1# perl: 2# 3# for(1 .. 151) { 4# print join("\t", 5# "attack.invalid", "TRUE", "/", "FALSE", "0", 6# "name$_", "could-be-large-$_")."\n"; 7# } 8# 9<testcase> 10<info> 11<keywords> 12HTTP 13cookies 14</keywords> 15</info> 16 17# 18# Server-side 19<reply> 20<data> 21HTTP/1.1 200 OK 22Date: Tue, 09 Nov 2010 14:49:00 GMT 23Server: test-server/fake 24Content-Length: 6 25 26-foo- 27</data> 28</reply> 29 30# 31# Client-side 32<client> 33<server> 34http 35</server> 36<name> 37Send capped huge number of matching cookies 38</name> 39<command> 40http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -b log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP -L 41</command> 42<file name="log/cookie%TESTNUMBER" mode="text"> 43attack.invalid TRUE / FALSE 0 name1 could-be-large-1 44attack.invalid TRUE / FALSE 0 name2 could-be-large-2 45attack.invalid TRUE / FALSE 0 name3 could-be-large-3 46attack.invalid TRUE / FALSE 0 name4 could-be-large-4 47attack.invalid TRUE / FALSE 0 name5 could-be-large-5 48attack.invalid TRUE / FALSE 0 name6 could-be-large-6 49attack.invalid TRUE / FALSE 0 name7 could-be-large-7 50attack.invalid TRUE / FALSE 0 name8 could-be-large-8 51attack.invalid TRUE / FALSE 0 name9 could-be-large-9 52attack.invalid TRUE / FALSE 0 name10 could-be-large-10 53attack.invalid TRUE / FALSE 0 name11 could-be-large-11 54attack.invalid TRUE / FALSE 0 name12 could-be-large-12 55attack.invalid TRUE / FALSE 0 name13 could-be-large-13 56attack.invalid TRUE / FALSE 0 name14 could-be-large-14 57attack.invalid TRUE / FALSE 0 name15 could-be-large-15 58attack.invalid TRUE / FALSE 0 name16 could-be-large-16 59attack.invalid TRUE / FALSE 0 name17 could-be-large-17 60attack.invalid TRUE / FALSE 0 name18 could-be-large-18 61attack.invalid TRUE / FALSE 0 name19 could-be-large-19 62attack.invalid TRUE / FALSE 0 name20 could-be-large-20 63attack.invalid TRUE / FALSE 0 name21 could-be-large-21 64attack.invalid TRUE / FALSE 0 name22 could-be-large-22 65attack.invalid TRUE / FALSE 0 name23 could-be-large-23 66attack.invalid TRUE / FALSE 0 name24 could-be-large-24 67attack.invalid TRUE / FALSE 0 name25 could-be-large-25 68attack.invalid TRUE / FALSE 0 name26 could-be-large-26 69attack.invalid TRUE / FALSE 0 name27 could-be-large-27 70attack.invalid TRUE / FALSE 0 name28 could-be-large-28 71attack.invalid TRUE / FALSE 0 name29 could-be-large-29 72attack.invalid TRUE / FALSE 0 name30 could-be-large-30 73attack.invalid TRUE / FALSE 0 name31 could-be-large-31 74attack.invalid TRUE / FALSE 0 name32 could-be-large-32 75attack.invalid TRUE / FALSE 0 name33 could-be-large-33 76attack.invalid TRUE / FALSE 0 name34 could-be-large-34 77attack.invalid TRUE / FALSE 0 name35 could-be-large-35 78attack.invalid TRUE / FALSE 0 name36 could-be-large-36 79attack.invalid TRUE / FALSE 0 name37 could-be-large-37 80attack.invalid TRUE / FALSE 0 name38 could-be-large-38 81attack.invalid TRUE / FALSE 0 name39 could-be-large-39 82attack.invalid TRUE / FALSE 0 name40 could-be-large-40 83attack.invalid TRUE / FALSE 0 name41 could-be-large-41 84attack.invalid TRUE / FALSE 0 name42 could-be-large-42 85attack.invalid TRUE / FALSE 0 name43 could-be-large-43 86attack.invalid TRUE / FALSE 0 name44 could-be-large-44 87attack.invalid TRUE / FALSE 0 name45 could-be-large-45 88attack.invalid TRUE / FALSE 0 name46 could-be-large-46 89attack.invalid TRUE / FALSE 0 name47 could-be-large-47 90attack.invalid TRUE / FALSE 0 name48 could-be-large-48 