Thursday, 31 March 2016

Spoofing user agent string and X-Forwarded-For header with CRUL

curl is a handy tool used to test web apps from unix command line.
below are some hints to use it for spoofing ips and user agent strings to allow testing from command line.

Most modern websites block the defaul curl user agent of fear of hacks and DDoS attackers.

to over come this, you would need to use curl -A and set the user agent string to a known browser string.
the strings can be found here: http://www.useragentstring.com/pages/useragentstring.php

to further spoof ur IP, we can make use of X-Forwarded-For header this will fool the site to think ur coming from this IP, this just works for HTTP, no actual IP spoofing is there.

To do this from curl, we use curl -H.
the full command looks like this:

 curl -v https://www.msn.com -k -A "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" -k -H "X-Forwarded-For: 163.121.63.241"

This comes in handy to test blocked IP ranges and user agents.

No comments:

Post a Comment