{"id":4241,"date":"2016-08-16T01:07:32","date_gmt":"2016-08-15T17:07:32","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4241"},"modified":"2016-08-22T11:43:34","modified_gmt":"2016-08-22T03:43:34","slug":"ufonet-open-redirect-ddos-tool","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/08\/ufonet-open-redirect-ddos-tool\/","title":{"rendered":"UFONet – Open Redirect DDoS Tool"},"content":{"rendered":"

UFONet is an open redirect DDoS tool designed to launch attacks against a target, using insecure redirects in third party web applications, like a botnet. Obviously, only for testing purposes.<\/p>\n

\"UFONet<\/p>\n

The tool abuses OSI Layer 7-HTTP to create\/manage ‘zombies’ and to conduct different attacks using; GET\/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.<\/p>\n

Definition of an “Open Redirect”:<\/p>\n

An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance. <\/p><\/blockquote>\n

From: CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)<\/a><\/p>\n

Usage<\/h3>\n
Options:\r\n  --version             show program's version number and exit\r\n  -h, --help            show this help message and exit\r\n  -v, --verbose         active verbose on requests\r\n  --update              check for latest stable version\r\n  --check-tor           check to see if Tor is used properly\r\n  --force-yes           set 'YES' to all questions\r\n  --disableisup         disable external check of target's status\r\n  --gui                 run GUI (UFONet Web Interface)\r\n\r\n  *Configure Request(s)*:\r\n    --proxy=PROXY       Use proxy server (tor: 'http:\/\/127.0.0.1:8118')\r\n    --user-agent=AGENT  Use another HTTP User-Agent header (default SPOOFED)\r\n    --referer=REFERER   Use another HTTP Referer header (default SPOOFED)\r\n    --host=HOST         Use another HTTP Host header (default NONE)\r\n    --xforw             Set your HTTP X-Forwarded-For with random IP values\r\n    --xclient           Set your HTTP X-Client-IP with random IP values\r\n    --timeout=TIMEOUT   Select your timeout (default 10)\r\n    --retries=RETRIES   Retries when the connection timeouts (default 1)\r\n    --threads=THREADS   Maximum number of concurrent HTTP requests (default 5)\r\n    --delay=DELAY       Delay in seconds between each HTTP request (default 0)\r\n\r\n  *Search for 'Zombies'*:\r\n    -s SEARCH           Search from a 'dork' (ex: -s 'proxy.php?url=')\r\n    --sd=DORKS          Search from a list of 'dorks' (ex: --sd 'dorks.txt')\r\n    --sn=NUM_RESULTS    Set max number of results for engine (default 10)\r\n    --se=ENGINE         Search engine to use for 'dorking' (default: duck)\r\n    --sa                Search massively using all search engines\r\n\r\n  *Test Botnet*:\r\n    -t TEST             Update 'zombies' status (ex: -t 'zombies.txt')\r\n    --attack-me         Order 'zombies' to attack you (NAT required!)\r\n\r\n  *Community*:\r\n    --download-zombies  Download 'zombies' from Community server: Turina\r\n    --upload-zombies    Upload your 'zombies' to Community server: Turina\r\n    --blackhole         Create a 'blackhole' to share your 'zombies'\r\n    --up-to=UPIP        Upload your 'zombies' to a 'blackhole'\r\n    --down-from=DIP     Download your 'zombies' from a 'blackhole'\r\n\r\n  *Research Target*:\r\n    -i INSPECT          Search for biggest file (ex: -i 'http:\/\/target.com')\r\n\r\n  *Configure Attack(s)*:\r\n    --disable-aliens    Disable 'aliens' web abuse of test services\r\n    --disable-isup      Disable check status 'is target up?'\r\n    -r ROUNDS           Set number of rounds (default: 1)\r\n    -b PLACE            Set place to attack (ex: -b '\/path\/big.jpg')\r\n    -a TARGET           Start Web DDoS attack (ex: -a 'http(s):\/\/target.com')<\/pre>\n
Searching for ‘Zombies’<\/h3>\n
UFONet can dig on different search engines results to find possible ‘Open Redirect’ vulnerable sites. A common query string should be like this:<\/p>\n