i eth0 -nnv -c 5000 icmp
This will run tcpdump and listen for up to 5,000 ICMP packets. You shouldn't be getting many ICMP packets until we run the next set of commands.
NOTE: If you get error "tcpdump: eth0: No such device exists" <-- You will need to find the correct name of your iface. (Check 'ifconfig' or ip addr) It's likely something similar to ens33 or ens33p1 or some other stupid name. :) Replace and try again.
====[ SERVER TWO ]==== Open another SSH/Terminal session to host #2 (The IP Spoofing Server) and run the following command.
NOTE: Again, you must be root. Then, run:
server2# scapy
After scapy loads, you'll paste the text below exactly, do not press enter..
import random
def randomIP():
ip = ".".join(map(str, (random.randint(0, 255)for _ in range(4))))
return ip
send(IP(src=RandIP(),dst="
After the dst=" you will paste in your tcpdump server's IP address (Server #1). Then, paste the rest of the code that follows:
")/ICMP()/"SPOOFTESTICMP",count=5000)
It should look like this if you did it right, for the 5th line:
send(IP(src=RandIP(),dst="5.6.7.8")/ICMP()/"SPOOFTESTICMP",count=5000)
...But instead of 5.6.7.8 it will be Server #1's IP (The tcpdump server's IP).
Hit enter, and it'll send 5,000 ICMP packets that SHOULD all come from random IP addresses to your tcpdump server. If nothing comes, or if only one IP address shows up - chances are that your server cannot spoof IP addresses or that you (somehow) managed to screw up these instructions. You should be ashamed.
THATS IT. THATS ALL IT TAKES TO NOT SELF-SNITCH TO CAIDA ABOUT YOUR SHINY NEW IP SPOOF SERVER! In order to find this set of instructions quick when you need them, just google "scramblr" spooftest or maybe bookmark https://github.com/scramblr
Peace
PS: There's an old script that I revised and brought in to the new century by updating it for Python3 and putting it in this repo, the script is called - shocking - spooftest.py