Cookie Bomb
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Cookie bomb
involves adding a significant number of large cookies to a domain and its subdomains targeting a user. This action results in the victim sending oversized HTTP requests to the server, which are subsequently rejected by the server. The consequence of this is the induction of a Denial of Service (DoS) specifically targeted at a user within that domain and its subdomains.
A nice example can be seen in this write-up:
And for more information, you can check this presentation:
Learn & practice AWS Hacking: Learn & practice GCP Hacking: