Hi responder developers Staff! :)

The responder do not save the ip/host destination that the credentials are for.
This is important because you can obtain "the keys" but you don't know for which "door" are. ;)

Thanks for this POC and tool! 👍

Fefafefa

As an attack machine's ports will already be utilized in this attack, if other attacks like webshells, meterpreter sessions or remote commands are established, using Responder to gather those creds would alleviate the need for another IP address for the attacker to have to stand up.

It'd be nice to know what is being requested on HTTP, HTTPS and SMB (the file, GET, or POST)

For instance:

HTTP REQUEST: GET /uberfile.text - Responded with NTLM 401

Allowing for a specified set of extensions (.pdf, .exe, .docx) if requested via HTTP (WebDAV or otherwise) be replaced with their malicious counterparts on the attackers system with on the fly name/change referencing.

Hello Responder staff! :)

It would be very nice if the module of recollect http credentials
https://github.com/lgandx/PCredz/blob/master/Pcredz
works on the responder automatically.

Thanks for all! :D

Fefafefa

I am getting a lot of these errors (every few seconds to once a min). Any suggestions as to what I can do about these errors or if I shouldn't worry about them?

Exception happened during processing of request from ('<Redacted IP>', 57628)
Traceback (most recent call last):
  File "/usr/lib/python2.7/SocketServer.py", line 599, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python2.7/SocketServer.py", line 655, in __init__
    self.handle()
  File "/home/<Redacted Username>/Applications/Windows/Responder/servers/HTTP_Proxy.py", line 214, in handle
    self.__base_handle()
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
    self.handle_one_request()
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 310, in handle_one_request
    self.raw_requestline = self.rfile.readline(65537)
  File "/usr/lib/python2.7/socket.py", line 476, in readline
    data = self._sock.recv(self._rbufsize)
error: [Errno 104] Connection reset by peer

Using the latest git commit on OSX 10.9.1, responder does not perform the SMB authentication and provide the NTLMv2 user and hash information.

Using the same copy on Kali linux, SMB authentication (NTLM) is returned successfully.

Default settings in responder.conf and OSX command line:

sudo ./responder.py -i 192.168.4.2

on Kali:

sudo ./responder.py -I eth0 -i 192.168.4.2

Mentioned in #6 but I was unable to even forcefully get the SMB server to interact correctly with either windows (via Start->Run \attackerip\ and net use \attackerip\ipc$ ) or with Samba's smbclient.

As stated in #6 I get a "The specified server cannot perform the requested operation"

Inserting BeEF hooks via the proxy would be an excellent feature to be able to optionally enable.

If there is some programmatic manner to talk to BeEF (to prevent double-hooking someone), all the better, but even still, being able to hook browsers while intercepting all their credentials would be a wonderful feature to have.

So you're on a social engineering engagement, right?
And you want to do that trick where you link an image in an email via a UNC path so that outlook lobs a hash your way - except the image you include turns out to not exist and they get a broken link image in the email, and they get suspicious.

How about allowing responder to be pointed to a directory where you can put the image(s) or other files so things don't look broken? That would be kind of neat :D

Same issue as issue #50 unable to run responder from my OS X 10.10.5 machine.

Usage: python ./Responder.py -i 10.20.30.40 -b 1 -s On -r 0

This seems to be occurring a lot too:

[*] [NBT-NS] Poisoned answer sent to 10.9.130.194 for name ISAPROXYSRV (service: Workstation/Redirector)
----------------------------------------
Exception happened during processing of request from ('10.9.137.84', 57438)
Traceback (most recent call last):
  File "/usr/lib64/python2.7/SocketServer.py", line 599, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib64/python2.7/SocketServer.py", line 334, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib64/python2.7/SocketServer.py", line 655, in __init__
    self.handle()
  File "/home/byt3bl33d3r/Tools/responder/servers/SMB.py", line 233, in handle
    Body = SMBNegoKerbAns(Dialect=Parse_Nego_Dialect(data))
  File "/home/byt3bl33d3r/Tools/responder/servers/SMB.py", line 65, in Parse_Nego_Dialect
    if Dialect[10] == "NT LM 0.12":
IndexError: tuple index out of range

hey i get this error on most networks " Error starting TCP server on port 443. Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf. " and sometimes its a different port. can someone help?

