HULK - Web Server DoS Tool
HULK is a web server denial of service tool (DDoS Tool) written for research
purposes. It is designed to generate volumes of unique and obfuscated
traffic at a webserver, bypassing caching engines and therefore hitting
the server's direct resource pool.
The Hulk Web server is a brainchild of Barry Shteiman. This DDoS attack
tool distinguishes itself from many of the other tools out in the wild.
According to its creator, the Hulk Web server was born of his conclusion
that most available DDoS attack tools produced predictable repeated
patterns that could easily be mitigated. The principle behind the Hulk
Web server is that a unique pattern is generated at each and every
request, with the intention of increasing the load on the servers as
well as evading any intrusion detection and prevention systems.
Some Techniques
- Obfuscation of Source Client – this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list
- Reference Forgery – the referer that points at the request is obfuscated and points into either the host itself or some major prelisted websites.
- Stickiness – using some standard Http command to try and ask the server to maintain open connections by using Keep-Alive with variable time window
- no-cache – this is a given, but by asking the HTTP server for no-cache , a server that is not behind a dedicated caching service will present a unique page.
- Unique Transformation of URL – to eliminate caching and other optimization tools, I crafted custom parameter names and values and they are randomized and attached to each request, rendering it to be Unique, causing the server to process the response on each event.
HULK - Web Server DoS Tool
Reviewed by Zion3R
on
9:17 PM
Rating:
Reviewed by Zion3R
on
9:17 PM
Rating:
