hacktricks/pentesting-web/hacking-with-cookies/cookie-bomb.md at cfff5cc9a8489e775a31ab36dd0c527894cf8f22

mirror of https://github.com/carlospolop/hacktricks synced 2024-12-19 17:44:47 +00:00

Carlos Polop cfff5cc9a8 re

2024-12-14 12:46:15 +01:00

2.9 KiB

Raw Blame History

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

Cookie bomb involves adding a significant number of large cookies to a domain and its subdomains targeting a user. This action results in the victim sending oversized HTTP requests to the server, which are subsequently rejected by the server. The consequence of this is the induction of a Denial of Service (DoS) specifically targeted at a user within that domain and its subdomains.

A nice example can be seen in this write-up: https://hackerone.com/reports/57356

And for more information, you can check this presentation: https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers?slide=26

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

2.9 KiB Raw Blame History

2.9 KiB

Raw Blame History