Booter usage splits to two main groups:
Layer 4 methods which are made to stress test IP addresses (usually called ip stresser tool).
Layer 7 methods which are made to stress websites (URL only).
Your first goal would be to understand which what you are looking to stress test, an IP address (servers) or a website. The next step would be to choose the right method for your stress test. Each booter may offer different methods but I will try to explain and categorize them for you.
Layer 7 methods:
GET/HEAD/POST – Stress testing method done with proxies, launches a few thousands requests per second using one of the following HTTP request: GET, HEAD or POST. This method is the oldest one but since it’s done with a unique ip address and a unique user agent, it’s hard to mitigate it.
XMLRPC – The XMLRPC method is a reflected method. XMLRPC is a WordPress service which can be use to generate XML requests to websites. It’s fairly easy to mitigate since it uses the same useragent every time.
Joomla – The Joomla method is actually a Google Maps plugin made for the Joomla CMS which can be used to generate GET requests as well. It’s pretty similar to XMLRPC and it can be mitigated easily as well since it uses the same user agent in every request.
Layer 4 methods:
Layer 4 methods usually have 3 different categories:
*Amplified UDP methods – These are usually services (for example: DNS, NTP, CHARGEN, SSDP etc) that can be used to amplify (reflect) a packet with a bigger size packet, or even more packets. Using this methods also requires spoofing the source IP address of the server. So let’s say the target IP address is 127.0.0.1, so the stress testing server sends a packet with a certain payload over a certain port with the source ip address of the target (127.0.0.1) to the amplifier server. The amplifier server receives the packet and sends a bigger size packet (or a number of packets) to the target ip address (127.0.0.1) therefore resulting in an amplified stress test. With a 1Gbps uplink, an amplified stress test can reach over 80Gbps of bandwidth using the NTP service. This method is the most common one to use with a Layer 4 stress test on a booter.
*Raw UDP – Sends a large number of UDP 1024 length packets. It’s the oldest method and easily mitigated when done from only a few servers because the IP address remains the same in each packet.
*Spoofed TCP – This method also requires spoofing the source ip address but in this case the packets are not amplified but simply sent via a random IP address which does not belong to the server. This method has various names (ssyn, tcp, essyn etc).
When using an ip stresser, there is no best method, the best way would be testing each method and see which one suits you the best.