|
Title: Some inputs on JavaScript Post by: HanzoShinobi on January 06, 2012, 08:27:05 AM Hi!
I'm a student doing a research with ModSecurity. I'm coming up with some rules to prevent * HTTP POST DoS attack on the Apache server by using javascript cookies. ModSecurity injects the JavaScript code on any webpage then ModSecurity is then configured to drop requests without these cookies. My main assumption is that most bots especially those that use the slow HTTP DoS POST attack don't use browsers and thus don't use JavaScript. Can anyone here give me some insights as to how effective/not effective that prevention is? Can someone also use JavaScript to create a Slow HTTP POST attack tool that triggers or steals that cookie and proceed with the attack? As an example, some said that Javascript code can easily be stolen even with obfuscation. Sorry not a I'm not Javascript expert at all. Article on slow post DoS attacks can be found here -http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/228000532/researchers-to-demonstrate-new-attack-that-exploits-http.html. and here http://blog.spiderlabs.com/2011/07/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html. Many Thanks! Title: Re: Some inputs on JavaScript Post by: HanzoShinobi on January 12, 2012, 01:45:23 PM I actually found this -
http://www.devarticles.com/c/a/JavaScript/Programmatic-POST-Requests-with-JavaScript-Form-Emulator-in-Action/4/ which gives a backgroudn on how to create an HTTP POST flooding attack. But I'm looking for a way to slow down the requests.... I think it can theoretically be done. But I'm not sure how.
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |