IPFlood (was IPFuck) – Firefox Add-on To Hide Your IP

Use Netsparker


IPFlood (previously IPFuck) is a Firefox add-on created to simulate the use of a proxy. It doesn’t actually change your IP address (obviously) and it doesn’t connect to a proxy either, it just changes the headers (that it can) so it appears to any web servers or software sniffing – that you are in fact using a proxy.

IPFlood (was IPFuck) - Firefox Add-on To Hide Your IP


This add-on is a “proof of concept” to show anyone who isn’t already aware that IP address has become obsolete and that no one should use an IP address as an evidence anymore. This plugin is just one of many ways to spoof an IP address and these spoofing could lead to outrageous accusation of innocents.

How does IPFlood/IPFuck work?

You can imagine that if I could just overwrite any existing information about your IP address I would have done so (or somebody else would have a while back ago)…

But it’s actually a little more tricky: when sending a request to a server you will provide several pieces of information about your IP address: three of them come from the Application Layer and the last one comes from the Transport Layer. This last one I can’t modify: you wouldn’t get the answer to your request if that was done. But the three others can be overwritten without any consequence to your browsing…

These three headers were created to provide information on the real IP of a person surfing through a proxy server. So when you enable IPFuck, the websites you are visiting will believe that your real IP is a proxy server and (if the website was done correctly) focus on the false IP you are sending…

Testing IPFlood/IPFuck

A lot of websites try and figure out who is hiding behind a proxy server. And if you don’t believe me (I won’t mind), just check out this Google search request: get real IP address php. Most of the snippets given here will check HTTP headers (the one we overwrite) before the Transport Layer information (‘REMOTE_ADDR’).

You can install IPFlood (previously IPFuck) for Firefox here:

ipflood-1.2.1-fx.xpi

Or read more here.

Posted in: Privacy


Latest Posts:


Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.


Comments are closed.