Booter usage splits to two main groups:
Layer 4 methods which are made to stress test IP addresses (usually called ip stresser tool).
Layer 7 methods which are made to stress websites (URL only).
Your first goal should be to understand which that which you are seeking to stress test, an IP address (servers) or a website. The next step should be to choose the proper method for the stress test. Each booter may offer different methods but I will endeavour to explain and categorize them for you.
Layer 7 methods:
GET/HEAD/POST – Stress testing method done with proxies, launches a couple of thousands requests per second using one of many following HTTP request: GET, HEAD or POST. This process may be the oldest one but since it's done with a unique ip and a unique user agent, it's hard to mitigate it.
XMLRPC – The XMLRPC method is really a reflected method. XMLRPC is really a WordPress service which may be use to generate XML requests to websites. It's fairly easy to mitigate because it uses exactly the same useragent every time.
Joomla – The Joomla method is really a Google Maps plugin made for the Joomla CMS which may be used to generate GET requests as well. It's pretty much like XMLRPC and it can be mitigated easily as well because it uses exactly the same user agent in every request.
Layer 4 methods:
Layer 4 methods usually have 3 different categories:
*Amplified UDP methods – These are usually services (for example: DNS, NTP, CHARGEN, SSDP etc) that can be used to amplify (reflect) a packet with a bigger size packet, or higher packets. Using this methods also requires spoofing the origin IP address of the server. So let's say the mark IP address is 127.0.0.1, so the stress testing server sends a packet with a certain payload over a certain port with the origin ip of the mark (127.0.0.1) to the amplifier server. The amplifier server receives the packet and sends a bigger size packet (or a number of packets) to the mark ip (127.0.0.1) therefore leading to an increased stress test. With a 1Gbps uplink, an increased stress test can reach over 80Gbps of bandwidth utilising the NTP service. This process is the most common one to use with a Layer 4 stress test on a booter.
*Raw UDP – Sends a big number of UDP 1024 length packets. It's the oldest method and easily mitigated when done from only a few servers since the IP address remains exactly the same in each packet.
*Spoofed TCP – This process also requires spoofing the origin ip but in this case the packets aren't amplified but simply sent with a random IP address which does not participate in the server. This process has various names (ssyn, tcp, essyn etc).
When utilizing an ip stresser, there's no best way, the simplest way will be testing each method and see which one suits you the best.
