Network Services Pentesting
Cookie Bomb
Support HackTricks and get benefits!
A cookie bomb is basically the capability of adding a large number of big cookies to a user for a domain an its subdomains with the goal that the victim will always send very big HTTP requests to the server (due to the cookies) that the server won't accept the request. Therefore, this will cause a DoS over a user in that domains and subdomains.
A nice example can be seen in this write-up: https://hackerone.com/reports/57356โ€‹
And for more information you can check this presentation: https://speakerdeck.com/filedescriptor/the-cookie-monster-in-your-browsers?slide=26โ€‹
Support HackTricks and get benefits!
Copy link