Skip to main content

Gzip Bomb responses for Flask

Project description

Gzip Bomb responses for Flask.

This package provides an extension to flask.Response class, GzipBombResponse, which can be used as a defensive measure for various vuln scans, dictionary attacks etc. It creates a response containing a gzipped data block filled with null characters with varying number of rounds (to achieve minimal size of response’s content).

Example:

>>> from flask import Flask
>>> from flask_gzipbomb import GzipBombResponse
>>>
>>> app = Flask(__name__)
>>>
>>> @app.route('/tiny-bomb')
... def gzipped():
...     return GzipBombResponse(size='1M')
>>>
>>> app.run()
>>> import gzip
>>> import requests
>>>
>>> r = requests.get('http://localhost:5000/tiny-bomb')
>>> r.headers['content-encoding']
'gzip,gzip'
>>> len(r.content) # gzipped content length in bytes
64
>>> data = gzip.decompress(r.content)
>>> data = gzip.decompress(data)
>>> len(data) # decompressed content length in bytes
1048576

GzipBombResponse accepts all arguments accepted by Response class with additional size parameter, describing response content length in bytes after decompression. Possible values:

‘1k’, ‘10k’, ‘100k’, ‘1M’, ‘10M’, ‘100M’, ‘1G’, ‘10G’

with k, M and G denoting kilobyte, megabyte and gigabyte. Any other value will result raise a KeyError. By default size is set to ‘10M’, however it is recommended to use ‘10G’ for achieving desired effect.

This package is for protection and educational purposes only. Using it for any malicious purpose is strictly prohibited.

Project details


Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
Flask_GzipBomb-0.1.0-py2.py3-none-any.whl (9.3 kB) Copy SHA256 hash SHA256 Wheel py2.py3 Jul 10, 2017
Flask-GzipBomb-0.1.0.tar.gz (6.7 kB) Copy SHA256 hash SHA256 Source None Jul 10, 2017

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page