spoofing

问题 I'm getting the following error on my Rails 4 application: ActionDispatch::RemoteIp::IpSpoofAttackError: IP spoofing attack?! HTTP_CLIENT_IP="xx.xx.xx.xx" HTTP_X_FORWARDED_FOR="xx.xx.xx.xx" We don't need this type of security check, so after some Googling around I found this: https://github.com/rails/rails/issues/10780 When an intermediate proxy inserts the user IP address both in the HTTP_CLIENT_IP and the HTTP_X_FORWARDED_FOR, and this address is private, ActionDispatch::RemoteIp raises an

问题 I'm working on a web service that would use an SMS gateway to receive instructions from customers. Since this would be a commercial product I would like to implement a safeguard to protect our system from SMS spoofs. I don't want people impersonating others by spoofing their number. I've noticed that Twitter allows people to tweet through text messages, how can they make sure that messages are actually genuine? Is this possible, and if so how do I accomplish this? Or should I ignore this and

问题 I'm trying to write something that will allow a user to use a keyboard/mouse combination on a games console. The approach I've thought of is to do the following: Figure out how input maps to output in the console's controller. This is good old trial and error, basically connecting the controller via USB to a computer and figuring out how the controller responds to input using detailed USB logging. Then, write a userland program that takes keyboard/mouse input and converts it to the controller

问题 In Android 5.0, BLE doesn't use static MAC addresses anymore, but the MACs change after intervals, using a method called IRK and public key cryptography. Is it possible to uniquely identify an Android phone in a way that can not be spoofed by the user of that phone, or has that become completely impossible now unless the other side co-operates? 回答1: No, it is not possible. That's the whole idea of using IRKs: only bonded devices can identify it after the address changes. For those who do not

问题 I need to try and spoof the HTTP_REFERER passed my another page so that in the destination page, I can determine of the request is coming in from the "right" page and perform appropriate logic. How do I do that in JavaScript (AJAX)? Can I do that in ASP.Net? TIA rams 回答1: Generally speaking, you cannot cause other browsers to return a false HTTP_REFERER without an exploit, plug-in, or other extension. If you want to modify the value sent from your web browser and you are using FireFox, look

问题 Is it possible to spoof or impersonate a server's IP? So that clients wanting to connect to that Server's IP, would actually connect to the attacker's machine? But the attacker would still be able to contact the actual server. This is all TCP/IP based, no name resolution, and all machines are on the same network or the internet (No NAT-ing). I am working on a networking application, and I would like to build in some authentication. What I need to do is to authenticate the server by IP. In

问题 So after I have played with the Network Spoofer developed by Digitalsquid (http://digitalsquid.co.uk/netspoof/), I have been trying to get a better understanding of its internal working by writing a c program that does something similar. My program currently takes in 4 parameters - source ip, source mac, victim ip, and victim mac - and send an ARP reply packet with them. When testing the program on my home network, I would do something like setting the source ip to be the router's ip, source

问题 As far as I can tell, there is nothing to restrict any developer from programming their beacon to use a particular UUID, major, minor or identifier. In the event I create an iBeacon with a UUID of "foo", what is to prevent another developer of creating a beacon with the same ID and (either accidentally or maliciously) causing my app to display incorrect data ? Have I misunderstood how iBeacons work ? Please correct me if I'm wrong. 回答1: This is absolutely true. I have both spoofed the Apple

问题 I am using Apache HttpClient for generating Post request and submitting the data. Since remote application relays on IP address of the user that's submitting the data, I want to send post request for user specified IP address. How do I configure this? public static void loginUser(String username, String password, String ip) throws Exception{ try { HttpClient client = new DefaultHttpClient(); HttpPost httppost = new HttpPost("http://login.myapp.com/"); // Request parameters and other

问题 We received PHP code from a developer with a web-stats script that relies solely on $_SERVER['HTTP_REFERER'] . With cURL, you can easily fake it as follows: curl_setopt($curl, CURLOPT_REFERER, "client website"); and I'm looking for a way to prevent it. This can even be done by the client website as well, to have higher stats. I'm looking for a way to prevent this spoofing. Is this possible at all? If so, how can this be achieved? 回答1: No, there's no definitive way of determing the URL