FlagHack logoFlag{Hack} Coming Soon

HTTPS Floods

An HTTPS flood is a type of Distributed Denial of Service (DDoS) attack that targets web servers using encrypted HTTPS requests. Unlike standard HTTP floods, HTTPS floods consume more resources because each request requires SSL/TLS negotiation, which is computationally expensive. The goal is to exhaust server resources, including CPU, memory, and bandwidth, making the website unavailable to legitimate users.

Impact

HTTPS flood attacks are particularly dangerous due to the overhead of handling encrypted connections. Servers must allocate significantly more processing power for each request, allowing even relatively small-scale attacks to cause major slowdowns or outages. Services relying on secure transactions—such as banking, e-commerce, and login portals—are especially vulnerable, risking downtime, lost revenue, and customer dissatisfaction.

Discoverability

HTTPS flood attacks can be difficult to distinguish from legitimate traffic because the requests appear valid and come over encrypted channels. Traditional firewalls may not inspect encrypted payloads deeply, making detection reliant on behavioral analysis, rate thresholds, and TLS handshake anomalies. Monitoring for high numbers of incomplete handshakes or repetitive access patterns is key to early identification.

Tools

  • Slowloris (with HTTPS extensions): Designed to keep connections open indefinitely, Slowloris can be adapted to target HTTPS servers.
  • GoldenEye: A powerful tool that can send rapid HTTPS GET or POST requests to exhaust server resources.
  • Torshammer: Sends POST requests over HTTPS via the Tor network to obscure the attack's origin.
  • hping3 + TLS scripting: Advanced users can script HTTPS floods using packet generators like hping3 with custom SSL payloads.

Protection

  • Web Application Firewalls (WAFs): Can detect and block suspicious HTTPS traffic using rate limiting, bot detection, and anomaly filters.
  • TLS Offloading: Using load balancers or reverse proxies to handle SSL handshakes can reduce server load and mitigate attack impact.
  • Cloud-Based DDoS Protection: Services like Cloudflare, AWS Shield, or Google Cloud Armor can absorb massive HTTPS floods at the edge.
  • IP Reputation and Geofencing: Blocking traffic from high-risk or unnecessary regions can reduce the attack surface.