GoldenEye 2.1 released with even more randomness

Recently I’ve discovered that GoldenEye got his first signature from a big vendor.

That’s funny since the main GoldenEye objective is to be signature-proof due its randomness. I’ve done a quick search on the internet and found the signature update link for their products, downloaded, located that one mentioned above.

It was a very crude signature, as expected:

Mostly are the only static texts GoldenEye had (since this update ;)). These are mostly leftovers from Barry’s HULK, which GoldenEye was spawned from.

Changelog

No worries, this new patch include the following changes:

  • Referer strings from search engines now only domain part hardcoded (rest is generated)
  • Referer generation function now generates even more random referers.
  • NO MORE HARDCODED USER AGENTS. I admit, hardcoded user agents were lame. There’s now a User-Agent Generator function that will generate RFC-2616 compliant user-agent strings.
  • External User-Agent List Support: As the generator function may generate UAs for inexistent browser version + plugin version combinations, you can now supply your own list of User-Agents (one per line – text file) via the -u flag.
  • Besides no-cache I’ve added the directive max-age=0 that does basically the same thing. GoldenEye will chose one of them during the strike request.
  • More random keepalive values: They’re 110-120 (legacy), now they’re random 1-1000
  • User-Agent lists: I’ve added a res directory for external resources. Multiple text files were placed there with user agents from different platforms.
  • Utilities! Now the getuas.py scrapes (requires BeautifulSoup) http://www.useragentstring.com/ URLs.

About the User-Agent generation algorithm

The user-agent string follows the following format: Mozilla/[version] ([system and browser information]) [platform] ([platform details]) [extensions]

I have a python dictionary with OS-specific values and Platform-specific (Webkit, Gecko, Internet Explorer) values. There are many options for each one. Mostly generated on the fly thanks to python’s dynamic lists generation.

Here’s an example of the property generation

Upon program start, it will generate N random values and populate the python list. As lists can be easily joined with the + operator, this makes dynamic list generation a charm. The same goes to OS-specific values

Any effort now to block our user-agents will block legitimate traffic also :)

About referer generation

In the previous GoldenEye versions, referers were crude and simple, like search engine search urls with some random parameter. Now referers are generated like request urls:

  • Random PATH (/Hiad727ja)
  • Random QueryString key and value names
  • Random QueryString key and value quantity
  • Random QueryString presence

As it was before, referer presence is also random.

I think that covers all the changes for this version.

Download, test (please, not on other people’s servers) and report!

New version of GoldenEye WebServer DoS tool released

After the hackers 2 hackers conference talk last year, some people contacted me about known Python performance issues regarding the use of threads related to the GIL.

Indeed the threading wasn’t performing well due the nature of GIL so I’ve rewritten the code to support Python’s multiprocessing module. It’s a tad faster but I haven’t tested it exhaustively so if you feel the inner-beta-tester in you, let me know!

The download is available as always at the github project page at https://github.com/jseidl/GoldenEye and you can read more about the tool at the project page at this blog.

Please test it (ON YOUR OWN RESOURCES!!) and let me know your thoughts!

About Hackers 2 Hackers Conference 9th Edition

Hi Folks,

This last weekend was my talk on Hackers 2 Hackers Conference 9th Edition @ São Paulo, Brazil. The talk was in portuguese and the slides are available here (download pdf) and here (slideshare).

The subject of the talk was about layer 7 denial of service techniques and tools, using haproxy and socat to create a distributed denial of service from a single node, some XSS payload for DDoS and demonstration of the GoldenEye Mobile tool released today.

I am very happy with the results, with the public’s acceptance and reaction to the material presented and for the cheers from all the good friends and IT professionals from Brazil.

Also, thanks to Utah Networks, the talk was live streamed and recorded and the video can be found on this link or below.

TI Safe, the company that I currently work at, has also published some photos at their Flickr page.

As I promised to the attendees, the code for GoldenEye and GoldenEye Mobile are available at my github page.

Below a demo video of the GoldenEye Mobile tool in a test:

Talk apart, the whole event was AWESOME as usual. Spectacular specially crafted beer, excellent coffee-break, excellent service, excellent infrastructure! Hackers 2 Hackers Conference once again proved why is one of the most incredible confs at Brazil.

Thanks for people at H2HC for accepting the paper and doing such a great event.