WordPress Request Tool
This tool is designed to test the vulnerability in WordPressâs load-scripts.php file by simulating high-frequency requests to the target URL. It serves as a proof-of-concept (PoC) for understanding the impact of a Denial of Service (DoS) attack against WordPress sites.
Table of Contents
Overview
WordPress is a widely used Content Management System (CMS), powering about 43.5% of websites globally. This tool tests the behavior of the load-scripts.php file, a core component in WordPress, to explore its potential vulnerability to DoS attacks.
Warning: This tool is for educational and security research purposes only. Do not use it against any site without explicit permission from the site owner.
Screenshots
- Environment Setup
- cPanel Visitor Logs
How It Works
The tool is built using HTML and JavaScript, and it sends multiple requests to the load-scripts.php endpoint of a WordPress website. The JavaScript code is executed in the browser and simulates high-frequency GET requests to check the response behavior.
Setup Instructions
-
Install Local CORS Proxy
To bypass CORS restrictions, we need a local proxy. Install local-cors-proxy:
Loading code... -
Run Local CORS Proxy
Start the local CORS proxy to handle requests:
Loading code...
Replace https://example.com with the target WordPress URL.
- Launch the HTML Tool
Save the HTML code provided in this repository as index.html. Open the file in a browser.
Usage
- Enter the target domain (e.g., example.com) in the input field.
- Click the Start button to initiate requests.
- Observe the request statuses in the table below.
- Click the Stop button to halt the requests.
Features
- Start/Stop Button: Start or stop requests manually.
- Real-time Status: Displays the status of each request (success, failed, or error).
- Request Table: Shows a running log of request status and response codes.
- No Cache: Uses cache: 'no-store' to prevent using cached responses.