Cookie Boom

Cookie bomb involves adding a significant number of large cookies to a domain and its subdomains targeting a user. This action results in the victim sending oversized HTTP requests to the server, which are subsequently rejected by the server. The consequence of this is the induction of a Denial of Service (DoS) specifically targeted at a user within that domain and its subdomains.

A nice example can be seen in this write-up:

https://files.speakerdeck.com/presentations/d818b3c106a14efb9f73171dba48e5c2/cookie-monster-final.pdffiles.speakerdeck.com
PreviousOverwriting HttpOnly cookies using cookie jar overflowNextRacing to downgrade users to cookie-less authentication

Last updated