Home arrow JavaScript arrow Page 3 - Programmatic GET Requests with JavaScript: Simple Way to Hack Your Site
JAVASCRIPT

Programmatic GET Requests with JavaScript: Simple Way to Hack Your Site


Trying to secure a website is a continual and frustrating process. Attacks, like Denial of Service, can come from many directions, especially when your web applications cannot reject external requests. Alegandro Gervasio shows us some valuable JavaScript in this article meant to help you secure your sites.

Author Info:
By: Alejandro Gervasio
Rating: 5 stars5 stars5 stars5 stars5 stars / 30
July 13, 2005
TABLE OF CONTENTS:
  1. · Programmatic GET Requests with JavaScript: Simple Way to Hack Your Site
  2. · A Quick Look At The XMLHttpRequest Object
  3. · When High Levels of Traffic Are Dangerous
  4. · Automated GET requests
  5. · Massive HTTP requests: Using a Timer

print this article
SEARCH DEVARTICLES

Programmatic GET Requests with JavaScript: Simple Way to Hack Your Site - When High Levels of Traffic Are Dangerous
(Page 3 of 5 )

To many websites around, their primary goal is to attract as many visitors as possible. As you know, popular sites get high levels of traffic on a daily basis, but definitively, this popularity comes at a price. Theyíre the target of many attackers. This is not shocking news at all for big sites that (hopefully) have a decent security strategy and conscious system administrators.

However, letís describe a more frequent scenario, shared by thousands of websites: a database backend that supports a bunch of dynamic pages, with a rather limited number of visits. Certainly, a website is trying hard to get more visitors by offering better content along with a consistent visual presentation, and suddenly ... their strategy works! Apparently, the site is attracting many users, so the Web server starts attending thousand of requests, multiple database connections are simultaneously established, and massive queries are executed. The final result is, in most cases, the complete hang of the whole system.

Sad but true, this is a typical attack popularly known as Denial of Service. Massive http requests are recreated programmatically and performed against the selected server.

Certainly, a good traffic analysis program might help to reduce the possibilities of an attack, thus the solution looks fairly easy. To be fair, we might say that the same easiness involved in solving partially this critical condition, is applied to write web-based programs that make automated http requests.

If we step back for a moment to the part where I explained the basics of the XMLHttpRequest object, it should be clear that there are concrete cases of people using its functionality with malicious purposes, such as denial of service attacks, or programmatic web form emulation.

Now that youíve got a clear idea about the possible ways that some attacks are carried out in real situations, Iíll show an example written in JavaScript. It makes automated GET requests to a given URL, which might be potentially used either as a test script to verify performance and security issues within a web program, or for badly-intended purposes. Again, I strongly recommend using the code only for testing.


blog comments powered by Disqus
JAVASCRIPT ARTICLES

- Project Nashorn to Make Java, JavaScript Wor...
- JavaScript Virus Attacks Tumblr Blogs
- Google Releases Stable Dart Version, JavaScr...
- Khan Academy Unveils New JavaScript Learning...
- Accessing Nitro? There`s an App for That
- JQuery 2.0 Leaving Older IE Versions Behind
- Fastest JavaScript Engine Might Surprise You
- Microsoft Adjusting Chakra for IE 10
- Brendan Eich: We Don`t Need Google Native Cl...
- An Overview of JavaScript Statements
- An Overview of JavaScript Operators
- Overview of JavaScript Variables
- More of the Top jQuery Social Plugins
- The Top jQuery Social Plugins
- More of the Top jQuery Slider Plugins

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials