如何在Go / Java中修改HTTP请求中的IP地址

Question

I am doing a test tool to test a web server. The tool can construct a simple http request, and sends to the server. But each request should have a different src ip addr.

My question is. Is there some way I can build an ip package from a http request, modify the ip addr, and sends directly into net?

I use java or go (new to go). Many thanks! :)

Answer 1

IP addresses are handled at a lower level than HTTP - specifically, it's done by the TCP/IP protocol. Can I trust the source IP of an HTTP request? provides a good overview on why the IP you get from an HTTP client is trustworthy (and difficult to spoof).

That said, the HTTP headers support the idea of "suggesting" the IP address obtained from TCP is not correct - most common way of doing this is the X-Forwarded-For header. Assuming your server relies on this value (which it probably shouldn't!), you can spoof your IP quite easily:

req, err := http.NewRequest("GET", "http://example.com", nil)
// ...
req.Header.Add("X-Forwarded-For", "1.2.3.4")
resp, err := client.Do(req)

Of course, most server won't rely on this field, as the potential for abuse is large.

If you're writing a test tool for your own server, the best way is to add logic to your server that will check for the existence of the X-Forwarded-For header (or something similar) and override the IP address if it's set. Make sure you disable this feature in production, though.