What is IP Spoofing? How to Do It With BlazeMeter
April 20, 2022

What Is IP Spoofing? How to Do It With BlazeMeter

Performance Testing

You need to understand IP spoofing and its role in load and performance testing. In this blog, we break down the basics. Plus, we share how BlazeMeter now supports IP spoofing, enabling our users to test requests coming from a large number of different users. Read on to learn how to run IP spoofing in BlazeMeter and what you need to do to get started.

Table of Contents:

What is IP Spoofing?

IP spoofing (also referred to as IP Address Spoofing) is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system. In the context of performance testing, this is a widely adopted solution to simulate requests coming from unique users.

 

Why Use IP Spoofing During Load Testing?

There are two main reasons for using IP spoofing while load testing a web application:

1. Routing Stickiness (a.k.a Persistence) - Many load balancers use IP stickiness when distributing an incoming load across applications servers. If the load is generated from the same IP, you could load only one application server instead of distributing the load to all application servers. Using IP spoofing enables avoiding this stickiness and making sure your load is distributed across all application servers, to ensure accurate testing.

2. IP Blocking - Some web applications block a mass of HTTP requests coming from the same IP, to defend themselves against DoS attacks. When you use IP spoofing you avoid being detected as a harmful source and can complete the test.

How Does IP Spoofing Work in BlazeMeter?

When a test starts in BlazeMeter, the test scripts get downloaded to the load engines that generate the necessary traffic. When IP spoofing is enabled, each outgoing request (thread) will go through what is called a SuperProxy, where a different IP gets associated with the request. Once the IP is assigned, the request gets routed through that individual IP/device to the destination.

Below is a high-level depiction of how it works: 

IP Spoofing BlazeMeter

Do I Have Access to this Feature?

This feature is currently available as a paid add-on. Please reach out to the sales team at sales@blazemeter.com for more information.

How Do I Activate This Feature?

Once the feature is added to your subscription, you will need to reach out to BlazeMeter Support to get the IPs provisioned. You may do it by either opening a support ticket or emailing us directly at support@blazemeter.com.


Please provide the following information in the Support ticket.

  • Account/Workspace for which IPs are required
  • Number of IPs needed along with the geo-location information
    • For example: 100 IPs from US-East-Virginia

Which Script Changes are Required for IP Spoofing to Work?

Once the IPs are provisioned, out Support team will provide you with a Proxy URL along with credentials. You will then need to configure the proxy within your JMeter script as below.

  • Navigate to “HTTP Request Defaults” from the test plan and click the “Advanced” section.
  • Configure the Address of the proxy, port, username and password.
Address configuration to activate IP spoofing in BlazeMeter.
  • Once the proxy is configured, your script is ready. You may upload it to BlazeMeter and begin executing tests.
  • BlazeMeter will then route all your requests (for the test) through one of our SuperProxies and assign different IPs for each thread (depending on how many you requested). 
  • If you are logging all the incoming requests on your application side, you may validate this by looking at the request headers.

Please note that if you test the script using standalone JMeter, the script may fail since the Super Proxy is configured only to work with BlazeMeter cloud load engines.

Does the IP Spoofing Feature Work For All Script Types?

Currently, only JMeter script types are supported. Learn more about JMeter IP spoofing

What Is the Impact of IP Spoofing on My Test Metrics?

Please note that latency will be at play since the request is routed through 2 hops (Super Proxy and the device owning the IP), which varies depending on where you need the IPs provisioned.

START TESTING NOW