Simulate HTTP get request in hping

Question

I need to simulate HTTP request in hping.

Can anyone please suggest how this can be done?

Just specifying port as 80 will suffice?

Answer 1

Application layer is simply the payload of the OSI layer that precedes it. For HTTP, the layer that precedes it is TCP.

I'm not sure about hping, but hping3 allows you to send a TCP payload using the '-E <filename>' option together with the '-d <bytes>' option to specify payload length. The <filename> would need to contain the HTTP request lines together with the '\r\n' or '\r\n\r\n' (in ASCII).

You would also need to specify the '-p <port>'

One advantage of using 'hping3' rather than say 'curl', is that it allows you to combine HTTP request bodies with unexpected TCP flags (helpful for testing for TCP Middlebox vulnerability among other things).

Here is an example of the hexdump of HTTP request to 'google.com/'

    [ec2-user@ip-172-31-9-242 ~]$ hexdump -C google.com
    00000000  47 45 54 20 2f 20 48 54  54 50 2f 31 2e 31 0d 0a  |GET / HTTP/1.1..|
    00000010  48 6f 73 74 3a 20 77 77  77 2e 67 6f 6f 67 6c 65  |Host: www.google|
    00000020  2e 63 6f 6d 0d 0a 0d 0a                           |.com....|
    00000028

and here is example of the full hping3 with an HTTP request inside a SYN packet. Note that I could not be bothered exactly counting the number of bytes in my payload so I over-estimated as 50 and then used -u to stop at end of file:

    [ec2-user@ip-172-31-9-242 ~]$ sudo hping3 -S -p 80 -E ./google.com -d 50 -u <target>

Answer 2

With hping is impossible because with hping is not working on the application layer and HTTP is in application layer.

hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping program does with ICMP replies. hping3 handle fragmentation, arbitrary packets body and size and can be used in order to transfer files encapsulated under supported protocols.

If you want simulate HTTP request could use scapy.