hacktricks/pentesting-web/hacking-with-cookies/cookie-bomb.md

Cookie Bomb

A cookie bomb is basically the capability of adding a large number of big cookies to a user for a domain an its subdomains with the goal that the victim will always **send very big HTTP requests **to the server (due to the cookies) that the server won't accept the request. Therefore, this will cause a DoS over a user in that domains and subdomains.

A nice example can be seen in this write-up: https://hackerone.com/reports/57356

And for more information you can check this presentation: https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers?slide=26