Skip to content
/ dos Public

Demo app comparing mCaptcha protected and unprotected pages with realistic computation simulation

License

Notifications You must be signed in to change notification settings

mCaptcha/dos

Repository files navigation

DoS Demo: Comparing mCaptcha-protected endpoint performance against exposed endpoints with non-simulated, realistic load

This demo uses a registration workflow that looks as real as possible: password and password re-type confirmation followed by password hashing and storing in DB

Requirements

  1. mCaptcha server with a captcha configured. Please self-host an mCaptcha instance as the demo server is just that --- a demo server. See here for deployment instructions.

  2. Python 3.10.4: might work on other versions but I tested it on this version

  3. rustc: mCaptcha/pow_py, the proof of work library used in mCaptcha(well, the Python bindings to it) is not published on pypi(still figuring out how to) so the user will have to compile from source

Overview:

  • server: a demo flask endpoint with two endpoints that do the exact same thing: process and register a user but differ in the fact the one of them(/protected) is protected by mCaptcha.

  • unprotected: DoS Client written using locust that launches an attack on the unprotected endpoint

  • protected: DoS Client written using locust that launches an attack on the rotected endpoint. It generates proof of work and solves the captcha on every request.

Funding

NLnet

NLnet NGIZero logo

2023 development is funded through the NGI0 Entrust Fund, via NLnet. Please see here for more details.

About

Demo app comparing mCaptcha protected and unprotected pages with realistic computation simulation

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published