91attack.invalid TRUE / FALSE 0 name49 could-be-large-49 92attack.invalid TRUE / FALSE 0 name50 could-be-large-50 93attack.invalid TRUE / FALSE 0 name51 could-be-large-51 94attack.invalid TRUE / FALSE 0 name52 could-be-large-52 95attack.invalid TRUE / FALSE 0 name53 could-be-large-53 96attack.invalid TRUE / FALSE 0 name54 could-be-large-54 97attack.invalid TRUE / FALSE 0 name55 could-be-large-55 98attack.invalid TRUE / FALSE 0 name56 could-be-large-56 99attack.invalid TRUE / FALSE 0 name57 could-be-large-57 100attack.invalid TRUE / FALSE 0 name58 could-be-large-58 101attack.invalid TRUE / FALSE 0 name59 could-be-large-59 102attack.invalid TRUE / FALSE 0 name60 could-be-large-60 103attack.invalid TRUE / FALSE 0 name61 could-be-large-61 104attack.invalid TRUE / FALSE 0 name62 could-be-large-62 105attack.invalid TRUE / FALSE 0 name63 could-be-large-63 106attack.invalid TRUE / FALSE 0 name64 could-be-large-64 107attack.invalid TRUE / FALSE 0 name65 could-be-large-65 108attack.invalid TRUE / FALSE 0 name66 could-be-large-66 109attack.invalid TRUE / FALSE 0 name67 could-be-large-67 110attack.invalid TRUE / FALSE 0 name68 could-be-large-68 111attack.invalid TRUE / FALSE 0 name69 could-be-large-69 112attack.invalid TRUE / FALSE 0 name70 could-be-large-70 113attack.invalid TRUE / FALSE 0 name71 could-be-large-71 114attack.invalid TRUE / FALSE 0 name72 could-be-large-72 115attack.invalid TRUE / FALSE 0 name73 could-be-large-73 116attack.invalid TRUE / FALSE 0 name74 could-be-large-74 117attack.invalid TRUE / FALSE 0 name75 could-be-large-75 118attack.invalid TRUE / FALSE 0 name76 could-be-large-76 119attack.invalid TRUE / FALSE 0 name77 could-be-large-77 120attack.invalid TRUE / FALSE 0 name78 could-be-large-78 121attack.invalid TRUE / FALSE 0 name79 could-be-large-79 122attack.invalid TRUE / FALSE 0 name80 could-be-large-80 123attack.invalid TRUE / FALSE 0 name81 could-be-large-81 124attack.invalid TRUE / FALSE 0 name82 could-be-large-82 125attack.invalid TRUE / FALSE 0 name83 could-be-large-83 126attack.invalid TRUE / FALSE 0 name84 could-be-large-84 127attack.invalid TRUE / FALSE 0 name85 could-be-large-85 128attack.invalid TRUE / FALSE 0 name86 could-be-large-86 129attack.invalid TRUE / FALSE 0 name87 could-be-large-87 130attack.invalid TRUE / FALSE 0 name88 could-be-large-88 131attack.invalid TRUE / FALSE 0 name89 could-be-large-89 132attack.invalid TRUE / FALSE 0 name90 could-be-large-90 133attack.invalid TRUE / FALSE 0 name91 could-be-large-91 134attack.invalid TRUE / FALSE 0 name92 could-be-large-92 135attack.invalid TRUE / FALSE 0 name93 could-be-large-93 136attack.invalid TRUE / FALSE 0 name94 could-be-large-94 137attack.invalid TRUE / FALSE 0 name95 could-be-large-95 138attack.invalid TRUE / FALSE 0 name96 could-be-large-96 139attack.invalid TRUE / FALSE 0 name97 could-be-large-97 140attack.invalid TRUE / FALSE 0 name98 could-be-large-98 141attack.invalid TRUE / FALSE 0 name99 could-be-large-99 142attack.invalid TRUE / FALSE 0 name100 could-be-large-100 143attack.invalid TRUE / FALSE 0 name101 could-be-large-101 144attack.invalid TRUE / FALSE 0 name102 could-be-large-102 145attack.invalid TRUE / FALSE 0 name103 could-be-large-103 146attack.invalid TRUE / FALSE 0 name104 could-be-large-104 147attack.invalid TRUE / FALSE 0 name105 could-be-large-105 148attack.invalid TRUE / FALSE 0 name106 could-be-large-106 149attack.invalid TRUE / FALSE 0 name107 could-be-large-107 150attack.invalid