0

Ok, so first off I am mostly ignorant of all things HTTP so if I have misconceptions please correct me.

Background:

There is a web site that has banned me from posting. Nothing unseemly going on, I am just an "inconvenient person" to some local politicians. Thing is, while I can browse the site from any IP and I can post messages from accounts if I use an IP other than my own, my posts are rejected (just go off into space never to return) if I try to post from my own IP.

This leads me to think their firewall or something in their app is blocking me from posting. (I have successfully used open proxies to get around this from my home machine but available open proxies are unreliable and often sketchy and not a great solution.)

Solution?

I would like to write what I hope is a relatively straight forward proxy to run on my own machine using C and raw sockets. Using something like FoxyProxy I hope to direct traffic to/from this local proxy just for this one web site. I am hoping writing the proxy is as simple as substituting a random IP on the outgoing (post) packets. Is this right? Do servers try to "ack" a post (which would never return to me because it isn't my IP) or will they just post?

Also, to distinguish normal browsing traffic on the site (which requires the proxy to do nothing) and posting traffic I assume I need to look within the packs to distinguish one type from another. Presumably this distinction is easily made?

Any suggestions or pointers to relevant material would be great. If I am reinventing the wheel and there are proxies that already do this that would be great too but I am interested in learning something about the underlying principles.

Thanks for any help.

Translucent Pain
  • 1,441
  • 2
  • 14
  • 18
  • See the answer to [this question](http://stackoverflow.com/questions/6081839/application-security-concerns-how-easy-is-it-to-fake-an-ip-address) – caf Jul 28 '11 at 02:27

1 Answers1

0

Quite apart from the moral question (viz if it isn't your web site then you have no intrinsic 'right' to post there), I don't think you can do this.

The TCP protocol requires two-way communication between the two end points. If you spoof the source IP address then you lose that two-way communication and the connection will fail. A quick read of the Wikipedia entry on TCP will surely be useful to you. The only way a proxy could work is if it is located on a different machine with a genuinely different IP address.

Your best bet will be to talk about the issue with the administrator of the web site. If they still don't want you to participate then you'll just have to respect their decision and leave.

In response to Sean's comment below: Think about it. If it were technically possible to spoof your IP address, do you think spammers would go to the trouble of acquiring huge botnets - pools of unblocked IP addresses - to do their dirty work? If a technique can be used for good purposes it can also be used for bad purposes.

I would advise you to approach this down the 'accountability' route rather than by any kind of technical circumvention. That is, if these people are accountable to you then use that accountability to get what you want. If they are not accountable to you then there's probably nothing you can do.

Ian Goldby
  • 5,609
  • 1
  • 45
  • 81
  • I'm comfortable with the moral question. This is a quasi-governmental site funded in part with tax payer dollars. Hundreds of people have been prevented from posting, all from the same opposition party. But the more I think about it the plan I outlined has problems. – Translucent Pain Jul 27 '11 at 14:22