It's great that I have the IP address that requested and gave credentials, but where they were trying to use those credentials against I am at a loss (I have this data since I'm testing in a lab but on engagement I wont)

A suggestion would be to capture all of the headers that the client sends as part of the auth to possibly capture cookies, Host: headers or other such items that may lead to the actual target of the request.

On fully updated Kali 1.0 Ctrl-C no longer appears to kill it. It brings up the "Exiting..." message then just keeps on trucking indefinitely.

Have the option of saving images that are requested through the proxy

Feature request to add a non-auth response and subsequent data file for wpad.dat requests

Hello. I wanted to be running the latest version in Kali 2.0 so I installed via Git under my /opt directory. When trying to run SMBRelay.py I seem to be getting a lot of import errors as such:

python SMBRelay.py
Traceback (most recent call last):
File "SMBRelay.py", line 17, in
import sys, os, struct,re,socket,random, RelayPackets,optparse,thread
File "/opt/Responder/tools/RelayPackets.py", line 18, in
from odict import OrderedDict
ImportError: cannot import name OrderedDict

placing the odict.py script in the tools directory gives me this:
Traceback (most recent call last):
File "SMBRelay.py", line 18, in
from fingerprint import RunSmbFinger
ImportError: No module named fingerprint

placing the fingerprint.py script in the tools directory gives me this:
python SMBRelay.py
Traceback (most recent call last):
File "SMBRelay.py", line 18, in
from fingerprint import RunSmbFinger
File "/opt/Responder/tools/fingerprint.py", line 24, in
from utils import *
File "/opt/Responder/tools/utils.py", line 23, in
import settings

and finally placing settings.py in tools directory gives me this:
python SMBRelay.py
Traceback (most recent call last):
File "SMBRelay.py", line 18, in
from fingerprint import RunSmbFinger
File "/opt/Responder/tools/fingerprint.py", line 24, in
from utils import *
File "/opt/Responder/tools/utils.py", line 23, in
import settings
File "/opt/Responder/tools/settings.py", line 24, in
from utils import IsOsX
ImportError: cannot import name IsOsX

Getting this TCP server starting error on port 80, 445, 139 ( Ubuntu 15.10 64 bit )

sudo python Responder.py -I wlp59s0

[+] Poisoners:
LLMNR [ON]
NBT-NS [ON]
DNS/MDNS [ON]

[+] Servers:
HTTP server [ON]
HTTPS server [ON]
WPAD proxy [OFF]
SMB server [ON]
Kerberos server [ON]
SQL server [ON]
FTP server [ON]
IMAP server [ON]
POP3 server [ON]
SMTP server [ON]
DNS server [ON]
LDAP server [ON]

[+] HTTP Options:
Always serving EXE [OFF]
Serving EXE [ON]
Serving HTML [OFF]
Upstream Proxy [OFF]

[+] Poisoning Options:
Analyze Mode [OFF]
Force WPAD auth [OFF]
Force Basic Auth [OFF]
Force LM downgrade [OFF]
Fingerprint hosts [OFF]

[+] Generic Options:
Responder NIC [wlp59s0]
Responder IP [192.168.100.13]
Challenge set [1122334455667788]

[!] Error starting TCP server on port 80, check permissions or other servers running.
[+] Listening for events...
[!] Error starting TCP server on port 445, check permissions or other servers running.
[!] Error starting TCP server on port 139, check permissions or other servers running.

netstat -antp

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8834 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:389 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:587 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:110 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:143 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5939 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:21 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:88 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:1433 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:25 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:443 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp 0 0 192.168.100.13:46736 192.30.252.92:443 ESTABLISHED 23694/firefox
tcp 0 0 192.168.100.13:52558 185.31.19.133:443 ESTABLISHED 23694/firefox
tcp 0 0 192.168.100.13:52554 185.31.19.133:443 ESTABLISHED 23694/firefox
tcp 0 0 192.168.100.13:41924 192.30.252.88:443 ESTABLISHED 23694/firefox
tcp 0 0 192.168.100.13:52560 185.31.19.133:443 ESTABLISHED 23694/firefox
tcp 0 0 192.168.100.13:52556 185.31.19.133:443 ESTABLISHED 23694/firefox
tcp 0 0 192.168.100.13:52552 185.31.19.133:443 ESTABLISHED 23694/firefox
tcp 0 0 192.168.100.13:52562 185.31.19.133:443 ESTABLISHED 23694/firefox
tcp 0 0 192.168.100.13:52550 185.31.19.133:443 ESTABLISHED 23694/firefox
tcp 1 0 192.168.100.13:55518 91.189.89.144:80 CLOSE_WAIT 2309/ubuntu-geoip-p
tcp 0 0 192.168.100.13:56344 185.31.18.133:443 ESTABLISHED 23694/firefox
tcp6 0 0 :::8834 :::* LISTEN -
tcp6 0 0 :::139 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
tcp6 0 0 :::445 :::* LISTEN -
tcp6 1 0 ::1:59756 ::1:631 CLOSE_WAIT -
tcp6 1 0 ::1:59754 ::1:631 CLOSE_WAIT -

