Giter VIP home page Giter VIP logo

Comments (8)

Leeon123 avatar Leeon123 commented on May 26, 2024 1

@jmcausing It could be easily stopped by limiting the connections per host. The exactly command I don't remember, but i think you should be able to find on google.

from cc-attack.

Leeon123 avatar Leeon123 commented on May 26, 2024

The problem of the output of slow attack has been fixed, also what do you mean can't atttack "https: // target //?q=% RANDOM%".

from cc-attack.

andress134 avatar andress134 commented on May 26, 2024

The problem of the output of slow attack has been fixed, also what do you mean can't atttack "https: // target //?q=% RANDOM%".

@Cosmysd
him want to say like to send requests on all pages, if u attack http://mysitetest.com he to detect pages and send req on all like index.php test.php car.php, idk if u undestend
Also about ratelimit, i think using ratelimit can bypass some normal waf
So maybe a option ''use rate limit y/n'' default is no
if u activate ratelimit, to send limited requests per proxy

and custom headers like your cc golang version to add like

'Cache-Control': 'no-cache',
'Pragma': 'no-cache',
'Upgrade-Insecure-Requests': 1,

from cc-attack.

ruz0ne avatar ruz0ne commented on May 26, 2024

it would be so great if you could add these features, especially the cloudflare bypass

from cc-attack.

andress134 avatar andress134 commented on May 26, 2024

hi @Leeon123 sir, is not posible to improve script to bypass cf headers? also maybe using cloudscraper (python) ?

from cc-attack.

jmcausing avatar jmcausing commented on May 26, 2024

Hi @Leeon123 , Do you know what iptables rules can I apply for my server if an attacker will try to use this? I tried different iptables rules but I cannot seem to find the correct one. The only way I can mitigate this is to drop the port 443 and port 80

from cc-attack.

avatar commented on May 26, 2024

@jmcausing You could drop junk http packets, or any packet that does not have a valid HTTP method (So you only allow GET, HEAD, POST or that stuff). The second option is to rate-limit the attacker.

from cc-attack.

swordapi avatar swordapi commented on May 26, 2024

The problem of the output of slow attack has been fixed, also what do you mean can't atttack "https: // target //?q=% RANDOM%".

Sir have a look at hulk.go at hulk repository, it uses random strings at the end of a url but i guess this doesnt make sense bc its written in go but to understand the basic idear lol.

from cc-attack.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.