Skip to main content

Gzip Bomb responses for Flask

Project description

Gzip Bomb responses for Flask.

This package provides an extension to flask.Response class, GzipBombResponse, which can be used as a defensive measure for various vuln scans, dictionary attacks etc. It creates a response containing a gzipped data block filled with null characters with varying number of rounds (to achieve minimal size of response’s content).

Example:

>>> from flask import Flask
>>> from flask_gzipbomb import GzipBombResponse
>>>
>>> app = Flask(__name__)
>>>
>>> @app.route('/tiny-bomb')
... def gzipped():
...     return GzipBombResponse(size='1M')
>>>
>>> app.run()
>>> import gzip
>>> import requests
>>>
>>> r = requests.get('http://localhost:5000/tiny-bomb')
>>> r.headers['content-encoding']
'gzip,gzip'
>>> len(r.content) # gzipped content length in bytes
64
>>> data = gzip.decompress(r.content)
>>> data = gzip.decompress(data)
>>> len(data) # decompressed content length in bytes
1048576

GzipBombResponse accepts all arguments accepted by Response class with additional size parameter, describing response content length in bytes after decompression. Possible values:

‘1k’, ‘10k’, ‘100k’, ‘1M’, ‘10M’, ‘100M’, ‘1G’, ‘10G’

with k, M and G denoting kilobyte, megabyte and gigabyte. Any other value will result raise a KeyError. By default size is set to ‘10M’, however it is recommended to use ‘10G’ for achieving desired effect.

This package is for protection and educational purposes only. Using it for any malicious purpose is strictly prohibited.

Project details


Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for Flask-GzipBomb, version 0.1.0
Filename, size File type Python version Upload date Hashes
Filename, size Flask_GzipBomb-0.1.0-py2.py3-none-any.whl (9.3 kB) File type Wheel Python version py2.py3 Upload date Hashes View hashes
Filename, size Flask-GzipBomb-0.1.0.tar.gz (6.7 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page