Online LOIC (Mobile LOIC)

Online LOIC (mobile LOIC) is the online web version of LOIC. It is a Javascript-based HTTP DoS tool that is delivered within an HTML page, has very few options and is limited to conducting HTTP floods. Unlike its PC counterpart, Mobile LOIC does not support more complex options, like randomization of URLs and remote control by IRC botnets ("the Hive").

Online LOIC (mobile LOIC) - is flexible because it can run on various browsers and be accessed remotely. Typically, attack organizers post a URL for the website hosting the page and invite others to use the tool to attack the specified target. Since only a web browser is required, an attacker can use a smartphone to generate an attack.

Offering extremely simple operation, Online LOIC has only three configuration parameters:

  • Target URL - the URL of the attacked target. Must start with http://
  • Requests per second - the number of desired requests to be sent per second
  • Append message - the content for the message parameter to be sent within the URL of HTTP requests
  • Consisting of simple 100 lines of code that execute web requests in a loop. It is possible to append text with an appropriately revolutionary message.

Recently, a new variant of this DDoS tool was detected, which incorporates several techniques to bypass detection and provide greater redundancy. These include:

  • A JavaScript method that prevents left mouse click in order to prevent users from viewing the page source code.
  • Obfuscating all JavaScript methods contained and referenced on page, which may slow down security researchers from fully investigating this tool and its capabilities.
  • Removal of a message field that existed in the original version and had its value included in the attack packets themselves. This is most likely in order to try and avoid signature based protections.
  • Links from each attack page to up to 4 mirror attack pages hosted on other servers in order to quickly reference users and allow the attack campaign to continue even if one or more of the mobile LOIC nodes are taken down.
  • Additionally, several "cosmetic" functionalities were also added such as listing the number of current attackers using the tool, and reflecting the current client IP detected by the tool which may prove useful when trying to avoid attacks using an attackers real IP address.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center