Here’s a gzip bomb I use to redirect http scanners and web scrapers to:
Create a PHP file with the following:
< ?php header('Content-Encoding: gzip'); echo file_get_contents('10G.gz');
How it works:
- A web-crawler or browser requests the page and sends the "accept-encoding: gzip, deflate, br" header.
So long as gzip is accepted, the gzip bomb will do its job.
- The web server and php script respond to the request with the 27 KB Gzip bomb package. 27 KB is delivered to the client.
- The client browser or crawler begins to unzip the data before it is processed by the script or shown to the user
- The client machine runs out of memory / crashes before the bomb is fully unzipped.