TRUE / FALSE 0 name108 could-be-large-108 151attack.invalid TRUE / FALSE 0 name109 could-be-large-109 152attack.invalid TRUE / FALSE 0 name110 could-be-large-110 153attack.invalid TRUE / FALSE 0 name111 could-be-large-111 154attack.invalid TRUE / FALSE 0 name112 could-be-large-112 155attack.invalid TRUE / FALSE 0 name113 could-be-large-113 156attack.invalid TRUE / FALSE 0 name114 could-be-large-114 157attack.invalid TRUE / FALSE 0 name115 could-be-large-115 158attack.invalid TRUE / FALSE 0 name116 could-be-large-116 159attack.invalid TRUE / FALSE 0 name117 could-be-large-117 160attack.invalid TRUE / FALSE 0 name118 could-be-large-118 161attack.invalid TRUE / FALSE 0 name119 could-be-large-119 162attack.invalid TRUE / FALSE 0 name120 could-be-large-120 163attack.invalid TRUE / FALSE 0 name121 could-be-large-121 164attack.invalid TRUE / FALSE 0 name122 could-be-large-122 165attack.invalid TRUE / FALSE 0 name123 could-be-large-123 166attack.invalid TRUE / FALSE 0 name124 could-be-large-124 167attack.invalid TRUE / FALSE 0 name125 could-be-large-125 168attack.invalid TRUE / FALSE 0 name126 could-be-large-126 169attack.invalid TRUE / FALSE 0 name127 could-be-large-127 170attack.invalid TRUE / FALSE 0 name128 could-be-large-128 171attack.invalid TRUE / FALSE 0 name129 could-be-large-129 172attack.invalid TRUE / FALSE 0 name130 could-be-large-130 173attack.invalid TRUE / FALSE 0 name131 could-be-large-131 174attack.invalid TRUE / FALSE 0 name132 could-be-large-132 175attack.invalid TRUE / FALSE 0 name133 could-be-large-133 176attack.invalid TRUE / FALSE 0 name134 could-be-large-134 177attack.invalid TRUE / FALSE 0 name135 could-be-large-135 178attack.invalid TRUE / FALSE 0 name136 could-be-large-136 179attack.invalid TRUE / FALSE 0 name137 could-be-large-137 180attack.invalid TRUE / FALSE 0 name138 could-be-large-138 181attack.invalid TRUE / FALSE 0 name139 could-be-large-139 182attack.invalid TRUE / FALSE 0 name140 could-be-large-140 183attack.invalid TRUE / FALSE 0 name141 could-be-large-141 184attack.invalid TRUE / FALSE 0 name142 could-be-large-142 185attack.invalid TRUE / FALSE 0 name143 could-be-large-143 186attack.invalid TRUE / FALSE 0 name144 could-be-large-144 187attack.invalid TRUE / FALSE 0 name145 could-be-large-145 188attack.invalid TRUE / FALSE 0 name146 could-be-large-146 189attack.invalid TRUE / FALSE 0 name147 could-be-large-147 190attack.invalid TRUE / FALSE 0 name148 could-be-large-148 191attack.invalid TRUE / FALSE 0 name149 could-be-large-149 192attack.invalid TRUE / FALSE 0 name150 could-be-large-150 193attack.invalid TRUE / FALSE 0 name151 could-be-large-151 194</file> 195</client> 196 197# 198# Verify data after the test has been "shot" 199<verify> 200<protocol> 201GET /a/b/%TESTNUMBER HTTP/1.1 202Host: attack.invalid:%HTTPPORT 203User-Agent: curl/%VERSION 204Accept: */* 205Cookie: name150=could-be-large-150; name149=could-be-large-149; name148=could-be-large-148; name147=could-be-large-147; name146=could-be-large-146; name145=could-be-large-145; name144=could-be-large-144; name143=could-be-large-143; name142=could-be-large-142; name141=could-be-large-141; name140=could-be-large-140; name139=could-be-large-139; name138=could-be-large-138; name137=could-be-large-137; name136=could-be-large-136; name135=could-be-large-135; name134=could-be-large-134; name133=could-be-large-133; name132=could-be-large-132; name131=could-be-large-131; name130=could-be-large-130; name