10 GB in a 27 KB Gzip File [My Present To HTTP Scanners]

Here’s a gzip bomb I use to redirect http scanners and web scrapers to:

10G.gz

Create a PHP file with the following:

< ?php header('Content-Encoding: gzip'); echo file_get_contents('10G.gz');

Example: http://rehmann.co/gz-bomb.php

How it works:

  1. A web-crawler or browser requests the page and sends the "accept-encoding: gzip, deflate, br" header.
    So long as gzip is accepted, the gzip bomb will do its job.
  2. The web server and php script respond to the request with the 27 KB Gzip bomb package. 27 KB is delivered to the client.
  3. The client browser or crawler begins to unzip the data before it is processed by the script or shown to the user
  4. The client machine runs out of memory / crashes before the bomb is fully unzipped.