i am no expert, please advise.

Hi,
While testing the new changes out I've noticed this exception occurring a lot:

Exception happened during processing of request from ('10.9.138.189', 5353)
Traceback (most recent call last):
[Analyze mode: NBT-NS] Request by 10.9.142.218 for WPAD, ignoring
  File "/usr/lib64/python2.7/SocketServer.py", line 599, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib64/python2.7/SocketServer.py", line 334, in finish_request
[Analyze mode: LLMNR] Request by 169.254.155.18 for wpad, ignoring
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib64/python2.7/SocketServer.py", line 655, in __init__
    self.handle()
  File "/home/byt3bl33d3r/Tools/responder/poisoners/MDNS.py", line 46, in handle
[Analyze mode: LLMNR] Request by 10.9.142.185 for isaproxysrv, ignoring
    Request_Name = Parse_MDNS_Name(data)
  File "/home/byt3bl33d3r/Tools/responder/poisoners/MDNS.py", line 27, in Parse_MDNS_Name
    NameLen = struct.unpack('>B',data[0])[0]
IndexError: string index out of range

Tried running the tool and testing it, I see it spoofing on the wire, but when I use a VM to directly hit it on \myattackipaddress\share1 or otherwise I get the error "The specified server cannot perform the requested operation" with no notification on the the attack side that anything has just occured.

Hi,

on 2 different kali machines, running as root, i get the following error.

Error starting UDP server on port 5353. Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf.
Error starting UDP server on port 5355. Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf.

Croot@kali-vm:~/Responder#

i've tried using the built in version and cloning from git.
nothing is actually listening on these ports

root@kali-vm:~/Responder# netstat -a | egrep 'Proto|LISTEN'
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 0 [::]:http [::]:* LISTEN
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 837 /tmp/.ICE-unix/3925
unix 2 [ ACC ] STREAM LISTENING 17152 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 18866 /tmp/pulse-tbWWOQ4ywjyT/native
unix 2 [ ACC ] STREAM LISTENING 18868 /tmp/pulse-tbWWOQ4ywjyT/dbus-socket
unix 2 [ ACC ] STREAM LISTENING 836 @/tmp/.ICE-unix/3925
unix 2 [ ACC ] STREAM LISTENING 20560 @/tmp/dbus-YVTEc5ZfjE
unix 2 [ ACC ] STREAM LISTENING 14297 @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 14298 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 18622 @/tmp/gdm-session-ryoyfIWr
unix 2 [ ACC ] STREAM LISTENING 1794 /tmp/ssh-LPmWpZuQdB9t/agent.3925
unix 2 [ ACC ] STREAM LISTENING 18810 /root/.cache/keyring-rHRhJk/gpg
unix 2 [ ACC ] STREAM LISTENING 15236 @/tmp/dbus-gxyqmSDBCW
unix 2 [ ACC ] STREAM LISTENING 14266 /var/run/pcscd/pcscd.comm
unix 2 [ ACC ] STREAM LISTENING 15198 /root/.cache/keyring-rHRhJk/control
unix 2 [ ACC ] STREAM LISTENING 18811 /root/.cache/keyring-rHRhJk/ssh
unix 2 [ ACC ] STREAM LISTENING 18812 /root/.cache/keyring-rHRhJk/pkcs11
unix 2 [ ACC ] SEQPACKET LISTENING 11492 /run/udev/control

any idea what could be causing this ?
Thanks,
Roy

There are instances where other methods / tools may function better, having the ability to turn off one or more of the service responders would be a huge value add

Hi, this is more of a question rather than a bug. How do you use this program on the LAN of a compromised machine? Say you have your Kali box somewhere on the Internet and you compromise a workstation in the internal network with a client side attack. You have access to that machine now, say with Meterpreter. How do you use this tool on the compromised target's LAN? I believe this is a common scenario and probably has a simply answer, but all the demos of this tool I read seemed to have the Kali box already on the LAN. Thanks.