129=could-be-large-129; name128=could-be-large-128; name127=could-be-large-127; name126=could-be-large-126; name125=could-be-large-125; name124=could-be-large-124; name123=could-be-large-123; name122=could-be-large-122; name121=could-be-large-121; name120=could-be-large-120; name119=could-be-large-119; name118=could-be-large-118; name117=could-be-large-117; name116=could-be-large-116; name115=could-be-large-115; name114=could-be-large-114; name113=could-be-large-113; name112=could-be-large-112; name111=could-be-large-111; name110=could-be-large-110; name109=could-be-large-109; name108=could-be-large-108; name107=could-be-large-107; name106=could-be-large-106; name105=could-be-large-105; name104=could-be-large-104; name103=could-be-large-103; name102=could-be-large-102; name101=could-be-large-101; name100=could-be-large-100; name99=could-be-large-99; name98=could-be-large-98; name97=could-be-large-97; name96=could-be-large-96; name95=could-be-large-95; name94=could-be-large-94; name93=could-be-large-93; name92=could-be-large-92; name91=could-be-large-91; name90=could-be-large-90; name89=could-be-large-89; name88=could-be-large-88; name87=could-be-large-87; name86=could-be-large-86; name85=could-be-large-85; name84=could-be-large-84; name83=could-be-large-83; name82=could-be-large-82; name81=could-be-large-81; name80=could-be-large-80; name79=could-be-large-79; name78=could-be-large-78; name77=could-be-large-77; name76=could-be-large-76; name75=could-be-large-75; name74=could-be-large-74; name73=could-be-large-73; name72=could-be-large-72; name71=could-be-large-71; name70=could-be-large-70; name69=could-be-large-69; name68=could-be-large-68; name67=could-be-large-67; name66=could-be-large-66; name65=could-be-large-65; name64=could-be-large-64; name63=could-be-large-63; name62=could-be-large-62; name61=could-be-large-61; name60=could-be-large-60; name59=could-be-large-59; name58=could-be-large-58; name57=could-be-large-57; name56=could-be-large-56; name55=could-be-large-55; name54=could-be-large-54; name53=could-be-large-53; name52=could-be-large-52; name51=could-be-large-51; name50=could-be-large-50; name49=could-be-large-49; name48=could-be-large-48; name47=could-be-large-47; name46=could-be-large-46; name45=could-be-large-45; name44=could-be-large-44; name43=could-be-large-43; name42=could-be-large-42; name41=could-be-large-41; name40=could-be-large-40; name39=could-be-large-39; name38=could-be-large-38; name37=could-be-large-37; name36=could-be-large-36; name35=could-be-large-35; name34=could-be-large-34; name33=could-be-large-33; name32=could-be-large-32; name31=could-be-large-31; name30=could-be-large-30; name29=could-be-large-29; name28=could-be-large-28; name27=could-be-large-27; name26=could-be-large-26; name25=could-be-large-25; name24=could-be-large-24; name23=could-be-large-23; name22=could-be-large-22; name21=could-be-large-21; name20=could-be-large-20; name19=could-be-large-19; name18=could-be-large-18; name17=could-be-large-17; name16=could-be-large-16; name15=could-be-large-15; name14=could-be-large-14; name13=could-be-large-13; name12=could-be-large-12; name11=could-be-large-11; name10=could-be-large-10; name9=could-be-large-9; name8=could-be-large-8; name7=could-be-large-7; name6=could-be-large-6; name5=could-be-large-5; name4=could-be-large-4; name3=could-be-large-3; name2=could-be-large-2; name1=could-be-large-1 206 207</protocol> 208</verify> 209</testcase> 210