- Author: email@example.com
- Copyright: Cyberis Limited 2013
- License: GPLv3 (See LICENSE)
PHP framework to test User-Agents and intermediary content inspection devices for denial-of-service vulnerabilities with respect to HTTP response decompression.
GzipBloat faciliates easy testing of vulnerable clients and intermediary content inspection devices by delivering pre-compressed content (/dev/zero) with necessary HTTP response headers set. Using multiple rounds of encoding, a 43 Kilobyte HTTP server response will equate to a 1 Terabyte file when decompressed by a receiving client - an effective compression ratio of 25,127,100:1.
To create the test cases:
- dd (Linux)
To run the server-side scripts:
Create Test Cases
Kindly report all issues via https://github.com/cyberisltd/GzipBloat/issues