UFONet – Open Redirect DDoS Tool

Your website & network are Hackable


UFONet is an open redirect DDoS tool designed to launch attacks against a target, using insecure redirects in third party web applications, like a botnet. Obviously, only for testing purposes.

UFONet - Open Redirect DDoS Tool

The tool abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.

Definition of an “Open Redirect”:

An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

From: CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)

Usage

Searching for ‘Zombies’

UFONet can dig on different search engines results to find possible ‘Open Redirect’ vulnerable sites. A common query string should be like this:


For example you can begin a search with:

Or providing a list of “dorks” from a file:

By default UFONet will uses a search engine called ‘duck’. But you can choose a different one:

This is the list of available search engines with last time that were working:

You can also search massively using all search engines supported:

To control how many ‘zombies’ recieve from search engines you can use:

At the end of the process, you will be asked if you want to check the list retrieved to see if the urls are vulnerable.

Also, you will be asked to update the list adding automatically only ‘vulnerable’ web apps.

If you reply ‘Y’ your new ‘zombies’ will be appended to the file named: zombies.txt

Examples:

You can download UFOnet here:

Or read more here.


Posted in: Hacking Tools, Web Hacking

, , , , , , , , , ,

Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,781 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,475,955 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,865 views

Get protected with Sucuri


No comments yet.

Leave a Reply