hacktricks/pentesting-web/hacking-with-cookies/cookie-bomb.md
Carlos Polop a268747dc2 A
2024-02-09 08:14:36 +01:00

2.9 KiB

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Cookie bomb involves adding a significant number of large cookies to a domain and its subdomains targeting a user. This action results in the victim sending oversized HTTP requests to the server, which are subsequently rejected by the server. The consequence of this is the induction of a Denial of Service (DoS) specifically targeted at a user within that domain and its subdomains.

A nice example can be seen in this write-up: https://hackerone.com/reports/57356

And for more information, you can check this presentation: https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers?slide=26

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: