zipbombserver

command module

v0.0.0-...-86c1a79 Latest Latest Go to latest Published: Aug 1, 2017 License: Zlib Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/magisterquis/zipbombserver

Links

Open Source Insights

README ¶

zipbombserver

Serves up never-endng compressed zeros in an http response. Useful for shooing away some crude bots and scanners. And nmap.

This is useful for filling the memory buffer or disk space of a scanner with useless information, while keeping transmission sizes at about 1/1000th of the decompressed size.

Inspired by https://www.hackerfactor.com/blog/index.php?/archives/762-Attacked-Over-Tor.html

Not for illegal use.

Install

go get -u github.com/magisterquis/zipbombserver

Running

Zipbombserver can either be used to listen for HTTP requests (possibly behind a TLS-terminating reverse proxy), or it can communicate with a webserver via FastCGI.

HTTP Server

The HTTP server serves up HTTP requests. Aside from the body causing clients a bit of trouble, it is a nearly totally unremarkable HTTP server. HTTPS can be served with the -https flag, using the -cert and -key flags.

FastCGI

To better integrate with existing setups, zipbombserver can serve FastCGI requests over a Unix domain socket (or TCP socket, on Windows), settable with the -l option. FastCGI is enabled with the -fcgi flag.

If a socket with the same path already exists (on Unix), the existing socket will be removed before a new socket is created. The created socket will be removed before termination if zipbombserver receives a SIGINT.

Bomblets

Gzip is used to compress zeros at around a 1000:1 ratio. Because gzip is used multiple gzipped blocks of data can be concatenated and will be decompressed as one stream. The practical upshot of this is that only a small number of zeros (a bomblet) need to be compressed, and can be sent over and over in the body of the http response. It may be worth playing around with different sizes for IDS evasion. In practice, 10MB of pre-compressed zeros (the default) seems to work pretty well.

Logging

Log messages are written to the standard output, and consist of lines of the form

timestamp [remote address] "Host" METHOD "/path"

As an example,

2017/05/24 23:13:45 [192.168.111.222:30793] "noproblems.ccc" GET "/somepath" 7607340

indicates that shortly before midnight, 192.168.111.222 performed a GET request for /somepath to the host noproblems.ccc (read from the Host header), and 7607340 were attepted to be sent (though many may have been buffered and never made it to the wire).

Documentation ¶

Overview ¶

Zipbombserver erves up never-ending compressed zeros via http

Source Files ¶

View all Source files

zipbombserver.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL