hacktricks/pentesting-web/hacking-with-cookies/cookie-bomb.md
2022-05-01 13:41:36 +01:00

3 KiB

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.

A cookie bomb is basically the capability of adding a large number of big cookies to a user for a domain an its subdomains with the goal that the victim will always send very big HTTP requests to the server (due to the cookies) that the server won't accept the request. Therefore, this will cause a DoS over a user in that domains and subdomains.

A nice example can be seen in this write-up: https://hackerone.com/reports/57356

And for more information you can check this presentation: https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers?slide=26

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.