Support 🇺🇦 🇺🇦 Ukraine 🇺🇦 🇺🇦 by joining in the DDoS effort! Here's how, in 4 steps.
I started with the code that's been floating around on Reddit, and then:
- I added these docs showing how to safely set up the VPN, CORS, and mixed content.
- I've been continuously updating with IT Army of Ukraine info.
- Added support for low RAM (4GB) machines by reducing the
CONCURRENCY_LIMITfrom 1,000 to 500.
I'm running this on a 2011 Mac Mini with 4GB RAM. You can tell you're running out of memory if the console shows "insufficient resources" errors. Open up an issue if that's the case. We could make the memory usage configurable.
Protect yourself by make your connections come from a different location than your own. I use Express VPN, but there are many alternatives. Here's what that looks like when it's up and running. I've got mine set to have all my Internet come and go through Phoenix, USA:
These instructions use Chrome because it's secure and not hard to configure.
This is essential: it allows the code to make the network connections. Follow these instructions to create a new, a separate profile in Chrome for this.
Continue following the instructions to keep yourself safe. To create the new profile, first click your current profile avatar in the upper right corner. Then click + Add to add a new profile:
In the next screen, click Continue without an account:
Now you can give the new profile a name:
Finally, you'll a new profile just for doing the DDoS'ing:
Now install Allow CORS into your new profile. If you use Allow CORS (it's the easiest way I've found), just change Option 4 to *:
Then, be sure to actually turn on the extension itself. The "C" logo will appear orange:
3. Browse to russia-must-be-stopped.html.
Here's the source code, if you want to examine it. It's pretty simple, IMO.
At this point, the script is running, but can only connect to the sites that use https.
But some of these Russian sites are still on http. In order to hit those as well, we need
to enable "mixed content" (a mix of https and http).
First, click the lock to the left of the URL, then click Site settings:
Then, on the Site settings page, scroll down to the Insecure content setting:
Change it to Allow:
You'll probably have to reload the page to pick up the new setting. Chrome gives a helpful button for that:
And you're done. Your browser will load all the URLs, even the ones over http.
Welcome to step #5 out of 4. You should probably make sure this is actually working correctly. It took me several tries to get it right. To do this, open up the Javascript Console. On the Mac, it's alt-cmd-j. You can also right-click on the page, choose Inspect, and then switch to the Console. It should look like this:
Uncheck Group similar messages in console. Now it should look like this:
Notice how the browser is complaining about the mixed content, but it's going ahead and loading it anyway. Because I enabled it in Step 4.
But if your console looks like this, then you didn't properly enable mixed content. Go back and try again:
Any questions? Ask them in the discussion forum.