DAVOSET – DDoS attacks via other sites execution tool, was built to take advantage of these types of attacks and automates the process. For attackers, the most difficult task is building and maintaining a valid list of vulnerable reflectors. However DAVOSET ships with a default list of vulnerable Google Maps plug-in installed Joomla servers.
DAVOSET takes a list of known blind proxy scripts and services and use them to stage a reflected GET flood against a target. DAVOSET allows an attacker to configure their lists of reflectors, the number of requests per reflector, and proxy configurations to automate these attacks.
Hackers also uses Google dorks to find reflectors
UFONet tool uses a web interface and a point and click configuration process. These user-friendly features provide attackers with an easy to use interface for proxy configuration, customizable headers, attack options and more.