Tuesday, March 14, 2017
UFONet DDoS attacks via Web Abuse XSS CSRF
UFONet DDoS attacks via Web Abuse XSS CSRF
UFONet - is a tool designed to launch DDoS attacks against a target, using Open Redirect vectors on third party web applications, like botnet.
See this links for more info:
- CWE-601:Open Redirect
- OWASP:URL Redirector Abuse
Main features:
--version show programs version number and exit
-v, --verbose active verbose on requests
--check-tor check to see if Tor is used properly
--update check for latest stable version
*Configure Request(s)*:
--proxy=PROXY Use proxy server (tor: http://localhost:8118)
--user-agent=AGENT Use another HTTP User-Agent header (default SPOOFED)
--referer=REFERER Use another HTTP Referer header (default SPOOFED)
--host=HOST Use another HTTP Host header (default NONE)
--xforw Set your HTTP X-Forwarded-For with random IP values
--xclient Set your HTTP X-Client-IP with random IP values
--timeout=TIMEOUT Select your timeout (default 30)
--retries=RETRIES Retries when the connection timeouts (default 1)
--delay=DELAY Delay in seconds between each HTTP request (default 0)
*Manage Botnet*:
-s SEARCH Search zombies on google (ex: -s proxy.php?url=)
--sn=NUM_RESULTS Set max number of result to search (default 10)
-t TEST Test list of web zombie servers (ex: -t zombies.txt)
*Configure Attack(s)*:
-r ROUNDS Set number of rounds for the attack (default: 1)
-b PLACE Set a place to bit on target (ex: -b /path/big.jpg)
-a TARGET Start a Web DDoS attack (ex: -a http(s)://target.com)
Download UFONet
Go to link download