Using Google, Facebook (and others?) to DDoS any websites
posted April 2014
It's actually pretty simple!
You just create notes with
img tags, facebook will crawl the website to cache the picture.
In his example he writes a thousand img tags per notes, opens all the notes from several browsers.
<img src=http://targetname/file?r=1></img> <img src=http://targetname/file?r=2></img> .. <img src=http://targetname/file?r=1000></img>
Thousands of get request are sent to a single server in a couple of seconds. Total number of facebook servers accessing in parallel is 100+.
The funny thought of facebook DDoSing itself crossed my mind. Interestingly someone else's also and chr13 answered that he hadn't tried:
It’s against the bug bounty rules to do this, hence one has to be careful here. I was only using browsers at first just because of that.