I have a rest application sitting on an IIS server (on the public internet) with a configuration as follows:
- IP Address: A.B.C.D
- Host Header: something-not-public-dns.example.com
(The entry isn't in the public dns simply because it doesn't have to be. This isn't merely security by obscuring host headers.)
In order to get my client to connect to the application, I simply add an entry in my hosts file:
A.B.C.D something-not-public-dns.example.com
With the hosts file entry everything works great.
The problem is one of my clients is sitting inside of an ASP.NET web application, and I cannot modify the hosts file for the web server the application resides on.
Thus my question- is it possible to spoof a hosts file entry inside of a web application?
I was thinking of something like this:
string url = "something-not-public.example.com/myservice/mymethod";
var client = new WebClient();
client.Headers[HttpRequestHeader.ContentType] = "application/json";
// Set the destination IP for this request here!
string json = new System.Web.Script.Serialization.JavaScriptSerializer().Serialize(MyObject);
string response = client.UploadString(url, json);
I would consider the above example request level spoofing, which would be great, but I'm also curious to know if application level spoofing could be done as well. This way the application could set up the host entries and all requests made from within that application would use them.