hacktricks/pentesting-web/hacking-with-cookies/cookie-bomb.md

8 lines
729 B
Markdown
Raw Normal View History

2021-10-20 23:25:53 +00:00
# Cookie Bomb
2021-11-30 16:46:07 +00:00
A cookie bomb is basically the capability of **adding a large number of big cookies to a user** for a domain an its subdomains with the goal that the victim will always **send very big HTTP requests** to the server (due to the cookies) that the **server won't accept the request**. Therefore, this will cause a DoS over a user in that domains and subdomains.
2021-10-20 23:25:53 +00:00
A nice **example** can be seen in this write-up: [https://hackerone.com/reports/57356](https://hackerone.com/reports/57356)
And for more information you can check this presentation: [https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers?slide=26](https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers?slide=26)