Version
2.4 (Default)
Which section is the problem?
L7 (DDoS Attack Layer 7)
Please complete the following information
- OS: Ubuntu 24.04
- Installed Requirements Version [e.g. PyRoxy1.0b5]
- Python Version 3.12.12
What happened (Describe the bug) ?
I'm new to MHDDoS and trying to make captures of attacking an Nginx server to learn different attacks. Now I'm trying downloader attack and seeing MHDDoS sending the following requests to Nginx:
REQUESTS /stream/20 HTTP/1.2
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Sec-Gpc: 1
Pragma: no-cache
Upgrade-Insecure-Requests: 1
Host: 10.0.0.238:8080
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Firefox/3.6.13
Referrer: http://www.netacad.lviv.ua/plugins/system/plugin_googlemap3/plugin_googlemap3_proxy.php?url=http%3A//10.0.0.238%3A8080/stream/20
X-Forwarded-Proto: Http
X-Forwarded-Host: 10.0.0.238, 1.1.1.1
Via: 192.181.67.119
Client-IP: 192.181.67.119
X-Forwarded-For: 192.181.67.119
Real-IP: 192.181.67.119
AFAIK, there is no REQUESTS method in HTTP's RFC:
And I found that REQUESTS is the fallback method in https://github.com/MatrixTM/MHDDoS/blob/main/start.py#L960-L966
def getMethodType(method: str) -> str:
return "GET" if {method.upper()} & {"CFB", "CFBUAM", "GET", "TOR", "COOKIE", "OVH", "EVEN",
"DYN", "SLOW", "PPS", "APACHE",
"BOT", "RHEX", "STOMP"} \
else "POST" if {method.upper()} & {"POST", "XMLRPC", "STRESS"} \
else "HEAD" if {method.upper()} & {"GSB", "HEAD"} \
else "REQUESTS"In my environment, Nginx and other HTTP servers all reject such request with 405 Not allowed or 400 Bad Request instead of 404 Not found. I wonder whether this is an intentional design.
Screenshots
https://github.com/user-attachments/assets/0c0c052e-3a7d-4aed-a139-cf055fd18f97
Please provide a link to a minimal reproduction of the bug
No response
Relevant log output
Additional context
No response
Your code
Version
2.4 (Default)
Which section is the problem?
L7 (DDoS Attack Layer 7)
Please complete the following information
What happened (Describe the bug) ?
I'm new to MHDDoS and trying to make captures of attacking an Nginx server to learn different attacks. Now I'm trying
downloaderattack and seeing MHDDoS sending the following requests to Nginx:AFAIK, there is no
REQUESTSmethod in HTTP's RFC:And I found that
REQUESTSis the fallback method in https://github.com/MatrixTM/MHDDoS/blob/main/start.py#L960-L966In my environment, Nginx and other HTTP servers all reject such request with
405 Not allowedor400 Bad Requestinstead of404 Not found. I wonder whether this is an intentional design.Screenshots
https://github.com/user-attachments/assets/0c0c052e-3a7d-4aed-a139-cf055fd18f97
Please provide a link to a minimal reproduction of the bug
No response
Relevant log output
Additional context
No response
Your code