Testing WebLOIC

This week's attacks by Anonymous used a new tool: WebLOIC. This tool is even easier to use than LOIC, requiring no download--it sends requests using Javascript in the user's browser.

Just like LOIC, it is a quick path to prison, sending thousands of requests from your IP address to the target, accompanied by a slogan.

But it has a new feature--it starts running as soon as you open the page, so people who just want to look at it are immediately performing a DoS attack on the target. (Although it only works on requests for images, which may mean that the exact code I found was not immediately effective.)

To avoid doing something similar to people who view this page, I will only show sanitized screenshots--no active script.

I found the code for WebLOIC in a Google cache:

I altered the code to target my own test server, and ran it for 33 seconds. Here's the traffic on my server:

In 33 seconds, WebLOIC sent my server 1221 HTTP GET requests. WebLOIC seems pretty effective to me--the only limitation is that you must GET an image file.

This is a significant step forward in usability, making it even easier for Anonymous to dupe children and naive users into participating in their crimes.

Written 1-22-12 by Sam Bowne