Eli Fulkerson .com HomeProjectsHttpspoof



Somebody on a forum posted a survey about the feasibility of spoofing the TCP handshake without having knowledge of the Ack number. I was bored so I whipped up a potential proof of concept example. Don't run it against anything on the Internet, it is intended as a local network proof of concept only. Seriously, spoofing packets on the internet is a dick move. I don't want to hear about it if you get yourself in trouble.

Httpspoof tries to do an http get against / on a specified ip/domain name with a specified spoofed IP address. I haven't run it successfully, it is single threaded and appears that it would take about 18 days to get a reasonable chance at colliding with the real Ack number when run on my local test network.

I twisted httpspoof out of tcproute, so it shares a lot of the same options, requirements and caveats. In particular it requires a WinPcap installation and some Microsoft packages for the WinPcap dlls.

C:\>httpspoof.exe --lip --lmac 90:b1:1c:XX:XX:XX
Available interfaces:  (use with -i to avoid interaction next time)
1.  Network adapter 'Realtek PCIe GBE Family Controller' on local host

Select the listening interface (1-1):
Ensuring gateway address ( is in arp... OK!

Using the following values:
Local IP:
Local MAC:   90:b1:1c:XX:XX:XX
Gateway MAC: 00:1F:5B:XX:XX:XX
Remote IP:

Hitting / on
1000 attempts.  Statistically expect 0.0000002328306 hits by now.  ~1672446.96125748s left
2000 attempts.  Statistically expect 0.0000004656613 hits by now.  ~1624139.76954944s left
3000 attempts.  Statistically expect 0.0000006984919 hits by now.  ~1606849.58135746s left
4000 attempts.  Statistically expect 0.0000009313226 hits by now.  ~1599732.74637451s left
5000 attempts.  Statistically expect 0.0000011641530 hits by now.  ~1593367.59815554s left

... etc