.

Some inputs on JavaScript

<<

Hanzo

Newbie
Newbie

Posts: 4

Joined: Wed Dec 29, 2010 3:31 pm

Post Fri Jan 06, 2012 9:27 am

Some inputs on JavaScript

Hi!

I'm a student doing a research with ModSecurity. I'm coming up with some rules to prevent * HTTP POST DoS attack on the Apache server by using javascript cookies. ModSecurity injects the JavaScript code on any webpage then ModSecurity is then configured to drop requests without these cookies. My main assumption is that most bots especially those that use the slow HTTP DoS POST attack don't use browsers and thus don't use JavaScript. Can anyone here give me some insights as to how effective/not effective that prevention is? Can someone also use JavaScript to create a Slow HTTP POST attack tool that triggers or steals that cookie and proceed with the attack?


As an example, some said that Javascript code can easily be stolen even with obfuscation.

Sorry not a I'm not Javascript expert at all.


Article on slow post DoS attacks can be found

here -http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/228000532/researchers-to-demonstrate-new-attack-that-exploits-http.html.

and here http://blog.spiderlabs.com/2011/07/adva ... tacks.html.

Many Thanks!
Last edited by Hanzo on Fri Jan 06, 2012 10:25 am, edited 1 time in total.
<<

Hanzo

Newbie
Newbie

Posts: 4

Joined: Wed Dec 29, 2010 3:31 pm

Post Thu Jan 12, 2012 2:45 pm

Re: Some inputs on JavaScript

I actually found this - 

http://www.devarticles.com/c/a/JavaScri ... -Action/4/

which gives a backgroudn on how to create an HTTP POST flooding attack. But I'm looking for a way to slow down the requests.... I think it can theoretically be done. But I'm not sure how.

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software