0

I have a rest application sitting on an IIS server (on the public internet) with a configuration as follows:

  • IP Address: A.B.C.D
  • Host Header: something-not-public-dns.example.com

(The entry isn't in the public dns simply because it doesn't have to be. This isn't merely security by obscuring host headers.)

In order to get my client to connect to the application, I simply add an entry in my hosts file:

A.B.C.D something-not-public-dns.example.com

With the hosts file entry everything works great.

The problem is one of my clients is sitting inside of an ASP.NET web application, and I cannot modify the hosts file for the web server the application resides on.

Thus my question- is it possible to spoof a hosts file entry inside of a web application?

I was thinking of something like this:

string url = "something-not-public.example.com/myservice/mymethod";
var client = new WebClient();
client.Headers[HttpRequestHeader.ContentType] = "application/json";

// Set the destination IP for this request here!

string json = new System.Web.Script.Serialization.JavaScriptSerializer().Serialize(MyObject);
string response = client.UploadString(url, json);

I would consider the above example request level spoofing, which would be great, but I'm also curious to know if application level spoofing could be done as well. This way the application could set up the host entries and all requests made from within that application would use them.

TTT
  • 7,472
  • 5
  • 41
  • 50
  • Maybe duplicate of http://stackoverflow.com/questions/5992700/can-i-temporarily-override-dns-resolution-within-a-net-application – Jack Jan 08 '16 at 23:38
  • @Jack - I can't easily tell if that's a dupe. If it is, that's a pretty ugly solution for this particular problem! :D – TTT Jan 09 '16 at 00:05
  • I agree, while the easyhook solution would work, the accepted answer is a far better solution. Learn a new thing every day – Jack Jan 09 '16 at 00:08

1 Answers1

5

You're going about this the wrong way around - instead of trying to setup a mapping from the domain name to the IP address you should simply make the request to the IP and explicitly override the Host header of your HTTP request with the domain name you want to use:

string url = "A.B.C.D/myservice/mymethod";
var client = new WebClient();
client.Headers[HttpRequestHeader.ContentType] = "application/json";
client.Headers[HttpRequestHeader.Host] = "something-not-public.example.com";
Jared Russell
  • 9,149
  • 6
  • 27
  • 29