Add scenario http-dos-switching-ua
cscli scenarios install crowdsecurity/http-dos-switching-ua
systemctl reload crowdsec
Create bash script on client side “/usr/local/bin/crowdsecUAtest.sh”
#!/bin/bash
if [ $# -eq 0 ]; then
echo "Usage: $0 <URL>"
exit 1
fi
URL=$1
for ((i=1; i<=20; i++)); do
random_digits=($(shuf -i 0-9 -n 4 | tr '\n' ' '))
USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.3029.${random_digits[0]}${random_digits[1]}${random_digits[2]}${random_digits[3]} Safari/573"
curl -A "$USER_AGENT" "$URL" &> /dev/null
sleep 0.2
done
exit 0
Turn on the executable bit
$chmod +x /usr/local/bin/crowdsecUAtest.sh
Try
$crowdsecUAtest.sh https://xxx.target.local
Alternative:
- Use UA contained in /var/lib/crowdsec/data/bad_user_agents.regex.txt
- GET request contained in /var/lib/crowdsec/data/backdoors.txt