My IP is 192.168.179.133

I want to poison requests to 192.168.179.100

python Responder.py -I eth0 -i 192.168.179.100

Does not work, it takes my IP of 192.168.179.133 and responds with that instead.

Support for isatap attacks after isatap response spoofing

I was getting the following error on an older version and after pulling the latest this morning.

The only option I'm passing is -i with the IP address of the only interface which is up. The machine has 6 interfaces but only one is up and only one has an IP.

Running as root and no other apps running taking up any ports.

Serving Executable via HTTP&WPAD is:OFF
Always Serving a Specific File via HTTP&WPAD is:OFF

Traceback (most recent call last):
File "Responder.py", line 1556, in
main()
File "Responder.py", line 1550, in main
thread.start_new(RunLLMNR())
File "Responder.py", line 752, in RunLLMNR
Join = sock.setsockopt(socket.IPPROTO_IP,socket.IP_ADD_MEMBERSHIP,inet_aton(MADDR) + inet_aton(ALL))
File "/usr/lib/python2.7/socket.py", line 224, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 19] No such device

WebDAV is finiky about what and when authentication is performed, I believe OPTIONS and PROPFIND headers need to be available without auth first, then auth can be performed. Allowing for these two items before the initiation could yeild more creds

It give a lot of errors like this:

Traceback (most recent call last):
  File "./Icmp-Redirect.py", line 65, in <module>
    AlternateGwAddr = FindLocalIP(Interface)
NameError: name 'Interface' is not defined

And so on.

Used responder in my test lab to capture NTLMv1 hash, it wasn't working when I tried to use it to pass the hash with psexec metaploit module. I logged in with psexec using the password, dumped the hash to compare, and the hash values are different. Would there be a reason responder wouldn't pull the correct hash values?

I thought this was working, but it seems that request w/ the OPTIONS header is getting hit with an auth wall now"

OPTIONS /stuff/ HTTP/1.1
Connection: Keep-Alive
User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
translate: f
Host: 192.168.1.100

Results in this:

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/6.0
Date: Wed, 12 Sep 2012 13:06:55 GMT
Content-Type: text/html
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Content-Length: 0

Hello Responder developers! :)

The bug I have found it is that the Responder capture the users/passwords and show them on the console, but the generate files (HTTP-Basic-ClearText-*.txt) are empty.

Thanks for this wonderful pen-testing software! :D

Fefafefa

The cookies feature is great, but it gets hard to determine where those cookies cam from at a glance like you can with the SMB/HTTP creds

Make that if you are MITM the DNS server allow an exclusion list that gets forwarded on to a real DNS server.

Such as

dns_forwarder = 8.8.8.8, 4.2.2.2
# All sub domains of excluded domains are automatically excluded as well.
# For example: google.com means that www.google.com is excluded but if www.google.com is specified, docs.google.com is spoofed.
forwarded_domains = example.com, google.com, facebook.com

Going by the exact usage, setting the b switch to 1 produces an error.

root@kali:/opt/responder# python ./Responder.py -i 192.168.2.10 -b 1 -s On -r 0
Usage: python ./Responder.py -i 10.20.30.40 -b 1 -s On -r 0

./Responder.py: error: option -b: invalid choice: '1' (choose from 'On', 'ON', 'Off', 'OFF')

Hey guys, I just pulled down a new version of Responder I see it no longer works on Mac (Yosemite)

It's failing to find interfaces

( en0 does exist)
[!] Error: en0: Interface not found nulls-MacBook-Air:Responder null$

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 28:cf:e9:4d:90:11 inet 192.168.1.107 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::2acf:e9ff:fe4d:9011%en0 prefixlen 64 scopeid 0x4 nd6 options=1<PERFORMNUD> media: autoselect status: active

I'll have to go back to the metasploit modules huh ?

I noticed that some A/V / IDS have started sending out obviously bogus hostname requests (mostly random alphanumeric strings) to try to catch NBNS/LLMNR response spoofing on the network. Could you add the ability to just respond to requests for specific hostnames?

