The /up page taking uploaded screenshots is somehow susceptible to a denial of service condition.
After sending precisely 27 screenshot-uploading requests the server application crashes.
Repeated multiple times with different filenames and contents - there was no difference, it kept crashing exactly after the 27-th request.
An output from Intruder (which was used to perform the crash) along with the console output provided on a screenshot (by the way, I am not sure if its zip-encoder related - I keep getting that error message every time I upload a valid image)

Hi @edwilded,

Are you running the server in production mode (fronted by Nginx and MySQL instead of SQLite?).

Nope, that's a test instance ran from docker.

That sounds like some issue with pillow or pil, possibly missing some dependencies which are resulting in the exception.

Can you try the following (within the virtualenv):

source sleepyenv/bin/activate
pip uninstall Pillow
sudo apt-get install libjpeg-dev zlib1g-dev
pip install -I Pillow

Once we clear up the error you are seeing we can dig a bit into the DoS and see if that's related to the embedded python server, sqlite, or the application code. I'd be happy to try this out on my production deployment if you can provide a reference image upload (feel free to export your burp state (anonymized if needed)) and I could give it a try.

Fair enough - dependencies installed; crash is gone :)

Great, I'll update the docs to include those deps.