hacktricks/pentesting-web/hacking-with-cookies/cookie-bomb.md
2022-10-12 08:05:30 +06:00

3 KiB

Support HackTricks and get benefits!

A cookie bomb is the capability of adding a large number of large cookies to a user for a domain and its subdomains with the goal that the victim will always send large HTTP requests to the server (due to the cookies) the server won't accept the request. Therefore, this will cause a DoS over a user in that domain and subdomains.

A nice example can be seen in this write-up: https://hackerone.com/reports/57356

And for more information, you can check this presentation: https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers?slide=26

Support HackTricks and get benefits!