I actually found this - 

http://www.devarticles.com/c/a/JavaScript/Programmatic-POST-Requests-with-JavaScript-Form-Emulator-in-Action/4/

which gives a backgroudn on how to create an HTTP POST flooding attack. But I'm looking for a way to slow down the requests.... I think it can theoretically be done. But I'm not sure how.

Hi!

I'm a student doing a research with ModSecurity. I'm coming up with some rules to prevent * HTTP POST DoS attack on the Apache server by using javascript cookies. ModSecurity injects the JavaScript code on any webpage then ModSecurity is then configured to drop requests without these cookies. My main assumption is that most bots especially those that use the slow HTTP DoS POST attack don't use browsers and thus don't use JavaScript. Can anyone here give me some insights as to how effective/not effective that prevention is? Can someone also use JavaScript to create a Slow HTTP POST attack tool that triggers or steals that cookie and proceed with the attack?


As an example, some said that Javascript code can easily be stolen even with obfuscation.

Sorry not a I'm not Javascript expert at all.


Article on slow post DoS attacks can be found

here -http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/228000532/researchers-to-demonstrate-new-attack-that-exploits-http.html.

and here http://blog.spiderlabs.com/2011/07/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html.

Many Thanks!

  Excited for this one.

  This is just the kind of review on eCPPT I was looking for. I will be taking this next month to start my year right. Then, I will be following this with the PWB course.

This really helped me map out my certifications plans.

Thank your so much for a detailed review.