Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ctkqiang/rudy-attack
https://github.com/ctkqiang/rudy-attack
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/ctkqiang/rudy-attack
- Owner: ctkqiang
- Created: 2023-01-30T15:28:27.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-01-30T15:28:48.000Z (about 2 years ago)
- Last Synced: 2024-03-31T10:10:49.893Z (10 months ago)
- Language: Python
- Size: 11.7 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
Awesome Lists containing this project
README
**R U Dead Yet?** or R.U.D.Y. is a denial-of-service attack tool that aims to keep a web server tied up by submitting form data at an absurdly slow pace. A R.U.D.Y. exploit is categorized as a low-and-slow attack, since it focuses on creating a few drawn-out requests rather than overwhelming a server with a high volume of quick requests. A successful R.U.D.Y. attack will result in the victim’s origin server becoming unavailable to legitimate traffic.
The R.U.D.Y. software includes a user-friendly point-and-click interface, so all an attacker needs to do is point the tool at a vulnerable target. Any web service that accepts form input is vulnerable to a R.U.D.Y. attack, since the tool works by sniffing out form fields and exploiting the form submission process.
## How does a R.U.D.Y. attack work?
A R.U.D.Y. attack works by following these steps:
1. The R.U.D.Y. tool searches the victim's application for a form field.
2. Once it finds a form, it generates an HTTP POST request to mimic a legitimate form submission. This request includes a header that notifies the server that a large amount of content is about to be transmitted.
3. The tool then submits the form data in small packets, as small as 1 byte each, sent to the server at random intervals of around 10 seconds.
4. The process continues indefinitely, causing the web server to keep the connection open and tying up its resources.
5. R.U.D.Y. can also generate multiple slow requests simultaneously, targeting one web server. If the number of attacks exceeds the server's capacity to handle connections, it can result in a Distributed Denial-of-Service (DDoS) attack, causing the web server to become unavailable to legitimate users.
```
Note: HTTP headers are key/value pairs that accompany HTTP requests and responses, providing essential information such as the HTTP version, content language, amount of content, etc.
```