Skip to content
/ http-denial-of-potatoes Public

Scripts attempting trivial denial-of-service attacks on HTTP clients

License

Apache-2.0 and 2 other licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Zlib
LICENSE-ZLIB
50 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Shnatsel/http-denial-of-potatoes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
LICENSE-APACHE
LICENSE-APACHE
 
 
LICENSE-MIT
LICENSE-MIT
 
 
LICENSE-ZLIB
LICENSE-ZLIB
 
 
README.md
README.md
 
 
always_the_same_header.sh
always_the_same_header.sh
 
 
content_enc_brotli.sh
content_enc_brotli.sh
 
 
content_enc_deflate_mismatch.sh
content_enc_deflate_mismatch.sh
 
 
content_enc_gzip_mismatch.sh
content_enc_gzip_mismatch.sh
 
 
content_enc_klingon.sh
content_enc_klingon.sh
 
 
content_enc_lzw.sh
content_enc_lzw.sh
 
 
content_enc_zstd_mismatch.sh
content_enc_zstd_mismatch.sh
 
 
content_length_exaggeration.sh
content_length_exaggeration.sh
 
 
content_length_megalomania.sh
content_length_megalomania.sh
 
 
content_length_understatement.sh
content_length_understatement.sh
 
 
huge_header.sh
huge_header.sh
 
 
infinite_body.sh
infinite_body.sh
 
 
too_many_headers.sh
too_many_headers.sh
 
 
transfer_brotli_mismatch.sh
transfer_brotli_mismatch.sh
 
 
transfer_deflate_mismatch.sh
transfer_deflate_mismatch.sh
 
 
transfer_gzip_mismatch.sh
transfer_gzip_mismatch.sh
 
 
transfer_identity.sh
transfer_identity.sh
 
 
transfer_klingon.sh
transfer_klingon.sh
 
 
transfer_lzw_mismatch.sh
transfer_lzw_mismatch.sh
 
 
transfer_zstd_mismatch.sh
transfer_zstd_mismatch.sh
 
 

Repository files navigation

HTTP denial-of-potatoes

Collection of scripts attempting trivial denial-of-service attacks against HTTP clients.

This is not going to work against curl, wget or any other serious client. But they will help if you're writing your own HTTP client and want to check it for susceptibility to basic DoS attacks.

Usage

Run the script, then connect to localhost:8080 using the HTTP client you want to test.

License

Licensed under any of Apache 2.0, MIT or Zlib license, at your option.

Wishlist

Contributions of these scripts are welcome!

  • Slow header transfer (tests timeouts)
  • Slow body transfer (tests timeouts)
  • The above combined with redirects (vulns: 1, 2, ...)

...and anything else that you've seen cause issues in HTTP clients. Combing through security advisories for curl, etc is probably a good strategy for discovering failure modes.

About

Scripts attempting trivial denial-of-service attacks on HTTP clients

Resources

Readme

License

Apache-2.0 and 2 other licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Zlib
LICENSE-ZLIB
Activity

Stars

50 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages