Imagine the following:
-
User goes to script (
http://sample.org/test.php), -
Script sends an HTTP request to some other page (
http://google.com/). For this example, we’ll say usingcurl. -
The script sets the IP address of the request to the user’s IP, via
CURLOPT_INTERFACE.
I know already that the requesting script will not receive the response, as the remote-host will send any responses to the IP address given in the request.
What I am wondering is what happens to this response? Assuming the client is on a LAN that has one external address and that all traffic sent to that IP is handled by a router acting as a DHCP server, will the response even get back to the user’s machine? If it did, would there be any way to ensure that it was handled by the user’s browser? And if so, how would the browser handle this, typically? Would it open a new window with Google in it?
I definitely have a follow up to this question, but I am very curious what goes on at this level, before I experiment further.
Usually, this won’t work. Your ISP knows which IP address you are supposed to have and will not forward traffic coming from “fake” IP addresses.
In particular, since you can only communicate one-way with a fake IP (since the answer won’t reach you), you would not be able to establish a working TCP connection, since TCP requires a three-way handshake. Thus, you wouldn’t be able to submit your web request.
If the user’s PC has an internal IP address and uses NAT, the router will not know which LAN machine to forward the packet to (since it did not see any outgoing request to which it could match that response). Therefore, the answer would be dropped.
Even if you could get the response to reach the client:
No. As stated above, a TCP request consists of a three-way handshake. This handshake has not been completed, so the operating system would just drop the packet.