UFONet - DDoS attacks via Web Abuse (XSS/CSRF)
UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.
See this links for more info:
- CWE-601:Open Redirect
- OWASP:URL Redirector Abuse
Main features:
--version show program's version number and exit
-v, --verbose active verbose on requests
--check-tor check to see if Tor is used properly
--update check for latest stable version
*Configure Request(s)*:
--proxy=PROXY Use proxy server (tor: http://localhost:8118)
--user-agent=AGENT Use another HTTP User-Agent header (default SPOOFED)
--referer=REFERER Use another HTTP Referer header (default SPOOFED)
--host=HOST Use another HTTP Host header (default NONE)
--xforw Set your HTTP X-Forwarded-For with random IP values
--xclient Set your HTTP X-Client-IP with random IP values
--timeout=TIMEOUT Select your timeout (default 30)
--retries=RETRIES Retries when the connection timeouts (default 1)
--delay=DELAY Delay in seconds between each HTTP request (default 0)
*Manage Botnet*:
-s SEARCH Search 'zombies' on google (ex: -s 'proxy.php?url=')
--sn=NUM_RESULTS Set max number of result to search (default 10)
-t TEST Test list of web 'zombie' servers (ex: -t zombies.txt)
*Configure Attack(s)*:
-r ROUNDS Set number of 'rounds' for the attack (default: 1)
-b PLACE Set a place to 'bit' on target (ex: -b /path/big.jpg)
-a TARGET Start a Web DDoS attack (ex: -a http(s)://target.com)
UFONet - DDoS attacks via Web Abuse (XSS/CSRF)
Reviewed by 0x000216
on
Monday, September 22, 2014
Rating: 5