This is probably a rookie move and something simple I'm overlooking but I'm receiving this error on the new Kali Linux rolling distro.

"Error starting SSL server on port 443"

"netstat -lnpt" output shows nothing is listening on 443.

#netstat -lnpt
#Active Internet connections (only servers)
#Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

It would be nice having not only JtR-compatible output for NTLMv1 challenges, but also string compatible with CloudCracker (MSCHAPv2) format. As it mentioned here: http://markgamache.blogspot.ru/2013/01/ntlm-challenge-response-is-100-broken.html

And code PoC here: https://s3.amazonaws.com/markgamache/NTLMforCloudcracker.zip

Is there a way to disable SSLv3 in responder? I'm getting this:

Unable to Connect Securely

Firefox cannot guarantee the safety of your data because it uses SSLv3, a broken security protocol.
Advanced info: ssl_error_unsupported_version

Chrome/Firefox/IE same deal

could this log telnet attempts and user/pass?

almost like a honeypot?

Traceback (most recent call last):
File "Responder.py", line 1539, in
main()
File "Responder.py", line 1533, in main
thread.start_new(RunLLMNR())
File "Responder.py", line 766, in RunLLMNR
raise
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType

Tried with multiple python versions, missing packages maybe?

Edit:

If RespondTo is set to any value other than null, it throws the error.

root@kali:~# responder -i 172.18.233.45 -I eth0 -wrf
NBT Name Service/LLMNR Responder 2.0.
Please send bugs/comments to: [email protected]
To kill this script hit CRTL-C

[+]NBT-NS, LLMNR & MDNS responder started
[+]Loading Responder.conf File..
Global Parameters set:
Responder is bound to this interface: eth0
Challenge set: 1122334455667788
WPAD Proxy Server: True
WPAD script loaded: function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';}
HTTP Server: ON
HTTPS Server: ON
SMB Server: ON
SMB LM support: False
Kerberos Server: ON
SQL Server: ON
FTP Server: ON
IMAP Server: ON
POP3 Server: ON
SMTP Server: ON
DNS Server: ON
LDAP Server: ON
FingerPrint hosts: True
Serving Executable via HTTP&WPAD: OFF
Always Serving a Specific File via HTTP&WPAD: OFF

Error starting TCP server on port 443. Check that you have the necessary permissions (i.e. root), no other servers are running and the correct network interface is set in Responder.conf.
^Croot@kali:~#

root@kali:~# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5984 0.0.0.0:* LISTEN 24441/beam.smp

Code error identified in MSSQL.py

NtHash = SSPIStart[NthashOffset:NthashOffset+NthashLen].encode("hex").upper()

should be

NTHash = SSPIStart[NthashOffset:NthashOffset+NthashLen].encode("hex").upper()

otherwise WriteHash function will fail.

The last time I pulled the app there was the ability to disable services such as web and FTP but with the latest version I've just pulled the option to do this has been removed, why?

Hello,

When I run Responder and provide my eth0 interface I see under Generic Options the "Responder IP" is showing the wrong IP address. It should be showing my 192.168 address that is currently setup on that interface but it's showing a different IP address that is related to the IP it receives when I'm in the office not the host only IP address.

Would there be a reason it won't let go of a previous IP address and not giving my current IP address that is on eth0?

I am getting the below error message:

Exception happened during processing of request from ('X.X.X.X', 1185)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 593, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/SocketServer.py", line 649, in init
self.handle()
File "Responder.py", line 218, in handle
Name = Decode_Name(data[13:45])
File "Responder.py", line 209, in Decode_Name
((ord(nbname[i+1]) - 0x41) & 0xf)))
ValueError: chr() arg not in range(256)

(This is second-hand information from a co-worker, posting this on his behalf.)

In environments where there's no domain, running Responder can be dangerous as it may answer requests to valid resources faster than the real resource, causing a race condition and possible denial of service if Responder's packet arrives first.

Would it be possible to add an explicit delay option (e.g., ./Responder.py -d 1...) to give the real resource a chance to respond first? Even a delay of 1 second should be sufficient.

Example: http://www.ex-parrot.com/~pete/upside-down-ternet.html

I believe there is a javascript version as well. http://stackoverflow.com/questions/5506553/how-can-you-flip-website-upside-down-in-ie-for-the-april-1st

Mostly for fun